能力值:
( LV2,RANK:10 )
|
-
-
2 楼
tease大哥有时间的话 关注下…… 
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
这是 使用 Xenocode 壳压缩的
1.rar
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
Thanks 我再分析看看
|
能力值:
( LV2,RANK:10 )
|
-
-
5 楼
注册关键点在这,如何去处理这些无法识别的串呢?
例如这一句
RegistryKey key = Registry.CurrentUser.OpenSubKey(string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("njfdgmmdcmdefmkeambfklifelpffgggcjngakehkklhojcickjipiajdhhjckojmjfkjjmkjidlpiklcjbm", 0x419b355a)), true);
中的x1110bdd110cdcea4._xaacba899487bce8c ,什么东东?
private void Form1_Load(object sender, EventArgs e)
{
try
{
x7bd3a541d5154cce xbdadcce;
string str;
ManagementObjectSearcher searcher;
string str2;
RegistryKey key = Registry.CurrentUser.OpenSubKey(string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("njfdgmmdcmdefmkeambfklifelpffgggcjngakehkklhojcickjipiajdhhjckojmjfkjjmkjidlpiklcjbm", 0x419b355a)), true);
goto Label_019D;
Label_0025:
foreach (ManagementObject obj2 in searcher.Get())
{
str2 = obj2[string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("dflechcfmgjfnfagmfhghgogegfhnfmhnfdibdkijebj", 0x4fca4b03))].ToString();
}
goto Label_0082;
if (0 != 0)
{
goto Label_0117;
}
Label_0082:;
if (!(str2.ToUpper() != str.ToUpper().Split(new char[] { '|' })[0]))
{
goto Label_026B;
}
MessageBox.Show(string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("ccpadmkpfdickemenbkehdempbifjhdfnbhfammfccmfbhdeopcgpjoebbda", 0x3e9a23a)));
if (4 != 0)
{
base.Close();
goto Label_026B;
}
Label_00DC:
MessageBox.Show(string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("ibijjldilcbljbojlognaeflkcefcbiofoepfmpmkpnnljjmnaoh", 0x59bf2b30)));
base.Close();
Label_00FC:
searcher = new ManagementObjectSearcher(string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("fklkejclijjloiamjihmhjomagfnhgmnkfdonhkogibpaiiplhpplegaphnaoiebajlbcfccoejcihadgghdfiodphfeahmepgdfkhkfhhbgahigahpg", 0x654dab52)));
Label_0117:
str2 = string.Empty;
goto Label_0153;
Label_0120:
key.Close();
if (DateTime.Parse(str.Split(new char[] { '|' })[1]) >= DateTime.Now)
{
goto Label_00FC;
}
goto Label_00DC;
Label_0153:
if (2 != 0)
{
goto Label_0025;
}
Label_015A:
str = key.GetValue(string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("hknbalecpjlcgjcdhkjd", 0x5bcb1d3a))).ToString();
str = xbdadcce.DesDecrypt(str, string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("fhdoohkolhbpehipldppncgakcnaadebnclbdcccccjcecadhbhdjeodgefepameffdfodkflebg", 0x932e30d)));
goto Label_0120;
Label_019D:
xbdadcce = new x7bd3a541d5154cce();
goto Label_015A;
}
catch
{
MessageBox.Show(string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("fmhlcpnobemmmpinnjemkbjhcanamfiaaamadkbbfabbefipbohbcidaephl", 0x3b50571d)));
base.Close();
goto Label_026B;
}
if (15 != 0)
{
goto Label_026B;
}
goto Label_0200;
Label_01E3:
if (this.autoopen == 1)
{
goto Label_025D;
}
if (3 != 0)
{
}
return;
Label_0200:
this.checkautoopen.Checked = true;
if (1 == 0)
{
goto Label_0256;
}
this.startThread();
if (0 != 0)
{
goto Label_01E3;
}
return;
Label_0220:
this.UidTimer.Enabled = true;
goto Label_0200;
Label_0256:
if (-2147483648 != 0)
{
goto Label_0220;
}
Label_025D:
if (this.refreshuid())
{
this.listBox1.Items.Add(string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("pfdgaooeaeffonlhcdhikbpffjigebngndac", 0x5368e954)));
goto Label_0256;
}
if (0 == 0)
{
goto Label_0220;
}
Label_026B:
path = Application.StartupPath + string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("mkdejlkejlbfokifkkpfkkggkkngakehlklhbjci", 0x21c4350)) + DateTime.Now.ToString().Replace(string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("bjlc", 0x2ff72b71)), "").Replace(string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("fgno", 0x6983ed2b)), "") + string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("plliplcjeljjihakllhkmlokflfl", 0x498a8b53));
if (!this.init())
{
MessageBox.Show(string.Intern(x1110bdd110cdcea4._xaacba899487bce8c("ohlejckfbhkfadcgechkdifhehalnejcaenlgabkichkdkgemkneikefnjlfnjcgijjgmfahpjhhakohjjfijkbpfbcomfmpcciainlpdiebejmcjefcjbdcgdbdkcgcegeemgifmpfo", 0x6c78f961)));
base.Close();
}
goto Label_01E3;
}
|
能力值:
( LV2,RANK:10 )
|
-
-
6 楼
反编译后 Form1_Load中直接ret 然后编译回来可以爆掉它
字符看不懂 算法
|
能力值:
( LV2,RANK:10 )
|
-
-
7 楼
你应该先学会退壳,这些是典型Xenocode 加密的字符
|
|
|
|
