當(dāng)前位置：首頁(yè) > news >正文

倒計(jì)時(shí)網(wǎng)站模板搜索引擎關(guān)鍵詞seo優(yōu)化公司

news 2025/7/3 7:30:15

倒計(jì)時(shí)網(wǎng)站模板,搜索引擎關(guān)鍵詞seo優(yōu)化公司,昆明招工網(wǎng)站找普工作建設(shè)工作,圖片頭像設(shè)計(jì)制作crackme010 名稱值軟件名稱Andrnalin.3.exe加殼方式無(wú)保護(hù)方式serial編譯語(yǔ)言Microsoft Visual Basic調(diào)試環(huán)境win10 64位使用工具x32dbg,PEid破解日期2025-06-18 脫殼 1. 先用PEid查殼查到無(wú)殼前置知識(shí) 該vb程序會(huì)用到較多的Variant變量和官方查詢不到vb函數(shù)&#xff0c…

crackme010

名稱	值
軟件名稱	Andrénalin.3.exe
加殼方式	無(wú)
保護(hù)方式	serial
編譯語(yǔ)言	Microsoft Visual Basic
調(diào)試環(huán)境	win10 64位
使用工具	x32dbg,PEid
破解日期	2025-06-18

脫殼

1. 先用PEid查殼

01-PEid查殼

查到無(wú)殼

前置知識(shí)

該vb程序會(huì)用到較多的Variant變量和官方查詢不到vb函數(shù)，請(qǐng)先閱讀如下兩篇文章

VB逆向基礎(chǔ)（一）
vb逆向常用函數(shù)

尋找Serial

尋找flag，用x32dbg打開(kāi)程序，鼠標(biāo)右鍵->搜索->當(dāng)前模塊->字符串，發(fā)現(xiàn)存在字符串L"RiCHTiG !"
雙擊地址=00402090 反匯編=mov dword ptr ss:[ebp-B4],andrénalin.3.401B28 字符串地址=00401B28 字符串=L"RiCHTiG !""，跳轉(zhuǎn)到代碼

0040202B | lea eax,dword ptr ss:[ebp-34]                           |
0040202E | lea ecx,dword ptr ss:[ebp-AC]                           |
00402034 | push eax                                                | 參數(shù)2，循環(huán)拼接結(jié)果
00402035 | push ecx                                                | 參數(shù)1，字符串常量L"kXy^rO|*yXo*m\\kMuOn*+"
00402036 | mov dword ptr ss:[ebp-A4],andrénalin.3.401A8C           | [ebp-A4]:L"kXy^rO|*yXo*m\\kMuOn*+", 401A8C:L"kXy^rO|*yXo*m\\kMuOn*+"
00402040 | mov dword ptr ss:[ebp-AC],8008                          |
0040204A | call dword ptr ds:[<&__vbaVarTstEq>]                    | 判斷兩個(gè)變量是否相等，不相等eax返回0x0，相等返回0xFFFFFFFF
00402050 | test ax,ax                                              | 兩個(gè)變量相等，進(jìn)入成功分支
00402053 | je andrénalin.3.402119                                  |
00402059 | call dword ptr ds:[<&rtcBeep>]                          |成功分支
0040205F | mov ebx,dword ptr ds:[<&__vbaVarDup>]                   |
00402065 | mov ecx,A                                               | 
0040206A | mov eax,80020004                                        |
0040206F | mov dword ptr ss:[ebp-9C],ecx                           |
00402075 | mov dword ptr ss:[ebp-8C],ecx                           |
0040207B | lea edx,dword ptr ss:[ebp-BC]                           |
00402081 | lea ecx,dword ptr ss:[ebp-7C]                           |
00402084 | mov dword ptr ss:[ebp-94],eax                           | 
0040208A | mov dword ptr ss:[ebp-84],eax                           |
00402090 | mov dword ptr ss:[ebp-B4],andrénalin.3.401B28           | 401B28:L"RiCHTiG !" Flag字符串
0040209A | mov dword ptr ss:[ebp-BC],8                             |
004020A4 | call ebx                                                |
004020A6 | lea edx,dword ptr ss:[ebp-AC]                           |
004020AC | lea ecx,dword ptr ss:[ebp-6C]                           |
004020AF | mov dword ptr ss:[ebp-A4],andrénalin.3.401ABC           | [ebp-A4]:L"kXy^rO|*yXo*m\\kMuOn*+"
004020B9 | mov dword ptr ss:[ebp-AC],8                             |
004020C3 | call ebx                                                |
004020C5 | lea edx,dword ptr ss:[ebp-9C]                           |
004020CB | lea eax,dword ptr ss:[ebp-8C]                           |
004020D1 | push edx                                                |
004020D2 | lea ecx,dword ptr ss:[ebp-7C]                           |
004020D5 | push eax                                                |
004020D6 | push ecx                                                |
004020D7 | lea edx,dword ptr ss:[ebp-6C]                           |
004020DA | push 30                                                 |
004020DC | push edx                                                |
004020DD | call dword ptr ds:[<&rtcMsgBox>]                        |彈出成功提示框

分析關(guān)鍵代碼為，比較dword ptr ss:[ebp-34] 與常量字符串L"kXy^rO|yXom\kMuOn*+"，如果相等則成功。繼續(xù)往上分析

00401F31 | lea eax,dword ptr ss:[ebp-6C]                           |
00401F34 | push edx                                                | 字符串
00401F35 | push eax                                                | 出參字符串長(zhǎng)度
00401F36 | call dword ptr ds:[<&__vbaLenVar>]                      |
00401F3C | lea ecx,dword ptr ss:[ebp-BC]                           |
00401F42 | push eax                                                | 參數(shù)5，循環(huán)變量上限 Long類型
00401F43 | lea edx,dword ptr ss:[ebp-114]                          |
00401F49 | push ecx                                                | 參數(shù)4，循環(huán)初始值固定值，Int類型
00401F4A | lea eax,dword ptr ss:[ebp-104]                          |
00401F50 | push edx                                                | 參數(shù)3，循環(huán)臨時(shí)上限，Long類型 給__vbaVarForNext用
00401F51 | lea ecx,dword ptr ss:[ebp-24]                           |
00401F54 | push eax                                                | 參數(shù)2，循環(huán)步長(zhǎng)，Long類型
00401F55 | push ecx                                                | 參數(shù)1，當(dāng)前循環(huán)值，Long類型
00401F56 | call dword ptr ds:[<&__vbaVarForInit>]                  |
00401F5C | mov ebx,dword ptr ds:[<&__vbaVarCat>]                   | 
00401F62 | mov edi,dword ptr ds:[<&__vbaFreeVarList>]              |
00401F68 | test eax,eax                                            |
00401F6A | je andrénalin.3.40202B                                  |
00401F70 | lea edx,dword ptr ss:[ebp-6C]                           |
00401F73 | lea eax,dword ptr ss:[ebp-24]                           |
00401F76 | push edx                                                |
00401F77 | push eax                                                | var變量
00401F78 | mov dword ptr ss:[ebp-64],1                             |
00401F7F | mov dword ptr ss:[ebp-6C],2                             |
00401F86 | call dword ptr ds:[<&__vbaI4Var>]                       |
00401F8C | lea ecx,dword ptr ss:[ebp-44]                           |
00401F8F | push eax                                                | 參數(shù)3，起始值
00401F90 | lea edx,dword ptr ss:[ebp-7C]                           |
00401F93 | push ecx                                                | 參數(shù)2 key字符串
00401F94 | push edx                                                | 參數(shù)1，edx+10截取字符串長(zhǎng)度 值為1
00401F95 | call dword ptr ds:[<&rtcMidCharVar>]                    |
00401F9B | lea eax,dword ptr ss:[ebp-7C]                           |
00401F9E | lea ecx,dword ptr ss:[ebp-58]                           |
00401FA1 | push eax                                                | 截取的字符串
00401FA2 | push ecx                                                |
00401FA3 | call dword ptr ds:[<&__vbaStrVarVal>]                   | var字符串轉(zhuǎn)換成裸字符串
00401FA9 | push eax                                                | 裸字符串
00401FAA | call dword ptr ds:[<&rtcAnsiValueBstr>]                 | 首字符轉(zhuǎn)換成ascii
00401FB0 | add ax,A                                                | ascii+A
00401FB4 | jo andrénalin.3.40226A                                  |
00401FBA | movsx edx,ax                                            |
00401FBD | push edx                                                |
00401FBE | call dword ptr ds:[<&rtcBstrFromAnsi>]                  |
00401FC4 | mov dword ptr ss:[ebp-84],eax                           |
00401FCA | lea eax,dword ptr ss:[ebp-34]                           |
00401FCD | lea ecx,dword ptr ss:[ebp-8C]                           |
00401FD3 | push eax                                                | 左邊變量，累計(jì)拼接結(jié)果，初始值為空
00401FD4 | lea edx,dword ptr ss:[ebp-9C]                           |
00401FDA | push ecx                                                | 右邊變量 ascii+A 字符串
00401FDB | push edx                                                | 拼接結(jié)果
00401FDC | mov dword ptr ss:[ebp-8C],8                             |
00401FE6 | call ebx                                                | __vbaVarCat 變量拼接
00401FE8 | mov edx,eax                                             |
00401FEA | lea ecx,dword ptr ss:[ebp-34]                           |
00401FED | call esi                                                |
00401FEF | lea ecx,dword ptr ss:[ebp-58]                           |
00401FF2 | call dword ptr ds:[<&__vbaFreeStr>]                     |
00401FF8 | lea eax,dword ptr ss:[ebp-8C]                           |
00401FFE | lea ecx,dword ptr ss:[ebp-7C]                           |
00402001 | push eax                                                |
00402002 | lea edx,dword ptr ss:[ebp-6C]                           |
00402005 | push ecx                                                |
00402006 | push edx                                                |
00402007 | push 3                                                  |
00402009 | call edi                                                |
0040200B | add esp,10                                              |
0040200E | lea eax,dword ptr ss:[ebp-114]                          |
00402014 | lea ecx,dword ptr ss:[ebp-104]                          |
0040201A | lea edx,dword ptr ss:[ebp-24]                           |
0040201D | push eax                                                | 參數(shù)3，循環(huán)臨時(shí)上限，Long類型
0040201E | push ecx                                                | 參數(shù)2，循環(huán)臨時(shí)步長(zhǎng)，Long類型
0040201F | push edx                                                | 參數(shù)1，當(dāng)前循環(huán)值，Long類型
00402020 | call dword ptr ds:[<&__vbaVarForNext>]                  |更新下一次循環(huán)標(biāo)志位
00402026 | jmp andrénalin.3.401F68                                 |跳轉(zhuǎn)到循環(huán)判斷條件處

分析代碼發(fā)現(xiàn)，關(guān)鍵算法為循環(huán)遍歷字符串，將每個(gè)字符都加上0xA，變成一個(gè)新串
綜上寫(xiě)出注冊(cè)機(jī)代碼

#include<stdio.h>
#include<string.h>
int main()
{char key[1024] = "kXy^rO|*yXo*m\\kMuOn*+";int len = strlen(key);for (int i = 0; i < len; i++){key[i] -= 0xA;}printf("key為%s\r\n", key);return 0;
}

總結(jié)Crackme

開(kāi)啟注冊(cè)機(jī)生成key，輸入key，點(diǎn)擊ok

查看全文

http://aloenet.com.cn/news/34457.html

国产亚洲精品福利在线无卡一,国产精久久一区二区三区,亚洲精品无码国模,精品久久久久久无码专区不卡