當前位置：首頁 > 编程资源 > 编程问答 >内容正文

编程问答

160 - 37 CyberBlade.1

發布時間：2023/12/1 编程问答 26 豆豆

生活随笔收集整理的這篇文章主要介紹了 160 - 37 CyberBlade.1 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

環境
Windows xp sp3

工具
1.exeinfo PE
2.ollydbg

查殼
OD載入是VB程序。

測試

OD載入直接搜字符串。
這個是當輸入為空時會彈出消息框告訴你要輸入9個字符。

0040E005 > \8B4D E4 mov ecx,dword ptr ss:[ebp-0x1C] 0040E008 . 51 push ecx 0040E009 . 68 4C344000 push CyberBla.0040344C 0040E00E . FF15 28114100 call dword ptr ds:[<&MSVBVM50.__vbaStrCm>; MSVBVM50.__vbaStrCmp 0040E014 . 8BF0 mov esi,eax 0040E016 . 8D4D E4 lea ecx,dword ptr ss:[ebp-0x1C] 0040E019 . F7DE neg esi 0040E01B . 1BF6 sbb esi,esi 0040E01D . 46 inc esi 0040E01E . F7DE neg esi 0040E020 . FF15 8C114100 call dword ptr ds:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr 0040E026 . 8D4D E0 lea ecx,dword ptr ss:[ebp-0x20] 0040E029 . FF15 90114100 call dword ptr ds:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj 0040E02F . 66:3BF7 cmp si,di 0040E032 . 74 7D je XCyberBla.0040E0B1 0040E034 . BF 0A000000 mov edi,0xA 0040E039 . BB 04000280 mov ebx,0x80020004 0040E03E . 897D A0 mov dword ptr ss:[ebp-0x60],edi 0040E041 . 897D B0 mov dword ptr ss:[ebp-0x50],edi 0040E044 . 8B3D 78114100 mov edi,dword ptr ds:[<&MSVBVM50.__vbaVa>; MSVBVM50.__vbaVarDup 0040E04A . BE 08000000 mov esi,0x8 0040E04F . 8D55 80 lea edx,dword ptr ss:[ebp-0x80] 0040E052 . 8D4D C0 lea ecx,dword ptr ss:[ebp-0x40] 0040E055 . 895D A8 mov dword ptr ss:[ebp-0x58],ebx 0040E058 . 895D B8 mov dword ptr ss:[ebp-0x48],ebx 0040E05B . C745 88 EC344>mov dword ptr ss:[ebp-0x78],CyberBla.004>; UNICODE "Error" 0040E062 . 8975 80 mov dword ptr ss:[ebp-0x80],esi 0040E065 . FFD7 call edi ; <&MSVBVM50.__vbaVarDup> 0040E067 . 8D55 90 lea edx,dword ptr ss:[ebp-0x70] 0040E06A . 8D4D D0 lea ecx,dword ptr ss:[ebp-0x30] 0040E06D . C745 98 94344>mov dword ptr ss:[ebp-0x68],CyberBla.004>; UNICODE "You have to enter an 9 number key first." 0040E074 . 8975 90 mov dword ptr ss:[ebp-0x70],esi 0040E077 . FFD7 call edi 0040E079 . 8D55 A0 lea edx,dword ptr ss:[ebp-0x60] 0040E07C . 8D45 B0 lea eax,dword ptr ss:[ebp-0x50] 0040E07F . 52 push edx 0040E080 . 8D4D C0 lea ecx,dword ptr ss:[ebp-0x40] 0040E083 . 50 push eax 0040E084 . 51 push ecx 0040E085 . 8D55 D0 lea edx,dword ptr ss:[ebp-0x30] 0040E088 . 6A 40 push 0x40 0040E08A . 52 push edx 0040E08B . FF15 04114100 call dword ptr ds:[<&MSVBVM50.#595>] ; MSVBVM50.rtcMsgBox

這里比較

0040E0EB . 51 push ecx ; 輸入的serial存進來 0040E0EC . FF15 5C114100 call dword ptr ds:[<&MSVBVM50.__vbaR8Str>; MSVBVM50.__vbaR8Str 0040E0F2 . DB43 4C fild dword ptr ds:[ebx+0x4C] ; 這里會有一個值 0040E0F5 . DD9D 38FFFFFF fstp qword ptr ss:[ebp-0xC8] 0040E0FB . DCA5 38FFFFFF fsub qword ptr ss:[ebp-0xC8] ; 輸入的serial與上面的值相減 0040E101 . DFE0 fstsw ax 0040E103 . A8 0D test al,0xD 0040E105 . 0F85 EB030000 jnz CyberBla.0040E4F6 0040E10B . FF15 14114100 call dword ptr ds:[<&MSVBVM50.__vbaFpR8>>; MSVBVM50.__vbaFpR8 0040E111 . DC1D 08104000 fcomp qword ptr ds:[0x401008] ; 將上面的結果與0比較 0040E117 . DFE0 fstsw ax ; 相等的話下面的跳轉不實現，彈出正確消息框框 0040E119 . F6C4 40 test ah,0x40 0040E11C . 74 05 je XCyberBla.0040E123 0040E11E . BF 01000000 mov edi,0x1 0040E123 > 8D4D E4 lea ecx,dword ptr ss:[ebp-0x1C] 0040E126 . FF15 8C114100 call dword ptr ds:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr 0040E12C . 8D4D E0 lea ecx,dword ptr ss:[ebp-0x20] 0040E12F . FF15 90114100 call dword ptr ds:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj 0040E135 . F7DF neg edi 0040E137 . 66:85FF test di,di 0040E13A . 0F84 2C010000 je CyberBla.0040E26C 0040E140 . BB 04000280 mov ebx,0x80020004 0040E145 . BF 0A000000 mov edi,0xA 0040E14A . BE 08000000 mov esi,0x8 0040E14F . 8D55 80 lea edx,dword ptr ss:[ebp-0x80] 0040E152 . 8D4D C0 lea ecx,dword ptr ss:[ebp-0x40] 0040E155 . 895D A8 mov dword ptr ss:[ebp-0x58],ebx 0040E158 . 897D A0 mov dword ptr ss:[ebp-0x60],edi 0040E15B . 895D B8 mov dword ptr ss:[ebp-0x48],ebx 0040E15E . 897D B0 mov dword ptr ss:[ebp-0x50],edi 0040E161 . C745 88 5C354>mov dword ptr ss:[ebp-0x78],CyberBla.004>; UNICODE "Correct password" 0040E168 . 8975 80 mov dword ptr ss:[ebp-0x80],esi 0040E16B . FF15 78114100 call dword ptr ds:[<&MSVBVM50.__vbaVarDu>; MSVBVM50.__vbaVarDup 0040E171 . 8D55 90 lea edx,dword ptr ss:[ebp-0x70] 0040E174 . 8D4D D0 lea ecx,dword ptr ss:[ebp-0x30] 0040E177 . C745 98 FC344>mov dword ptr ss:[ebp-0x68],CyberBla.004>; UNICODE "Not bad, you have found the correct password." 0040E17E . 8975 90 mov dword ptr ss:[ebp-0x70],esi 0040E181 . FF15 78114100 call dword ptr ds:[<&MSVBVM50.__vbaVarDu>; MSVBVM50.__vbaVarDup 0040E187 . 8D55 A0 lea edx,dword ptr ss:[ebp-0x60] 0040E18A . 8D45 B0 lea eax,dword ptr ss:[ebp-0x50] 0040E18D . 52 push edx 0040E18E . 8D4D C0 lea ecx,dword ptr ss:[ebp-0x40] 0040E191 . 50 push eax 0040E192 . 51 push ecx 0040E193 . 8D55 D0 lea edx,dword ptr ss:[ebp-0x30] 0040E196 . 6A 40 push 0x40 0040E198 . 52 push edx 0040E199 . FF15 04114100 call dword ptr ds:[<&MSVBVM50.#595>] ; MSVBVM50.rtcMsgBox

其實就是明文比較：315751288

總結

以上是生活随笔為你收集整理的160 - 37 CyberBlade.1的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。

CyberBlade

上一篇： 160 - 36 cupofcoffe.
下一篇： 160 - 38 CyberBlade.