當前位置：首頁 > 编程资源 > 编程问答 >内容正文

编程问答

160 - 2 Afkayas.1

發(fā)布時間：2023/12/1 编程问答 34 豆豆

生活随笔收集整理的這篇文章主要介紹了 160 - 2 Afkayas.1 小編覺得挺不錯的,現(xiàn)在分享給大家,幫大家做個參考.

環(huán)境：

Windows Xp sp3

OD載入：

運行，然后輸入：

然后回到OD，按F12來暫停，

然后ALT+F9回到程序領(lǐng)空，把彈出的那個錯誤消息框點掉，這時OD來到這里：

004025F9 . 68 E81B4000 push Afkayas_.00401BE8 ; Try Again 004025FE . FFD7 call edi 00402600 . 8945 CC mov dword ptr ss:[ebp-0x34],eax 00402603 . 8D45 94 lea eax,dword ptr ss:[ebp-0x6C] 00402606 . 8D4D A4 lea ecx,dword ptr ss:[ebp-0x5C] 00402609 . 50 push eax 0040260A . 8D55 B4 lea edx,dword ptr ss:[ebp-0x4C] 0040260D . 51 push ecx 0040260E . 52 push edx 0040260F . 8D45 C4 lea eax,dword ptr ss:[ebp-0x3C] 00402612 . 6A 00 push 0x0 00402614 . 50 push eax 00402615 . C745 C4 08000>mov dword ptr ss:[ebp-0x3C],0x8 0040261C . FF15 10414000 call dword ptr ds:[<&MSVBVM50.#595>] ; MSVBVM50.rtcMsgBox 00402622 . 8D4D E8 lea ecx,dword ptr ss:[ebp-0x18] ; 這時回到這里 00402625 . FF15 80414000 call dword ptr ds:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr 0040262B . 8D4D 94 lea ecx,dword ptr ss:[ebp-0x6C] 0040262E . 8D55 A4 lea edx,dword ptr ss:[ebp-0x5C] 00402631 . 51 push ecx 00402632 . 8D45 B4 lea eax,dword ptr ss:[ebp-0x4C] 00402635 . 52 push edx 00402636 . 8D4D C4 lea ecx,dword ptr ss:[ebp-0x3C] 00402639 . 50 push eax 0040263A . 51 push ecx 0040263B > 6A 04 push 0x4 0040263D . FF15 EC404000 call dword ptr ds:[<&MSVBVM50.__vbaFreeV>; MSVBVM50.__vbaFreeVarList
往上看一看有個Try Again，再往上看看：

00402310 > \55 push ebp 00402311 . 8BEC mov ebp,esp 00402313 . 83EC 0C sub esp,0xC 00402316 . 68 26104000 push <jmp.&MSVBVM50.__vbaExceptHandler> ; SE 處理程序安裝 0040231B . 64:A1 0000000>mov eax,dword ptr fs:[0] 00402321 . 50 push eax 00402322 . 64:8925 00000>mov dword ptr fs:[0],esp 00402329 . 81EC B0000000 sub esp,0xB0 0040232F . 53 push ebx 00402330 . 56 push esi 00402331 . 8B75 08 mov esi,dword ptr ss:[ebp+0x8] 00402334 . 57 push edi 00402335 . 8BC6 mov eax,esi 00402337 . 83E6 FE and esi,0xFFFFFFFE 0040233A . 8965 F4 mov dword ptr ss:[ebp-0xC],esp 0040233D . 83E0 01 and eax,0x1 00402340 . 8B1E mov ebx,dword ptr ds:[esi] 00402342 . C745 F8 08104>mov dword ptr ss:[ebp-0x8],Afkayas_.0040> 00402349 . 56 push esi 0040234A . 8945 FC mov dword ptr ss:[ebp-0x4],eax 0040234D . 8975 08 mov dword ptr ss:[ebp+0x8],esi 00402350 . FF53 04 call dword ptr ds:[ebx+0x4] 00402353 . 8B83 10030000 mov eax,dword ptr ds:[ebx+0x310] 00402359 . 33FF xor edi,edi 0040235B . 56 push esi 0040235C . 897D E8 mov dword ptr ss:[ebp-0x18],edi 0040235F . 897D E4 mov dword ptr ss:[ebp-0x1C],edi 00402362 . 897D E0 mov dword ptr ss:[ebp-0x20],edi 00402365 . 897D DC mov dword ptr ss:[ebp-0x24],edi 00402368 . 897D D8 mov dword ptr ss:[ebp-0x28],edi 0040236B . 897D D4 mov dword ptr ss:[ebp-0x2C],edi 0040236E . 897D C4 mov dword ptr ss:[ebp-0x3C],edi 00402371 . 897D B4 mov dword ptr ss:[ebp-0x4C],edi 00402374 . 897D A4 mov dword ptr ss:[ebp-0x5C],edi 00402377 . 897D 94 mov dword ptr ss:[ebp-0x6C],edi 0040237A . 8985 40FFFFFF mov dword ptr ss:[ebp-0xC0],eax 00402380 . FFD0 call eax 00402382 . 8D4D D4 lea ecx,dword ptr ss:[ebp-0x2C] 00402385 . 50 push eax 00402386 . 51 push ecx 00402387 . FF15 0C414000 call dword ptr ds:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet 0040238D . 8B9B 00030000 mov ebx,dword ptr ds:[ebx+0x300] 00402393 . 56 push esi 00402394 . 8985 50FFFFFF mov dword ptr ss:[ebp-0xB0],eax 0040239A . 899D 3CFFFFFF mov dword ptr ss:[ebp-0xC4],ebx 004023A0 . FFD3 call ebx 004023A2 . 8D55 DC lea edx,dword ptr ss:[ebp-0x24] 004023A5 . 50 push eax 004023A6 . 52 push edx 004023A7 . FF15 0C414000 call dword ptr ds:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet 004023AD . 8BD8 mov ebx,eax 004023AF . 8D4D E8 lea ecx,dword ptr ss:[ebp-0x18] 004023B2 . 51 push ecx 004023B3 . 53 push ebx 004023B4 . 8B03 mov eax,dword ptr ds:[ebx] 004023B6 . FF90 A0000000 call dword ptr ds:[eax+0xA0] 004023BC . 3BC7 cmp eax,edi 004023BE . 7D 12 jge XAfkayas_.004023D2 004023C0 . 68 A0000000 push 0xA0 004023C5 . 68 5C1B4000 push Afkayas_.00401B5C 004023CA . 53 push ebx 004023CB . 50 push eax 004023CC . FF15 04414000 call dword ptr ds:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj 004023D2 > 56 push esi 004023D3 . FF95 3CFFFFFF call dword ptr ss:[ebp-0xC4] 004023D9 . 8D55 D8 lea edx,dword ptr ss:[ebp-0x28] 004023DC . 50 push eax 004023DD . 52 push edx 004023DE . FF15 0C414000 call dword ptr ds:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet 004023E4 . 8BD8 mov ebx,eax 004023E6 . 8D4D E4 lea ecx,dword ptr ss:[ebp-0x1C] 004023E9 . 51 push ecx 004023EA . 53 push ebx 004023EB . 8B03 mov eax,dword ptr ds:[ebx] 004023ED . FF90 A0000000 call dword ptr ds:[eax+0xA0] 004023F3 . 3BC7 cmp eax,edi 004023F5 . 7D 12 jge XAfkayas_.00402409 004023F7 . 68 A0000000 push 0xA0 004023FC . 68 5C1B4000 push Afkayas_.00401B5C 00402401 . 53 push ebx 00402402 . 50 push eax 00402403 . FF15 04414000 call dword ptr ds:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj 00402409 > 8B95 50FFFFFF mov edx,dword ptr ss:[ebp-0xB0] 0040240F . 8B45 E4 mov eax,dword ptr ss:[ebp-0x1C] 00402412 . 50 push eax ; /String 00402413 . 8B1A mov ebx,dword ptr ds:[edx] ; | 00402415 . FF15 E4404000 call dword ptr ds:[<&MSVBVM50.__vbaLenBs>; \__vbaLenBstr 0040241B . 8BF8 mov edi,eax ; 這里是取輸入的Name的長度L 0040241D . 8B4D E8 mov ecx,dword ptr ss:[ebp-0x18] 00402420 . 69FF FB7C0100 imul edi,edi,0x17CFB ; 這里是長度s = L*0x17CFB 00402426 . 51 push ecx ; /String 00402427 . 0F80 91020000 jo Afkayas_.004026BE ; | 0040242D . FF15 F8404000 call dword ptr ds:[<&MSVBVM50.#516>] ; \rtcAnsiValueBstr 00402433 . 0FBFD0 movsx edx,ax ;這里是拿到輸入的Name的首字符c 00402436 . 03FA add edi,edx ;這里是s = s+c，這里的結(jié)果s就是下面的x，注意是這個 00402438 . 0F80 80020000 jo Afkayas_.004026BE 0040243E . 57 push edi 0040243F . FF15 E0404000 call dword ptr ds:[<&MSVBVM50.__vbaStrI4>; MSVBVM50.__vbaStrI4 00402445 . 8BD0 mov edx,eax 00402447 . 8D4D E0 lea ecx,dword ptr ss:[ebp-0x20] 0040244A . FF15 70414000 call dword ptr ds:[<&MSVBVM50.__vbaStrMo>; MSVBVM50.__vbaStrMove 00402450 . 8BBD 50FFFFFF mov edi,dword ptr ss:[ebp-0xB0] 00402456 . 50 push eax 00402457 . 57 push edi 00402458 . FF93 A4000000 call dword ptr ds:[ebx+0xA4] 0040245E . 85C0 test eax,eax 00402460 . 7D 12 jge XAfkayas_.00402474 00402462 . 68 A4000000 push 0xA4 00402467 . 68 5C1B4000 push Afkayas_.00401B5C 0040246C . 57 push edi 0040246D . 50 push eax 0040246E . FF15 04414000 call dword ptr ds:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj 00402474 > 8D45 E0 lea eax,dword ptr ss:[ebp-0x20] 00402477 . 8D4D E4 lea ecx,dword ptr ss:[ebp-0x1C] 0040247A . 50 push eax 0040247B . 8D55 E8 lea edx,dword ptr ss:[ebp-0x18] 0040247E . 51 push ecx 0040247F . 52 push edx 00402480 . 6A 03 push 0x3 00402482 . FF15 5C414000 call dword ptr ds:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStrList 00402488 . 83C4 10 add esp,0x10 0040248B . 8D45 D4 lea eax,dword ptr ss:[ebp-0x2C] 0040248E . 8D4D D8 lea ecx,dword ptr ss:[ebp-0x28] 00402491 . 8D55 DC lea edx,dword ptr ss:[ebp-0x24] 00402494 . 50 push eax 00402495 . 51 push ecx 00402496 . 52 push edx 00402497 . 6A 03 push 0x3 00402499 . FF15 F4404000 call dword ptr ds:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObjList 0040249F . 8B06 mov eax,dword ptr ds:[esi] 004024A1 . 83C4 10 add esp,0x10 004024A4 . 56 push esi 004024A5 . FF90 04030000 call dword ptr ds:[eax+0x304] 004024AB . 8B1D 0C414000 mov ebx,dword ptr ds:[<&MSVBVM50.__vbaOb>; MSVBVM50.__vbaObjSet 004024B1 . 50 push eax 004024B2 . 8D45 DC lea eax,dword ptr ss:[ebp-0x24] 004024B5 . 50 push eax 004024B6 . FFD3 call ebx ; <&MSVBVM50.__vbaObjSet> 004024B8 . 8BF8 mov edi,eax 004024BA . 8D55 E8 lea edx,dword ptr ss:[ebp-0x18] 004024BD . 52 push edx 004024BE . 57 push edi 004024BF . 8B0F mov ecx,dword ptr ds:[edi] 004024C1 . FF91 A0000000 call dword ptr ds:[ecx+0xA0] 004024C7 . 85C0 test eax,eax 004024C9 . 7D 12 jge XAfkayas_.004024DD 004024CB . 68 A0000000 push 0xA0 004024D0 . 68 5C1B4000 push Afkayas_.00401B5C 004024D5 . 57 push edi 004024D6 . 50 push eax 004024D7 . FF15 04414000 call dword ptr ds:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj 004024DD > 56 push esi 004024DE . FF95 40FFFFFF call dword ptr ss:[ebp-0xC0] 004024E4 . 50 push eax 004024E5 . 8D45 D8 lea eax,dword ptr ss:[ebp-0x28] 004024E8 . 50 push eax 004024E9 . FFD3 call ebx 004024EB . 8BF0 mov esi,eax 004024ED . 8D55 E4 lea edx,dword ptr ss:[ebp-0x1C] 004024F0 . 52 push edx 004024F1 . 56 push esi 004024F2 . 8B0E mov ecx,dword ptr ds:[esi] 004024F4 . FF91 A0000000 call dword ptr ds:[ecx+0xA0] 004024FA . 85C0 test eax,eax 004024FC . 7D 12 jge XAfkayas_.00402510 004024FE . 68 A0000000 push 0xA0 00402503 . 68 5C1B4000 push Afkayas_.00401B5C 00402508 . 56 push esi 00402509 . 50 push eax 0040250A . FF15 04414000 call dword ptr ds:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj 00402510 > 8B45 E8 mov eax,dword ptr ss:[ebp-0x18] 00402513 . 8B4D E4 mov ecx,dword ptr ss:[ebp-0x1C] 00402516 . 8B3D 00414000 mov edi,dword ptr ds:[<&MSVBVM50.__vbaSt>; MSVBVM50.__vbaStrCat 0040251C . 50 push eax ; 這里是個StrCat,猜測是正確的serial是：AKA-x，x應(yīng)該是 0040251D . 68 701B4000 push Afkayas_.00401B70 ; AKA- 00402522 . 51 push ecx ; /String 這里的ecx就是上面的x，所以上面生成了ecx的內(nèi)容 00402523 . FFD7 call edi ; \__vbaStrCat 00402525 . 8B1D 70414000 mov ebx,dword ptr ds:[<&MSVBVM50.__vbaSt>; MSVBVM50.__vbaStrMove 0040252B . 8BD0 mov edx,eax 0040252D . 8D4D E0 lea ecx,dword ptr ss:[ebp-0x20] 00402530 . FFD3 call ebx ; <&MSVBVM50.__vbaStrMove> 00402532 . 50 push eax 00402533 . FF15 28414000 call dword ptr ds:[<&MSVBVM50.__vbaStrCm>; MSVBVM50.__vbaStrCmp 00402539 . 8BF0 mov esi,eax ; 上面這里是個StrCmp,猜測上面那個call是對輸入的serial和正確的進行比較 0040253B . 8D55 E0 lea edx,dword ptr ss:[ebp-0x20] 0040253E . F7DE neg esi 00402540 . 8D45 E8 lea eax,dword ptr ss:[ebp-0x18] 00402543 . 52 push edx 00402544 . 1BF6 sbb esi,esi 00402546 . 8D4D E4 lea ecx,dword ptr ss:[ebp-0x1C] 00402549 . 50 push eax 0040254A . 46 inc esi 0040254B . 51 push ecx 0040254C . 6A 03 push 0x3 0040254E . F7DE neg esi 00402550 . FF15 5C414000 call dword ptr ds:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStrList 00402556 . 83C4 10 add esp,0x10 00402559 . 8D55 D8 lea edx,dword ptr ss:[ebp-0x28] 0040255C . 8D45 DC lea eax,dword ptr ss:[ebp-0x24] 0040255F . 52 push edx 00402560 . 50 push eax 00402561 . 6A 02 push 0x2 00402563 . FF15 F4404000 call dword ptr ds:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObjList 00402569 . 83C4 0C add esp,0xC 0040256C . B9 04000280 mov ecx,0x80020004 00402571 . B8 0A000000 mov eax,0xA 00402576 . 894D 9C mov dword ptr ss:[ebp-0x64],ecx 00402579 . 66:85F6 test si,si 0040257C . 8945 94 mov dword ptr ss:[ebp-0x6C],eax 0040257F . 894D AC mov dword ptr ss:[ebp-0x54],ecx 00402582 . 8945 A4 mov dword ptr ss:[ebp-0x5C],eax 00402585 . 894D BC mov dword ptr ss:[ebp-0x44],ecx 00402588 . 8945 B4 mov dword ptr ss:[ebp-0x4C],eax 0040258B . 74 58 je XAfkayas_.004025E5 0040258D . 68 801B4000 push Afkayas_.00401B80 ; You Get It 00402592 . 68 9C1B4000 push Afkayas_.00401B9C ; \r\n 00402597 . FFD7 call edi 00402599 . 8BD0 mov edx,eax 0040259B . 8D4D E8 lea ecx,dword ptr ss:[ebp-0x18] 0040259E . FFD3 call ebx 004025A0 . 50 push eax 004025A1 . 68 A81B4000 push Afkayas_.00401BA8 ; KeyGen It Now 004025A6 . FFD7 call edi 004025A8 . 8D4D 94 lea ecx,dword ptr ss:[ebp-0x6C] 004025AB . 8945 CC mov dword ptr ss:[ebp-0x34],eax 004025AE . 8D55 A4 lea edx,dword ptr ss:[ebp-0x5C] 004025B1 . 51 push ecx 004025B2 . 8D45 B4 lea eax,dword ptr ss:[ebp-0x4C] 004025B5 . 52 push edx 004025B6 . 50 push eax 004025B7 . 8D4D C4 lea ecx,dword ptr ss:[ebp-0x3C] 004025BA . 6A 00 push 0x0 004025BC . 51 push ecx 004025BD . C745 C4 08000>mov dword ptr ss:[ebp-0x3C],0x8 004025C4 . FF15 10414000 call dword ptr ds:[<&MSVBVM50.#595>] ; MSVBVM50.rtcMsgBox 004025CA . 8D4D E8 lea ecx,dword ptr ss:[ebp-0x18] 004025CD . FF15 80414000 call dword ptr ds:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr 004025D3 . 8D55 94 lea edx,dword ptr ss:[ebp-0x6C] 004025D6 . 8D45 A4 lea eax,dword ptr ss:[ebp-0x5C] 004025D9 . 52 push edx 004025DA . 8D4D B4 lea ecx,dword ptr ss:[ebp-0x4C] 004025DD . 50 push eax 004025DE . 8D55 C4 lea edx,dword ptr ss:[ebp-0x3C] 004025E1 . 51 push ecx 004025E2 . 52 push edx 004025E3 . EB 56 jmp XAfkayas_.0040263B 004025E5 > 68 C81B4000 push Afkayas_.00401BC8 ; You Get Wrong 004025EA . 68 9C1B4000 push Afkayas_.00401B9C ; \r\n 004025EF . FFD7 call edi 004025F1 . 8BD0 mov edx,eax 004025F3 . 8D4D E8 lea ecx,dword ptr ss:[ebp-0x18] 004025F6 . FFD3 call ebx 004025F8 . 50 push eax 004025F9 . 68 E81B4000 push Afkayas_.00401BE8 ; Try Again 004025FE . FFD7 call edi

?得出Serial：

設(shè)L為輸入的Name的長度，

設(shè)C為輸入的Name的首字符，

設(shè)X為最后生成的結(jié)果，

得：

X = L*97531+C

所以serial為：

AKA-X

若有誤，望不吝賜教

總結(jié)

以上是生活随笔為你收集整理的160 - 2 Afkayas.1的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。

Afkayas