运行分析
- 输入任意PASSWORD,没反应
PE分析
- upx壳,使用upx -d ceycey.exe脱壳
- 脱壳后分析:Delphi程序,32位
静态分析
- 找到关键字符串,进入主函数
int __fastcall TForm1_Button1Click(int a1)
{
char v1; // zf
unsigned int v3[2]; // [esp-10h] [ebp-14h] BYREF
int *v4; // [esp-8h] [ebp-Ch]
int v5; // [esp+0h] [ebp-4h] BYREF
int savedregs; // [esp+4h] [ebp+0h] BYREF
v5 = 0;
v4 = &savedregs;
v3[1] = (unsigned int)&loc_457658;
v3[0] = (unsigned int)NtCurrentTeb()->NtTib.ExceptionList;
__writefsdword(0, (unsigned int)v3);
TControl::GetText(*(TControl **)(a1 + 724)); // 读取PASSWORD
System::__linkproc__ LStrCmp(v5, &str_ULTRADMA_______[1]);// PASSWORD和str_ULTRADMA____作比较,比较成功执行下面弹窗
if ( v1 )
MessageBoxA(0, "Easy huh?", "Do not think u r good", 0);// 执行成功弹窗
__writefsdword(0, v3[0]);
v4 = (int *)&loc_45765F;
return unknown_libname_27(&v5);
}
- ida双击str_ULTRADMA_______,找到PASSWORD明文为ULTRADMA…(注意.也是密码)
动态调试
- 输入密码ULTRADMA…破解成功