crackme008
| 名称 | 值 |
|---|
| 软件名称 | Andrénalin.1.exe |
| 加壳方式 | 无 |
| 保护方式 | serial |
| 编译语言 | Microsoft Visual Basic |
| 调试环境 | win10 64位 |
| 使用工具 | x32dbg,PEid |
| 破解日期 | 2025-06-10 |
脱壳
1. 先用PEid查壳
寻找Serial
- 寻找flag,用x32dbg打开程序,
鼠标右键->搜索->当前模块->字符串,发现存在字符串L"SuCCESFul !"
- 双击
地址=00401DD3反汇编=mov dword ptr ss:[ebp84],andrénalin.1.401AC4字符串地址=00401AC4字符串=L"SuCCESFul !",跳转到代码
mov ecx,dword ptr ss:[ebp-28] ; ecx = 输入框值
push ecx ;输入框值入栈
push andrénalin.1.401A54 ;常量L"SynTaX 2oo1"入栈
call dword ptr ds:[<&__vbaStrCmp>] ;比较两个字符串是否相等
mov edi,eax ;比较结果赋值给edi
lea ecx,dword ptr ss:[ebp-28] ;取字符串首地址
neg edi ;按位取反+1
sbb edi,edi ;edi = edi - edi - cf
inc edi ;自增1
neg edi ;按位取反+1
call dword ptr ds:[<&__vbaFreeStr>]
lea ecx,dword ptr ss:[ebp-2C]
call dword ptr ds:[<&__vbaFreeObj>]
cmp di,si ;0与edi的低16位比较
je andrénalin.1.401E43 ;不相等则成功
call dword ptr ds:[<&rtcBeep>]
mov edi,dword ptr ds:[<&__vbaVarDup>]
mov ecx,80020004
mov dword ptr ss:[ebp-64],ecx
mov eax,A
mov dword ptr ss:[ebp-54],ecx
mov ebx,8
lea edx,dword ptr ss:[ebp-8C]
lea ecx,dword ptr ss:[ebp-4C]
mov dword ptr ss:[ebp-6C],eax
mov dword ptr ss:[ebp-5C],eax
mov dword ptr ss:[ebp-84],andrénalin.1.401AC4
mov dword ptr ss:[ebp-8C],ebx
call edi
lea edx,dword ptr ss:[ebp-7C]
lea ecx,dword ptr ss:[ebp-3C]
mov dword ptr ss:[ebp-74],andrénalin.1.401A70
mov dword ptr ss:[ebp-7C],ebx
call edi
lea edx,dword ptr ss:[ebp-6C]
lea eax,dword ptr ss:[ebp-5C]
push edx
lea ecx,dword ptr ss:[ebp-4C]
push eax
push ecx
lea edx,dword ptr ss:[ebp-3C]
push 30
push edx
call dword ptr ds:[<&rtcMsgBox>] ;弹出成功的对话框
- 分析代码发现,key为固定值L"SynTaX 2oo1"
总结Crackme
