roger 发表于 2021-3-29 10:59:17

异想天开wp

/在GetWindowsTextA处下断点,通过栈回溯可以找到4个获取控件文本的函数,运行完这四个函数之后将stack窗口向下(xia)滑会发现6个字符串,在用户名上下断点,F9运行就可以找到加密函数,因为是MFC程序,其中的调用逻辑很复杂,建议不要用消息断点,如果你熟悉MFC程序手中有符号,就当我没说/
#include "pch.h"


#include <iostream>
using namespace std;


#define BL 0x55555556


#define AL 0x66666667


#define CARRYDIGITAL 0x1F
int OperationExtend(int mWord, int MH);
int main()


{
char lp;
int mWord;
char MagicString[] = "zouzhiyong";
int copy;
int remainder;
cout << "[+]请输入用户名(不小于五个字符):";
cin >> lp;
string magicWord;
string key;
for (int q = 0;q < 5;q++) {
mWord = 0;
mWord += static_cast<int>(lp);
for (int a = 1, d = q + 1;d < strlen(lp);a++, d++) {
mWord += static_cast<int>(lp);
}
while (mWord < 0x2710) {
mWord = mWord + mWord * 2;
}
int mValue = OperationExtend(BL, mWord);
mValue += (mValue >> 0x1F);
int DQ = mValue;
while (DQ != 0) {
remainder = DQ % 0xA;
DQ -= remainder;
DQ = OperationExtend(AL, DQ) >> 2;
copy = DQ >> CARRYDIGITAL;
DQ += copy;
magicWord.push_back(MagicString);
}
}
for (int a = 0;a < magicWord.length();a++) {
char end = magicWord - magicWord % 5 - 0x14 - (magicWord & 0x80000001) - 0xc;
if (a % 4 == 0 && a != 0) {
key.push_back('-');
}
key.push_back(end);
}
cout << "[+]注册码为:" << key.c_str() << endl;
while (1);
return 0;
}


//将运算位数扩展到8个字节,取高32位
int OperationExtend(int MH,int mWord) {
//每一个元素只保存2个字节,将字节扩展到8个
int stopOverflow;
//进位标志位
unsigned short int CF = 0;
int mWord_high=0;
stopOverflow = MH & 0xFFFF;
stopOverflow = (MH & 0xFFFF0000) >> 16;
stopOverflow = 0;
stopOverflow = 0;
//将0x55555556与mWord相乘取其中高32位
for (int a = 3;a >=0;a--) {
stopOverflow *= mWord;
stopOverflow += CF;
CF = (stopOverflow & 0xFFFF0000) >> 16;
}

mWord_high |= (stopOverflow & 0xFFFF);
mWord_high <<= 16;
mWord_high |= (stopOverflow & 0xFFFF);


return mWord_high;

页: [1]
查看完整版本: 异想天开wp