Domanda Reversing aiuto con .exe

Stato
Discussione chiusa ad ulteriori risposte.
Ordina per data Ordina commenti per reazioni
Adsso purtroppo ho qulche problemino di salute, mettermi a studiare una cosa nuovanon mi è possibile.
L'unica cosa che posso dire è ceh le finestre di inserimento password e la messagebox di password errata sono effettuate chimando le api di windows standard.
 
  • Mi piace
Reazioni: pompone916
P

pompone916

Utente Premium
25 Gennaio 2013
27
7
0
50
Salve a tutti , come da titolo ho bisogno di un aiuto per sbloccare un programma exe con delle funzioni bloccate da password.
premetto che non e' protetto da copyright ne licenza commerciale, e' un programma privatoin versione beta.
Non ne so quasi nulla di reversing e vorrei da voi alccuni consigli su come procedere.
Ho provato con w32dasm ma in string data reference non trovo la frase che compare nel box quando il prog mi chiede la password , ci sono delle stringhe con caratteri incomprensibili.Leggendo su alcune guide ho provato ad analizzarlo con peidentifier e mi dice che il prog e' fatto in visual C++7.0 e probabilmente e' criptato faccio copia incolla del file txt che ho salvato con krypto analizer:
ADLER32 :: 0000573D :: 0040573D
The reference is above.
ADLER32 :: 0000580D :: 0040580D
The reference is above.
CRC32 :: 0000FB50 :: 0040FB50
Referenced at 004059A1
Referenced at 004059D4
Referenced at 00405A1A
Referenced at 00405A5B
Referenced at 00405A9D
Referenced at 00405ADE
Referenced at 00405B23
Referenced at 00405B5C
Referenced at 00405BA2
Referenced at 00405BE1
Referenced at 00405C37
Referenced at 00405C6F
ZLIB deflate [word] :: 0000FA50 :: 0040FA50
Referenced at 004053B7

a questo punto come dovrei procedere? potete darmi indicazioni?
Grazie.
 
Nel frattempo ho fatto dei progressi (almeno credo) dai tutorial che ho letto , questo prog. usa le api di windows per richiamare il text box dove viene chiesta la passw.
Allora con ida pro andando nella finestra delle funzioni di windows ho notato che alcune funzioni sono scritte con caratteri neutri, altre in neretto altre evidenziate in celeste e 3 funzioni in neretto evidenziate in violetto.
faccio copia incolla della finestra dove ho scritto in viola le 3 funzioni di cui sopra e piu' in basso ho fatto copia incolla di quella che ritengo piu' importante delle 3.
Abbiate pazienza e scusatemi se faccio troppa confusione e se sono troppo esigente.
qualsiasi consiglio , indicazione o altro sono bene accetti.
Grazie.
sub_401000 .text 00401000 000000DD R . . . . T .
sub_401100 .text 00401100 00000094 R . . . . . .
sub_4011A0 .text 004011A0 00000151 R . . . . . .
sub_401300 .text 00401300 00000705 R . . . . T .
sub_401A10 .text 00401A10 000000C4 R . . . . . .
sub_401BC0 .text 00401BC0 000000D8 R . . . . . .
sub_401CE0 .text 00401CE0 00000332 R . . . . . .
sub_402020 .text 00402020 000000A6 R . . . . . .
sub_4020D0 .text 004020D0 00000059 R . . . . . .
sub_402130 .text 00402130 0000011D R . . . . . .
sub_402250 .text 00402250 00000100 R . . . . . .
sub_402350 .text 00402350 00000089 R . . . . . .
sub_4023E0 .text 004023E0 000000EA R . . . . . .
sub_4024D0 .text 004024D0 00000085 R . . . . . .
sub_402560 .text 00402560 000000AC R . . . . . .
sub_4026D0 .text 004026D0 00000064 R . . . . . .
sub_402740 .text 00402740 000000D8 R . . . . . .
sub_402820 .text 00402820 00000160 R . . . . T .
sub_402980 .text 00402980 00000015 R . . . . . .
sub_4029B0 .text 004029B0 00000006 R . . . . . .
sub_4029C0 .text 004029C0 0000012C R . . . . . .
sub_402BD0 .text 00402BD0 0000003A R . . . . . .
sub_402C10 .text 00402C10 00000194 R . . . . T .
WinMain(x,x,x,x) .text 00402DB0 000001D2 R . . . . T .
ntohl .text 00402F82 00000006 R . . . . T .
sub_402F90 .text 00402F90 00000061 R . . . . . .
sub_403060 .text 00403060 000000D1 R . . . . . .
sub_403140 .text 00403140 00000019 R . . . . . .
sub_403160 .text 00403160 0000001D R . . . . . .
sub_403180 .text 00403180 00000115 R . . . . . .
sub_4032A0 .text 004032A0 0000156D R . . . . . .
sub_4048A0 .text 004048A0 0000004C R . . . . . .
sub_404A10 .text 00404A10 00000052 R . . . . . .
sub_404CE0 .text 00404CE0 00000006 R . . . . . .
sub_404D50 .text 00404D50 0000046B R . . . . . .
sub_4051C0 .text 004051C0 000004EA R . . . . . .
sub_4056B0 .text 004056B0 00000253 R . . . . . .
sub_4059B0 .text 004059B0 000002D2 R . . . . . .
sub_405FD0 .text 00405FD0 0000003B R . . . . . .
sub_406160 .text 00406160 0000001D R . . . . . .
_sprintf .text 0040617D 00000058 R . L . B T .
__heap_alloc .text 004061D5 00000046 R . L . . T .
__nh_malloc .text 0040621B 0000002C R . L . . T .
_malloc .text 00406247 00000012 R . L . . T .
_strncmp .text 00406260 00000039 R . L . B T .
_fread .text 00406299 000000E9 R . L . B T .
_ftell .text 00406382 00000159 R . L . B T .
_fseek .text 004064DB 0000008E R . L . . T .
__fsopen .text 00406569 0000002A R . L . . T .
_fopen .text 00406593 00000013 R . L . . T .
__setmode .text 004065A6 00000082 R . L . . T .
_free .text 004066E2 00000038 R . L . . T .
_fclose .text 0040671A 00000056 R . L . . T .
_fwrite .text 00406770 00000107 R . L . B T .
_remove .text 00406877 0000002A R . L . . T .
__findclose .text 004068A1 0000001F R . L . . T .
___timet_from_ft .text 004068C0 00000064 R . L . B T .
__findfirst .text 00406924 000000DA R . L . B T .
__findnext .text 004069FE 000000D5 R . L . B T .
__putenv .text 00406AD3 000000C7 R . L . B T .
__alloc_osfhnd .text 00406B9A 0000009D R . L . . . .
__set_osfhnd .text 00406C37 00000077 R . L . . T .
__free_osfhnd .text 00406CAE 0000007A R . L . . . .
__get_osfhandle .text 00406D28 0000003C R . L . . T .
ctrlevent_capture(x) .text 00406D64 00000038 R . L S . T .
_siglookup .text 00406D9C 00000039 R . L S . . .
_signal .text 00406DD5 00000108 R . L . B T .
_getenv .text 00406EDD 00000081 R . L . . T .
unknown_libname_1 .text 00406F5E 0000002F . . L . . T .
__cinit .text 00406F8E 0000006A R . L . . . .
_doexit .text 00406FF8 000000C1 R . L S B T .
_exit .text 004070B9 00000011 . . L . . T .
__exit .text 004070CA 00000011 . . L . . T .
__cexit .text 004070DB 0000000F R . L . . T .
__c_exit .text 004070EA 0000000F R . L . . T .
__amsg_exit .text 004070F9 00000022 . . L . . T .
start .text 0040711E 000001DC R . L . B . .
__flsbuf .text 004072FA 00000116 R . L . B T .
_write_char .text 00407410 00000033 R . L S . T .
_write_multi_char .text 00407443 00000024 R . L S B T .
_write_string .text 00407467 00000037 R . L S . . .
__output .text 0040749E 000007DA R . L . B T .
___heap_select .text 00407C98 0000001A R . L . . . .
__heap_init .text 00407CB2 00000051 R . L . . . .
___sbh_heap_init .text 00407D03 00000048 R . L . . . .
___sbh_find_block .text 00407D4B 0000002B R . L . . . .
___sbh_free_block .text 00407D76 00000318 R . L . B . .
___sbh_alloc_new_region .text 0040808E 000000B7 R . L . . . .
___sbh_alloc_new_group .text 00408145 00000106 R . L . B . .
___sbh_resize_block .text 0040824B 000002DF R . L . B . .
___sbh_alloc_block .text 0040852A 000002FC R . L . B . .
__callnewh .text 00408826 0000001B R . L . . . .
__filbuf .text 00408841 000000DE R . L . . T .
__read .text 0040891F 000001EE R . L . B T .
_memcpy .text 00408B10 0000033D R . L . B T .
__ioinit .text 00408E4D 000001AB R . L . . . .
__lseek .text 00408FF8 0000008C R . L . . T .
__flush .text 00409084 0000005D R . L . . . .
_fflush .text 004090E1 0000003B R . L . . T .
_flsall .text 0040911C 0000006D R . L S . . .
sub_409189 .text 00409189 00000009 R . . . . . .
__openfile .text 00409192 00000168 R . L . B T .
__getstream .text 004092FA 00000072 R . L . . . .
_calloc .text 0040936C 0000007B R . L . . T .
__fcloseall .text 004093E7 00000058 R . L . . T .
__close .text 0040943F 000000B3 R . L . . T .
__freebuf .text 004094F2 0000002B R . L . . . .
__write .text 0040951D 000001F0 R . L . B T .
__dosmaperr .text 0040970D 0000005F R . L . . . .
___loctotime_t .text 0040976C 0000010E R . L . B . .
_strcpy .text 00409880 00000007 R . L . . T .
_strcat .text 00409890 000000E8 R . L . . T .
_report_failure .text 00409978 00000030 . . L S B . .
unknown_libname_2 .text 004099A9 0000000E R . L . . . .
_wfindenv .text 004099B7 00000051 R . L S . . .
_copy_environ .text 00409A08 00000061 R . L S B . .
___crtwsetenv .text 00409A69 000002CC R . L . B T .
_findenv .text 00409D35 0000004D R . L S . . .
_copy_environ_0 .text 00409D82 00000061 R . L S B . .
___crtsetenv .text 00409DE3 000001D5 R . L . B . .
_strlen .text 00409FC0 0000008B R . L . . T .
__XcptFilter .text 0040A04B 00000171 R . L . B T .
__mbsnbicoll .text 0040A1BC 0000003F R . L . B T .
___wtomb_environ .text 0040A1FB 00000090 R . L . B . .
__onexit .text 0040A28B 00000082 R . L . . T .
_atexit .text 0040A30D 00000012 R . L . . T .
sub_40A347 .text 0040A347 00000044 R . . . B . .
sub_40A38B .text 0040A38B 00000044 R . . . B T .
__NMSG_WRITE .text 0040A3CF 00000177 R . L . B T .
__FF_MSGBANNER .text 0040A546 00000039 R . L . . . .
__wincmdln .text 0040A57F 0000005D R . L . . . .
__setenvp .text 0040A5DC 000000C7 R . L . . . .
_parse_cmdline .text 0040A6A3 0000016C R . L S B . .
__setargv .text 0040A80F 000000A2 R . L . B . .
___crtGetEnvironmentStringsA .text 0040A8B1 00000122 R . L . . . .
__SEH_prolog .text 0040A9D4 0000003B R . L . . . .
__SEH_epilog .text 0040AA0F 00000011 R . L . . . .
__except_handler3 .text 0040AA28 000000E6 R . L . B T .
_seh_longjmp_unwind(x) .text 0040AB0E 0000001B R . L . . . .
__alloca_probe .text 0040AB30 0000003D R . L . . . .
__getbuf .text 0040AB6D 00000044 R . L . . . .
__isatty .text 0040ABB1 00000027 R . L . . T .
_wctomb .text 0040ABD8 00000066 R . L . B T .
__aulldvrm .text 0040AC40 00000095 R . L . . . .
_memcpy_0 .text 0040ACE0 0000033D R . L . B T .
unknown_libname_4 .text 0040B01D 00000057 R . L . . . .
__sopen .text 0040B074 000002D0 R . L . B T .
_memset .text 0040B350 00000060 R . L . . T .
__lseeki64 .text 0040B3B0 0000009F R . L . B T .
__tzset .text 0040B44F 00000253 R . L . B T .
_cvtdate .text 0040B6A2 000001B8 R . L S B . .
__isindst .text 0040B85A 0000018D R . L . . . .
___tzset .text 0040B9E7 00000015 R . L . . . .
___security_init_cookie .text 0040B9FC 00000066 R . L . B . .
___security_error_handler .text 0040BA62 00000147 . . L . B . .
__wcsnicoll .text 0040BBAA 000000A9 R . L . B T .
__wcsdup .text 0040BC53 0000002E R . L . . T .
_wcscpy .text 0040BC81 0000001C R . L . . T .
_wcslen .text 0040BC9D 00000016 R . L . . T .
_realloc .text 0040BCB3 00000162 R . L . . T .
___mbtow_environ .text 0040BE15 00000082 R . L . B . .
_wcschr .text 0040BE97 00000022 R . L . . T .
__strdup .text 0040BEB9 0000002B R . L . . T .
__mbschr .text 0040BEE4 00000067 R . L S B T .
_strncnt .text 0040BF4B 0000001C R . L S . . .
___crtCompareStringA .text 0040BF67 00000384 R . L . B T .
_CPtoLCID .text 0040C2EB 0000002F R . L S . . .
_setSBCS .text 0040C31A 00000029 R . L S . . .
_setSBUpLow .text 0040C343 0000018C R . L S B . .
__setmbcp .text 0040C4CF 000001E6 R . L . B T .
___initmbctable .text 0040C6B5 0000001E R . L . . . .
__msize .text 0040C6D3 00000038 R . L . . T .
___crtMessageBoxA .text 0040C70B 000000F9 R . L . B . .
_strncpy .text 0040C810 00000124 R . L . . T .
_x_ismbbtype .text 0040C934 00000033 R . L S . . .
__ismbblead .text 0040C967 00000011 R . L . . T .
__global_unwind2 .text 0040C978 00000020 R . L . B T .
__unwind_handler .text 0040C998 00000022 R . L S . . .
__local_unwind2 .text 0040C9BA 00000068 R . L . . . .
__abnormal_termination .text 0040CA22 00000023 R . L . . T .
__NLG_Notify .text 0040CA4E 00000018 R . L . . . .
__ValidateEH3RN .text 0040CA66 00000229 R . L . B . .
__fptrap .text 0040CC8F 00000007 . . L . . . .
__chsize .text 0040CC98 0000015C R . L . B T .
_atol .text 0040CDF4 00000058 R . L . . T .
_strcmp .text 0040CE50 00000088 R . L . . T .
_wcsncnt .text 0040CED8 0000001E R . L S . . .
___crtCompareStringW .text 0040CEF6 00000252 R . L . B T .
___ansicp .text 0040D21E 00000043 R . L . B T .
___convertcp .text 0040D261 000001C9 R . L . B T .
__resetstkoflw .text 0040D42A 000000E3 R . L . B T .
___crtLCMapStringA .text 0040D50D 000003BC R . L . B T .
___crtGetStringTypeA .text 0040D8C9 000001BA R . L . B T .
__ismbcspace .text 0040DA83 00000090 R . L . B T .
__isctype .text 0040DB54 0000007E R . L . B T .
RtlUnwind .text 0040DBD2 00000006 R . . . . T .
__mkdir .text 0040DBD8 0000002C R . L . . T .
GetCurrentProcessId .text 0040DC04 00000006 R . . . . T .
__fileno .text 0040DC0A 00000008 R . L . . T .
___dtoxmode .text 0040DC12 000000BD R . L . . T .
_IsRootUNCName .text 0040DCCF 0000006D R . L S . . .
__stat .text 0040DD3C 0000033B R . L . B T .
__rmdir .text 0040E077 0000002A R . L . . T .
__strnicmp .text 0040E0A1 00000055 R . L . B T .
__mbsicmp .text 0040E0F6 00000141 R . L . B T .
__mbsrchr .text 0040E237 00000056 R . L . B T .
__fullpath .text 0040E28D 000000A4 R . L . B T .
__getdrive .text 0040E331 000000E5 R . L . B T .
__mbctolower .text 0040E416 00000078 R . L . B T .
__mbspbrk .text 0040E48E 00000079 R . L . . T .
_tolower .text 0040E507 000000D5 R . L . B T .
___ascii_strnicmp .text 0040E5E0 00000061 R . L . B . .
__stricmp .text 0040E641 00000043 R . L . . T .
_strrchr .text 0040E690 0000002D R . L . B T .
__validdrive .text 0040E6BD 00000037 R . L . B T .
__getdcwd .text 0040E6F4 000000E7 R . L . B T .
__getcwd .text 0040E7DB 00000013 R . L . . T .
_toupper .text 0040E7EE 000000D7 R . L . B T .
_strpbrk .text 0040E8D0 00000040 R . L . B T .
___ascii_stricmp .text 0040E910 0000004E R . L . B . .

Faccio il copia incolla della funzione GetCurrentProcessId :

.idata:0040F0E4 ; DWORD __stdcall GetCurrentProcessId()
.idata:0040F0E4 extrn __imp_GetCurrentProcessId:dword
.idata:0040F0E4 ; CODE XREF: ___security_init_cookie+27p
.idata:0040F0E4 ; DATA XREF: ___security_init_cookie+27r ...
.idata:0040F0E8 ; void __stdcall GetSystemTimeAsFileTime(LPFILETIME lpSystemTimeAsFileTime)
.idata:0040F0E8 extrn GetSystemTimeAsFileTime:dword
.idata:0040F0E8 ; CODE XREF: ___security_init_cookie+1Bp
.idata:0040F0E8 ; DATA XREF: ___security_init_cookie+1Br
.idata:0040F0EC ; int __stdcall CompareStringA(LCID Locale, DWORD dwCmpFlags, PCNZCH lpString1, int cchCount1, PCNZCH lpString2, int cchCount2)
.idata:0040F0EC extrn CompareStringA:dword
.idata:0040F0EC ; CODE XREF: ___crtCompareStringA+355p
.idata:0040F0EC ; ___crtCompareStringW+208p
.idata:0040F0EC ; DATA XREF: ...
.idata:0040F0F0 ; BOOL __stdcall GetCPInfo(UINT CodePage, LPCPINFO lpCPInfo)
.idata:0040F0F0 extrn GetCPInfo:dword ; CODE XREF: ___crtCompareStringA+E8p
.idata:0040F0F0 ; _setSBUpLow+1Cp ...
.idata:0040F0F4 ; int __stdcall CompareStringW(LCID Locale, DWORD dwCmpFlags, PCNZWCH lpString1, int cchCount1, PCNZWCH lpString2, int cchCount2)
.idata:0040F0F4 extrn CompareStringW:dword
.idata:0040F0F4 ; CODE XREF: ___crtCompareStringA+2Cp
.idata:0040F0F4 ; ___crtCompareStringA+298p ...
.idata:0040F0F8 ; UINT __stdcall GetACP()
.idata:0040F0F8 extrn GetACP:dword ; CODE XREF: __setmbcp+42p
.idata:0040F0F8 ; DATA XREF: __setmbcp+42r
.idata:0040F0FC ; UINT __stdcall GetOEMCP()
.idata:0040F0FC extrn GetOEMCP:dword ; CODE XREF: __setmbcp+2Bp
.idata:0040F0FC ; DATA XREF: __setmbcp+2Br
.idata:0040F100 ; SIZE_T __stdcall HeapSize(HANDLE hHeap, DWORD dwFlags, LPCVOID lpMem)
.idata:0040F100 extrn HeapSize:dword ; CODE XREF: __msize+30p
.idata:0040F100 ; DATA XREF: __msize+30r
.idata:0040F104 ; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
.idata:0040F104 extrn LoadLibraryA:dword ; CODE XREF: ___crtMessageBoxA+18p
.idata:0040F104 ; DATA XREF: ___crtMessageBoxA+18r
.idata:0040F108 ; void __stdcall RtlUnwind(PVOID TargetFrame, PVOID TargetIp, PEXCEPTION_RECORD ExceptionRecord, PVOID ReturnValue)
.idata:0040F108 extrn __imp_RtlUnwind:dword ; DATA XREF: RtlUnwindr
.idata:0040F10C ; LONG __stdcall InterlockedExchange(volatile LONG *Target, LONG Value)
.idata:0040F10C extrn InterlockedExchange:dword
.idata:0040F10C ; CODE XREF: __ValidateEH3RN+131p
.idata:0040F10C ; __ValidateEH3RN+196p ...
.idata:0040F110 ; SIZE_T __stdcall VirtualQuery(LPCVOID lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, SIZE_T dwLength)
.idata:0040F110 extrn VirtualQuery:dword ; CODE XREF: __ValidateEH3RN+B3p
.idata:0040F110 ; __resetstkoflw+1Ap ...
.idata:0040F114 ; BOOL __stdcall SetEndOfFile(HANDLE hFile)
.idata:0040F114 extrn SetEndOfFile:dword ; CODE XREF: __chsize+104p
.idata:0040F114 ; DATA XREF: __chsize+104r
.idata:0040F118 ; int __stdcall GetLocaleInfoA(LCID Locale, LCTYPE LCType, LPSTR lpLCData, int cchData)
.idata:0040F118 extrn GetLocaleInfoA:dword ; CODE XREF: ___ansicp+20p
.idata:0040F118 ; DATA XREF: ___ansicp+20r
.idata:0040F11C ; BOOL __stdcall VirtualProtect(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect)
.idata:0040F11C extrn VirtualProtect:dword ; CODE XREF: __resetstkoflw+D5p
.idata:0040F11C ; DATA XREF: __resetstkoflw+D5r
.idata:0040F120 ; void __stdcall GetSystemInfo(LPSYSTEM_INFO lpSystemInfo)
.idata:0040F120 extrn GetSystemInfo:dword ; CODE XREF: __resetstkoflw+2Bp
.idata:0040F120 ; DATA XREF: __resetstkoflw+2Br
.idata:0040F124 ; int __stdcall LCMapStringA(LCID Locale, DWORD dwMapFlags, LPCSTR lpSrcStr, int cchSrc, LPSTR lpDestStr, int cchDest)
.idata:0040F124 extrn LCMapStringA:dword
.idata:0040F124 ; CODE XREF: ___crtLCMapStringA+2C3p
.idata:0040F124 ; ___crtLCMapStringA+344p ...
.idata:0040F128 ; int __stdcall LCMapStringW(LCID Locale, DWORD dwMapFlags, LPCWSTR lpSrcStr, int cchSrc, LPWSTR lpDestStr, int cchDest)
.idata:0040F128 extrn LCMapStringW:dword ; CODE XREF: ___crtLCMapStringA+27p
.idata:0040F128 ; ___crtLCMapStringA+15Bp ...
.idata:0040F12C ; BOOL __stdcall GetStringTypeA(LCID Locale, DWORD dwInfoType, LPCSTR lpSrcStr, int cchSrc, LPWORD lpCharType)
.idata:0040F12C extrn GetStringTypeA:dword
.idata:0040F12C ; CODE XREF: ___crtGetStringTypeA+19Cp
.idata:0040F12C ; DATA XREF: ___crtGetStringTypeA+19Cr
.idata:0040F130 ; BOOL __stdcall GetStringTypeW(DWORD dwInfoType, LPCWSTR lpSrcStr, int cchSrc, LPWORD lpCharType)
.idata:0040F130 extrn GetStringTypeW:dword
.idata:0040F130 ; CODE XREF: ___crtGetStringTypeA+24p
.idata:0040F130 ; ___crtGetStringTypeA+128p
.idata:0040F130 ; DATA XREF: ...
.idata:0040F134 ; BOOL __stdcall CreateDirectoryA(LPCSTR lpPathName, LPSECURITY_ATTRIBUTES lpSecurityAttributes)
.idata:0040F134 extrn CreateDirectoryA:dword ; CODE XREF: __mkdir+6p
.idata:0040F134 ; DATA XREF: __mkdir+6r
.idata:0040F138 ; UINT __stdcall GetDriveTypeA(LPCSTR lpRootPathName)
.idata:0040F138 extrn GetDriveTypeA:dword ; CODE XREF: __stat+E2p
.idata:0040F138 ; __validdrive+1Fp
.idata:0040F138 ; DATA XREF: ...
.idata:0040F13C
.idata:0040F140 ;
.idata:0040F140 ; Imports from USER32.dll
.idata:0040F140 ;
.idata:0040F140 ; int __stdcall MessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
.idata:0040F140 extrn MessageBoxA:dword ; CODE XREF: sub_4011A0+E0p
.idata:0040F140 ; sub_4011A0+142p ...
 
Sei lontano un paio di anni luce dalla soluzione del problema. voglio essere sincero con te, date le tue conoscenze n merito, se non dai il software a qualcuno non risolverai prima di qualche mese di studio su altri soft partendo da 0.
 
Ti ringrazio per la franchezza, infatti hai ragione non so propio dove mettere le mani.
Il software lo posso anche dare .Se ci fosse qualche anima pia disposta a dargli un occhiata.
 
Allora, come avrai sucramente notato il processo principale crea un altro processo, il quale lancia uno script python.
Originariamente questo file era in python, poi è stato impacchettato con tools del tipo py2exe o pynstaller. Non ne ho mai visto uno così, non sono sicuro sul dafarsi o_O
 
Ok , non ti preoccupare , spero sia nulla di grave.
Comunque grazie per il tempo che mi hai dedicato. Che dici pensi che potrei chiedere in pvt a predator di dargli un ' occhiata ?
 
:boh:
Un aiuto pls......

- - - Updated - - -

Tra tutti quelli che hanno scaricato il prog. possibile che nessuno abbia fatto qualche progresso?
Grazie.
 
Ok , vado avanti da solo(almeno ci provo).
Stando a quanto detto da Evolution il prog. chiama per le finestre di inserimento password e la messagebox di password errata le api di windows standard.
Queste sono le imports ed exports table ricopiate da IDA PRO , mi potreste indicare quali sono quelle incriminate? :nono:

Grazie.

imports

0040F000 17 InitCommonControls COMCTL32
0040F008 GetCurrentDirectoryA KERNEL32
0040F00C SetFilePointer KERNEL32
0040F010 GetTempPathA KERNEL32
0040F014 GetProcAddress KERNEL32
0040F018 LoadLibraryExA KERNEL32
0040F01C GetModuleHandleA KERNEL32
0040F020 GetExitCodeProcess KERNEL32
0040F024 WaitForSingleObject KERNEL32
0040F028 CreateProcessA KERNEL32
0040F02C GetCommandLineA KERNEL32
0040F030 GetStartupInfoA KERNEL32
0040F034 GetModuleFileNameA KERNEL32
0040F038 GetFullPathNameA KERNEL32
0040F03C RemoveDirectoryA KERNEL32
0040F040 HeapAlloc KERNEL32
0040F044 HeapFree KERNEL32
0040F048 GetLastError KERNEL32
0040F04C DeleteFileA KERNEL32
0040F050 FindClose KERNEL32
0040F054 FileTimeToSystemTime KERNEL32
0040F058 FileTimeToLocalFileTime KERNEL32
0040F05C FindFirstFileA KERNEL32
0040F060 FindNextFileA KERNEL32
0040F064 MultiByteToWideChar KERNEL32
0040F068 SetStdHandle KERNEL32
0040F06C GetFileType KERNEL32
0040F070 SetConsoleCtrlHandler KERNEL32
0040F074 ExitProcess KERNEL32
0040F078 TerminateProcess KERNEL32
0040F07C GetCurrentProcess KERNEL32
0040F080 GetVersionExA KERNEL32
0040F084 HeapDestroy KERNEL32
0040F088 HeapCreate KERNEL32
0040F08C VirtualFree KERNEL32
0040F090 VirtualAlloc KERNEL32
0040F094 HeapReAlloc KERNEL32
0040F098 ReadFile KERNEL32
0040F09C SetHandleCount KERNEL32
0040F0A0 GetStdHandle KERNEL32
0040F0A4 CloseHandle KERNEL32
0040F0A8 WriteFile KERNEL32
0040F0AC SetEnvironmentVariableA KERNEL32
0040F0B0 WideCharToMultiByte KERNEL32
0040F0B4 SetEnvironmentVariableW KERNEL32
0040F0B8 UnhandledExceptionFilter KERNEL32
0040F0BC FreeEnvironmentStringsA KERNEL32
0040F0C0 GetEnvironmentStrings KERNEL32
0040F0C4 FreeEnvironmentStringsW KERNEL32
0040F0C8 GetEnvironmentStringsW KERNEL32
0040F0CC FlushFileBuffers KERNEL32
0040F0D0 CreateFileA KERNEL32
0040F0D4 GetTimeZoneInformation KERNEL32
0040F0D8 QueryPerformanceCounter KERNEL32
0040F0DC GetTickCount KERNEL32
0040F0E0 GetCurrentThreadId KERNEL32
0040F0E4 GetCurrentProcessId KERNEL32
0040F0E8 GetSystemTimeAsFileTime KERNEL32
0040F0EC CompareStringA KERNEL32
0040F0F0 GetCPInfo KERNEL32
0040F0F4 CompareStringW KERNEL32
0040F0F8 GetACP KERNEL32
0040F0FC GetOEMCP KERNEL32
0040F100 HeapSize KERNEL32
0040F104 LoadLibraryA KERNEL32
0040F108 RtlUnwind KERNEL32
0040F10C InterlockedExchange KERNEL32
0040F110 VirtualQuery KERNEL32
0040F114 SetEndOfFile KERNEL32
0040F118 GetLocaleInfoA KERNEL32
0040F11C VirtualProtect KERNEL32
0040F120 GetSystemInfo KERNEL32
0040F124 LCMapStringA KERNEL32
0040F128 LCMapStringW KERNEL32
0040F12C GetStringTypeA KERNEL32
0040F130 GetStringTypeW KERNEL32
0040F134 CreateDirectoryA KERNEL32
0040F138 GetDriveTypeA KERNEL32
0040F140 MessageBoxA USER32
0040F148 14 __imp_ntohl WS2_32

exports

start 0040711E

- - - Updated - - -

Evolution dove sei ????????

- - - Updated - - -

Predator pls.......:asd:
 
Premesso che non ho scaricato il software ma mi fido del responso di EvOlUtIoN_OGM.
Se l'exe è stato generato con py2exe puoi ottenere il library.zip e i relativi file sorgenti .py usando Py2ExeDumper:
http://sourceforge.net/projects/py2exedumper/

Se dopo l'estrazione file trovi dei file .pyc puoi decompilarli con Easy Python Decompiler:
http://sourceforge.net/projects/easypythondecompiler/

Arriverai cosi ad avere i file python sorgenti e potrai vedere come viene gestita la password o addirittura trovarla al suo interno.

crystalboy
 
Stato
Discussione chiusa ad ulteriori risposte.

DISCUSSIONI SIMILI

0
Guida Android Application Penetration Testing - Concetti e Basi
  • Release
  • 3
  • 3K
3
3K
Pentesting e Ethical Hacking Guide e Tools
0xbro
Top Bottom
Indietro