一个.NET程序的爆破~

pizigao · 发表于 2010-7-12 14:30:35

其他都搞定了~就是要导出的时候校验注册~大家帮我看看~几个关键的 brtrue.s改成brflase.s居然也不行

0          L_0000:       nop
1          L_0001:       newobj       System.Void System.Data.DataSet::.ctor()
2          L_0006:       stloc.0
3          L_0007:       newobj       System.Void System.Data.DataTable::.ctor()
4          L_000c:       stloc.1
5          L_000d:       ldstr       "系统状态信息"
6          L_0012:       call       System.Data.DataTable fpgl.Cl_fp::GetTables(System.String)
7          L_0017:       callvirt       System.Data.DataRowCollection System.Data.DataTable::get_Rows()
8          L_001c:       callvirt       System.Int32 System.Data.InternalDataCollectionBase::get_Count()
9          L_0021:       ldc.i4.1
10          L_0022:       ceq
11          L_0024:       ldc.i4.0
12          L_0025:       ceq
13          L_0027:       stloc.s       V_8
14          L_0029:       ldloc.s       V_8
15          L_002b:       brtrue       97 -> nop
16          L_0030:       nop
17          L_0031:       ldstr       "Select * from 系统状态信息"
18          L_0036:       call       System.Data.DataSet fpgl.Cl_fp::OleDbDataSet(System.String)
19          L_003b:       stloc.0
20          L_003c:       ldloc.0
21          L_003d:       callvirt       System.Data.DataTableCollection System.Data.DataSet::get_Tables()
22          L_0042:       ldc.i4.0
23          L_0043:       callvirt       System.Data.DataTable System.Data.DataTableCollection::get_Item(System.Int32)
24          L_0048:       stloc.1
25          L_0049:       ldloc.1
26          L_004a:       callvirt       System.Data.DataRowCollection System.Data.DataTable::get_Rows()
27          L_004f:       ldc.i4.0
28          L_0050:       callvirt       System.Data.DataRow System.Data.DataRowCollection::get_Item(System.Int32)
29          L_0055:       ldc.i4.8
30          L_0056:       callvirt       System.Object System.Data.DataRow::get_Item(System.Int32)
31          L_005b:       callvirt       System.String System.Object::ToString()
32          L_0060:       stloc.2
33          L_0061:       ldstr       "SOFTWARE\fpgl"
34          L_0066:       ldstr       "code"
35          L_006b:       call       System.Object fpgl.RegeditOperate::ReadRegistry(System.String,System.String)
36          L_0070:       stloc.3
37          L_0071:       ldstr       "SOFTWARE\fpgl"
38          L_0076:       ldstr       "code1"
39          L_007b:       call       System.Object fpgl.RegeditOperate::ReadRegistry(System.String,System.String)
40          L_0080:       callvirt       System.String System.Object::ToString()
41          L_0085:       stloc.s       V_4
42          L_0087:       ldloc.3
43          L_0088:       ldnull
44          L_0089:       ceq
45          L_008b:       stloc.s       V_8
46          L_008d:       ldloc.s       V_8
47          L_008f:       brtrue.s       95 -> nop
48          L_0091:       nop
49          L_0092:       ldloc.3
50          L_0093:       callvirt       System.String System.Object::ToString()
51          L_0098:       ldloc.2
52          L_0099:       call       System.String fpgl.Cl_Jh::Encrypt(System.String)
53          L_009e:       call       System.Boolean System.String::op_Inequality(System.String,System.String)
54          L_00a3:       ldc.i4.0
55          L_00a4:       ceq
56          L_00a6:       stloc.s       V_8
57          L_00a8:       ldloc.s       V_8
58          L_00aa:       brtrue.s       94 -> nop
59          L_00ac:       nop
60          L_00ad:       ldloc.s       V_4
61          L_00af:       ldstr       ""
62          L_00b4:       call       System.Boolean System.String::op_Inequality(System.String,System.String)
63          L_00b9:       ldc.i4.0
64          L_00ba:       ceq
65          L_00bc:       stloc.s       V_8
66          L_00be:       ldloc.s       V_8
67          L_00c0:       brtrue.s       87 -> nop
68          L_00c2:       nop
69          L_00c3:       ldloc.s       V_4
70          L_00c5:       call       System.DateTime System.Convert::ToDateTime(System.String)
71          L_00ca:       ldc.i4.s       0xe2
72          L_00cc:       call       System.DateTime fpgl.Cl_fp::datetime(System.Int32)
73          L_00d1:       call       System.Boolean System.DateTime::op_LessThanOrEqual(System.DateTime,System.DateTime)
74          L_00d6:       ldc.i4.0
75          L_00d7:       ceq
76          L_00d9:       stloc.s       V_8
77          L_00db:       ldloc.s       V_8
78          L_00dd:       brtrue.s       85 -> nop
79          L_00df:       nop
80          L_00e0:       ldstr       "你还未注册，请注册后使用！"
81          L_00e5:       ldstr       "提示"
82          L_00ea:       call       System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String,System.String)
83          L_00ef:       pop
84          L_00f0:       br       297 -> ret
85          L_00f5:       nop
86          L_00f6:       br.s       93 -> nop
87          L_00f8:       nop
88          L_00f9:       ldstr       "你还未注册，请注册后使用！"
89          L_00fe:       ldstr       "提示"
90          L_0103:       call       System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String,System.String)
91          L_0108:       pop
92          L_0109:       br       297 -> ret
93          L_010e:       nop
94          L_010f:       nop
95          L_0110:       nop
96          L_0111:       br.s       103 -> ldarg.0
97          L_0113:       nop
98          L_0114:       ldstr       "你还未注册，请注册后使用！"
99          L_0119:       ldstr       "提示"
100          L_011e:       call       System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String,System.String)
101          L_0123:       pop
102          L_0124:       br       297 -> ret
103          L_0129:       ldarg.0
104          L_012a:       ldfld       System.Windows.Forms.TextBox fpgl.Frm_dr_dqsj::textBox2
105          L_012f:       callvirt       System.String System.Windows.Forms.Control::get_Text()
106          L_0134:       ldsfld       System.Object fpgl.Frm_dr_dqsj::reg
107          L_0139:       callvirt       System.String System.Object::ToString()
108          L_013e:       ldstr       "\DATABASE\DEFAULT"
109          L_0143:       call       System.String System.String::Concat(System.String,System.String)
110          L_0148:       callvirt       System.Int32 System.String::IndexOf(System.String)
111          L_014d:       ldc.i4.m1
112          L_014e:       ceq
113          L_0150:       stloc.s       V_8
114          L_0152:       ldloc.s       V_8
115          L_0154:       brtrue       291 -> nop
116          L_0159:       nop

heizihui · 发表于 2010-7-16 18:04:54

78          L_00dd:       brtrue.s       85 -> nop

86          L_00f6:       br.s       93 -> nop

96          L_0111:       br.s       103 -> ldarg.0

改 ret ？？？？

pizigao · 发表于 2010-10-22 10:54:26

78 L_00dd: brtrue.s 85 -> nop

86 L_00f6: br.s ...
heizihui 发表于 2010-7-16 18:04

改成RET？有空试试

明媚安生 · 发表于 2014-6-12 14:45:07

IL,看不懂

		自动登录	找回密码
密码			加入我们

[求助] 一个.NET程序的爆破~

相关帖子