Current location: Home Page > Course > text

.Net zero base reverse tutorial -- the seventh lesson (ever-changing)

With the recent lessons, I think you have gained some experience.

How do we reverse it? First you have to shell out, then you have to find the verification mechanism of the registration mechanism, find out how it is verified, and we can reverse the software.

So in the previous lesson, we all found the verification mechanism according to certain characteristics. Today we will learn how to find out the key position from a software without pop-up.

This is a small software I wrote. The number in the middle will change, change and change. The purpose of this time is not to change the number.

Check the shell, no shell, throw it into dnSpy.

Because there is no good idea, so direct F5 let it run.

Now that the change happens in this window, we might as well interrupt it here and see its calling stack.

From the Main method, the stack calls all kinds of DLL of the system. It seems that we can only start with Main, double entry.

Here we can see a window initialization, which shows that the program displays the Form1 window after running.

Click Form1, we can find the initialization information for this window.

Click on the InitializeComponent method to see what elements in this window.

As shown above, there are two elements that attract our attention. One is the Timer1 (clock 1) executed in 500 milliseconds, the other is a label2 (tag 2).

So we can probably guess that the clock 1 changed the content of label 2 every 500 millimeters.

To verify our idea, I clicked the right button > analysis on the 39 line of label2.

In the analyzer below, we can find some analysis contents of it.

Double click to follow up Timer1_Tick to see.

It is found that the Text attribute and ForeColor attribute of label2 are modified.

Right click edit method to annotate unnecessary sentences.

Compile and save.

It will not change this time.


After class homework, think about laber2's content and color, but why we can't find it in the assignment, but find it in the read?


 

All resources of this blog are not specified. Harmonious The version does not need to pay, I do not engage in software members, nor accept the designated harmonious business.

Software can not download / install / other computer problems, free QQ group (500 people):949039296

There are problems with the above group, direct group asked, when online answer, private chat generally do not see.

I would like to reward WeChat for sweeping the two-dimensional code on the right. I do not recommend more than 10 yuan.

 
Article title:.Net zero base reverse tutorial - the seventh lesson (ever-changing)
The writer: Mu Ruoxi
Date of publication: 2019-04-29 02:35 starts on Monday Evening as evening
Fixed links: Https://www.muruoxi.com/jiaocheng/4108.html
 
Article Tags:
Last article: Next article:

No comment

Comment

(E) (= = omega =) (< <) Sigma ( (3) X X (E - -)

Tip: after refreshing the comment, you can see the hidden files.
About ten years
Loading...