Perform file encryption FLASH file decryption method-vulnerability warning-the black bar safety net

2007-04-01T00:00:00
ID MYHACK58:62200714817
Type myhack58
Reporter 佚名
Modified 2007-04-01T00:00:00

Description

Tools: OD Lordpe 1 6 hexadecimal editor

Program: 多彩的夏天.exe

Purpose: from the EXE file in the export the SWF, then you can be decompile and modify the operation

Description: in order to study the need and the process. Disrespectful, please you understanding.

1, OD import program.

Stop here

004B556B > $ 6A 6 0 PUSH 6 0

004B556D . 6 8 3 0 8 0 5 3 0 0 PUSH colorful summer. 0 0 5 3 8 0 3 0

004B5572 . E8 E9EBFFFF CALL colorful summer. 004B4160

004B5577 . BF 9 4 0 0 0 0 0 0 MOV EDI,9 4

004B557C . 8BC7 MOV EAX,EDI

004B557E . E8 CD95FFFF CALL colorful summer. 004AEB50

2, the execution of the program, then you can see the program running the interface. And play the FLASH animation.

Note: This app is not using Flash Player the generated EXE file, so can not use the online some to the head of the method for processing.

To the OD.

ALT+M to display the memory list.

Preferably some of the relatively large block of memory, the right mouse button in the CPU for the dump, so that in the data area when you can see the memory blocks of the content,

For binary search the Flash file to the head of the FWS characters, if you find, you can look at this piece of content from the block to the head is not far away,

Actually keep can see.

01DF0000 5 0 0 0 5F 0 1 5 0 0 0 5F 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 P. P.........

01DF0010 0 0 6 0 2 7 0 0 0 0 6 0 2 7 0 0 1 1 0 8 0 0 0 0 0 0 0B 0 0 0 0 .... .....

01DF0020 4 6 5 7 5 3 0 6 EE 5 7 2 7 0 0 7 8 0 0 0 7 D0 0 0 0 0 1 7 7 0 FWS chin'. x.?. p