crackme008

名称	值
软件名称	Andrénalin.1.exe
加壳方式	无
保护方式	serial
编译语言	Microsoft Visual Basic
调试环境	win10 64位
使用工具	x32dbg,PEid
破解日期	2025-06-10

脱壳

1. 先用PEid查壳

01-PEid查壳

查到无壳

寻找Serial

寻找flag，用x32dbg打开程序，鼠标右键->搜索->当前模块->字符串，发现存在字符串L"SuCCESFul !"
双击地址=00401DD3反汇编=mov dword ptr ss:[ebp84],andrénalin.1.401AC4字符串地址=00401AC4字符串=L"SuCCESFul !"，跳转到代码

mov ecx,dword ptr ss:[ebp-28]                 ; ecx = 输入框值
push ecx                                      ;输入框值入栈
push andrénalin.1.401A54                      ;常量L"SynTaX 2oo1"入栈
call dword ptr ds:[<&__vbaStrCmp>]            ;比较两个字符串是否相等
mov edi,eax                                   ;比较结果赋值给edi
lea ecx,dword ptr ss:[ebp-28]                 ;取字符串首地址
neg edi                                       ;按位取反+1
sbb edi,edi                                   ;edi = edi - edi - cf
inc edi                                       ;自增1
neg edi                                       ;按位取反+1
call dword ptr ds:[<&__vbaFreeStr>]
lea ecx,dword ptr ss:[ebp-2C]
call dword ptr ds:[<&__vbaFreeObj>]
cmp di,si                                     ;0与edi的低16位比较
je andrénalin.1.401E43                        ;不相等则成功
call dword ptr ds:[<&rtcBeep>]
mov edi,dword ptr ds:[<&__vbaVarDup>]
mov ecx,80020004
mov dword ptr ss:[ebp-64],ecx
mov eax,A
mov dword ptr ss:[ebp-54],ecx
mov ebx,8
lea edx,dword ptr ss:[ebp-8C]
lea ecx,dword ptr ss:[ebp-4C]
mov dword ptr ss:[ebp-6C],eax
mov dword ptr ss:[ebp-5C],eax
mov dword ptr ss:[ebp-84],andrénalin.1.401AC4
mov dword ptr ss:[ebp-8C],ebx
call edi
lea edx,dword ptr ss:[ebp-7C]
lea ecx,dword ptr ss:[ebp-3C]
mov dword ptr ss:[ebp-74],andrénalin.1.401A70
mov dword ptr ss:[ebp-7C],ebx
call edi
lea edx,dword ptr ss:[ebp-6C]
lea eax,dword ptr ss:[ebp-5C]
push edx
lea ecx,dword ptr ss:[ebp-4C]
push eax
push ecx
lea edx,dword ptr ss:[ebp-3C]
push 30
push edx
call dword ptr ds:[<&rtcMsgBox>]                  ;弹出成功的对话框