|
求高手终结下脱未知壳的方法
听说楼上说的方法都已失效 |
|
[已解决]保护模式与DS
怎没出版社找书呆彭? |
|
[求助].text段映射到内存中的起始地址计算,请各位指点下
看不懂你在说什么 |
|
[求助]masm32的一个小exe,使用OD打开看到的汇编代码,有些地方不明白,请教请教:
帮LZ整理了一下 00401000 6A 00 push 0 00401002 E8 D5020000 call 004012DC 00401007 A3 10304000 mov dword ptr [403010], eax 0040100C E8 C5020000 call 004012D6 00401011 A3 08304000 mov dword ptr [403008], eax 00401016 6A 0A push 0A 00401018 FF35 08304000 push dword ptr [403008] 0040101E 6A 00 push 0 00401020 FF35 10304000 push dword ptr [403010] 00401026 E8 06000000 call 00401031 0040102B 50 push eax 0040102C E8 9F020000 call 004012D0 00401031 55 push ebp 00401032 8BEC mov ebp, esp 00401034 83C4 A4 add esp, -5C 00401037 EB 0E jmp short 00401047 00767372 db 'Generic_Class', 0 00401047 C745 D0 3000000>mov dword ptr [ebp-30], 30 0040104E C745 D4 0320000>mov dword ptr [ebp-2C], 2003 00401055 C745 D8 7B11400>mov dword ptr [ebp-28], 0040117B 0040105C C745 DC 0000000>mov dword ptr [ebp-24], 0 00401063 C745 E0 0000000>mov dword ptr [ebp-20], 0 0040106A FF75 08 push dword ptr [ebp+8] 0040106D 8F45 E4 pop dword ptr [ebp-1C] 00401070 C745 F0 1000000>mov dword ptr [ebp-10], 10 00401077 C745 F4 0000000>mov dword ptr [ebp-C], 0 0040107E C745 F8 3910400>mov dword ptr [ebp-8], 00401039 ; ASCII "Generic_Class" 00401085 68 F4010000 push 1F4 0040108A FF75 08 push dword ptr [ebp+8] 0040108D E8 02020000 call 00401294 00401092 8945 E8 mov dword ptr [ebp-18], eax 00401095 68 007F0000 push 7F00 0040109A 6A 00 push 0 0040109C E8 ED010000 call 0040128E 004010A1 8945 EC mov dword ptr [ebp-14], eax 004010A4 C745 FC 0000000>mov dword ptr [ebp-4], 0 004010AB 8D45 D0 lea eax, dword ptr [ebp-30] 004010AE 50 push eax 004010AF E8 F8010000 call 004012AC 004010B4 C745 B0 F401000>mov dword ptr [ebp-50], 1F4 004010BB C745 AC 5E01000>mov dword ptr [ebp-54], 15E 004010C2 6A 00 push 0 004010C4 E8 BF010000 call 00401288 004010C9 50 push eax 004010CA FF75 B0 push dword ptr [ebp-50] 004010CD E8 88010000 call 0040125A 004010D2 8945 A8 mov dword ptr [ebp-58], eax 004010D5 6A 01 push 1 004010D7 E8 AC010000 call 00401288 004010DC 50 push eax 004010DD FF75 AC push dword ptr [ebp-54] 004010E0 E8 75010000 call 0040125A 004010E5 8945 A4 mov dword ptr [ebp-5C], eax 004010E8 6A 00 push 0 004010EA FF75 08 push dword ptr [ebp+8] 004010ED 6A 00 push 0 004010EF 6A 00 push 0 004010F1 FF75 AC push dword ptr [ebp-54] 004010F4 FF75 B0 push dword ptr [ebp-50] 004010F7 FF75 A4 push dword ptr [ebp-5C] 004010FA FF75 A8 push dword ptr [ebp-58] 004010FD 68 0000CF00 push 0CF0000 00401102 68 00304000 push 00403000 ; ASCII "Generic" 00401107 68 39104000 push 00401039 ; ASCII "Generic_Class" 0040110C 68 00030000 push 300 00401111 E8 5A010000 call 00401270 00401116 A3 0C304000 mov dword ptr [40300C], eax 0040111B 68 58020000 push 258 00401120 FF75 08 push dword ptr [ebp+8] 00401123 E8 72010000 call 0040129A 00401128 50 push eax 00401129 FF35 0C304000 push dword ptr [40300C] 0040112F E8 84010000 call 004012B8 00401134 6A 01 push 1 00401136 FF35 0C304000 push dword ptr [40300C] 0040113C E8 7D010000 call 004012BE 00401141 FF35 0C304000 push dword ptr [40300C] 00401147 E8 7E010000 call 004012CA 0040114C 6A 00 push 0 0040114E 6A 00 push 0 00401150 6A 00 push 0 00401152 8D45 B4 lea eax, dword ptr [ebp-4C] 00401155 50 push eax 00401156 E8 27010000 call 00401282 0040115B 83F8 00 cmp eax, 0 0040115E 74 14 je short 00401174 00401160 8D45 B4 lea eax, dword ptr [ebp-4C] 00401163 50 push eax 00401164 E8 5B010000 call 004012C4 00401169 8D45 B4 lea eax, dword ptr [ebp-4C] 0040116C 50 push eax 0040116D E8 0A010000 call 0040127C 00401172 ^ EB D8 jmp short 0040114C 00401174 8B45 BC mov eax, dword ptr [ebp-44] 00401177 C9 leave 00401178 C2 1000 retn 10 0040117B 55 push ebp 0040117C 8BEC mov ebp, esp 0040117E 817D 0C 1101000>cmp dword ptr [ebp+C], 111 00401185 75 60 jnz short 004011E7 00401187 817D 10 E803000>cmp dword ptr [ebp+10], 3E8 0040118E 75 19 jnz short 004011A9 00401190 6A 00 push 0 00401192 68 60F00000 push 0F060 00401197 68 12010000 push 112 0040119C FF75 08 push dword ptr [ebp+8] 0040119F E8 0E010000 call 004012B2 004011A4 E9 9C000000 jmp 00401245 004011A9 817D 10 6C07000>cmp dword ptr [ebp+10], 76C 004011B0 0F85 8F000000 jnz 00401245 004011B6 EB 19 jmp short 004011D1 004011B8 db "Assembler, Pure & Simple", 0 004011D1 6A 00 push 0 004011D3 68 00304000 push 00403000 004011D8 68 B8114000 push 004011B8 ; ASCII "Assembler, Pure & Simple" 004011DD FF75 08 push dword ptr [ebp+8] 004011E0 E8 BB000000 call 004012A0 004011E5 EB 5E jmp short 00401245 004011E7 837D 0C 01 cmp dword ptr [ebp+C], 1 004011EB 75 02 jnz short 004011EF 004011ED EB 56 jmp short 00401245 004011EF 837D 0C 10 cmp dword ptr [ebp+C], 10 004011F3 75 3A jnz short 0040122F 004011F5 EB 14 jmp short 0040120B 004011F7 db "Please Confirm Exit", 0 0040120B 6A 04 push 4 0040120D 68 00304000 push 00403000 ; ASCII "Generic" 00401212 68 F7114000 push 004011F7 ; ASCII "Please Confirm Exit" 00401217 FF75 08 push dword ptr [ebp+8] 0040121A E8 81000000 call 004012A0 0040121F 83F8 07 cmp eax, 7 00401222 75 21 jnz short 00401245 00401224 B8 00000000 mov eax, 0 00401229 C9 leave 0040122A C2 1000 retn 10 0040122D EB 16 jmp short 00401245 0040122F 837D 0C 02 cmp dword ptr [ebp+C], 2 00401233 75 10 jnz short 00401245 00401235 6A 00 push 0 00401237 E8 6A000000 call 004012A6 0040123C B8 00000000 mov eax, 0 00401241 C9 leave 00401242 C2 1000 retn 10 00401245 FF75 14 push dword ptr [ebp+14] 00401248 FF75 10 push dword ptr [ebp+10] 0040124B FF75 0C push dword ptr [ebp+C] 0040124E FF75 08 push dword ptr [ebp+8] 00401251 E8 20000000 call 00401276 00401256 C9 leave 00401257 C2 1000 retn 10 0040125A 55 push ebp 0040125B 8BEC mov ebp, esp 0040125D D16D 0C shr dword ptr [ebp+C], 1 00401260 D16D 08 shr dword ptr [ebp+8], 1 00401263 8B45 08 mov eax, dword ptr [ebp+8] 00401266 2945 0C sub dword ptr [ebp+C], eax 00401269 8B45 0C mov eax, dword ptr [ebp+C] 0040126C C9 leave 0040126D C2 0800 retn 8 00401270 - FF25 48204000 JMP DWORD PTR DS:[<&user32.CreateWindowE>; user32.CreateWindowExA 00401276 - FF25 20204000 JMP DWORD PTR DS:[<&user32.DefWindowProc>; user32.DefWindowProcA 0040127C - FF25 40204000 JMP DWORD PTR DS:[<&user32.DispatchMessa>; user32.DispatchMessageA 00401282 - FF25 28204000 JMP DWORD PTR DS:[<&user32.GetMessageA>] ; user32.GetMessageA 00401288 - FF25 24204000 JMP DWORD PTR DS:[<&user32.GetSystemMetr>; user32.GetSystemMetrics 0040128E - FF25 10204000 JMP DWORD PTR DS:[<&user32.LoadCursorA>] ; user32.LoadCursorA 00401294 - FF25 14204000 JMP DWORD PTR DS:[<&user32.LoadIconA>] ; user32.LoadIconA 0040129A - FF25 18204000 JMP DWORD PTR DS:[<&user32.LoadMenuA>] ; user32.LoadMenuA 004012A0 - FF25 1C204000 JMP DWORD PTR DS:[<&user32.MessageBoxA>] ; user32.MessageBoxA 004012A6 - FF25 44204000 JMP DWORD PTR DS:[<&user32.PostQuitMessa>; user32.PostQuitMessage 004012AC - FF25 4C204000 JMP DWORD PTR DS:[<&user32.RegisterClass>; user32.RegisterClassExA 004012B2 - FF25 2C204000 JMP DWORD PTR DS:[<&user32.SendMessageA>>; user32.SendMessageA 004012B8 - FF25 30204000 JMP DWORD PTR DS:[<&user32.SetMenu>] ; user32.SetMenu 004012BE - FF25 34204000 JMP DWORD PTR DS:[<&user32.ShowWindow>] ; user32.ShowWindow 004012C4 - FF25 38204000 JMP DWORD PTR DS:[<&user32.TranslateMess>; user32.TranslateMessage 004012CA - FF25 3C204000 JMP DWORD PTR DS:[<&user32.UpdateWindow>>; user32.UpdateWindow 004012D0 - FF25 08204000 JMP DWORD PTR DS:[<&kernel32.ExitProcess>; kernel32.ExitProcess 004012D6 - FF25 04204000 JMP DWORD PTR DS:[<&kernel32.GetCommandL>; kernel32.GetCommandLineA 004012DC - FF25 00204000 JMP DWORD PTR DS:[<&kernel32.GetModuleHa>; kernel32.GetModuleHandleA |
|
[求助]在导入表所在节的空隙里增加DLL的问题
LZ怎将程序码删了? |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值