|
怎样用od脱dll壳,看雪书上都是softice脱dll
建议你发贴之前先浏览几遍论坛 |
|
|
|
|
|
[求助]Visual Protect 脱壳,壳已经脱掉但修复不成功
具体避开输入表加密的方法去搜索: 《用Ollydbg手脱Visual Protect V3.54加壳的DLL》 OEP: 000D0060 IATRVA: 000D51A0 IATSize: 00000744 FThunk: 000D51A4 NbFunc: 0000002B 1 000D51A4 kernel32.dll 0080 DeleteCriticalSection 1 000D51A8 kernel32.dll 0241 LeaveCriticalSection 1 000D51AC kernel32.dll 0097 EnterCriticalSection 1 000D51B0 kernel32.dll 0216 InitializeCriticalSection 1 000D51B4 kernel32.dll 036E VirtualFree 1 000D51B8 kernel32.dll 036B VirtualAlloc 1 000D51BC kernel32.dll 024C LocalFree 1 000D51C0 kernel32.dll 0248 LocalAlloc 1 000D51C4 kernel32.dll 013F GetCurrentThreadId 1 000D51C8 kernel32.dll 021A InterlockedDecrement 1 000D51CC kernel32.dll 021E InterlockedIncrement 1 000D51D0 kernel32.dll 0373 VirtualQuery 1 000D51D4 kernel32.dll 037F WideCharToMultiByte 1 000D51D8 kernel32.dll 02F8 SetCurrentDirectoryA 1 000D51DC kernel32.dll 0265 MultiByteToWideChar 1 000D51E0 kernel32.dll 03B3 lstrlen 1 000D51E4 kernel32.dll 03B0 lstrcpyn 1 000D51E8 kernel32.dll 0243 LoadLibraryExA 1 000D51EC kernel32.dll 01CD GetThreadLocale 1 000D51F0 kernel32.dll 01AD GetStartupInfoA 1 000D51F4 kernel32.dll 0198 GetProcAddress 1 000D51F8 kernel32.dll 0176 GetModuleHandleA 1 000D51FC kernel32.dll 0174 GetModuleFileNameA 1 000D5200 kernel32.dll 016C GetLocaleInfoA 1 000D5204 kernel32.dll 0169 GetLastError 1 000D5208 kernel32.dll 013A GetCurrentDirectoryA 1 000D520C kernel32.dll 010A GetCommandLineA 1 000D5210 kernel32.dll 00F1 FreeLibrary 1 000D5214 kernel32.dll 00D1 FindFirstFileA 1 000D5218 kernel32.dll 00CD FindClose 1 000D521C kernel32.dll 00B7 ExitProcess 1 000D5220 kernel32.dll 038C WriteFile 1 000D5224 kernel32.dll 0358 UnhandledExceptionFilter 1 000D5228 kernel32.dll 0307 SetFilePointer 1 000D522C kernel32.dll 02FE SetEndOfFile 1 000D5230 kernel32.dll 02C5 RtlUnwind 1 000D5234 kernel32.dll 02A4 ReadFile 1 000D5238 kernel32.dll 0297 RaiseException 1 000D523C kernel32.dll 01AF GetStdHandle 1 000D5240 kernel32.dll 015C GetFileSize 1 000D5244 kernel32.dll 015F GetFileType 1 000D5248 kernel32.dll 0050 CreateFileA 1 000D524C kernel32.dll 0032 CloseHandle FThunk: 000D5254 NbFunc: 00000004 1 000D5254 user32.dll 0128 GetKeyboardType 1 000D5258 user32.dll 01C9 LoadStringA 1 000D525C user32.dll 01DD MessageBoxA 1 000D5260 user32.dll 002B CharNextA FThunk: 000D5268 NbFunc: 00000003 1 000D5268 advapi32.dll 01EE RegQueryValueExA 1 000D526C advapi32.dll 01E4 RegOpenKeyExA 1 000D5270 advapi32.dll 01CB RegCloseKey FThunk: 000D5278 NbFunc: 00000003 1 000D5278 oleaut32.dll 0006 SysFreeString 1 000D527C oleaut32.dll 0005 SysReAllocStringLen 1 000D5280 oleaut32.dll 0004 SysAllocStringLen FThunk: 000D5288 NbFunc: 00000004 1 000D5288 kernel32.dll 034F TlsSetValue 1 000D528C kernel32.dll 034E TlsGetValue 1 000D5290 kernel32.dll 0248 LocalAlloc 1 000D5294 kernel32.dll 0176 GetModuleHandleA FThunk: 000D529C NbFunc: 00000003 1 000D529C advapi32.dll 01EE RegQueryValueExA 1 000D52A0 advapi32.dll 01E4 RegOpenKeyExA 1 000D52A4 advapi32.dll 01CB RegCloseKey FThunk: 000D52AC NbFunc: 00000042 1 000D52AC kernel32.dll 03AD lstrcpy 1 000D52B0 kernel32.dll 0391 WritePrivateProfileStringA 1 000D52B4 kernel32.dll 038C WriteFile 1 000D52B8 kernel32.dll 037B WaitForSingleObject 1 000D52BC kernel32.dll 0373 VirtualQuery 1 000D52C0 kernel32.dll 036B VirtualAlloc 1 000D52C4 kernel32.dll 033F Sleep 1 000D52C8 kernel32.dll 033E SizeofResource 1 000D52CC kernel32.dll 032D SetThreadLocale 1 000D52D0 kernel32.dll 0307 SetFilePointer 1 000D52D4 kernel32.dll 0302 SetEvent 1 000D52D8 kernel32.dll 0301 SetErrorMode 1 000D52DC kernel32.dll 02FE SetEndOfFile 1 000D52E0 kernel32.dll 02BD ResetEvent 1 000D52E4 kernel32.dll 02A4 ReadFile 1 000D52E8 kernel32.dll 0265 MultiByteToWideChar 1 000D52EC kernel32.dll 0264 MulDiv 1 000D52F0 kernel32.dll 0255 LockResource 1 000D52F4 kernel32.dll 0247 LoadResource 1 000D52F8 kernel32.dll 0242 LoadLibraryA 1 000D52FC kernel32.dll 0241 LeaveCriticalSection 1 000D5300 kernel32.dll 0216 InitializeCriticalSection 1 000D5304 kernel32.dll 01FD GlobalUnlock 1 000D5308 kernel32.dll 01FA GlobalSize 1 000D530C kernel32.dll 01F9 GlobalReAlloc 1 000D5310 kernel32.dll 01F7 GlobalMemoryStatus 1 000D5314 kernel32.dll 01F5 GlobalHandle 1 000D5318 kernel32.dll 01F6 GlobalLock 1 000D531C kernel32.dll 01F2 GlobalFree 1 000D5320 kernel32.dll 01EE GlobalFindAtomA 1 000D5324 kernel32.dll 01ED GlobalDeleteAtom 1 000D5328 kernel32.dll 01EB GlobalAlloc 1 000D532C kernel32.dll 01E9 GlobalAddAtomA 1 000D5330 kernel32.dll 01DC GetVersionExA 1 000D5334 kernel32.dll 01DB GetVersion 1 000D5338 kernel32.dll 01D2 GetTickCount 1 000D533C kernel32.dll 01CD GetThreadLocale 1 000D5340 kernel32.dll 01B9 GetSystemInfo 1 000D5344 kernel32.dll 01B1 GetStringTypeExA 1 000D5348 kernel32.dll 01AF GetStdHandle 1 000D534C kernel32.dll 01A8 GetProfileStringA 1 000D5350 kernel32.dll 0198 GetProcAddress 1 000D5354 kernel32.dll 0194 GetPrivateProfileStringA 1 000D5358 kernel32.dll 0176 GetModuleHandleA 1 000D535C kernel32.dll 0174 GetModuleFileNameA 1 000D5360 kernel32.dll 016C GetLocaleInfoA 1 000D5364 kernel32.dll 016B GetLocalTime 1 000D5368 kernel32.dll 0169 GetLastError 1 000D536C kernel32.dll 0146 GetDiskFreeSpaceA 1 000D5370 kernel32.dll 0140 GetDateFormatA 1 000D5374 kernel32.dll 013F GetCurrentThreadId 1 000D5378 kernel32.dll 013D GetCurrentProcessId 1 000D537C kernel32.dll 00FE GetCPInfo 1 000D5380 kernel32.dll 00F7 GetACP 1 000D5384 kernel32.dll 00F3 FreeResource 1 000D5388 kernel32.dll 00F1 FreeLibrary 1 000D538C kernel32.dll 00EC FormatMessageA 1 000D5390 kernel32.dll 00E0 FindResourceA 1 000D5394 kernel32.dll 0098 EnumCalendarInfoA 1 000D5398 kernel32.dll 0097 EnterCriticalSection 1 000D539C kernel32.dll 0080 DeleteCriticalSection 1 000D53A0 kernel32.dll 006D CreateThread 1 000D53A4 kernel32.dll 0050 CreateFileA 1 000D53A8 kernel32.dll 004C CreateEventA 1 000D53AC kernel32.dll 0038 CompareStringA 1 000D53B0 kernel32.dll 0032 CloseHandle FThunk: 000D53B8 NbFunc: 00000003 1 000D53B8 version.dll 000B VerQueryValueA 1 000D53BC version.dll 0002 GetFileVersionInfoSizeA 1 000D53C0 version.dll 0001 GetFileVersionInfoA FThunk: 000D53C8 NbFunc: 00000056 1 000D53C8 gdi32.dll 0253 UnrealizeObject 1 000D53CC gdi32.dll 024A StretchBlt 1 000D53D0 gdi32.dll 0249 StartPage 1 000D53D4 gdi32.dll 0246 StartDocA 1 000D53D8 gdi32.dll 0244 SetWindowOrgEx 1 000D53DC gdi32.dll 0243 SetWindowExtEx 1 000D53E0 gdi32.dll 0242 SetWinMetaFileBits 1 000D53E4 gdi32.dll 0240 SetViewportOrgEx 1 000D53E8 gdi32.dll 023F SetViewportExtEx 1 000D53EC gdi32.dll 023D SetTextColor 1 000D53F0 gdi32.dll 0239 SetStretchBltMode 1 000D53F4 gdi32.dll 0236 SetROP2 1 000D53F8 gdi32.dll 0232 SetPixel 1 000D53FC gdi32.dll 022C SetMapMode 1 000D5400 gdi32.dll 0223 SetEnhMetaFileBits 1 000D5404 gdi32.dll 021F SetDIBColorTable 1 000D5408 gdi32.dll 021A SetBrushOrgEx 1 000D540C gdi32.dll 0217 SetBkMode 1 000D5410 gdi32.dll 0216 SetBkColor 1 000D5414 gdi32.dll 0211 SetAbortProc 1 000D5418 gdi32.dll 0210 SelectPalette 1 000D541C gdi32.dll 020F SelectObject 1 000D5420 gdi32.dll 0208 SaveDC 1 000D5424 gdi32.dll 0202 RoundRect 1 000D5428 gdi32.dll 0201 RestoreDC 1 000D542C gdi32.dll 01F7 Rectangle 1 000D5430 gdi32.dll 01F6 RectVisible 1 000D5434 gdi32.dll 01F4 RealizePalette 1 000D5438 gdi32.dll 01EF Polyline 1 000D543C gdi32.dll 01EB PolyPolyline 1 000D5440 gdi32.dll 01E1 PlayEnhMetaFile 1 000D5444 gdi32.dll 01DE PatBlt 1 000D5448 gdi32.dll 01D2 MoveToEx 1 000D544C gdi32.dll 01CF MaskBlt 1 000D5450 gdi32.dll 01CE LineTo 1 000D5454 gdi32.dll 01C8 IntersectClipRect 1 000D5458 gdi32.dll 01C4 GetWindowOrgEx 1 000D545C gdi32.dll 01C2 GetWinMetaFileBits 1 000D5460 gdi32.dll 01BD GetTextMetricsA 1 000D5464 gdi32.dll 01B7 GetTextExtentPointA 1 000D5468 gdi32.dll 01B5 GetTextExtentPoint32A 1 000D546C gdi32.dll 01AA GetSystemPaletteEntries 1 000D5470 gdi32.dll 01A6 GetStockObject 1 000D5474 gdi32.dll 01A5 GetRgnBox 1 000D5478 gdi32.dll 019D GetPixel 1 000D547C gdi32.dll 019B GetPaletteEntries 1 000D5480 gdi32.dll 0196 GetObjectA 1 000D5484 gdi32.dll 0176 GetEnhMetaFilePaletteEntries 1 000D5488 gdi32.dll 0175 GetEnhMetaFileHeader 1 000D548C gdi32.dll 0172 GetEnhMetaFileBits 1 000D5490 gdi32.dll 016C GetDeviceCaps 1 000D5494 gdi32.dll 016B GetDIBits 1 000D5498 gdi32.dll 016A GetDIBColorTable 1 000D549C gdi32.dll 0168 GetDCOrgEx 1 000D54A0 gdi32.dll 0166 GetCurrentPositionEx 1 000D54A4 gdi32.dll 0161 GetClipBox 1 000D54A8 gdi32.dll 0151 GetBrushOrgEx 1 000D54AC gdi32.dll 014B GetBitmapBits 1 000D54B0 gdi32.dll 011C GdiFlush 1 000D54B4 gdi32.dll 00DE ExtTextOutA 1 000D54B8 gdi32.dll 00D9 ExtCreatePen 1 000D54BC gdi32.dll 00D8 ExcludeClipRect 1 000D54C0 gdi32.dll 0099 EndPage 1 000D54C4 gdi32.dll 0097 EndDoc 1 000D54C8 gdi32.dll 0095 Ellipse 1 000D54CC gdi32.dll 0090 DeleteObject 1 000D54D0 gdi32.dll 008E DeleteEnhMetaFile 1 000D54D4 gdi32.dll 008D DeleteDC 1 000D54D8 gdi32.dll 0051 CreateSolidBrush 1 000D54DC gdi32.dll 004C CreateRectRgn 1 000D54E0 gdi32.dll 0049 CreatePenIndirect 1 000D54E4 gdi32.dll 0046 CreatePalette 1 000D54E8 gdi32.dll 0042 CreateICA 1 000D54EC gdi32.dll 0040 CreateHalftonePalette 1 000D54F0 gdi32.dll 003B CreateFontIndirectA 1 000D54F4 gdi32.dll 0034 CreateDIBitmap 1 000D54F8 gdi32.dll 0033 CreateDIBSection 1 000D54FC gdi32.dll 002F CreateDCA 1 000D5500 gdi32.dll 002E CreateCompatibleDC 1 000D5504 gdi32.dll 002D CreateCompatibleBitmap 1 000D5508 gdi32.dll 002A CreateBrushIndirect 1 000D550C gdi32.dll 0028 CreateBitmap 1 000D5510 gdi32.dll 0024 CopyEnhMetaFileA 1 000D5514 gdi32.dll 0022 CombineRgn 1 000D5518 gdi32.dll 0013 BitBlt 1 000D551C gdi32.dll 000C Arc FThunk: 000D5524 NbFunc: 000000AD 1 000D5524 user32.dll 02D6 WindowFromPoint 1 000D5528 user32.dll 02D3 WinHelpA 1 000D552C user32.dll 02D1 WaitMessage 1 000D5530 user32.dll 02C6 ValidateRect 1 000D5534 user32.dll 02BC UpdateWindow 1 000D5538 user32.dll 02B4 UnregisterClassA 1 000D553C user32.dll 02B0 UnionRect 1 000D5540 user32.dll 02AF UnhookWindowsHookEx 1 000D5544 user32.dll 02AB TranslateMessage 1 000D5548 user32.dll 02AA TranslateMDISysAccel 1 000D554C user32.dll 02A5 TrackPopupMenu 1 000D5550 user32.dll 029A SystemParametersInfoA 1 000D5554 user32.dll 0293 ShowWindow 1 000D5558 user32.dll 0291 ShowScrollBar 1 000D555C user32.dll 0290 ShowOwnedPopups 1 000D5560 user32.dll 028F ShowCursor 1 000D5564 user32.dll 028B SetWindowsHookExA 1 000D5568 user32.dll 0287 SetWindowTextA 1 000D556C user32.dll 0284 SetWindowPos 1 000D5570 user32.dll 0283 SetWindowPlacement 1 000D5574 user32.dll 0281 SetWindowLongA 1 000D5578 user32.dll 027B SetTimer 1 000D557C user32.dll 0271 SetScrollRange 1 000D5580 user32.dll 0270 SetScrollPos 1 000D5584 user32.dll 026F SetScrollInfo 1 000D5588 user32.dll 026D SetRect 1 000D558C user32.dll 026B SetPropA 1 000D5590 user32.dll 0263 SetMenuItemInfoA 1 000D5594 user32.dll 025E SetMenu 1 000D5598 user32.dll 025A SetKeyboardState 1 000D559C user32.dll 0258 SetForegroundWindow 1 000D55A0 user32.dll 0257 SetFocus 1 000D55A4 user32.dll 024E SetCursor 1 000D55A8 user32.dll 024B SetClipboardData 1 000D55AC user32.dll 0248 SetClassLongA 1 000D55B0 user32.dll 0245 SetCapture 1 000D55B4 user32.dll 0244 SetActiveWindow 1 000D55B8 user32.dll 023C SendMessageA 1 000D55BC user32.dll 0236 ScrollWindowEx 1 000D55C0 user32.dll 0235 ScrollWindow 1 000D55C4 user32.dll 0232 ScreenToClient 1 000D55C8 user32.dll 022D RemovePropA 1 000D55CC user32.dll 022C RemoveMenu 1 000D55D0 user32.dll 022B ReleaseDC 1 000D55D4 user32.dll 022A ReleaseCapture 1 000D55D8 user32.dll 021B RegisterClipboardFormatA 1 000D55DC user32.dll 021B RegisterClipboardFormatA 1 000D55E0 user32.dll 0217 RegisterClassA 1 000D55E4 user32.dll 0216 RedrawWindow 1 000D55E8 user32.dll 020C PtInRect 1 000D55EC user32.dll 0202 PostQuitMessage 1 000D55F0 user32.dll 0200 PostMessageA 1 000D55F4 user32.dll 01FE PeekMessageA 1 000D55F8 user32.dll 01F4 OpenClipboard 1 000D55FC user32.dll 01F3 OffsetRect 1 000D5600 user32.dll 01EF OemToCharA 1 000D5604 user32.dll 01DD MessageBoxA 1 000D5608 user32.dll 01DC MessageBeep 1 000D560C user32.dll 01D8 MapWindowPoints 1 000D5610 user32.dll 01D4 MapVirtualKeyA 1 000D5614 user32.dll 01C9 LoadStringA 1 000D5618 user32.dll 01C0 LoadKeyboardLayoutA 1 000D561C user32.dll 01BC LoadIconA 1 000D5620 user32.dll 01B8 LoadCursorA 1 000D5624 user32.dll 01B6 LoadBitmapA 1 000D5628 user32.dll 01B3 KillTimer 1 000D562C user32.dll 01B1 IsZoomed 1 000D5630 user32.dll 01B0 IsWindowVisible 1 000D5634 user32.dll 01AD IsWindowEnabled 1 000D5638 user32.dll 01AC IsWindow 1 000D563C user32.dll 01A9 IsRectEmpty 1 000D5640 user32.dll 01A7 IsIconic 1 000D5644 user32.dll 01A1 IsDialogMessage 1 000D5648 user32.dll 01A0 IsClipboardFormatAvailable 1 000D564C user32.dll 019F IsChild 1 000D5650 user32.dll 0198 IsCharAlphaNumericA 1 000D5654 user32.dll 0197 IsCharAlphaA 1 000D5658 user32.dll 0194 InvalidateRect 1 000D565C user32.dll 0193 IntersectRect 1 000D5660 user32.dll 018F InsertMenuItemA 1 000D5664 user32.dll 018E InsertMenuA 1 000D5668 user32.dll 018B InflateRect 1 000D566C user32.dll 017C GetWindowThreadProcessId 1 000D5670 user32.dll 0178 GetWindowTextA 1 000D5674 user32.dll 0175 GetWindowRect 1 000D5678 user32.dll 0174 GetWindowPlacement 1 000D567C user32.dll 016F GetWindowLongA 1 000D5680 user32.dll 016D GetWindowDC 1 000D5684 user32.dll 0164 GetTopWindow 1 000D5688 user32.dll 015E GetSystemMetrics 1 000D568C user32.dll 015D GetSystemMenu 1 000D5690 user32.dll 015B GetSysColor 1 000D5694 user32.dll 015A GetSubMenu 1 000D5698 user32.dll 0158 GetScrollRange 1 000D569C user32.dll 0157 GetScrollPos 1 000D56A0 user32.dll 0156 GetScrollInfo 1 000D56A4 user32.dll 014B GetPropA 1 000D56A8 user32.dll 0146 GetParent 1 000D56AC user32.dll 016B GetWindow 1 000D56B0 user32.dll 013E GetMessageTime 1 000D56B4 user32.dll 0139 GetMenuStringA 1 000D56B8 user32.dll 0138 GetMenuState 1 000D56BC user32.dll 0135 GetMenuItemInfoA 1 000D56C0 user32.dll 0134 GetMenuItemID 1 000D56C4 user32.dll 0133 GetMenuItemCount 1 000D56C8 user32.dll 012D GetMenu 1 000D56CC user32.dll 0129 GetLastActivePopup 1 000D56D0 user32.dll 0127 GetKeyboardState 1 000D56D4 user32.dll 0124 GetKeyboardLayoutList 1 000D56D8 user32.dll 0123 GetKeyboardLayout 1 000D56DC user32.dll 0122 GetKeyState 1 000D56E0 user32.dll 0120 GetKeyNameTextA 1 000D56E4 user32.dll 011B GetIconInfo 1 000D56E8 user32.dll 0118 GetForegroundWindow 1 000D56EC user32.dll 0117 GetFocus 1 000D56F0 user32.dll 0116 GetDoubleClickTime 1 000D56F4 user32.dll 0112 GetDlgItem 1 000D56F8 user32.dll 010F GetDesktopWindow 1 000D56FC user32.dll 010E GetDCEx 1 000D5700 user32.dll 010D GetDC 1 000D5704 user32.dll 010C GetCursorPos 1 000D5708 user32.dll 0109 GetCursor 1 000D570C user32.dll 0102 GetClipboardData 1 000D5710 user32.dll 0100 GetClientRect 1 000D5714 user32.dll 00FD GetClassNameA 1 000D5718 user32.dll 00F7 GetClassInfoA 1 000D571C user32.dll 00F6 GetCaretPos 1 000D5720 user32.dll 00F4 GetCapture 1 000D5724 user32.dll 00EC GetActiveWindow 1 000D5728 user32.dll 00EA FrameRect 1 000D572C user32.dll 00E4 FindWindowA 1 000D5730 user32.dll 00E3 FillRect 1 000D5734 user32.dll 00E0 EqualRect 1 000D5738 user32.dll 00DF EnumWindows 1 000D573C user32.dll 00DC EnumThreadWindows 1 000D5740 user32.dll 00CD EnumClipboardFormats 1 000D5744 user32.dll 00C9 EndPaint 1 000D5748 user32.dll 00C5 EnableWindow 1 000D574C user32.dll 00C4 EnableScrollBar 1 000D5750 user32.dll 00C3 EnableMenuItem 1 000D5754 user32.dll 00C2 EmptyClipboard 1 000D5758 user32.dll 00BD DrawTextA 1 000D575C user32.dll 00B9 DrawMenuBar 1 000D5760 user32.dll 00B8 DrawIconEx 1 000D5764 user32.dll 00B7 DrawIcon 1 000D5768 user32.dll 00B6 DrawFrameControl 1 000D576C user32.dll 00B4 DrawFocusRect 1 000D5770 user32.dll 00B3 DrawEdge 1 000D5774 user32.dll 00A2 DispatchMessageA 1 000D5778 user32.dll 009A DestroyWindow 1 000D577C user32.dll 0098 DestroyMenu 1 000D5780 user32.dll 0096 DestroyCursor 1 000D5784 user32.dll 0096 DestroyCursor 1 000D5788 user32.dll 0092 DeleteMenu 1 000D578C user32.dll 008F DefWindowProcA 1 000D5790 user32.dll 008C DefMDIChildProcA 1 000D5794 user32.dll 008A DefFrameProcA 1 000D5798 user32.dll 0061 CreateWindowExA 1 000D579C user32.dll 005F CreatePopupMenu 1 000D57A0 user32.dll 005E CreateMenu 1 000D57A4 user32.dll 0058 CreateIcon 1 000D57A8 user32.dll 0043 CloseClipboard 1 000D57AC user32.dll 0041 ClientToScreen 1 000D57B0 user32.dll 003A CheckMenuItem 1 000D57B4 user32.dll 001C CallWindowProcA 1 000D57B8 user32.dll 001B CallNextHookEx 1 000D57BC user32.dll 000E BeginPaint 1 000D57C0 user32.dll 002B CharNextA 1 000D57C4 user32.dll 0028 CharLowerBuffA 1 000D57C8 user32.dll 0027 CharLowerA 1 000D57CC user32.dll 0036 CharUpperBuffA 1 000D57D0 user32.dll 0003 AdjustWindowRectEx 1 000D57D4 user32.dll 0001 ActivateKeyboardLayout FThunk: 000D57DC NbFunc: 00000001 1 000D57DC kernel32.dll 033F Sleep FThunk: 000D57E4 NbFunc: 0000000C 1 000D57E4 oleaut32.dll 0094 SafeArrayPtrOfIndex 1 000D57E8 oleaut32.dll 001A SafeArrayPutElement 1 000D57EC oleaut32.dll 0019 SafeArrayGetElement 1 000D57F0 oleaut32.dll 0013 SafeArrayGetUBound 1 000D57F4 oleaut32.dll 0014 SafeArrayGetLBound 1 000D57F8 oleaut32.dll 0028 SafeArrayRedim 1 000D57FC oleaut32.dll 000F SafeArrayCreate 1 000D5800 oleaut32.dll 0093 VariantChangeTypeEx 1 000D5804 oleaut32.dll 000B VariantCopyInd 1 000D5808 oleaut32.dll 000A VariantCopy 1 000D580C oleaut32.dll 0009 VariantClear 1 000D5810 oleaut32.dll 0008 VariantInit FThunk: 000D5818 NbFunc: 00000004 1 000D5818 ole32.dll 0115 OleUninitialize 1 000D581C ole32.dll 00FE OleInitialize 1 000D5820 ole32.dll 006A CoUninitialize 1 000D5824 ole32.dll 003C CoInitialize FThunk: 000D582C NbFunc: 00000002 1 000D582C oleaut32.dll 00C8 GetErrorInfo 1 000D5830 oleaut32.dll 0006 SysFreeString FThunk: 000D5838 NbFunc: 00000018 1 000D5838 comctl32.dll 004F ImageList_SetIconSize 1 000D583C comctl32.dll 003B ImageList_GetIconSize 1 000D5840 comctl32.dll 0052 ImageList_Write 1 000D5844 comctl32.dll 0043 ImageList_Read 1 000D5848 comctl32.dll 0038 ImageList_GetDragImage 1 000D584C comctl32.dll 0031 ImageList_DragShowNolock 1 000D5850 comctl32.dll 004C ImageList_SetDragCursorImage 1 000D5854 comctl32.dll 0030 ImageList_DragMove 1 000D5858 comctl32.dll 002F ImageList_DragLeave 1 000D585C comctl32.dll 002E ImageList_DragEnter 1 000D5860 comctl32.dll 0036 ImageList_EndDrag 1 000D5864 comctl32.dll 002A ImageList_BeginDrag 1 000D5868 comctl32.dll 0044 ImageList_Remove 1 000D586C comctl32.dll 0033 ImageList_DrawEx 1 000D5870 comctl32.dll 0045 ImageList_Replace 1 000D5874 comctl32.dll 0032 ImageList_Draw 1 000D5878 comctl32.dll 0037 ImageList_GetBkColor 1 000D587C comctl32.dll 004B ImageList_SetBkColor 1 000D5880 comctl32.dll 0046 ImageList_ReplaceIcon 1 000D5884 comctl32.dll 0027 ImageList_Add 1 000D5888 comctl32.dll 003C ImageList_GetImageCount 1 000D588C comctl32.dll 002D ImageList_Destroy 1 000D5890 comctl32.dll 002C ImageList_Create 1 000D5894 comctl32.dll 0011 InitCommonControls FThunk: 000D589C NbFunc: 00000004 1 000D589C winspool.drv 0105 OpenPrinterA 1 000D58A0 winspool.drv 00EA EnumPrintersA 1 000D58A4 winspool.drv 00B1 DocumentPropertiesA 1 000D58A8 winspool.drv 0086 ClosePrinter FThunk: 000D58B0 NbFunc: 00000001 1 000D58B0 shell32.dll 0167 ShellExecuteA FThunk: 000D58B8 NbFunc: 00000003 1 000D58B8 shell32.dll 013C SHGetSpecialFolderLocation 1 000D58BC shell32.dll 0136 SHGetMalloc 1 000D58C0 shell32.dll 0127 SHGetDesktopFolder FThunk: 000D58C8 NbFunc: 00000004 1 000D58C8 comdlg32.dll 0075 PrintDlgA 1 000D58CC comdlg32.dll 0065 ChooseColorA 1 000D58D0 comdlg32.dll 0070 GetSaveFileNameA 1 000D58D4 comdlg32.dll 006E GetOpenFileNameA FThunk: 000D58DC NbFunc: 00000001 1 000D58DC kernel32.dll 0264 MulDiv |
|
|
|
[求助]Visual Protect 脱壳,壳已经脱掉但修复不成功
想办法避开输入表加密 |
|
|
|
|
|
|
|
|
|
VF编的程序 用测壳工具显示 VB??
可能是被aming的VF保护程序加壳了 |
|
浅谈cool edit pro2.1脱壳后解决自校验
使用UPX-Ripper自动脱壳后调试会有一个内存写入异常 .text:00604EC7 loc_604EC7: ; CODE XREF: sub_604540+A11j .text:00604EC7 xor edx, edx .text:00604EC9 mov eax, 80808081h .text:00604ECE mov dl, [ebx] .text:00604ED0 imul edx, [esp+228h+nHeight] .text:00604ED5 mov [esp+228h+var_20C], edx .text:00604ED9 imul edx .text:00604EDB add edx, [esp+228h+var_20C] .text:00604EDF sar edx, 7 .text:00604EE2 mov eax, edx .text:00604EE4 shr eax, 1Fh .text:00604EE7 add edx, eax .text:00604EE9 mov al, [edi] .text:00604EEB add dl, al .text:00604EED mov eax, 80808081h .text:00604EF2 mov [ecx], dl //ECX=00740060 内存写入异常 .text:00604EF4 inc ecx .text:00604EF5 inc edi .text:00604EF6 inc ebx .text:00604EF7 xor edx, edx .text:00604EF9 mov dl, [ebx] .text:00604EFB imul edx, [esp+228h+var_208] .text:00604F00 mov [esp+228h+var_20C], edx .text:00604F04 imul edx .text:00604F06 add edx, [esp+228h+var_20C] .text:00604F0A sar edx, 7 .text:00604F0D mov eax, edx .text:00604F0F shr eax, 1Fh .text:00604F12 add edx, eax .text:00604F14 mov al, [edi] .text:00604F16 add dl, al .text:00604F18 mov eax, 80808081h .text:00604F1D mov [ecx], dl .text:00604F1F inc ecx .text:00604F20 inc edi .text:00604F21 inc ebx .text:00604F22 xor edx, edx .text:00604F24 mov dl, [ebx] .text:00604F26 imul edx, [esp+228h+lpString] .text:00604F2B mov [esp+228h+var_20C], edx .text:00604F2F imul edx .text:00604F31 add edx, [esp+228h+var_20C] .text:00604F35 sar edx, 7 .text:00604F38 mov eax, edx .text:00604F3A shr eax, 1Fh .text:00604F3D add edx, eax .text:00604F3F mov al, [edi] .text:00604F41 add dl, al .text:00604F43 mov eax, [esp+228h+var_200] .text:00604F47 mov [ecx], dl .text:00604F49 inc ecx .text:00604F4A inc edi .text:00604F4B inc ebx .text:00604F4C dec eax .text:00604F4D mov [esp+228h+var_200], eax .text:00604F51 jnz loc_604EC7 原来UPX-Ripper把脱壳文件的.rsrc区段属性设置为40000040,修改为C0000040(可读可写)就行了。 |
|
|
|
浅谈cool edit pro2.1脱壳后解决自校验
强 我分析到这里,最后却没有还原完数据。功亏一篑 .text:00492570 push ebp .text:00492571 mov ebp, esp .text:00492573 sub esp, 124h .text:00492579 push ebx .text:0049257A mov ebx, dword_6E45F8 .text:00492580 push edi .text:00492581 lea eax, [ebp+FileName] .text:00492587 push 104h ; nSize .text:0049258C push eax ; lpFilename .text:0049258D push 0 ; hModule .text:0049258F mov [ebp+var_14], ebx .text:00492592 call ds:GetModuleFileNameA .text:00492598 test eax, eax .text:0049259A jz loc_492714 .text:004925A0 push 0 ; hTemplateFile .text:004925A2 push 8000080h ; dwFlagsAndAttributes .text:004925A7 push 3 ; dwCreationDisposition .text:004925A9 push 0 ; lpSecurityAttributes .text:004925AB push 1 ; dwShareMode .text:004925AD lea ecx, [ebp+FileName] .text:004925B3 push 80000000h ; dwDesiredAccess .text:004925B8 push ecx ; lpFileName .text:004925B9 call ds:CreateFileA .text:004925BF mov edi, eax .text:004925C1 cmp edi, 0FFFFFFFFh .text:004925C4 mov [ebp+var_18], edi .text:004925C7 jz loc_492714 .text:004925CD push esi .text:004925CE push 0 ; lpFileSizeHigh .text:004925D0 push edi ; hFile .text:004925D1 call ds:GetFileSize //获得文件Size .text:004925D7 mov esi, eax .text:004925D9 mov [ebp+nNumberOfBytesToRead], esi .text:004925DC call ds:GetProcessHeap .text:004925E2 push esi ; dwBytes .text:004925E3 push 8 ; dwFlags .text:004925E5 push eax ; hHeap .text:004925E6 mov [ebp+hHeap], eax .text:004925E9 call ds:HeapAlloc //申请内存 .text:004925EF mov esi, eax .text:004925F1 test esi, esi .text:004925F3 mov [ebp+lpMem], esi .text:004925F6 jz loc_49270C .text:004925FC mov eax, [ebp+nNumberOfBytesToRead] .text:004925FF lea edx, [ebp+NumberOfBytesRead] .text:00492602 push 0 ; lpOverlapped .text:00492604 push edx ; lpNumberOfBytesRead .text:00492605 push eax ; nNumberOfBytesToRead .text:00492606 push esi ; lpBuffer .text:00492607 push edi ; hFile .text:00492608 call ds:ReadFile //读取原文件到新申请的内存 .text:0049260E test eax, eax .text:00492610 jz loc_4926FF .text:00492616 mov [ebp+var_4], 1 .text:0049261D mov ebx, 3 .text:00492622 mov [ebp+var_10], 0 .text:00492629 mov [ebp+nNumberOfBytesToRead], 6 .text:00492630 mov ecx, 2 .text:00492635 .text:00492635 loc_492635: ; CODE XREF: sub_492570+172j .text:00492635 movzx di, byte ptr [esi] .text:00492639 mov edx, [ebp+var_10] .text:0049263C inc esi .text:0049263D lea eax, [edi+edx] .text:00492640 xor edx, edx .text:00492642 mov dl, byte ptr [ebp+var_4+1] .text:00492645 lea eax, [eax+edi*4] .text:00492648 mov edi, [ebp+nNumberOfBytesToRead] .text:0049264B add edx, eax .text:0049264D add edx, edi .text:0049264F add edx, ebx .text:00492651 xor edx, ecx .text:00492653 mov eax, edx .text:00492655 mov edx, [ebp+var_4] .text:00492658 test dh, 80h .text:0049265B jz short loc_49265F .text:0049265D or al, 1 .text:0049265F .text:0049265F loc_49265F: ; CODE XREF: sub_492570+EBj .text:0049265F mov [ebp+var_4], eax .text:00492662 mov eax, [ebp+NumberOfBytesRead] .text:00492665 dec eax .text:00492666 mov [ebp+NumberOfBytesRead], eax .text:00492669 jz short loc_4926DB .text:0049266B xor eax, eax .text:0049266D mov ax, word ptr [ebp+var_4] .text:00492671 mov edx, 0F0F0F0F1h .text:00492676 mul edx .text:00492678 shr edx, 4 .text:0049267B mov [ebp+var_10], edx .text:0049267E mov ecx, [ebp+var_4] .text:00492681 movzx ax, byte ptr [esi] .text:00492685 and ecx, 0FFFFh .text:0049268B shl eax, 1 .text:0049268D lea edx, ds:0[ecx*8] .text:00492694 and eax, 0FFFFh .text:00492699 sub edx, ecx .text:0049269B mov ecx, [ebp+var_10] .text:0049269E add edx, eax .text:004926A0 xor eax, eax .text:004926A2 sar edx, 1 .text:004926A4 mov al, bh .text:004926A6 add ecx, edx .text:004926A8 mov edx, [ebp+nNumberOfBytesToRead] .text:004926AB add eax, ecx .text:004926AD inc esi .text:004926AE xor eax, edx .text:004926B0 test bh, 80h .text:004926B3 jz short loc_4926B7 .text:004926B5 or al, 1 .text:004926B7 .text:004926B7 loc_4926B7: ; CODE XREF: sub_492570+143j .text:004926B7 mov ebx, eax .text:004926B9 mov [ebp+nNumberOfBytesToRead], ebx .text:004926BC xor eax, eax .text:004926BE mov ax, word ptr [ebp+nNumberOfBytesToRead] .text:004926C2 mov edx, 9D89D89Eh .text:004926C7 mul edx .text:004926C9 shr edx, 3 .text:004926CC mov [ebp+var_10], edx .text:004926CF mov eax, [ebp+var_4] .text:004926D2 lea edx, [ebx+ebx] .text:004926D5 mov [ebp+nNumberOfBytesToRead], edx .text:004926D8 lea ecx, [eax+eax] .text:004926DB .text:004926DB loc_4926DB: ; CODE XREF: sub_492570+F9j .text:004926DB mov eax, [ebp+NumberOfBytesRead] .text:004926DE dec eax .text:004926DF mov [ebp+NumberOfBytesRead], eax .text:004926E2 jnz loc_492635 //循环计算检验值 .text:004926E8 mov eax, [ebp+var_14] .text:004926EB xor ecx, ecx .text:004926ED mov esi, [ebp+lpMem] .text:004926F0 mov edi, [ebp+var_18] .text:004926F3 mov ch, bl .text:004926F5 mov cl, byte ptr [ebp+var_4] .text:004926F8 add eax, ecx .text:004926FA mov [ebp+var_14], eax .text:004926FD mov ebx, eax |
|
|
|
|
|
|
|
|
|
FSG2.0脱壳后IAT的修复问题,请教
RVA=000062E4 Size=00000240 004062E4 83 78 DA 77 F0 6B DA 77 E7 EB DA 77 1B C4 DC 77 004062F4 BB D5 DC 77 FF FF FF FF 82 9A EF 77 A2 58 EF 77 00406304 0C D1 EF 77 A0 59 EF 77 12 34 F2 77 B1 5B F0 77 00406314 A6 6C EF 77 A6 6A F0 77 B9 45 F2 77 23 59 F0 77 00406324 33 C3 EF 77 80 AD F1 77 32 35 F2 77 0B 5D EF 77 00406334 F7 A8 EF 77 21 A8 EF 77 B6 E3 F0 77 5F E4 F0 77 00406344 95 81 EF 77 55 CE EF 77 C4 AC EF 77 3B 6A EF 77 00406354 F1 5F EF 77 FF FF FF 7F 93 8D 83 7C 5C E8 81 7C 00406364 08 93 83 7C 10 E6 85 7C 21 2E 82 7C 78 77 82 7C 00406374 50 94 83 7C B1 E2 81 7C BD 99 80 7C 88 2D 82 7C 00406384 2D FF 80 7C C1 C9 80 7C 4B 6F 82 7C 0C 6E 82 7C 00406394 29 B9 80 7C EE 1E 80 7C 29 B5 80 7C A2 CA 81 7C 004063A4 E0 C6 80 7C 11 03 81 7C 51 31 92 7C 79 EE 81 7C 004063B4 64 B6 80 7C 47 2D 82 7C B9 8F 83 7C 59 35 81 7C 004063C4 D7 EF 80 7C F4 97 80 7C 31 03 93 7C 24 1A 80 7C 004063D4 2F FE 80 7C 29 C7 80 7C 7E D4 80 7C 5D 99 80 7C 004063E4 8D 2C 81 7C 82 00 81 7C 18 94 83 7C 19 01 81 7C 004063F4 FF FF FF 7F 98 68 64 7D 32 22 63 7D 10 0E 61 7D 00406404 9C AE 5F 7D 32 81 68 7D A9 68 64 7D FF FF FF 7F 00406414 AD A8 D1 77 3D 02 D3 77 3E F1 D2 77 4F 02 D3 77 00406424 8B 14 D3 77 E8 0F D2 77 24 15 D3 77 70 DB D1 77 00406434 28 8E D1 77 0D D6 D1 77 5E 02 D2 77 3E 0B D2 77 00406444 E6 37 D2 77 9D 8F D1 77 F9 D7 D1 77 BA 0F D2 77 00406454 AE B6 D1 77 6C C9 D1 77 4A C9 D3 77 9D A1 D5 77 00406464 B3 C7 D3 77 71 BE D1 77 3C 21 D3 77 BF C2 D3 77 00406474 69 D8 D1 77 AF BA D2 77 C8 BD D1 77 76 BD D1 77 00406484 1E AC D6 77 E2 16 D2 77 8E 1A D3 77 43 F5 D2 77 00406494 61 C6 D3 77 F6 8B D1 77 B8 96 D1 77 42 10 D2 77 004064A4 EA DA D1 77 4C 1F D3 77 EA 04 D5 77 EE D4 D1 77 004064B4 2F EA D1 77 4B 15 D3 77 A4 D8 D1 77 50 62 D2 77 004064C4 95 47 D2 77 35 EE D3 77 24 13 D2 77 C7 86 D1 77 004064D4 9D 86 D1 77 58 BF D1 77 9A F3 D2 77 F0 BE D1 77 004064E4 85 CB D1 77 60 DA D1 77 F5 B5 D1 77 EC DB D1 77 004064F4 90 0F D2 77 27 BE D1 77 11 12 D2 77 9C FA D2 77 00406504 FF FF FF 7F 1E 31 32 76 89 C2 33 76 7C 86 33 76 00406514 B1 47 34 76 D8 7C 33 76 CE 00 33 76 33 25 32 76 |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值