|
Iat部分最后一次测试。
我是用脚本的,最后只有3个没修复。跟一下带壳程序应该也能跟出来。但我没有继续了:0 |
|
Iat部分最后一次测试。
应该和第二个差不多: Target: C:\Documents and Settings\csjwaman\桌面\ennotepad\EnNOTEPAD3.EXE OEP: 000073A5 IATRVA: 00001000 IATSize: 00000344 FThunk: 00001000 NbFunc: 00000007 1 00001000 advapi32.dll 01B0 RegQueryValueExW 1 00001004 advapi32.dll 018C RegCloseKey 1 00001008 advapi32.dll 0192 RegCreateKeyW 1 0000100C advapi32.dll 010E IsTextUnicode 1 00001010 advapi32.dll 01AF RegQueryValueExA 1 00001014 advapi32.dll 01A5 RegOpenKeyExA 1 00001018 advapi32.dll 01BB RegSetValueExW FThunk: 00001020 NbFunc: 00000001 1 00001020 comctl32.dll 0015 CreateStatusWindowW FThunk: 00001028 NbFunc: 00000018 1 00001028 gdi32.dll 005E EndPage 1 0000102C gdi32.dll 0001 AbortDoc 1 00001030 gdi32.dll 005C EndDoc 1 00001034 gdi32.dll 0052 DeleteDC 1 00001038 gdi32.dll 0209 StartPage 1 0000103C gdi32.dll 0178 GetTextExtentPoint32W 1 00001040 gdi32.dll 002E CreateDCW 1 00001044 gdi32.dll 01D3 SetAbortProc 1 00001048 gdi32.dll 017E GetTextFaceW 1 0000104C gdi32.dll 0210 TextOutW 1 00001050 gdi32.dll 0207 StartDocW 1 00001054 gdi32.dll 0094 EnumFontsW 1 00001058 gdi32.dll 0168 GetStockObject 1 0000105C gdi32.dll 015A GetObjectW 1 00001060 gdi32.dll 012E GetDeviceCaps 1 00001064 gdi32.dll 003C CreateFontIndirectW 1 00001068 gdi32.dll 0055 DeleteObject 0 0000106C ? 0000 002A12C7 1 00001070 gdi32.dll 01D8 SetBkMode 1 00001074 gdi32.dll 018E LPtoDP 1 00001078 gdi32.dll 0203 SetWindowExtEx 1 0000107C gdi32.dll 01FF SetViewportExtEx 0 00001080 ? 0000 002A0C11 1 00001084 gdi32.dll 01D1 SelectObject FThunk: 0000108C NbFunc: 00000038 1 0000108C kernel32.dll 018B GetTickCount 1 00001090 kernel32.dll 0232 QueryPerformanceCounter 1 00001094 kernel32.dll 0134 GetLocalTime 1 00001098 kernel32.dll 018F GetUserDefaultLCID 1 0000109C kernel32.dll 0113 GetDateFormatW 1 000010A0 kernel32.dll 018D GetTimeFormatW 0 000010A4 ? 0000 002A0ABD 0 000010A8 ? 0000 002A02AE 1 000010AC kernel32.dll 0129 GetFileInformationByHandle 1 000010B0 kernel32.dll 003B CreateFileMappingW 1 000010B4 kernel32.dll 01FC MapViewOfFile 1 000010B8 kernel32.dll 0111 GetCurrentThreadId 1 000010BC kernel32.dll 017B GetSystemTimeAsFileTime 1 000010C0 kernel32.dll 02D2 TerminateProcess 1 000010C4 kernel32.dll 02E2 UnhandledExceptionFilter 1 000010C8 kernel32.dll 02BF SetUnhandledExceptionFilter 0 000010CC ? 0000 002A1831 1 000010D0 kernel32.dll 016B GetStartupInfoA 0 000010D4 ? 0000 002A1F30 1 000010D8 kernel32.dll 0136 GetLocaleInfoW 1 000010DC kernel32.dll 01F0 LocalFree 1 000010E0 kernel32.dll 01EC LocalAlloc 1 000010E4 kernel32.dll 033D lstrlenW 1 000010E8 kernel32.dll 01F6 LocalUnlock 1 000010EC kernel32.dll 0026 CompareStringW 1 000010F0 kernel32.dll 01F2 LocalLock 1 000010F4 kernel32.dll 00C2 FoldStringW 1 000010F8 kernel32.dll 001F CloseHandle 1 000010FC kernel32.dll 0337 lstrcpyW 1 00001100 kernel32.dll 0244 ReadFile 0 00001104 ? 0000 00290771 1 00001108 kernel32.dll 0334 lstrcmpiW 1 0000110C kernel32.dll 010F GetCurrentProcessId 1 00001110 kernel32.dll 0158 GetProcAddress 1 00001114 kernel32.dll 00E0 GetCommandLineW 1 00001118 kernel32.dll 032E lstrcatW 1 0000111C kernel32.dll 00A4 FindClose 1 00001120 kernel32.dll 00AB FindFirstFileW 1 00001124 kernel32.dll 0128 GetFileAttributesW 1 00001128 kernel32.dll 0331 lstrcmpW 1 0000112C kernel32.dll 0208 MulDiv 1 00001130 kernel32.dll 033A lstrcpynW 1 00001134 kernel32.dll 01F5 LocalSize 1 00001138 kernel32.dll 0132 GetLastError 1 0000113C kernel32.dll 0315 WriteFile 1 00001140 kernel32.dll 02A3 SetLastError 1 00001144 kernel32.dll 0308 WideCharToMultiByte 1 00001148 kernel32.dll 01F3 LocalReAlloc 1 0000114C kernel32.dll 00C4 FormatMessageW 1 00001150 kernel32.dll 0191 GetUserDefaultUILanguage 1 00001154 kernel32.dll 0293 SetEndOfFile 1 00001158 kernel32.dll 0062 DeleteFileW 1 0000115C kernel32.dll 00CE GetACP 1 00001160 kernel32.dll 02E5 UnmapViewOfFile 1 00001164 kernel32.dll 0209 MultiByteToWideChar 1 00001168 kernel32.dll 010E GetCurrentProcess FThunk: 00001170 NbFunc: 00000004 1 00001170 shell32.dll 00F6 DragFinish 0 00001174 ? 0000 002A07EA 1 00001178 shell32.dll 00F5 DragAcceptFiles 1 0000117C shell32.dll 016D ShellAboutW FThunk: 00001184 NbFunc: 0000004A 1 00001184 user32.dll 00F4 GetClientRect 1 00001188 user32.dll 022B SetCursor 1 0000118C user32.dll 0208 ReleaseDC 1 00001190 user32.dll 0101 GetDC 1 00001194 user32.dll 0097 DialogBoxParamW 1 00001198 user32.dll 0221 SetActiveWindow 1 0000119C user32.dll 0117 GetKeyboardLayout 1 000011A0 user32.dll 0088 DefWindowProcW 1 000011A4 user32.dll 0091 DestroyWindow 0 000011A8 ? 0000 002A04DE 1 000011AC user32.dll 0270 ShowWindow 0 000011B0 ? 0000 002A13A6 1 000011B4 user32.dll 0191 IsIconic 1 000011B8 user32.dll 0160 GetWindowPlacement 1 000011BC user32.dll 0033 CharUpperW 1 000011C0 user32.dll 01B1 LoadStringW 1 000011C4 user32.dll 019C LoadAcceleratorsW 1 000011C8 user32.dll 0149 GetSystemMenu 1 000011CC user32.dll 01F9 RegisterClassExW 1 000011D0 user32.dll 01A6 LoadImageW 1 000011D4 user32.dll 01A2 LoadCursorW 1 000011D8 user32.dll 0260 SetWindowPlacement 1 000011DC user32.dll 005C CreateWindowExW 1 000011E0 user32.dll 0103 GetDesktopWindow 1 000011E4 user32.dll 010B GetFocus 1 000011E8 user32.dll 01A4 LoadIconW 1 000011EC user32.dll 0265 SetWindowTextW 1 000011F0 user32.dll 01E6 PostQuitMessage 0 000011F4 ? 0000 002A2778 1 000011F8 user32.dll 0297 UpdateWindow 1 000011FC user32.dll 024D SetScrollPos 1 00001200 user32.dll 0025 CharLowerW 1 00001204 user32.dll 01E3 PeekMessageW 1 00001208 user32.dll 00BA EnableWindow 1 0000120C user32.dll 00B4 DrawTextExW 1 00001210 user32.dll 0052 CreateDialogParamW 1 00001214 user32.dll 0166 GetWindowTextW 1 00001218 user32.dll 014A GetSystemMetrics 1 0000121C user32.dll 01CF MoveWindow 1 00001220 user32.dll 017F InvalidateRect 1 00001224 user32.dll 02AF WinHelpW 1 00001228 user32.dll 0105 GetDlgCtrlID 1 0000122C user32.dll 0038 ChildWindowFromPoint 1 00001230 user32.dll 020F ScreenToClient 1 00001234 user32.dll 0100 GetCursorPos 1 00001238 user32.dll 0215 SendDlgItemMessageW 1 0000123C user32.dll 021E SendMessageW 1 00001240 user32.dll 0028 CharNextW 1 00001244 user32.dll 0035 CheckMenuItem 1 00001248 user32.dll 003E CloseClipboard 1 0000124C user32.dll 018B IsClipboardFormatAvailable 1 00001250 user32.dll 01D9 OpenClipboard 1 00001254 user32.dll 012B GetMenuState 1 00001258 user32.dll 00B8 EnableMenuItem 1 0000125C user32.dll 0146 GetSubMenu 1 00001260 user32.dll 0120 GetMenu 0 00001264 ? 0000 002907DD 1 00001268 user32.dll 025F SetWindowLongW 1 0000126C user32.dll 015C GetWindowLongW 1 00001270 user32.dll 0106 GetDlgItem 1 00001274 user32.dll 0234 SetFocus 1 00001278 user32.dll 0232 SetDlgItemTextW 1 0000127C user32.dll 02B5 wsprintfW 1 00001280 user32.dll 0109 GetDlgItemTextW 1 00001284 user32.dll 00BC EndDialog 1 00001288 user32.dll 0139 GetParent 1 0000128C user32.dll 028A UnhookWinEvent 1 00001290 user32.dll 0099 DispatchMessageW 1 00001294 user32.dll 0288 TranslateMessage 1 00001298 user32.dll 0286 TranslateAcceleratorW 1 0000129C user32.dll 018E IsDialogMessageW 1 000012A0 user32.dll 01E5 PostMessageW 0 000012A4 ? 0000 002A2B56 1 000012A8 user32.dll 025C SetWinEventHook FThunk: 000012B0 NbFunc: 00000003 1 000012B0 winspool.drv 00F2 GetPrinterDriverW 1 000012B4 winspool.drv 0086 ClosePrinter 1 000012B8 winspool.drv 00F7 OpenPrinterW FThunk: 000012C0 NbFunc: 00000009 1 000012C0 comdlg32.dll 0074 PageSetupDlgW 1 000012C4 comdlg32.dll 006B FindTextW 1 000012C8 comdlg32.dll 0077 PrintDlgExW 1 000012CC comdlg32.dll 0068 ChooseFontW 1 000012D0 comdlg32.dll 006D GetFileTitleW 1 000012D4 comdlg32.dll 006F GetOpenFileNameW 1 000012D8 comdlg32.dll 007A ReplaceTextW 1 000012DC comdlg32.dll 0069 CommDlgExtendedError 1 000012E0 comdlg32.dll 0071 GetSaveFileNameW FThunk: 000012E8 NbFunc: 00000016 1 000012E8 msvcrt.dll 004B _XcptFilter 1 000012EC msvcrt.dll 00D7 _exit 1 000012F0 msvcrt.dll 00AA _c_exit 1 000012F4 msvcrt.dll 02E6 time 1 000012F8 msvcrt.dll 02A3 localtime 1 000012FC msvcrt.dll 00AD _cexit 1 00001300 msvcrt.dll 0295 iswctype 1 00001304 msvcrt.dll 00CE _except_handler3 1 00001308 msvcrt.dll 0241 _wtoi 1 0000130C msvcrt.dll 02FE wcsncmp 1 00001310 msvcrt.dll 01BD _snwprintf 1 00001314 msvcrt.dll 025F exit 0 00001318 ? 0000 002A0C7D 1 0000131C msvcrt.dll 005B __getmainargs 1 00001320 msvcrt.dll 011A _initterm 1 00001324 msvcrt.dll 0086 __setusermatherr 0 00001328 ? 0000 002A1D35 1 0000132C msvcrt.dll 006D __p__commode 1 00001330 msvcrt.dll 0072 __p__fmode 1 00001334 msvcrt.dll 0084 __set_app_type 1 00001338 msvcrt.dll 00BA _controlfp 1 0000133C msvcrt.dll 02FF wcsncpy |
|
再次UnpackMe
期待更强的壳:) |
|
再次UnpackMe
还有15个没修复: Target: C:\Documents and Settings\csjwaman\桌面\ennotepad\EnNOTEPAD2.EXE OEP: 000073A5 IATRVA: 00001000 IATSize: 00000344 FThunk: 00001000 NbFunc: 00000007 1 00001000 advapi32.dll 01B0 RegQueryValueExW 1 00001004 advapi32.dll 018C RegCloseKey 1 00001008 advapi32.dll 0192 RegCreateKeyW 1 0000100C advapi32.dll 010E IsTextUnicode 1 00001010 advapi32.dll 01AF RegQueryValueExA 1 00001014 advapi32.dll 01A5 RegOpenKeyExA 1 00001018 advapi32.dll 01BB RegSetValueExW FThunk: 00001020 NbFunc: 00000001 1 00001020 comctl32.dll 0015 CreateStatusWindowW FThunk: 00001028 NbFunc: 00000018 1 00001028 gdi32.dll 005E EndPage 1 0000102C gdi32.dll 0001 AbortDoc 1 00001030 gdi32.dll 005C EndDoc 1 00001034 gdi32.dll 0052 DeleteDC 1 00001038 gdi32.dll 0209 StartPage 1 0000103C gdi32.dll 0178 GetTextExtentPoint32W 1 00001040 gdi32.dll 002E CreateDCW 1 00001044 gdi32.dll 01D3 SetAbortProc 1 00001048 gdi32.dll 017E GetTextFaceW 1 0000104C gdi32.dll 0210 TextOutW 1 00001050 gdi32.dll 0207 StartDocW 1 00001054 gdi32.dll 0094 EnumFontsW 1 00001058 gdi32.dll 0168 GetStockObject 1 0000105C gdi32.dll 015A GetObjectW 1 00001060 gdi32.dll 012E GetDeviceCaps 1 00001064 gdi32.dll 003C CreateFontIndirectW 1 00001068 gdi32.dll 0055 DeleteObject 0 0000106C ? 0000 002A47C1 1 00001070 gdi32.dll 01D8 SetBkMode 1 00001074 gdi32.dll 018E LPtoDP 1 00001078 gdi32.dll 0203 SetWindowExtEx 1 0000107C gdi32.dll 01FF SetViewportExtEx 0 00001080 ? 0000 002A619C 1 00001084 gdi32.dll 01D1 SelectObject FThunk: 0000108C NbFunc: 00000038 1 0000108C kernel32.dll 018B GetTickCount 1 00001090 kernel32.dll 0232 QueryPerformanceCounter 1 00001094 kernel32.dll 0134 GetLocalTime 1 00001098 kernel32.dll 018F GetUserDefaultLCID 1 0000109C kernel32.dll 0113 GetDateFormatW 1 000010A0 kernel32.dll 018D GetTimeFormatW 0 000010A4 ? 0000 002A51E4 0 000010A8 ? 0000 002A3CD5 1 000010AC kernel32.dll 0129 GetFileInformationByHandle 1 000010B0 kernel32.dll 003B CreateFileMappingW 1 000010B4 kernel32.dll 01FC MapViewOfFile 1 000010B8 kernel32.dll 0111 GetCurrentThreadId 1 000010BC kernel32.dll 017B GetSystemTimeAsFileTime 1 000010C0 kernel32.dll 02D2 TerminateProcess 1 000010C4 kernel32.dll 02E2 UnhandledExceptionFilter 1 000010C8 kernel32.dll 02BF SetUnhandledExceptionFilter 0 000010CC ? 0000 002A54E9 1 000010D0 kernel32.dll 016B GetStartupInfoA 0 000010D4 ? 0000 002A0A91 1 000010D8 kernel32.dll 0136 GetLocaleInfoW 1 000010DC kernel32.dll 01F0 LocalFree 1 000010E0 kernel32.dll 01EC LocalAlloc 1 000010E4 kernel32.dll 033D lstrlenW 1 000010E8 kernel32.dll 01F6 LocalUnlock 1 000010EC kernel32.dll 0026 CompareStringW 1 000010F0 kernel32.dll 01F2 LocalLock 1 000010F4 kernel32.dll 00C2 FoldStringW 1 000010F8 kernel32.dll 001F CloseHandle 1 000010FC kernel32.dll 0337 lstrcpyW 1 00001100 kernel32.dll 0244 ReadFile 0 00001104 ? 0000 00290929 1 00001108 kernel32.dll 0334 lstrcmpiW 1 0000110C kernel32.dll 010F GetCurrentProcessId 1 00001110 kernel32.dll 0158 GetProcAddress 1 00001114 kernel32.dll 00E0 GetCommandLineW 1 00001118 kernel32.dll 032E lstrcatW 1 0000111C kernel32.dll 00A4 FindClose 1 00001120 kernel32.dll 00AB FindFirstFileW 1 00001124 kernel32.dll 0128 GetFileAttributesW 1 00001128 kernel32.dll 0331 lstrcmpW 1 0000112C kernel32.dll 0208 MulDiv 1 00001130 kernel32.dll 033A lstrcpynW 1 00001134 kernel32.dll 01F5 LocalSize 1 00001138 kernel32.dll 0132 GetLastError 1 0000113C kernel32.dll 0315 WriteFile 1 00001140 kernel32.dll 02A3 SetLastError 1 00001144 kernel32.dll 0308 WideCharToMultiByte 1 00001148 kernel32.dll 01F3 LocalReAlloc 1 0000114C kernel32.dll 00C4 FormatMessageW 1 00001150 kernel32.dll 0191 GetUserDefaultUILanguage 1 00001154 kernel32.dll 0293 SetEndOfFile 1 00001158 kernel32.dll 0062 DeleteFileW 1 0000115C kernel32.dll 00CE GetACP 1 00001160 kernel32.dll 02E5 UnmapViewOfFile 1 00001164 kernel32.dll 0209 MultiByteToWideChar 1 00001168 kernel32.dll 010E GetCurrentProcess FThunk: 00001170 NbFunc: 00000004 1 00001170 shell32.dll 00F6 DragFinish 0 00001174 ? 0000 002A4A9F 1 00001178 shell32.dll 00F5 DragAcceptFiles 1 0000117C shell32.dll 016D ShellAboutW FThunk: 00001184 NbFunc: 0000004A 1 00001184 user32.dll 00F4 GetClientRect 1 00001188 user32.dll 022B SetCursor 1 0000118C user32.dll 0208 ReleaseDC 1 00001190 user32.dll 0101 GetDC 1 00001194 user32.dll 0097 DialogBoxParamW 1 00001198 user32.dll 0221 SetActiveWindow 1 0000119C user32.dll 0117 GetKeyboardLayout 1 000011A0 user32.dll 0088 DefWindowProcW 1 000011A4 user32.dll 0091 DestroyWindow 0 000011A8 ? 0000 002A1685 1 000011AC user32.dll 0270 ShowWindow 0 000011B0 ? 0000 002A63D6 1 000011B4 user32.dll 0191 IsIconic 1 000011B8 user32.dll 0160 GetWindowPlacement 1 000011BC user32.dll 0033 CharUpperW 1 000011C0 user32.dll 01B1 LoadStringW 1 000011C4 user32.dll 019C LoadAcceleratorsW 1 000011C8 user32.dll 0149 GetSystemMenu 1 000011CC user32.dll 01F9 RegisterClassExW 1 000011D0 user32.dll 01A6 LoadImageW 1 000011D4 user32.dll 01A2 LoadCursorW 1 000011D8 user32.dll 0260 SetWindowPlacement 1 000011DC user32.dll 005C CreateWindowExW 1 000011E0 user32.dll 0103 GetDesktopWindow 1 000011E4 user32.dll 010B GetFocus 1 000011E8 user32.dll 01A4 LoadIconW 1 000011EC user32.dll 0265 SetWindowTextW 1 000011F0 user32.dll 01E6 PostQuitMessage 0 000011F4 ? 0000 002A67CB 1 000011F8 user32.dll 0297 UpdateWindow 1 000011FC user32.dll 024D SetScrollPos 1 00001200 user32.dll 0025 CharLowerW 1 00001204 user32.dll 01E3 PeekMessageW 1 00001208 user32.dll 00BA EnableWindow 1 0000120C user32.dll 00B4 DrawTextExW 1 00001210 user32.dll 0052 CreateDialogParamW 1 00001214 user32.dll 0166 GetWindowTextW 1 00001218 user32.dll 014A GetSystemMetrics 1 0000121C user32.dll 01CF MoveWindow 1 00001220 user32.dll 017F InvalidateRect 1 00001224 user32.dll 02AF WinHelpW 1 00001228 user32.dll 0105 GetDlgCtrlID 1 0000122C user32.dll 0038 ChildWindowFromPoint 1 00001230 user32.dll 020F ScreenToClient 1 00001234 user32.dll 0100 GetCursorPos 1 00001238 user32.dll 0215 SendDlgItemMessageW 1 0000123C user32.dll 021E SendMessageW 1 00001240 user32.dll 0028 CharNextW 1 00001244 user32.dll 0035 CheckMenuItem 1 00001248 user32.dll 003E CloseClipboard 1 0000124C user32.dll 018B IsClipboardFormatAvailable 1 00001250 user32.dll 01D9 OpenClipboard 1 00001254 user32.dll 012B GetMenuState 1 00001258 user32.dll 00B8 EnableMenuItem 1 0000125C user32.dll 0146 GetSubMenu 1 00001260 user32.dll 0120 GetMenu 0 00001264 ? 0000 00290995 1 00001268 user32.dll 025F SetWindowLongW 1 0000126C user32.dll 015C GetWindowLongW 1 00001270 user32.dll 0106 GetDlgItem 1 00001274 user32.dll 0234 SetFocus 1 00001278 user32.dll 0232 SetDlgItemTextW 1 0000127C user32.dll 02B5 wsprintfW 1 00001280 user32.dll 0109 GetDlgItemTextW 1 00001284 user32.dll 00BC EndDialog 1 00001288 user32.dll 0139 GetParent 1 0000128C user32.dll 028A UnhookWinEvent 1 00001290 user32.dll 0099 DispatchMessageW 1 00001294 user32.dll 0288 TranslateMessage 1 00001298 user32.dll 0286 TranslateAcceleratorW 1 0000129C user32.dll 018E IsDialogMessageW 1 000012A0 user32.dll 01E5 PostMessageW 0 000012A4 ? 0000 002A26E6 1 000012A8 user32.dll 025C SetWinEventHook FThunk: 000012B0 NbFunc: 00000003 1 000012B0 winspool.drv 00F2 GetPrinterDriverW 1 000012B4 winspool.drv 0086 ClosePrinter 1 000012B8 winspool.drv 00F7 OpenPrinterW FThunk: 000012C0 NbFunc: 00000009 1 000012C0 comdlg32.dll 0074 PageSetupDlgW 1 000012C4 comdlg32.dll 006B FindTextW 1 000012C8 comdlg32.dll 0077 PrintDlgExW 1 000012CC comdlg32.dll 0068 ChooseFontW 1 000012D0 comdlg32.dll 006D GetFileTitleW 1 000012D4 comdlg32.dll 006F GetOpenFileNameW 1 000012D8 comdlg32.dll 007A ReplaceTextW 1 000012DC comdlg32.dll 0069 CommDlgExtendedError 1 000012E0 comdlg32.dll 0071 GetSaveFileNameW FThunk: 000012E8 NbFunc: 00000016 1 000012E8 msvcrt.dll 004B _XcptFilter 1 000012EC msvcrt.dll 00D7 _exit 1 000012F0 msvcrt.dll 00AA _c_exit 1 000012F4 msvcrt.dll 02E6 time 1 000012F8 msvcrt.dll 02A3 localtime 1 000012FC msvcrt.dll 00AD _cexit 1 00001300 msvcrt.dll 0295 iswctype 1 00001304 msvcrt.dll 00CE _except_handler3 1 00001308 msvcrt.dll 0241 _wtoi 1 0000130C msvcrt.dll 02FE wcsncmp 1 00001310 msvcrt.dll 01BD _snwprintf 1 00001314 msvcrt.dll 025F exit 0 00001318 ? 0000 002A4DED 1 0000131C msvcrt.dll 005B __getmainargs 1 00001320 msvcrt.dll 011A _initterm 1 00001324 msvcrt.dll 0086 __setusermatherr 0 00001328 ? 0000 002A4F05 1 0000132C msvcrt.dll 006D __p__commode 1 00001330 msvcrt.dll 0072 __p__fmode 1 00001334 msvcrt.dll 0084 __set_app_type 1 00001338 msvcrt.dll 00BA _controlfp 1 0000133C msvcrt.dll 02FF wcsncpy |
|
[讨论]大家看看这个程序的脱法是否正确?
DUMP出来的文件如果没有优化应该有3.76M。你的只有1.3M,估计没有DUMP完整。 |
|
|
|
|
|
[求助]菜鸟遇到问题啦,快来帮忙呀!!!
有时候实践一下就能解决许多问题。 |
|
[原创]ESP定律巧脱Protection Plus 4.x壳SoftwareKey V1.3.1.0主程序
01361187 81E2 FF000000 AND EDX,0FF 0136118D 8D42 FF LEA EAX,DWORD PTR DS:[EDX-1] 01361190 83F8 03 CMP EAX,3 01361193 77 73 JA SHORT 01361208///ja->jmp 就可避开IAT加密。 01361195 FF2485 10123601 JMP DWORD PTR DS:[EAX*4+1361210] 0136119C 6A 06 PUSH 6 0136119E E8 4B8D0000 CALL 01369EEE 013611A3 83C4 04 ADD ESP,4 013611A6 8970 01 MOV DWORD PTR DS:[EAX+1],ESI 013611A9 8BF0 MOV ESI,EAX 013611AB C600 68 MOV BYTE PTR DS:[EAX],68 013611AE C640 05 C3 MOV BYTE PTR DS:[EAX+5],0C3 013611B2 5E POP ESI 013611B3 C2 0C00 RETN 0C 013611B6 6A 07 PUSH 7 013611B8 E8 318D0000 CALL 01369EEE 013611BD 83C4 04 ADD ESP,4 |
|
|
|
|
|
我以前写的一个壳(已放上源程序,在47楼)
先"jdsglxg"为参数创建事件,然后再OpenEventA是不是就可以转成单进程?但我调试后出现INT 0F7之类的异常。 |
|
|
|
某蛋壳脱壳笔记
呵呵,脱好了。 |
|
某蛋壳脱壳笔记
有50个IAT地址被换成CC了。不知如何处理?还请q3 watcher指点一下:) |
|
某蛋壳脱壳笔记
0040206B >/$ 55 PUSH EBP 0040206C |. 8BEC MOV EBP,ESP 0040206E |. 6A FF PUSH -1 00402070 |. 68 10124000 PUSH 401210 00402075 |. 68 40204000 PUSH 402040 ; SE handler installation 0040207A |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0] 00402080 |. 50 PUSH EAX 00402081 |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP 00402088 |. 83EC 68 SUB ESP,68 0040208B |. 53 PUSH EBX 0040208C |. 56 PUSH ESI 0040208D |. 57 PUSH EDI 0040208E |. 8965 E8 MOV DWORD PTR SS:[EBP-18],ESP 00402091 |. 33DB XOR EBX,EBX 00402093 |. 895D FC MOV DWORD PTR SS:[EBP-4],EBX 00402096 |. 6A 02 PUSH 2 00402098 |. FF15 58104000 CALL DWORD PTR DS:[401058] ; msvcrt.__set_app_type 0040209E |. 59 POP ECX 0040209F |. 830D C4284000>OR DWORD PTR DS:[4028C4],FFFFFFFF 004020A6 |. 830D C8284000>OR DWORD PTR DS:[4028C8],FFFFFFFF 004020AD |. FF15 5C104000 CALL DWORD PTR DS:[40105C] ; msvcrt.__p__fmode 004020B3 |. 8B0D C0284000 MOV ECX,DWORD PTR DS:[4028C0] 还差IAT没完全修复。 |
|
|
|
|
|
程序脱壳后可以运行却看不到正确的代码[求助]
OEP=401af4 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值