|
|
|
请教脱壳
斑竹能否看看,是不是在4A3254的地方 就是程序的OEP吗? 004A3254 MOV EDX,DWORD PTR SS:[EBP+3E5C] 004A325A CMP EDX,0 004A325D JE SHORT GO600.004A3284 004A325F CMP WORD PTR DS:[ESI],5A4D 004A3264 JE SHORT GO600.004A3275 004A3266 SUB ESI,10000 004A326C MOV EDX,DWORD PTR SS:[EBP+3E5C] 004A3272 DEC EDX 004A3273 JMP SHORT GO600.004A3254 004A3275 MOV EDI,DWORD PTR DS:[ESI+3C] 004A3278 ADD EDI,ESI 004A327A CMP DWORD PTR DS:[EDI],4550 004A3280 JE SHORT GO600.004A3289 004A3282 JMP SHORT GO600.004A3266 004A3284 MOV ESI,BFF70000 004A3289 MOV EAX,ESI 004A328B RETN |
|
请教脱壳
004A3254 MOV EDX,DWORD PTR SS:[EBP+3E5C] 004A325A CMP EDX,0 004A325D JE SHORT GO600.004A3284 004A325F CMP WORD PTR DS:[ESI],5A4D 004A3264 JE SHORT GO600.004A3275 004A3266 SUB ESI,10000 004A326C MOV EDX,DWORD PTR SS:[EBP+3E5C] 004A3272 DEC EDX 004A3273 JMP SHORT GO600.004A3254 004A3275 MOV EDI,DWORD PTR DS:[ESI+3C] 004A3278 ADD EDI,ESI 004A327A CMP DWORD PTR DS:[EDI],4550 004A3280 JE SHORT GO600.004A3289 004A3282 JMP SHORT GO600.004A3266 004A3284 MOV ESI,BFF70000 004A3289 MOV EAX,ESI 004A328B RETN |
|
请教脱壳
程序边运行边解码,一直到这里我发现了可疑的地方! 从这里出来,程序就飞掉了! 请教各位程序是用的什么数据结构进行反跟踪的? 004A3254 8B95 5C3E0000 MOV EDX,DWORD PTR SS:[EBP+3E5C] 004A325A 83FA 00 CMP EDX,0 004A325D 74 25 JE SHORT GO600.004A3284 004A325F 66:813E 4D5A CMP WORD PTR DS:[ESI],5A4D! 004A3264 74 0F JE SHORT GO600.004A3275 004A3266 81EE 00000100 SUB ESI,10000 004A326C 8B95 5C3E0000 MOV EDX,DWORD PTR SS:[EBP+3E5C] 004A3272 4A DEC EDX 004A3273 ^EB DF JMP SHORT GO600.004A3254 004A3275 8B7E 3C MOV EDI,DWORD PTR DS:[ESI+3C] 004A3278 03FE ADD EDI,ESI 004A327A 813F 50450000 CMP DWORD PTR DS:[EDI],4550 004A3280 74 07 JE SHORT GO600.004A3289 004A3282 ^EB E2 JMP SHORT GO600.004A3266 004A3284 BE 0000F7BF MOV ESI,BFF70000 004A3289 8BC6 MOV EAX,ESI 004A328B C3 RETN 004A328C 8BC8 MOV ECX,EAX 004A328E 81E1 FF0F0000 AND ECX,0FFF 004A3294 51 PUSH ECX 004A3295 038D 663E0000 ADD ECX,DWORD PTR SS:[EBP+3E66] 004A329B 81C1 FF0F0000 ADD ECX,0FFF 004A32A1 C1E9 0C SHR ECX,0C 004A32A4 C1E8 0C SHR EAX,0C 004A32A7 50 PUSH EAX 004A32A8 68 00000420 PUSH 20040000 004A32AD 6A FF PUSH -1 004A32AF 51 PUSH ECX 004A32B0 50 PUSH EAX 004A32B1 68 0D000100 PUSH 1000D 004A32B6 FF95 623E0000 CALL DWORD PTR SS:[EBP+3E62] 004A32BC 40 INC EAX 004A32BD 5A POP EDX 004A32BE 59 POP ECX 004A32BF 74 05 JE SHORT GO600.004A32C6 004A32C1 8BC2 MOV EAX,EDX 004A32C3 C1E0 0C SHL EAX,0C 004A32C6 C3 RETN |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值