|
|
|
幻影之旅――[DBPE 2.x -> Ding Boy & zer0]流程攻略
最初由 nyjzhang 发布 Unpacking不是照着做就可以的. |
|
用进程注入来实现一个壳
9x呢? |
|
|
|
哪位大虾有空帮我看看这个壳,是不是asprotect的变形?
forgot虽然是好人,也不至于让我半路改名为fogot吧:D |
|
哪位大虾有空帮我看看这个壳,是不是asprotect的变形?
0041D332 > $ 6A 60 PUSH 60 0041D334 . 68 60144400 PUSH 00441460 0041D339 . E8 36430000 CALL 00421674 0041D33E . BF 94000000 MOV EDI, 94 0041D343 . 8BC7 MOV EAX, EDI 0041D345 . E8 46FFFFFF CALL 0041D290 0041D34A . 8965 E8 MOV [EBP-18], ESP 0041D34D . 8BF4 MOV ESI, ESP 0041D34F . 893E MOV [ESI], EDI 0041D351 . 56 PUSH ESI 0041D352 FF DB FF 0041D353 . 15 C0A24380 ADC EAX, 8043A2C0 0041D358 . 8B4E 10 MOV ECX, [ESI+10] 0041D35B . 890D F0854600 MOV [4685F0], ECX 0041D361 . 8B46 04 MOV EAX, [ESI+4] 0041D364 . A3 FC854600 MOV [4685FC], EAX 0041D369 . 8B56 08 MOV EDX, [ESI+8] OEP: 0001D332 IATRVA: 0003A000 IATSize: 000005BC FThunk: 0003A000 NbFunc: 0000000A 1 0003A000 advapi32.dll 01E1 RegOpenKeyA 1 0003A004 advapi32.dll 01EC RegQueryValueExA 1 0003A008 advapi32.dll 01E2 RegOpenKeyExA 1 0003A00C advapi32.dll 01D0 RegDeleteKeyA 1 0003A010 advapi32.dll 01D5 RegEnumKeyA 1 0003A014 advapi32.dll 01EB RegQueryValueA 1 0003A018 advapi32.dll 01CD RegCreateKeyExA 1 0003A01C advapi32.dll 01F9 RegSetValueExA 1 0003A020 advapi32.dll 01D2 RegDeleteValueA 1 0003A024 advapi32.dll 01C9 RegCloseKey FThunk: 0003A02C NbFunc: 00000002 1 0003A02C comctl32.dll 0011 InitCommonControls 1 0003A030 comctl32.dll 002D ImageList_Destroy FThunk: 0003A038 NbFunc: 00000024 1 0003A038 gdi32.dll 01C0 GetViewportExtEx 1 0003A03C gdi32.dll 01C3 GetWindowExtEx 1 0003A040 gdi32.dll 01F2 PtVisible 1 0003A044 gdi32.dll 01F6 RectVisible 1 0003A048 gdi32.dll 024F TextOutA 1 0003A04C gdi32.dll 00DE ExtTextOutA 1 0003A050 gdi32.dll 00D5 Escape 1 0003A054 gdi32.dll 0240 SetViewportOrgEx 1 0003A058 gdi32.dll 01D6 OffsetViewportOrgEx 1 0003A05C gdi32.dll 023F SetViewportExtEx 1 0003A060 gdi32.dll 0209 ScaleViewportExtEx 1 0003A064 gdi32.dll 0243 SetWindowExtEx 1 0003A068 gdi32.dll 020A ScaleWindowExtEx 1 0003A06C gdi32.dll 00DD ExtSelectClipRgn 1 0003A070 gdi32.dll 01A6 GetStockObject 1 0003A074 gdi32.dll 0051 CreateSolidBrush 1 0003A078 gdi32.dll 018E GetMapMode 1 0003A07C gdi32.dll 014D GetBkColor 1 0003A080 gdi32.dll 01B0 GetTextColor 1 0003A084 gdi32.dll 01A5 GetRgnBox 1 0003A088 gdi32.dll 022C SetMapMode 1 0003A08C gdi32.dll 0201 RestoreDC 1 0003A090 gdi32.dll 0208 SaveDC 1 0003A094 gdi32.dll 020F SelectObject 1 0003A098 gdi32.dll 0090 DeleteObject 1 0003A09C gdi32.dll 01BD GetTextMetricsA 1 0003A0A0 gdi32.dll 0013 BitBlt 1 0003A0A4 gdi32.dll 002E CreateCompatibleDC 1 0003A0A8 gdi32.dll 0028 CreateBitmap 1 0003A0AC gdi32.dll 004D CreateRectRgnIndirect 1 0003A0B0 gdi32.dll 0196 GetObjectA 1 0003A0B4 gdi32.dll 0216 SetBkColor 1 0003A0B8 gdi32.dll 023D SetTextColor 1 0003A0BC gdi32.dll 008D DeleteDC 1 0003A0C0 gdi32.dll 016C GetDeviceCaps 1 0003A0C4 gdi32.dll 0161 GetClipBox FThunk: 0003A0CC NbFunc: 00000083 1 0003A0CC kernel32.dll 01B7 GetSystemTimeAsFileTime 1 0003A0D0 kernel32.dll 01FC HeapAlloc 1 0003A0D4 kernel32.dll 01A6 GetStartupInfoA 1 0003A0D8 kernel32.dll 0103 GetCommandLineA 1 0003A0DC kernel32.dll 00B0 ExitProcess 1 0003A0E0 kernel32.dll 0290 RaiseException 1 0003A0E4 kernel32.dll 0206 HeapReAlloc 1 0003A0E8 kernel32.dll 0340 TerminateProcess 1 0003A0EC kernel32.dll 031B SetStdHandle 1 0003A0F0 kernel32.dll 0158 GetFileType 1 0003A0F4 kernel32.dll 0208 HeapSize 1 0003A0F8 kernel32.dll 01A9 GetStringTypeA 1 0003A0FC kernel32.dll 01AC GetStringTypeW 1 0003A100 kernel32.dll 0200 HeapDestroy 1 0003A104 kernel32.dll 01FE HeapCreate 1 0003A108 kernel32.dll 0367 VirtualFree 1 0003A10C kernel32.dll 0364 VirtualAlloc 1 0003A110 kernel32.dll 0221 IsBadWritePtr 1 0003A114 kernel32.dll 01CE GetTimeZoneInformation 1 0003A118 kernel32.dll 022D LCMapStringA 1 0003A11C kernel32.dll 022E LCMapStringW 1 0003A120 kernel32.dll 0202 HeapFree 1 0003A124 kernel32.dll 0351 UnhandledExceptionFilter 1 0003A128 kernel32.dll 00E8 FreeEnvironmentStringsA 1 0003A12C kernel32.dll 0147 GetEnvironmentStrings 1 0003A130 kernel32.dll 00E9 FreeEnvironmentStringsW 1 0003A134 kernel32.dll 0149 GetEnvironmentStringsW 1 0003A138 kernel32.dll 024E LockResource 1 0003A13C kernel32.dll 028B QueryPerformanceCounter 1 0003A140 kernel32.dll 0136 GetCurrentProcessId 1 0003A144 kernel32.dll 032C SetUnhandledExceptionFilter 1 0003A148 kernel32.dll 021E IsBadReadPtr 1 0003A14C kernel32.dll 021B IsBadCodePtr 1 0003A150 kernel32.dll 036A VirtualProtect 1 0003A154 kernel32.dll 01B2 GetSystemInfo 1 0003A158 kernel32.dll 036C VirtualQuery 1 0003A15C kernel32.dll 02F8 SetEnvironmentVariableA 1 0003A160 kernel32.dll 02BE RtlUnwind 1 0003A164 kernel32.dll 0157 GetFileTime 1 0003A168 kernel32.dll 0150 GetFileAttributesA 1 0003A16C kernel32.dll 00BC FileTimeToLocalFileTime 1 0003A170 kernel32.dll 02FA SetErrorMode 1 0003A174 kernel32.dll 00BD FileTimeToSystemTime 1 0003A178 kernel32.dll 0184 GetOEMCP 1 0003A17C kernel32.dll 00F7 GetCPInfo 1 0003A180 kernel32.dll 0346 TlsFree 1 0003A184 kernel32.dll 007B DeleteCriticalSection 1 0003A188 kernel32.dll 0248 LocalReAlloc 1 0003A18C kernel32.dll 0348 TlsSetValue 1 0003A190 kernel32.dll 0345 TlsAlloc 1 0003A194 kernel32.dll 020F InitializeCriticalSection 1 0003A198 kernel32.dll 0347 TlsGetValue 1 0003A19C kernel32.dll 0090 EnterCriticalSection 1 0003A1A0 kernel32.dll 01EE GlobalHandle 1 0003A1A4 kernel32.dll 01F2 GlobalReAlloc 1 0003A1A8 kernel32.dll 023A LeaveCriticalSection 1 0003A1AC kernel32.dll 0241 LocalAlloc 1 0003A1B0 kernel32.dll 0217 InterlockedIncrement 1 0003A1B4 kernel32.dll 01EA GlobalFlags 1 0003A1B8 kernel32.dll 018D GetPrivateProfileStringA 1 0003A1BC kernel32.dll 038A WritePrivateProfileStringA 1 0003A1C0 kernel32.dll 0213 InterlockedDecrement 1 0003A1C4 kernel32.dll 004E CreateFileA 1 0003A1C8 kernel32.dll 015B GetFullPathNameA 1 0003A1CC kernel32.dll 01D7 GetVolumeInformationA 1 0003A1D0 kernel32.dll 00CA FindFirstFileA 1 0003A1D4 kernel32.dll 00C6 FindClose 1 0003A1D8 kernel32.dll 0135 GetCurrentProcess 1 0003A1DC kernel32.dll 008D DuplicateHandle 1 0003A1E0 kernel32.dll 0155 GetFileSize 1 0003A1E4 kernel32.dll 02F7 SetEndOfFile 1 0003A1E8 kernel32.dll 0352 UnlockFile 1 0003A1EC kernel32.dll 024C LockFile 1 0003A1F0 kernel32.dll 00E0 FlushFileBuffers 1 0003A1F4 kernel32.dll 0300 SetFilePointer 1 0003A1F8 kernel32.dll 0385 WriteFile 1 0003A1FC kernel32.dll 029D ReadFile 1 0003A200 kernel32.dll 0137 GetCurrentThread 1 0003A204 kernel32.dll 016D GetModuleFileNameA 1 0003A208 kernel32.dll 003B ConvertDefaultLocale 1 0003A20C kernel32.dll 009B EnumResourceLanguagesA 1 0003A210 kernel32.dll 0138 GetCurrentThreadId 1 0003A214 kernel32.dll 01EC GlobalGetAtomNameA 1 0003A218 kernel32.dll 01E2 GlobalAddAtomA 1 0003A21C kernel32.dll 01E7 GlobalFindAtomA 1 0003A220 kernel32.dll 01E6 GlobalDeleteAtom 1 0003A224 kernel32.dll 039D lstrcat 1 0003A228 kernel32.dll 03A2 lstrcmpW 1 0003A22C kernel32.dll 016F GetModuleHandleA 1 0003A230 kernel32.dll 0162 GetLastError 1 0003A234 kernel32.dll 02B8 RestoreLastError 1 0003A238 kernel32.dll 025D MulDiv 1 0003A23C kernel32.dll 01E4 GlobalAlloc 1 0003A240 kernel32.dll 00E5 FormatMessageA 1 0003A244 kernel32.dll 03A9 lstrcpyn 1 0003A248 kernel32.dll 0245 LocalFree 1 0003A24C kernel32.dll 01EF GlobalLock 1 0003A250 kernel32.dll 01F6 GlobalUnlock 1 0003A254 kernel32.dll 01EB GlobalFree 1 0003A258 kernel32.dll 00EC FreeResource 1 0003A25C kernel32.dll 03A3 lstrcmpi 1 0003A260 kernel32.dll 0037 CompareStringW 1 0003A264 kernel32.dll 0036 CompareStringA 1 0003A268 kernel32.dll 01D4 GetVersion 1 0003A26C kernel32.dll 025E MultiByteToWideChar 1 0003A270 kernel32.dll 026E OpenProcess 1 0003A274 kernel32.dll 023B LoadLibraryA 1 0003A278 kernel32.dll 0191 GetProcAddress 1 0003A27C kernel32.dll 00EA FreeLibrary 1 0003A280 kernel32.dll 0187 GetPrivateProfileIntA 1 0003A284 kernel32.dll 03A0 lstrcmp 1 0003A288 kernel32.dll 01CB GetTickCount 1 0003A28C kernel32.dll 036B VirtualProtectEx 1 0003A290 kernel32.dll 038E WriteProcessMemory 1 0003A294 kernel32.dll 02A0 ReadProcessMemory 1 0003A298 kernel32.dll 03A6 lstrcpy 1 0003A29C kernel32.dll 03AC lstrlen 1 0003A2A0 kernel32.dll 0030 CloseHandle 1 0003A2A4 kernel32.dll 001B Beep 1 0003A2A8 kernel32.dll 0338 Sleep 1 0003A2AC kernel32.dll 0378 WideCharToMultiByte 1 0003A2B0 kernel32.dll 00D9 FindResourceA 1 0003A2B4 kernel32.dll 0240 LoadResource 1 0003A2B8 kernel32.dll 024E LockResource 1 0003A2BC kernel32.dll 0337 SizeofResource 1 0003A2C0 kernel32.dll 01D5 GetVersionExA 1 0003A2C4 kernel32.dll 01C6 GetThreadLocale 1 0003A2C8 kernel32.dll 0165 GetLocaleInfoA 1 0003A2CC kernel32.dll 00F0 GetACP 1 0003A2D0 kernel32.dll 01A8 GetStdHandle 1 0003A2D4 kernel32.dll 0214 InterlockedExchange FThunk: 0003A2DC NbFunc: 00000002 1 0003A2DC oleacc.dll 0014 LresultFromObject 1 0003A2E0 oleacc.dll 0007 CreateStdAccessibleObject FThunk: 0003A2E8 NbFunc: 0000000C 1 0003A2E8 oleaut32.dll 0009 VariantClear 1 0003A2EC oleaut32.dll 0008 VariantInit 1 0003A2F0 oleaut32.dll 0004 SysAllocStringLen 1 0003A2F4 oleaut32.dll 0006 SysFreeString 1 0003A2F8 oleaut32.dll 0007 SysStringLen 1 0003A2FC oleaut32.dll 0096 SysAllocStringByteLen 1 0003A300 oleaut32.dll 000A VariantCopy 1 0003A304 oleaut32.dll 0010 SafeArrayDestroy 1 0003A308 oleaut32.dll 00B8 SystemTimeToVariantTime 1 0003A30C oleaut32.dll 0002 SysAllocString 1 0003A310 oleaut32.dll 01A4 OleCreateFontIndirect 1 0003A314 oleaut32.dll 000C VariantChangeType FThunk: 0003A31C NbFunc: 00000004 1 0003A31C shlwapi.dll 024D PathFindFileNameA 1 0003A320 shlwapi.dll 0299 PathStripToRootA 1 0003A324 shlwapi.dll 024B PathFindExtensionA 1 0003A328 shlwapi.dll 0271 PathIsUNCA FThunk: 0003A330 NbFunc: 00000083 1 0003A330 user32.dll 021B RegisterClipboardFormatA 1 0003A334 user32.dll 0203 PostThreadMessageA 1 0003A338 user32.dll 0293 ShowWindow 1 0003A33C user32.dll 01EA MoveWindow 1 0003A340 user32.dll 0287 SetWindowTextA 1 0003A344 user32.dll 01A1 IsDialogMessage 1 0003A348 user32.dll 022B ReleaseDC 1 0003A34C user32.dll 010D GetDC 1 0003A350 user32.dll 021B RegisterClipboardFormatA 1 0003A354 user32.dll 02D3 WinHelpA 1 0003A358 user32.dll 00F4 GetCapture 1 0003A35C user32.dll 0061 CreateWindowExA 1 0003A360 user32.dll 028B SetWindowsHookExA 1 0003A364 user32.dll 001B CallNextHookEx 1 0003A368 user32.dll 00FB GetClassLongA 1 0003A36C user32.dll 00F8 GetClassInfoExA 1 0003A370 user32.dll 00FD GetClassNameA 1 0003A374 user32.dll 026B SetPropA 1 0003A378 user32.dll 014B GetPropA 1 0003A37C user32.dll 022D RemovePropA 1 0003A380 user32.dll 0237 SendDlgItemMessageA 1 0003A384 user32.dll 0117 GetFocus 1 0003A388 user32.dll 019F IsChild 1 0003A38C user32.dll 0179 GetWindowTextLengthA 1 0003A390 user32.dll 0178 GetWindowTextA 1 0003A394 user32.dll 0129 GetLastActivePopup 1 0003A398 user32.dll 00A2 DispatchMessageA 1 0003A39C user32.dll 0164 GetTopWindow 1 0003A3A0 user32.dll 02AF UnhookWindowsHookEx 1 0003A3A4 user32.dll 013E GetMessageTime 1 0003A3A8 user32.dll 013D GetMessagePos 1 0003A3AC user32.dll 01BC LoadIconA 1 0003A3B0 user32.dll 01FE PeekMessageA 1 0003A3B4 user32.dll 01D8 MapWindowPoints 1 0003A3B8 user32.dll 0122 GetKeyState 1 0003A3BC user32.dll 0258 SetForegroundWindow 1 0003A3C0 user32.dll 01B0 IsWindowVisible 1 0003A3C4 user32.dll 02BC UpdateWindow 1 0003A3C8 user32.dll 0195 InvalidateRgn 1 0003A3CC user32.dll 0200 PostMessageA 1 0003A3D0 user32.dll 015B GetSysColor 1 0003A3D4 user32.dll 0003 AdjustWindowRectEx 1 0003A3D8 user32.dll 0232 ScreenToClient 1 0003A3DC user32.dll 00F7 GetClassInfoA 1 0003A3E0 user32.dll 0217 RegisterClassA 1 0003A3E4 user32.dll 02B4 UnregisterClassA 1 0003A3E8 user32.dll 0111 GetDlgCtrlID 1 0003A3EC user32.dll 008F DefWindowProcA 1 0003A3F0 user32.dll 001C CallWindowProcA 1 0003A3F4 user32.dll 01F3 OffsetRect 1 0003A3F8 user32.dll 0193 IntersectRect 1 0003A3FC user32.dll 029A SystemParametersInfoA 1 0003A400 user32.dll 0174 GetWindowPlacement 1 0003A404 user32.dll 004B CopyRect 1 0003A408 user32.dll 020C PtInRect 1 0003A40C user32.dll 016B GetWindow 1 0003A410 user32.dll 0138 GetMenuState 1 0003A414 user32.dll 0134 GetMenuItemID 1 0003A418 user32.dll 0133 GetMenuItemCount 1 0003A41C user32.dll 015A GetSubMenu 1 0003A420 user32.dll 010F GetDesktopWindow 1 0003A424 user32.dll 00EC GetActiveWindow 1 0003A428 user32.dll 0244 SetActiveWindow 1 0003A42C user32.dll 0053 CreateDialogIndirectParamA 1 0003A430 user32.dll 009A DestroyWindow 1 0003A434 user32.dll 0112 GetDlgItem 1 0003A438 user32.dll 00C5 EnableWindow 1 0003A43C user32.dll 023C SendMessageA 1 0003A440 user32.dll 0257 SetFocus 1 0003A444 user32.dll 0047 CopyAcceleratorTableA 1 0003A448 user32.dll 026D SetRect 1 0003A44C user32.dll 01A9 IsRectEmpty 1 0003A450 user32.dll 002B CharNextA 1 0003A454 user32.dll 022A ReleaseCapture 1 0003A458 user32.dll 0245 SetCapture 1 0003A45C user32.dll 0098 DestroyMenu 1 0003A460 user32.dll 01AD IsWindowEnabled 1 0003A464 user32.dll 0144 GetNextDlgTabItem 1 0003A468 user32.dll 00C7 EndDialog 1 0003A46C user32.dll 0035 CharUpperA 1 0003A470 user32.dll 015E GetSystemMetrics 1 0003A474 user32.dll 01A7 IsIconic 1 0003A478 user32.dll 00B7 DrawIcon 1 0003A47C user32.dll 01B6 LoadBitmapA 1 0003A480 user32.dll 017C GetWindowThreadProcessId 1 0003A484 user32.dll 01DD MessageBoxA 1 0003A488 user32.dll 00E4 FindWindowA 1 0003A48C user32.dll 0202 PostQuitMessage 1 0003A490 user32.dll 0118 GetForegroundWindow 1 0003A494 user32.dll 01AC IsWindow 1 0003A498 user32.dll 01B3 KillTimer 1 0003A49C user32.dll 027B SetTimer 1 0003A4A0 user32.dll 0216 RedrawWindow 1 0003A4A4 user32.dll 0100 GetClientRect 1 0003A4A8 user32.dll 0175 GetWindowRect 1 0003A4AC user32.dll 016F GetWindowLongA 1 0003A4B0 user32.dll 0146 GetParent 1 0003A4B4 user32.dll 0281 SetWindowLongA 1 0003A4B8 user32.dll 0267 SetParent 1 0003A4BC user32.dll 0284 SetWindowPos 1 0003A4C0 user32.dll 01DC MessageBeep 1 0003A4C4 user32.dll 00E0 EqualRect 1 0003A4C8 user32.dll 0143 GetNextDlgGroupItem 1 0003A4CC user32.dll 01B8 LoadCursorA 1 0003A4D0 user32.dll 015C GetSysColorBrush 1 0003A4D4 user32.dll 00C9 EndPaint 1 0003A4D8 user32.dll 000E BeginPaint 1 0003A4DC user32.dll 016D GetWindowDC 1 0003A4E0 user32.dll 0041 ClientToScreen 1 0003A4E4 user32.dll 017E GrayStringA 1 0003A4E8 user32.dll 00BE DrawTextExA 1 0003A4EC user32.dll 00BD DrawTextA 1 0003A4F0 user32.dll 029C TabbedTextOutA 1 0003A4F4 user32.dll 02D6 WindowFromPoint 1 0003A4F8 user32.dll 0280 SetWindowContextHelpId 1 0003A4FC user32.dll 01D3 MapDialogRect 1 0003A500 user32.dll 013B GetMessageA 1 0003A504 user32.dll 02AB TranslateMessage 1 0003A508 user32.dll 010C GetCursorPos 1 0003A50C user32.dll 02C6 ValidateRect 1 0003A510 user32.dll 024E SetCursor 1 0003A514 user32.dll 0194 InvalidateRect 1 0003A518 user32.dll 00B4 DrawFocusRect 1 0003A51C user32.dll 00E3 FillRect 1 0003A520 user32.dll 02D9 wsprintfA 1 0003A524 user32.dll 0262 SetMenuItemBitmaps 1 0003A528 user32.dll 01E5 ModifyMenuA 1 0003A52C user32.dll 00C3 EnableMenuItem 1 0003A530 user32.dll 012D GetMenu 1 0003A534 user32.dll 012F GetMenuCheckMarkDimensions 1 0003A538 user32.dll 003A CheckMenuItem FThunk: 0003A540 NbFunc: 00000003 1 0003A540 winspool.drv 0103 OpenPrinterA 1 0003A544 winspool.drv 00B1 DocumentPropertiesA 1 0003A548 winspool.drv 0086 ClosePrinter FThunk: 0003A550 NbFunc: 00000001 1 0003A550 comdlg32.dll 006C GetFileTitleA FThunk: 0003A558 NbFunc: 00000005 1 0003A558 hook.dll 0005 ?UnInit@@YGHXZ 1 0003A55C hook.dll 0002 AddHotkey 1 0003A560 hook.dll 0004 ?InitHotkey@@YGHK@Z 1 0003A564 hook.dll 0001 ?AddGoodFilter@@YGKPBDI@Z 1 0003A568 hook.dll 0003 DeleteHotkey FThunk: 0003A570 NbFunc: 0000000F 1 0003A570 ole32.dll 0064 CoTaskMemAlloc 1 0003A574 ole32.dll 013F StgOpenStorageOnILockBytes 1 0003A578 ole32.dll 0008 CLSIDFromProgID 1 0003A57C ole32.dll 0132 StgCreateDocfileOnILockBytes 1 0003A580 ole32.dll 008C CreateILockBytesOnHGlobal 1 0003A584 ole32.dll 0114 OleUninitialize 1 0003A588 ole32.dll 001E CoFreeUnusedLibraries 1 0003A58C ole32.dll 00FD OleInitialize 1 0003A590 ole32.dll 005C CoRevokeClassObject 1 0003A594 ole32.dll 0053 CoRegisterMessageFilter 1 0003A598 ole32.dll 00F8 OleFlushClipboard 1 0003A59C ole32.dll 00FF OleIsCurrentClipboard 1 0003A5A0 ole32.dll 000A CLSIDFromString 1 0003A5A4 ole32.dll 0065 CoTaskMemFree 1 0003A5A8 ole32.dll 0024 CoGetClassObject FThunk: 0003A5B0 NbFunc: 00000001 1 0003A5B0 oledlg.dll 0008 OleUIBusyA :D 好人做到底. |
|
哪位大虾有空帮我看看这个壳,是不是asprotect的变形?
虽然不喜欢干这种事情,但是用F4断到VirtualProtect对你有好处. |
|
|
|
|
|
|
|
|
|
一个upx壳,不会脱,请指点
upx -d |
|
一个upx壳,不会脱,请指点
0046C6AC 55 PUSH EBP 0046C6AD 8BEC MOV EBP, ESP 0046C6AF 83C4 F0 ADD ESP, -10 0046C6B2 B8 BCC44600 MOV EAX, 0046C4BC 0046C6B7 E8 1097F9FF CALL 00405DCC 0046C6BC A1 E8E14600 MOV EAX, [46E1E8] 0046C6C1 8B00 MOV EAX, [EAX] 0046C6C3 E8 9079FFFF CALL 00464058 0046C6C8 A1 E8E14600 MOV EAX, [46E1E8] 0046C6CD 8B00 MOV EAX, [EAX] 0046C6CF BA 0CC74600 MOV EDX, 0046C70C ; ASCII "UHARC GUI v2.0" 0046C6D4 E8 8F75FFFF CALL 00463C68 0046C6D9 8B0D E0E24600 MOV ECX, [46E2E0] ; UHARC_GU.0046FBE4 0046C6DF A1 E8E14600 MOV EAX, [46E1E8] 0046C6E4 8B00 MOV EAX, [EAX] 0046C6E6 8B15 2C574600 MOV EDX, [46572C] ; UHARC_GU.00465778 0046C6EC E8 7F79FFFF CALL 00464070 0046C6F1 A1 E8E14600 MOV EAX, [46E1E8] 0046C6F6 8B00 MOV EAX, [EAX] 0046C6F8 E8 F379FFFF CALL 004640F0 0046C6FD E8 BE77F9FF CALL 00403EC0 :D |
|
|
|
用Ollydbg手脱UPX加壳的DLL
对于dll来说,upx比aspr某些版本恐怖多了:D |
|
俺菜,请教Hying的加壳软件在哪儿?
私人工具……送个红包给hying,套套近乎就…… |
|
又灌水-反(调试/跟踪/脱壳) 技术集锦
厉害,可以用si进去……pfpf |
|
|
|
又灌水-反(调试/跟踪/脱壳) 技术集锦
预取指令现在应该是无效的,我用SEH自调试,监视一段指令,还是挂了。 |
|
forgot大侠!"try.exe"是如何脱壳的?先谢!
我发了n行的文章还是没有看明白? |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值