我用ASPACK加了NOTEPAD的壳。然后用OD脱。设置Ollydbg忽略除了“内存访问异常”之外的所有其它异常选项。用插件去掉Ollydbg的调试器标志(但看上去好像没有任何反应)。然后再打开目标程序。代码如下:
01010001 > 60 PUSHAD
01010002 E8 03000000 CALL NOTEPAD.0101000A
01010007 -E9 EB045D45 JMP 465E04F7
0101000C 55 PUSH EBP
0101000D C3 RETN
0101000E E8 01000000 CALL NOTEPAD.01010014
01010013 EB 5D JMP SHORT NOTEPAD.01010072
01010015 BB EDFFFFFF MOV EBX,-13
0101001A 03DD ADD EBX,EBP
0101001C 81EB 00000100 SUB EBX,10000 ; UNICODE "=::=::\"
01010022 83BD 22040000 00 CMP DWORD PTR SS:[EBP+422],0
01010029 899D 22040000 MOV DWORD PTR SS:[EBP+422],EBX
0101002F 0F85 65030000 JNZ NOTEPAD.0101039A
01010035 8D85 2E040000 LEA EAX,DWORD PTR SS:[EBP+42E]
0101003B 50 PUSH EAX
0101003C FF95 4D0F0000 CALL DWORD PTR SS:[EBP+F4D]
01010042 8985 26040000 MOV DWORD PTR SS:[EBP+426],EAX
01010048 8BF8 MOV EDI,EAX
0101004A 8D5D 5E LEA EBX,DWORD PTR SS:[EBP+5E]
0101004D 53 PUSH EBX
0101004E 50 PUSH EAX
0101004F FF95 490F0000 CALL DWORD PTR SS:[EBP+F49]
01010055 8985 4D050000 MOV DWORD PTR SS:[EBP+54D],EAX
0101005B 8D5D 6B LEA EBX,DWORD PTR SS:[EBP+6B]
0101005E 53 PUSH EBX
0101005F 57 PUSH EDI
01010060 FF95 490F0000 CALL DWORD PTR SS:[EBP+F49]
01010066 8985 51050000 MOV DWORD PTR SS:[EBP+551],EAX
0101006C 8D45 77 LEA EAX,DWORD PTR SS:[EBP+77]
0101006F FFE0 JMP EAX
01010071 56 PUSH ESI
但教程说:
00401000 68 01C05900 push ARTCUR.0059C001//进入OD后停在这
00401005 E8 01000000 call ARTCUR.0040100B
0040100A C3 retn
怎么回事啊?
而且我按SHIFT+F9就按一下,程序就跑飞了。怎么回事啊
[课程]Android-CTF解题方法汇总!