-
-
[原创]packman 0.0.0.1快速脱壳
-
发表于:
2005-3-4 23:16
4410
-
原创: packman 0.0.0.1快速脱壳
Author Homepage: http://packman.cjb.net/
Download: http://asmbubba.freeprohost.com/download/packman-0.0.0.1.zip
工具: ollydbg,ollydump,imprec
作者: peaceclub[5261314@sohu.com]
描述: packman 0.0.0.1 :An average compression tool, with many potential. UPX, Mew, Upack packed files are smaller. But the tool has a small and nice GUI.
脱壳过程:
1、ollydbg载入Packman.exe
2、停在这里
00410F84 > 60 PUSHAD 'oep
00410F85 E8 00000000 CALL Packman.00410F8A
00410F8A 58 POP EAX
00410F8B 8DA8 9AFEFFFF LEA EBP,DWORD PTR DS:[EAX-166]
00410F91 8D98 76F0FEFF LEA EBX,DWORD PTR DS:[EAX+FFFEF076]
00410F97 8DB0 74010000 LEA ESI,DWORD PTR DS:[EAX+174]
00410F9D 8D4E F6 LEA ECX,DWORD PTR DS:[ESI-A]
00410FA0 48 DEC EAX
00410FA1 C640 FB E9 MOV BYTE PTR DS:[EAX-5],0E9
00410FA5 8D93 7A760000 LEA EDX,DWORD PTR DS:[EBX+767A]
00410FAB 2BD0 SUB EDX,EAX
3、F8
4、把光标移动到00410f84: pushad处,f4,f8
5、dump & imprec
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
