首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. 软件逆向
    3. 发新帖
[分享]第一阶段 第四题 脱壳流程+脚本(9楼)+修复工具源码(15楼)
发表于: 2010-10-26 12:22 14397

[分享]第一阶段 第四题 脱壳流程+脚本(9楼)+修复工具源码(15楼)

海风月影 活跃值
22
2010-10-26 12:22
14397

贴一个我自己生成的导入表信息吧,应该和大家的都差不多


[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 7
支持
分享
最新回复 (32)
patapon
雪    币: 695
活跃值: (25)
能力值: ( LV9,RANK:170 )
在线值:
发帖
回帖
粉丝
私信
2
强势围观,广告位招租
2010-10-26 12:25
0
rxzcums
雪    币: 427
活跃值: (65)
能力值: ( LV6,RANK:90 )
在线值:
发帖
回帖
粉丝
私信
3
强大的表,围观。
2010-10-26 12:29
0
DimRacker
雪    币: 264
活跃值: (119)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
4
好整齐啊,我的乱七八糟,还有很多0x25XXXX的
2010-10-26 12:30
0
accessd
雪    币: 1115
活跃值: (122)
能力值: ( LV7,RANK:100 )
在线值:
发帖
回帖
粉丝
私信
5
比我的好多了,我提交的时候文件选错了

000C406E,  77A8406E -> "DeleteFileA",  
000C8DA0,  77A88DA0 -> "lstrcatA",  
000C8DF1,  77A88DF1 -> "lstrcpyA",  
000C5351,  77A85351 -> "GetCurrentThreadId",  
000C5340,  77A85340 -> "GetCurrentThread",  
000C8DD5,  77A88DD5 -> "lstrcmpiA",  
000C8DBA,  77A88DBA -> "lstrcmpA",  
000C6531,  77A86531 -> "GlobalDeleteAtom",  
000C6517,  77A86517 -> "GlobalAlloc",  
000C65B6,  77A865B6 -> "GlobalLock",  
000C58E0,  77A858E0 -> "GetModuleFileNameA",  
000C36FE,  77A836FE -> "CloseHandle",  
000C8874,  77A88874 -> "WaitForSingleObject",  
000C7D0F,  77A87D0F -> "SetEvent",  
000C841C,  77A8841C -> "SuspendThread",  
000C3AAB,  77A83AAB -> "CreateEventA",  
000C4B9E,  77A84B9E -> "FreeResource",  
000C6C67,  77A86C67 -> "LoadResource",  
000C49F1,  77A849F1 -> "FindResourceA",  
000C6D45,  77A86D45 -> "LockResource",  
000C6578,  77A86578 -> "GlobalFree",  
000C661B,  77A8661B -> "GlobalUnlock",  
000C57D0,  77A857D0 -> "GetLastError",  
000C5E72,  77A85E72 -> "GetProfileStringA",  
000C5809,  77A85809 -> "GetLocaleInfoW",  
000C7CD2,  77A87CD2 -> "SetEnvironmentVariableA",  
000C80D1,  77A880D1 -> "SetStdHandle",  
000C6308,  77A86308 -> "GetUserDefaultLCID",  
000C4512,  77A84512 -> "EnumSystemLocalesA",  
000C57EA,  77A857EA -> "GetLocaleInfoA",  
000C6AF5,  77A86AF5 -> "IsValidCodePage",  
000C6B1A,  77A86B1A -> "IsValidLocale",  
000C6964,  77A86964 -> "IsBadCodePtr",  
000C83B4,  77A883B4 -> "Sleep",  
000C5F5F,  77A85F5F -> "GetStringTypeW",  
000C5F2E,  77A85F2E -> "GetStringTypeA",  
000C795A,  77A8795A -> "SetConsoleCtrlHandler",  
000C82D8,  77A882D8 -> "SetUnhandledExceptionFilter",  
000C3866,  77A83866 -> "CompareStringW",  
000C3832,  77A83832 -> "CompareStringA",  
000C6B75,  77A86B75 -> "LCMapStringW",  
000C6B5A,  77A86B5A -> "LCMapStringA",  
000C8768,  77A88768 -> "VirtualAlloc",  
000C66BD,  77A866BD -> "HeapReAlloc",  
000C6669,  77A86669 -> "HeapAlloc",  
000C4688,  77A84688 -> "FatalAppExitA",  
000C8797,  77A88797 -> "VirtualFree",  
000C6696,  77A86696 -> "HeapFree",  
000C667F,  77A8667F -> "HeapCreate",  
000C668A,  77A8668A -> "HeapDestroy",  
000C63AF,  77A863AF -> "GetVersionExA",  
000C54E4,  77A854E4 -> "GetEnvironmentVariableA",  
000C568A,  77A8568A -> "GetFileType",  
000C7EDC,  77A87EDC -> "SetHandleCount",  
000C54CD,  77A854CD -> "GetEnvironmentStringsW",  
000C54A0,  77A854A0 -> "GetEnvironmentStrings",  
000C4B42,  77A84B42 -> "FreeEnvironmentStringsW",  
000C4B2A,  77A84B2A -> "FreeEnvironmentStringsA",  
000C85B5,  77A885B5 -> "UnhandledExceptionFilter",  
000C57DD,  77A857DD -> "GetLocalTime",  
000C6091,  77A86091 -> "GetSystemTime",  
000C62C1,  77A862C1 -> "GetTimeZoneInformation",  
000C4BDA,  77A84BDA -> "GetACP",  
000C5F10,  77A85F10 -> "GetStdHandle",  
000C3F98,  77A83F98 -> "DebugBreak",  
000C732E,  77A8732E -> "RaiseException",  
000C4605,  77A84605 -> "ExitThread",  
000C3E37,  77A83E37 -> "CreateThread",  
000C66FC,  77A866FC -> "HeapValidate",  
000C848F,  77A8848F -> "TerminateProcess",  
000C45F9,  77A845F9 -> "ExitProcess",  
000C4DFE,  77A84DFE -> "GetCommandLineA",  
000C5EF0,  77A85EF0 -> "GetStartupInfoA",  
000C77E0,  77A877E0 -> "RtlUnwind",  
000C8DFA,  77A88DFA -> "lstrcpyW",  
000C3964,  77A83964 -> "CopyFileA",  
000C65F7,  77A865F7 -> "GlobalSize",  
000C7D57,  77A87D57 -> "SetFileAttributesA",  
000C8447,  77A88447 -> "SystemTimeToFileTime",  
000C6CAE,  77A86CAE -> "LocalFileTimeToFileTime",  
000C5664,  77A85664 -> "GetFileSize",  
000C6277,  77A86277 -> "GetTickCount",  
000C8E31,  77A88E31 -> "lstrlenW",  
000C49FF,  77A849FF -> "FindResourceExA",  
000C4B00,  77A84B00 -> "FormatMessageA",  
000C53D2,  77A853D2 -> "GetDiskFreeSpaceA",  
000C567E,  77A8567E -> "GetFileTime",  
000C7E6E,  77A87E6E -> "SetFileTime",  
000C6176,  77A86176 -> "GetTempFileNameA",  
000C5568,  77A85568 -> "GetFileAttributesA",  
000C5ECC,  77A85ECC -> "GetShortPathNameA",  
000C5F3D,  77A85F3D -> "GetStringTypeExA",  
000C570A,  77A8570A -> "GetFullPathNameA",  
000C63CB,  77A863CB -> "GetVolumeInformationA",  
000C4800,  77A84800 -> "FindFirstFileA",  
000C5CEE,  77A85CEE -> "GetProcAddress",  
000C47A0,  77A847A0 -> "FindClose",  
000C8E28,  77A88E28 -> "lstrlenA",  
000C6DED,  77A86DED -> "MoveFileA",  
000C7C97,  77A87C97 -> "SetEndOfFile",  
000C85CE,  77A885CE -> "UnlockFile",  
000C6D31,  77A86D31 -> "LockFile",  
000C4A98,  77A84A98 -> "FlushFileBuffers",  
000C7E2A,  77A87E2A -> "SetFilePointer",  
000C8C10,  77A88C10 -> "WriteFile",  
000C743D,  77A8743D -> "ReadFile",  
000C3AFD,  77A83AFD -> "CreateFileA",  
000C5300,  77A85300 -> "GetCurrentProcess",  
000C422D,  77A8422D -> "DuplicateHandle",  
000C7D02,  77A87D02 -> "SetErrorMode",  
000C5B9B,  77A85B9B -> "GetOEMCP",  
000C4C7E,  77A84C7E -> "GetCPInfo",  
000C70AA,  77A870AA -> "OutputDebugStringA",  
000C61E6,  77A861E6 -> "GetThreadLocale",  
000C83A5,  77A883A5 -> "SizeofResource",  
000C5E2E,  77A85E2E -> "GetProfileIntA",  
000C87BD,  77A887BD -> "VirtualProtect",  
000C46C4,  77A846C4 -> "FileTimeToLocalFileTime",  
000C46DC,  77A846DC -> "FileTimeToSystemTime",  
000C6994,  77A86994 -> "IsBadReadPtr",  
000C69C1,  77A869C1 -> "IsBadWritePtr",  
000C69A1,  77A869A1 -> "IsBadStringPtrA",  
000C69B1,  77A869B1 -> "IsBadStringPtrW",  
000C5DD9,  77A85DD9 -> "GetProcessVersion",  
000C52D6,  77A852D6 -> "GetCurrentDirectoryA",  
000C8C6E,  77A88C6E -> "WritePrivateProfileStringA",  
000C5C8A,  77A85C8A -> "GetPrivateProfileStringA",  
000C5BEC,  77A85BEC -> "GetPrivateProfileIntA",  
000C656C,  77A8656C -> "GlobalFlags",  
000C84F2,  77A884F2 -> "TlsGetValue",  
000C6CF1,  77A86CF1 -> "LocalReAlloc",  
000C84FE,  77A884FE -> "TlsSetValue",  
000C4285,  77A84285 -> "EnterCriticalSection",  
000C65E9,  77A865E9 -> "GlobalReAlloc",  
000C6BE7,  77A86BE7 -> "LeaveCriticalSection",  
000C84EA,  77A884EA -> "TlsFree",  
000C65A9,  77A865A9 -> "GlobalHandle",  
000C404C,  77A8404C -> "DeleteCriticalSection",  
000C84E1,  77A884E1 -> "TlsAlloc",  
000C67B9,  77A867B9 -> "InitializeCriticalSection",  
000C6C96,  77A86C96 -> "LocalAlloc",  
000C6CD1,  77A86CD1 -> "LocalFree",  
000C8E0C,  77A88E0C -> "lstrcpynA",  
000C6E74,  77A86E74 -> "MultiByteToWideChar",  
000C8A6E,  77A88A6E -> "WideCharToMultiByte",  
000C6895,  77A86895 -> "InterlockedDecrement",  
000C68EB,  77A868EB -> "InterlockedIncrement",  
000C6E6D,  77A86E6D -> "MulDiv",  
000C7F32,  77A87F32 -> "SetLastError",  
000C778C,  77A8778C -> "ResumeThread",  
000C6214,  77A86214 -> "GetThreadPriority",  
000C81FE,  77A881FE -> "SetThreadPriority",  
000C6C24,  77A86C24 -> "LoadLibraryA",  
000C4B5A,  77A84B5A -> "FreeLibrary",  
000C63A4,  77A863A4 -> "GetVersion",  
000C6583,  77A86583 -> "GlobalGetAtomNameA",  
000C64F9,  77A864F9 -> "GlobalAddAtomA",  
000C6542,  77A86542 -> "GlobalFindAtomA",  
000C5906,  77A85906 -> "GetModuleHandleA",  
0001E2A3,  7764E2A3 -> "MessageBeep",  
0001C71E,  7764C71E -> "CopyAcceleratorTableA",  
0001C562,  7764C562 -> "CharNextA",  
0001D47C,  7764D47C -> "GetDialogBaseUnits",  
0001CCAB,  7764CCAB -> "DestroyCursor",  
0001EAF9,  7764EAF9 -> "SetCursorPos",  
0001D2BD,  7764D2BD -> "GetAsyncKeyState",  
0001D3A5,  7764D3A5 -> "GetClipboardFormatNameA",  
0001E14C,  7764E14C -> "LoadStringA",  
0001F1EC,  7764F1EC -> "UnpackDDElParam",  
0001E907,  7764E907 -> "ReuseDDElParam",  
0001CCC5,  7764CCC5 -> "DestroyMenu",  
0001F11F,  7764F11F -> "TranslateAcceleratorA",  
0001E012,  7764E012 -> "LoadAcceleratorsA",  
0001DC4C,  7764DC4C -> "GetWindowThreadProcessId",  
0001F461,  7764F461 -> "WaitMessage",  
0001E88B,  7764E88B -> "ReleaseCapture",  
0001E3D7,  7764E3D7 -> "OemToCharA",  
0001C5A2,  7764C5A2 -> "CharToOemA",  
0001C63E,  7764C63E -> "CheckMenuRadioItem",  
0001D6B4,  7764D6B4 -> "GetMenuContextHelpId",  
0001EBE0,  7764EBE0 -> "SetMenuContextHelpId",  
0001E10E,  7764E10E -> "LoadMenuIndirectA",  
0001E104,  7764E104 -> "LoadMenuA",  
0001E8C2,  7764E8C2 -> "RemoveMenu",  
0001E331,  7764E331 -> "ModifyMenuA",  
0001DD76,  7764DD76 -> "InsertMenuA",  
0001D9BC,  7764D9BC -> "GetSubMenu",  
0001D707,  7764D707 -> "GetMenuItemInfoA",  
0001D746,  7764D746 -> "GetMenuStringA",  
0001D739,  7764D739 -> "GetMenuState",  
0001D6F9,  7764D6F9 -> "GetMenuItemID",  
0001D6E8,  7764D6E8 -> "GetMenuItemCount",  
0001D6C9,  7764D6C9 -> "GetMenuDefaultItem",  
0001EBF5,  7764EBF5 -> "SetMenuDefaultItem",  
0001CFCF,  7764CFCF -> "EnableMenuItem",  
0001C630,  7764C630 -> "CheckMenuItem",  
0001C2E8,  7764C2E8 -> "AppendMenuA",  
0001CC61,  7764CC61 -> "DeleteMenu",  
0001DF13,  7764DF13 -> "IsMenu",  
0001C8FA,  7764C8FA -> "CreatePopupMenu",  
0001C8EF,  7764C8EF -> "CreateMenu",  
0001E934,  7764E934 -> "ScrollDC",  
0001DC8D,  7764DC8D -> "GrayStringA",  
0001DA03,  7764DA03 -> "GetTabbedTextExtentA",  
0001CF45,  7764CF45 -> "DrawTextA",  
0001CED6,  7764CED6 -> "DrawFocusRect",  
0001CEEE,  7764CEEE -> "DrawFrameControl",  
0001CECD,  7764CECD -> "DrawEdge",  
0001CF2F,  7764CF2F -> "DrawStateA",  
0001CEFF,  7764CEFF -> "DrawIcon",  
0001DE05,  7764DE05 -> "InvertRect",  
0001D225,  7764D225 -> "FrameRect",  
0001D1CE,  7764D1CE -> "FillRect",  
0001D1AF,  7764D1AF -> "ExcludeUpdateRgn",  
0001F498,  7764F498 -> "WindowFromDC",  
0001D9D3,  7764D9D3 -> "GetSysColorBrush",  
0001EFF7,  7764EFF7 -> "SubtractRect",  
0001F1B9,  7764F1B9 -> "UnionRect",  
0001DD57,  7764DD57 -> "InflateRect",  
0001ED0D,  7764ED0D -> "SetRectEmpty",  
0001ED05,  7764ED05 -> "SetRect",  
0001E5BF,  7764E5BF -> "PtInRect",  
0001DF2C,  7764DF2C -> "IsRectEmpty",  
0001E43E,  7764E43E -> "OpenIcon",  
0001C6FF,  7764C6FF -> "CloseWindow",  
0001E04E,  7764E04E -> "LoadCursorA",  
0001E520,  7764E520 -> "PostThreadMessageA",  
0001DB08,  7764DB08 -> "GetWindowContextHelpId",  
0001EA1B,  7764EA1B -> "SendNotifyMessageA",  
0001D4F1,  7764D4F1 -> "GetForegroundWindow",  
0001EB74,  7764EB74 -> "SetForegroundWindow",  
0001EF1B,  7764EF1B -> "ShowCaret",  
0001DCA5,  7764DCA5 -> "HideCaret",  
0001EA6E,  7764EA6E -> "SetCaretPos",  
0001D2EB,  7764D2EB -> "GetCaretPos",  
0001C7AC,  7764C7AC -> "CreateCaret",  
0001D402,  7764D402 -> "GetClipboardViewer",  
0001D3D5,  7764D3D5 -> "GetClipboardOwner",  
0001D808,  7764D808 -> "GetOpenClipboardWindow",  
0001E416,  7764E416 -> "OpenClipboard",  
0001EAB4,  7764EAB4 -> "SetClipboardViewer",  
0001C487,  7764C487 -> "ChangeClipboardChain",  
0001D20B,  7764D20B -> "FlashWindow",  
0001F4BD,  7764F4BD -> "WindowFromPoint",  
0001EC80,  7764EC80 -> "SetParent",  
0001D1D7,  7764D1D7 -> "FindWindowA",  
0001C67B,  7764C67B -> "ChildWindowFromPoint",  
0001EF40,  7764EF40 -> "ShowScrollBar",  
0001D7F6,  7764D7F6 -> "GetNextDlgTabItem",  
0001D7E2,  7764D7E2 -> "GetNextDlgGroupItem",  
0001CE06,  7764CE06 -> "DlgDirSelectComboBoxExA",  
0001CE36,  7764CE36 -> "DlgDirSelectExA",  
0001CDD2,  7764CDD2 -> "DlgDirListComboBoxA",  
0001CDC6,  7764CDC6 -> "DlgDirListA",  
0001D46B,  7764D46B -> "GetDesktopWindow",  
0001EA51,  7764EA51 -> "SetCapture",  
0001E008,  7764E008 -> "KillTimer",  
0001EDC2,  7764EDC2 -> "SetTimer",  
0001CFDE,  7764CFDE -> "EnableScrollBar",  
0001E66E,  7764E66E -> "RedrawWindow",  
0001E18E,  7764E18E -> "LockWindowUpdate",  
0001D463,  7764D463 -> "GetDCEx",  
0001EF30,  7764EF30 -> "ShowOwnedPopups",  
0001DFE0,  7764DFE0 -> "IsWindowVisible",  
0001F3D1,  7764F3D1 -> "ValidateRgn",  
0001C5D6,  7764C5D6 -> "CharUpperA",  
0001DDE8,  7764DDE8 -> "InvalidateRect",  
0001DA7A,  7764DA7A -> "GetUpdateRgn",  
0001DA6C,  7764DA6C -> "GetUpdateRect",  
0001F303,  7764F303 -> "UpdateWindow",  
0001E89A,  7764E89A -> "ReleaseDC",  
0001DFD0,  7764DFD0 -> "IsWindowUnicode",  
0001D45D,  7764D45D -> "GetDC",  
0001D01F,  7764D01F -> "EndPaint",  
0001C33B,  7764C33B -> "BeginPaint",  
0001C6C9,  7764C6C9 -> "ClientToScreen",  
0001C351,  7764C351 -> "BringWindowToTop",  
0001DBD8,  7764DBD8 -> "GetWindowRgn",  
0001EE7A,  7764EE7A -> "SetWindowRgn",  
0001C300,  7764C300 -> "ArrangeIconicWindows",  
0001DFFF,  7764DFFF -> "IsZoomed",  
0001DCAF,  7764DCAF -> "HiliteMenuItem",  
0001D9E4,  7764D9E4 -> "GetSystemMenu",  
0001CF13,  7764CF13 -> "DrawMenuBar",  
0001EBD8,  7764EBD8 -> "SetMenu",  
0001D682,  7764D682 -> "GetMenu",  
0001EF6E,  7764EF6E -> "ShowWindow",  
0001E37C,  7764E37C -> "MoveWindow",  
0001EEAB,  7764EEAB -> "SetWindowTextA",  
0001DEB9,  7764DEB9 -> "IsDialogMessageA",  
0001E94A,  7764E94A -> "ScrollWindowEx",  
0001DEDB,  7764DEDB -> "IsDlgButtonChecked",  
0001EB38,  7764EB38 -> "SetDlgItemTextA",  
0001EB2A,  7764EB2A -> "SetDlgItemInt",  
0001D4B5,  7764D4B5 -> "GetDlgItemTextA",  
0001D4A7,  7764D4A7 -> "GetDlgItemInt",  
0001C651,  7764C651 -> "CheckRadioButton",  
0001C621,  7764C621 -> "CheckDlgButton",  
0001E08E,  7764E08E -> "LoadIconA",  
0001E959,  7764E959 -> "SendDlgItemMessageA",  
0001D378,  7764D378 -> "GetClientRect",  
0001E261,  7764E261 -> "MapWindowPoints",  
0001D9C7,  7764D9C7 -> "GetSysColor",  
0001EB6B,  7764EB6B -> "SetFocus",  
0001C280,  7764C280 -> "AdjustWindowRectEx",  
0001E916,  7764E916 -> "ScreenToClient",  
0001D1A5,  7764D1A5 -> "EqualRect",  
0001CC52,  7764CC52 -> "DeferWindowPos",  
0001C327,  7764C327 -> "BeginDeferWindowPos",  
0001C75D,  7764C75D -> "CopyRect",  
0001CFFB,  7764CFFB -> "EndDeferWindowPos",  
0001E93D,  7764E93D -> "ScrollWindow",  
0001D96C,  7764D96C -> "GetScrollInfo",  
0001ED1A,  7764ED1A -> "SetScrollInfo",  
0001D987,  7764D987 -> "GetScrollRange",  
0001ED35,  7764ED35 -> "SetScrollRange",  
0001D97A,  7764D97A -> "GetScrollPos",  
0001ED28,  7764ED28 -> "SetScrollPos",  
0001DA5F,  7764DA5F -> "GetTopWindow",  
0001DE86,  7764DE86 -> "IsChild",  
0001D2CE,  7764D2CE -> "GetCapture",  
0001F486,  7764F486 -> "WinHelpA",  
0001F502,  7764F502 -> "wsprintfA",  
0001D2F7,  7764D2F7 -> "GetClassInfoA",  
0001E67B,  7764E67B -> "RegisterClassA",  
0001F0EA,  7764F0EA -> "TrackPopupMenu",  
0001EE5A,  7764EE5A -> "SetWindowPlacement",  
0001DC13,  7764DC13 -> "GetWindowTextLengthA",  
0001DC04,  7764DC04 -> "GetWindowTextA",  
0001D34F,  7764D34F -> "GetClassNameA",  
0001D48F,  7764D48F -> "GetDlgCtrlID",  
0001C91E,  7764C91E -> "CreateWindowExA",  
0001D333,  7764D333 -> "GetClassLongA",  
0001ECF3,  7764ECF3 -> "SetPropA",  
0001F1A5,  7764F1A5 -> "UnhookWindowsHookEx",  
0001D89A,  7764D89A -> "GetPropA",  
0001C435,  7764C435 -> "CallWindowProcA",  
0001E8CD,  7764E8CD -> "RemovePropA",  
0001CC34,  7764CC34 -> "DefWindowProcA",  
0001D792,  7764D792 -> "GetMessageTime",  
0001D784,  7764D784 -> "GetMessagePos",  
0001EE3C,  7764EE3C -> "SetWindowLongA",  
0001E85D,  7764E85D -> "RegisterWindowMessageA",  
0001E40B,  7764E40B -> "OffsetRect",  
0001DDDA,  7764DDDA -> "IntersectRect",  
0001F04B,  7764F04B -> "SystemParametersInfoA",  
0001DF0A,  7764DF0A -> "IsIconic",  
0001DBB7,  7764DBB7 -> "GetWindowPlacement",  
0001DBCA,  7764DBCA -> "GetWindowRect",  
0001E213,  7764E213 -> "MapDialogRect",  
0001EE6D,  7764EE6D -> "SetWindowPos",  
0001DAFE,  7764DAFE -> "GetWindow",  
0001EE25,  7764EE25 -> "SetWindowContextHelpId",  
0001D00D,  7764D00D -> "EndDialog",  
0001D250,  7764D250 -> "GetActiveWindow",  
0001EA41,  7764EA41 -> "SetActiveWindow",  
0001C805,  7764C805 -> "CreateDialogIndirectParamA",  
0001CCE0,  7764CCE0 -> "DestroyWindow",  
0001D49C,  7764D49C -> "GetDlgItem",  
0001F077,  7764F077 -> "TabbedTextOutA",  
0001E4F6,  7764E4F6 -> "PostMessageA",  
0001DF8A,  7764DF8A -> "IsWindow",  
0001D699,  7764D699 -> "GetMenuCheckMarkDimensions",  
0001E036,  7764E036 -> "LoadBitmapA",  
0001EC14,  7764EC14 -> "SetMenuItemBitmaps",  
0001D4E8,  7764D4E8 -> "GetFocus",  
0001D764,  7764D764 -> "GetMessageA",  
0001F160,  7764F160 -> "TranslateMessage",  
0001CD89,  7764CD89 -> "DispatchMessageA",  
0001D5B1,  7764D5B1 -> "GetKeyState",  
0001C426,  7764C426 -> "CallNextHookEx",  
0001F3C4,  7764F3C4 -> "ValidateRect",  
0001CCB9,  7764CCB9 -> "DestroyIcon",  
0001E6BB,  7764E6BB -> "RegisterClipboardFormatA",  
0001F516,  7764F516 -> "wvsprintfA",  
0001DD39,  7764DD39 -> "InSendMessage",  
0001DDF7,  7764DDF7 -> "InvalidateRgn",  
0001DE8E,  7764DE8E -> "IsClipboardFormatAvailable",  
0001E4C5,  7764E4C5 -> "PeekMessageA",  
0001D450,  7764D450 -> "GetCursorPos",  
0001EEE7,  7764EEE7 -> "SetWindowsHookExA",  
0001DB39,  7764DB39 -> "GetWindowLongA",  
0001D81F,  7764D81F -> "GetParent",  
0001D634,  7764D634 -> "GetLastActivePopup",  
0001DF93,  7764DF93 -> "IsWindowEnabled",  
0001E9AF,  7764E9AF -> "SendMessageA",  
0001E2AF,  7764E2AF -> "MessageBoxA",  
0001CFEE,  7764CFEE -> "EnableWindow",  
0001EADD,  7764EADD -> "SetCursor",  
0001E510,  7764E510 -> "PostQuitMessage",  
0001DB1F,  7764DB1F -> "GetWindowDC",  
0001CBCE,  7764CBCE -> "DefDlgProcA",  
0001D9F2,  7764D9F2 -> "GetSystemMetrics",  
0001C690,  7764C690 -> "ChildWindowFromPointEx",  
0001F1FC,  7764F1FC -> "UnregisterClassA",  
000041F2,  736A41F2 -> "ImageList_Merge",  
00004202,  736A4202 -> "ImageList_Read",  
000042EB,  736A42EB -> "ImageList_Write",  
0000416E,  736A416E -> "ImageList_GetImageCount",  
00003FDC,  736A3FDC -> "ImageList_Add",  
00003FFC,  736A3FFC -> "ImageList_AddMasked",  
00004211,  736A4211 -> "ImageList_Remove",  
00004222,  736A4222 -> "ImageList_Replace",  
00004234,  736A4234 -> "ImageList_ReplaceIcon",  
00004146,  736A4146 -> "ImageList_GetIcon",  
000040AA,  736A40AA -> "ImageList_Draw",  
0000424A,  736A424A -> "ImageList_SetBkColor",  
00004107,  736A4107 -> "ImageList_GetBkColor",  
000042D1,  736A42D1 -> "ImageList_SetOverlayImage",  
00004186,  736A4186 -> "ImageList_GetImageInfo",  
00004010,  736A4010 -> "ImageList_BeginDrag",  
000040F5,  736A40F5 -> "ImageList_EndDrag",  
0000407E,  736A407E -> "ImageList_DragMove",  
0000425F,  736A425F -> "ImageList_SetDragCursorImage",  
00004091,  736A4091 -> "ImageList_DragShowNolock",  
0000411C,  736A411C -> "ImageList_GetDragImage",  
00004056,  736A4056 -> "ImageList_DragEnter",  
0000406A,  736A406A -> "ImageList_DragLeave",  
00004375,  736A4375 -> "PropertySheetA",  
00003E68,  736A3E68 -> "DestroyPropertySheetPage",  
00003C39,  736A3C39 -> "CreatePropertySheetPageA",  
00004044,  736A4044 -> "ImageList_Destroy",  
00004033,  736A4033 -> "ImageList_Create",  
000041C8,  736A41C8 -> "ImageList_LoadImageA",  
00003210,  77483210 -> "CreatePenIndirect",  
00004057,  77484057 -> "ExtCreatePen",  
000032B7,  774832B7 -> "CreateSolidBrush",  
00003186,  77483186 -> "CreateHatchBrush",  
00002FD6,  77482FD6 -> "CreateBrushIndirect",  
000031F3,  774831F3 -> "CreatePatternBrush",  
00003062,  77483062 -> "CreateDIBPatternBrushPt",  
00003110,  77483110 -> "CreateFontIndirectA",  
00003104,  77483104 -> "CreateFontA",  
00002FC1,  77482FC1 -> "CreateBitmapIndirect",  
00005504,  77485504 -> "SetBitmapBits",  
0000478C,  7748478C -> "GetBitmapBits",  
00005512,  77485512 -> "SetBitmapDimensionEx",  
0000479A,  7748479A -> "GetBitmapDimensionEx",  
0000300E,  7748300E -> "CreateCompatibleBitmap",  
0000309A,  7748309A -> "CreateDiscardableBitmap",  
000031E5,  774831E5 -> "CreatePalette",  
00003170,  77483170 -> "CreateHalftonePalette",  
00004D50,  77484D50 -> "GetPaletteEntries",  
000056D9,  774856D9 -> "SetPaletteEntries",  
00002DBF,  77482DBF -> "AnimatePalette",  
00004CA6,  77484CA6 -> "GetNearestPaletteIndex",  
000053C6,  774853C6 -> "ResizePalette",  
00003248,  77483248 -> "CreateRectRgn",  
00003256,  77483256 -> "CreateRectRgnIndirect",  
000030B2,  774830B2 -> "CreateEllipticRgn",  
000030C4,  774830C4 -> "CreateEllipticRgnIndirect",  
00003237,  77483237 -> "CreatePolygonRgn",  
00003222,  77483222 -> "CreatePolyPolygonRgn",  
0000326C,  7748326C -> "CreateRoundRectRgn",  
000051F8,  774851F8 -> "PathToRegion",  
00004064,  77484064 -> "ExtCreateRegion",  
00004DEB,  77484DEB -> "GetRegionData",  
00005725,  77485725 -> "SetRectRgn",  
00002F3E,  77482F3E -> "CombineRgn",  
00004019,  77484019 -> "EqualRgn",  
00005151,  77485151 -> "OffsetRgn",  
00004E03,  77484E03 -> "GetRgnBox",  
000052D1,  774852D1 -> "PtInRegion",  
0000530A,  7748530A -> "RectInRegion",  
00003038,  77483038 -> "CreateDCA",  
00003197,  77483197 -> "CreateICA",  
00003025,  77483025 -> "CreateCompatibleDC",  
000049E9,  774849E9 -> "GetDeviceCaps",  
000047E5,  774847E5 -> "GetBrushOrgEx",  
0000555D,  7748555D -> "SetBrushOrgEx",  
0000400D,  7748400D -> "EnumObjects",  
000054B8,  774854B8 -> "SelectObject",  
00004C96,  77484C96 -> "GetNearestColor",  
000052FB,  774852FB -> "RealizePalette",  
000058D7,  774858D7 -> "UpdateColors",  
000047AF,  774847AF -> "GetBkColor",  
000047BA,  774847BA -> "GetBkMode",  
00004DB4,  77484DB4 -> "GetPolyFillMode",  
00004DC4,  77484DC4 -> "GetROP2",  
00004E1C,  77484E1C -> "GetStretchBltMode",  
00004EE9,  77484EE9 -> "GetTextColor",  
00004C46,  77484C46 -> "GetMapMode",  
00005023,  77485023 -> "GetViewportOrgEx",  
00005012,  77485012 -> "GetViewportExtEx",  
00005056,  77485056 -> "GetWindowOrgEx",  
00005047,  77485047 -> "GetWindowExtEx",  
00003908,  77483908 -> "DPtoLP",  
000050F1,  774850F1 -> "LPtoDP",  
0000415F,  7748415F -> "FillRgn",  
00004198,  77484198 -> "FrameRgn",  
000050B7,  774850B7 -> "InvertRgn",  
00003206,  77483206 -> "CreatePen",  
000052DC,  774852DC -> "PtVisible",  
00005317,  77485317 -> "RectVisible",  
00004990,  77484990 -> "GetCurrentPositionEx",  
00002DDD,  77482DDD -> "Arc",  
00004D09,  77484D09 -> "GetObjectType",  
00002EBB,  77482EBB -> "Chord",  
00003C2C,  77483C2C -> "Ellipse",  
00005205,  77485205 -> "Pie",  
000052B5,  774852B5 -> "Polygon",  
00005282,  77485282 -> "PolyPolygon",  
00005323,  77485323 -> "Rectangle",  
000053DE,  774853DE -> "RoundRect",  
000051F1,  774851F1 -> "PatBlt",  
00002E52,  77482E52 -> "BitBlt",  
0000584B,  7748584B -> "StretchBlt",  
00004D9C,  77484D9C -> "GetPixel",  
000056EB,  774856EB -> "SetPixel",  
00004181,  77484181 -> "FloodFill",  
0000407E,  7748407E -> "ExtFloodFill",  
0000588D,  7748588D -> "TextOutA",  
00004F51,  77484F51 -> "GetTextExtentPoint32A",  
00004EA4,  77484EA4 -> "GetTextAlign",  
00004FB9,  77484FB9 -> "GetTextFaceA",  
00004FE5,  77484FE5 -> "GetTextMetricsA",  
00004EB1,  77484EB1 -> "GetTextCharacterExtra",  
000048B9,  774848B9 -> "GetCharWidthA",  
00004761,  77484761 -> "GetAspectRatioFilterEx",  
00004022,  77484022 -> "Escape",  
0000553C,  7748553C -> "SetBoundsRect",  
000047C4,  774847C4 -> "GetBoundsRect",  
000053B4,  774853B4 -> "ResetDCA",  
00004D22,  77484D22 -> "GetOutlineTextMetricsA",  
00004835,  77484835 -> "GetCharABCWidthsA",  
00004AFE,  77484AFE -> "GetFontData",  
00004BF6,  77484BF6 -> "GetKerningPairsA",  
00004B7A,  77484B7A -> "GetGlyphOutlineA",  
0000581F,  7748581F -> "StartDocA",  
00005841,  77485841 -> "StartPage",  
00003C52,  77483C52 -> "EndPage",  
000054D3,  774854D3 -> "SetAbortProc",  
00002D2E,  77482D2E -> "AbortDoc",  
00003C3F,  77483C3F -> "EndDoc",  
00005107,  77485107 -> "MaskBlt",  
0000524F,  7748524F -> "PlgBlt",  
00005703,  77485703 -> "SetPixelV",  
00002DB6,  77482DB6 -> "AngleArc",  
00004751,  77484751 -> "GetArcDirection",  
0000528E,  7748528E -> "PolyPolyline",  
0000495E,  7748495E -> "GetColorAdjustment",  
0000497F,  7748497F -> "GetCurrentObject",  
00005256,  77485256 -> "PolyBezier",  
00003C00,  77483C00 -> "DrawEscape",  
00004074,  77484074 -> "ExtEscape",  
00004847,  77484847 -> "GetCharABCWidthsFloatA",  
000048C7,  774848C7 -> "GetCharWidthFloatA",  
00002D37,  77482D37 -> "AbortPath",  
00002E48,  77482E48 -> "BeginPath",  
00002EFD,  77482EFD -> "CloseFigure",  
00003C5A,  77483C5A -> "EndPath",  
00004156,  77484156 -> "FillPath",  
00004175,  77484175 -> "FlattenPath",  
00004C88,  77484C88 -> "GetMiterLimit",  
00004D62,  77484D62 -> "GetPath",  
000056A8,  774856A8 -> "SetMiterLimit",  
00005864,  77485864 -> "StrokeAndFillPath",  
00005876,  77485876 -> "StrokePath",  
00005906,  77485906 -> "WidenPath",  
00004210,  77484210 -> "GdiComment",  
00005209,  77485209 -> "PlayEnhMetaFile",  
00003B50,  77483B50 -> "DeleteDC",  
0000544F,  7748544F -> "SaveDC",  
000053D4,  774853D4 -> "RestoreDC",  
000054C5,  774854C5 -> "SelectPalette",  
00005532,  77485532 -> "SetBkMode",  
0000570D,  7748570D -> "SetPolyFillMode",  
0000571D,  7748571D -> "SetROP2",  
0000573A,  7748573A -> "SetStretchBltMode",  
00005671,  77485671 -> "SetMapMode",  
000057B6,  774857B6 -> "SetViewportOrgEx",  
0000515B,  7748515B -> "OffsetViewportOrgEx",  
000057A5,  774857A5 -> "SetViewportExtEx",  
00005456,  77485456 -> "ScaleViewportExtEx",  
000057FE,  774857FE -> "SetWindowOrgEx",  
0000516F,  7748516F -> "OffsetWindowOrgEx",  
000057EF,  774857EF -> "SetWindowExtEx",  
00005469,  77485469 -> "ScaleWindowExtEx",  
0000549A,  7748549A -> "SelectClipRgn",  
00004047,  77484047 -> "ExcludeClipRect",  
000050A5,  774850A5 -> "IntersectClipRect",  
00005143,  77485143 -> "OffsetClipRgn",  
0000512E,  7748512E -> "MoveToEx",  
00005100,  77485100 -> "LineTo",  
00005760,  77485760 -> "SetTextAlign",  
00005790,  77485790 -> "SetTextJustification",  
0000576D,  7748576D -> "SetTextCharacterExtra",  
0000567C,  7748567C -> "SetMapperFlags",  
00002DE1,  77482DE1 -> "ArcTo",  
000054E0,  774854E0 -> "SetArcDirection",  
0000526E,  7748526E -> "PolyDraw",  
000052C6,  774852C6 -> "PolylineTo",  
0000556B,  7748556B -> "SetColorAdjustment",  
000058C7,  774858C7 -> "UnrealizeObject",  
00004E0D,  77484E0D -> "GetStockObject",  
00004CFE,  77484CFE -> "GetObjectA",  
00005527,  77485527 -> "SetBkColor",  
00002EEC,  77482EEC -> "CloseEnhMetaFile",  
00005783,  77485783 -> "SetTextColor",  
00004948,  77484948 -> "GetClipBox",  
000049B5,  774849B5 -> "GetDCOrgEx",  
000052BD,  774852BD -> "Polyline",  
0000409C,  7748409C -> "ExtTextOutA",  
00002FB4,  77482FB4 -> "CreateBitmap",  
000031AB,  774831AB -> "CreateMetaFileA",  
00002F09,  77482F09 -> "CloseMetaFile",  
000030DE,  774830DE -> "CreateEnhMetaFileA",  
000051E8,  774851E8 -> "PaintRgn",  
00005261,  77485261 -> "PolyBezierTo",  
00003B7A,  77483B7A -> "DeleteObject",  
00004953,  77484953 -> "GetClipRgn",  
0000548B,  7748548B -> "SelectClipPath",  
0000408B,  7748408B -> "ExtSelectClipRgn",  
0000523C,  7748523C -> "PlayMetaFileRecord",  
00004000,  77484000 -> "EnumMetaFile",  
0000522F,  7748522F -> "PlayMetaFile",  
00005856,  77485856 -> "StretchDIBits",  
00003F8E,  77483F8E -> "EnumFontFamiliesExA",  
00002F98,  77482F98 -> "CopyMetaFileA",  
00003B6B,  77483B6B -> "DeleteMetaFile",  
0000308B,  7748308B -> "CreateDIBitmap",  
00004F7D,  77484F7D -> "GetTextExtentPointA",  
0003010B,  726A010B -> "DocumentPropertiesA",  
000305CF,  726A05CF -> "OpenPrinterA",  
0002FDC8,  7269FDC8 -> "ClosePrinter",  
00002318,  762E2318 -> "GetSaveFileNameA",  
000022DA,  762E22DA -> "GetFileTitleA",  
0000225D,  762E225D -> "ChooseColorA",  
0000234A,  762E234A -> "PageSetupDlgA",  
00002366,  762E2366 -> "PrintDlgA",  
0000228F,  762E228F -> "CommDlgExtendedError",  
000022F6,  762E22F6 -> "GetOpenFileNameA",  
0003DE92,  7792DE92 -> "RegSetValueA",  
0003DA0F,  7792DA0F -> "RegCreateKeyExA",  
0003DCBB,  7792DCBB -> "RegOpenKeyExA",  
0003DDB2,  7792DDB2 -> "RegQueryValueExA",  
0003DE9F,  7792DE9F -> "RegSetValueExA",  
0003DB1D,  7792DB1D -> "RegDeleteValueA",  
0003DA6D,  7792DA6D -> "RegDeleteKeyA",  
0003DCAF,  7792DCAF -> "RegOpenKeyA",  
0003DBA2,  7792DBA2 -> "RegEnumKeyA",  
0003DA01,  7792DA01 -> "RegCreateKeyA",  
0003DDA3,  7792DDA3 -> "RegQueryValueA",  
0003E273,  7792E273 -> "SetFileSecurityA",  
0003C408,  7792C408 -> "GetFileSecurityA",  
0003D987,  7792D987 -> "RegCloseKey",  
0009CE68,  76A0CE68 -> "SHGetFileInfoA",  
0009C2B9,  76A0C2B9 -> "DragQueryFileA",  
0009C2A0,  76A0C2A0 -> "DragFinish",  
0009C290,  76A0C290 -> "DragAcceptFiles",  
0009C370,  76A0C370 -> "ExtractIconA",  
000543DE,  777F43DE -> "OleSetClipboard",  
00054240,  777F4240 -> "OleFlushClipboard",  
000539F6,  777F39F6 -> "CreateItemMoniker",  
000539C5,  777F39C5 -> "CreateGenericComposite",  
000539B3,  777F39B3 -> "CreateFileMoniker",  
00053B21,  777F3B21 -> "GetClassFile",  
00053A62,  777F3A62 -> "CreateStreamOnHGlobal",  
000533E2,  777F33E2 -> "CoGetMalloc",  
00054642,  777F4642 -> "StgCreateDocfile",  
0005473F,  777F473F -> "StgOpenStorage",  
000546E4,  777F46E4 -> "StgIsStorageFile",  
000542F3,  777F42F3 -> "OleLockRunning",  
000543EE,  777F43EE -> "OleSetContainedObject",  
0005410B,  777F410B -> "OleCreateFromData",  
00054175,  777F4175 -> "OleCreateLinkFromData",  
000541E5,  777F41E5 -> "OleCreateStaticFromData",  
00054131,  777F4131 -> "OleCreateFromFile",  
000541A3,  777F41A3 -> "OleCreateLinkToFile",  
000540C4,  777F40C4 -> "OleCreate",  
000542D9,  777F42D9 -> "OleLoad",  
000543B4,  777F43B4 -> "OleSave",  
000546F5,  777F46F5 -> "StgIsStorageILockBytes",  
00053B5B,  777F3B5B -> "GetHGlobalFromILockBytes",  
00054274,  777F4274 -> "OleGetIconOfClass",  
000548EC,  777F48EC -> "WriteClassStm",  
000543BC,  777F43BC -> "OleSaveToStream",  
000542CC,  777F42CC -> "OleIsRunning",  
00054337,  777F4337 -> "OleQueryCreateFromData",  
0005434E,  777F434E -> "OleQueryLinkFromData",  
000542B6,  777F42B6 -> "OleIsCurrentClipboard",  
00054404,  777F4404 -> "OleSetMenuDescriptor",  
00053ADD,  777F3ADD -> "DoDragDrop",  
00054377,  777F4377 -> "OleRegEnumVerbs",  
00054387,  777F4387 -> "OleRegGetMiscStatus",  
000541CD,  777F41CD -> "OleCreateMenuDescriptor",  
000541FD,  777F41FD -> "OleDestroyMenuDescriptor",  
00053A1C,  777F3A1C -> "CreateOleAdviseHolder",  
0005397C,  777F397C -> "CreateDataAdviseHolder",  
00054419,  777F4419 -> "OleTranslateAccelerator",  
00053FA6,  777F3FA6 -> "IsAccelerator",  
00053B9A,  777F3B9A -> "GetRunningObjectTable",  
0005355F,  777F355F -> "CoLockObjectExternal",  
0005395B,  777F395B -> "CreateBindCtx",  
0005422F,  777F422F -> "OleDuplicateData",  
00053247,  777F3247 -> "CoFreeUnusedLibraries",  
00054431,  777F4431 -> "OleUninitialize",  
00054297,  777F4297 -> "OleInitialize",  
000531BC,  777F31BC -> "CoDisconnectObject",  
000543AD,  777F43AD -> "OleRun",  
0005313F,  777F313F -> "CoCreateInstance",  
000537F4,  777F37F4 -> "CoTaskMemAlloc",  
00053803,  777F3803 -> "CoTaskMemFree",  
000547C8,  777F47C8 -> "StringFromGUID2",  
000539DC,  777F39DC -> "CreateILockBytesOnHGlobal",  
00054653,  777F4653 -> "StgCreateDocfileOnILockBytes",  
00054776,  777F4776 -> "StgOpenStorageOnILockBytes",  
000532DC,  777F32DC -> "CoGetClassObject",  
000530AB,  777F30AB -> "CLSIDFromString",  
00053089,  777F3089 -> "CLSIDFromProgID",  
0005375F,  777F375F -> "CoRevokeClassObject",  
0005366A,  777F366A -> "CoRegisterClassObject",  
000536AC,  777F36AC -> "CoRegisterMessageFilter",  
0005452D,  777F452D -> "ReleaseStgMedium",  
0005382F,  777F382F -> "CoTreatAsClass",  
000547B8,  777F47B8 -> "StringFromCLSID",  
000544ED,  777F44ED -> "ReadFmtUserTypeStg",  
000544D3,  777F44D3 -> "ReadClassStg",  
0005439B,  777F439B -> "OleRegGetUserType",  
000548DE,  777F48DE -> "WriteClassStg",  
000548FA,  777F48FA -> "WriteFmtUserTypeStg",  
00054264,  777F4264 -> "OleGetClipboard",  
000545DD,  777F45DD -> "SetConvertStg",
2010-10-26 12:46
0
findlakes
雪    币: 295
活跃值: (11)
能力值: ( LV5,RANK:60 )
在线值:
发帖
回帖
粉丝
私信
6
666666
2010-10-26 13:14
0
海风月影
雪    币: 7318
活跃值: (3793)
能力值: (RANK:1130 )
在线值:
发帖
回帖
粉丝
私信
7
自己写的工具算不算工具修复?
上传的附件:
2010-10-26 13:28
0
stu
雪    币: 1259
活跃值: (38)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
stu
8
扁担宽,答案长。..
2010-10-26 13:29
0
海风月影
雪    币: 7318
活跃值: (3793)
能力值: (RANK:1130 )
在线值:
发帖
回帖
粉丝
私信
9
脱壳流程
准备:OD,FixGame.dll,fkpespin.txt

后面两个看附件

脱壳流程:
OD载入到入口,跑脚本fkpespin.txt,停下来后,当前线程注入FixGame.dll,执行完DllMain后,dump下来,就完成了
上传的附件:
2010-10-26 13:34
0
ccfer
雪    币: 8209
活跃值: (4518)
能力值: ( LV15,RANK:2473 )
在线值:
发帖
回帖
粉丝
私信
10 
34501000    8B5424 04             MOV     EDX,DWORD PTR SS:[ESP+4]
34501004    83C8 FF               OR      EAX,FFFFFFFF
34501007    8A0A                  MOV     CL,BYTE PTR DS:[EDX]
34501009    84C9                  TEST    CL,CL
3450100B    74 27                 JE      SHORT 34501034
3450100D    81E1 FF000000         AND     ECX,0FF
34501013    33C1                  XOR     EAX,ECX
34501015    B9 08000000           MOV     ECX,8
3450101A    A8 01                 TEST    AL,1
3450101C    74 09                 JE      SHORT 34501027
3450101E    D1E8                  SHR     EAX,1
34501020    35 2083B8ED           XOR     EAX,EDB88320
34501025    EB 02                 JMP     SHORT 34501029
34501027    D1E8                  SHR     EAX,1
34501029    49                    DEC     ECX
3450102A  ^ 75 EE                 JNZ     SHORT 3450101A
3450102C    8A4A 01               MOV     CL,BYTE PTR DS:[EDX+1]
3450102F    42                    INC     EDX
34501030    84C9                  TEST    CL,CL
34501032  ^ 75 D9                 JNZ     SHORT 3450100D
34501034    C3                    RETN
34501035    90                    NOP
34501036    90                    NOP
34501037    90                    NOP
34501038    90                    NOP
34501039    90                    NOP
3450103A    90                    NOP
3450103B    90                    NOP
3450103C    90                    NOP
3450103D    90                    NOP
3450103E    90                    NOP
3450103F    90                    NOP
34501040    83EC 14               SUB     ESP,14
34501043    8D4424 00             LEA     EAX,DWORD PTR SS:[ESP]
34501047    53                    PUSH    EBX
34501048    55                    PUSH    EBP
34501049    56                    PUSH    ESI
3450104A    57                    PUSH    EDI
3450104B    50                    PUSH    EAX
3450104C    6A 40                 PUSH    40
3450104E    68 00301B00           PUSH    1B3000
34501053    68 00104000           PUSH    401000
34501058    FF15 00505034         CALL    DWORD PTR DS:[34505000]          ; kernel32.VirtualProtect
3450105E    8B6C24 2C             MOV     EBP,DWORD PTR SS:[ESP+2C]
34501062    BE 01104000           MOV     ESI,401001
34501067    B3 8B                 MOV     BL,8B
34501069    66:817E FF 8DC0       CMP     WORD PTR DS:[ESI-1],0C08D
3450106F    0F85 BB030000         JNZ     34501430
34501075    8D4E FF               LEA     ECX,DWORD PTR DS:[ESI-1]
34501078    8D5424 14             LEA     EDX,DWORD PTR SS:[ESP+14]
3450107C    51                    PUSH    ECX
3450107D    68 30605034           PUSH    34506030                         ; ASCII "%08X"
34501082    52                    PUSH    EDX
34501083    FF15 B4505034         CALL    DWORD PTR DS:[345050B4]          ; USER32.wsprintfA
34501089    8D4424 20             LEA     EAX,DWORD PTR SS:[ESP+20]
3450108D    50                    PUSH    EAX
3450108E    E8 6DFFFFFF           CALL    34501000
34501093    8BF8                  MOV     EDI,EAX
34501095    B8 A38B2EBA           MOV     EAX,BA2E8BA3
3450109A    F7E5                  MUL     EBP
3450109C    83C4 10               ADD     ESP,10
3450109F    33C9                  XOR     ECX,ECX
345010A1    C1EA 03               SHR     EDX,3
345010A4    0F84 86030000         JE      34501430
345010AA    8B4424 28             MOV     EAX,DWORD PTR SS:[ESP+28]
345010AE    3B38                  CMP     EDI,DWORD PTR DS:[EAX]
345010B0    74 0D                 JE      SHORT 345010BF
345010B2    41                    INC     ECX
345010B3    83C0 0B               ADD     EAX,0B
345010B6    3BCA                  CMP     ECX,EDX
345010B8  ^ 72 F4                 JB      SHORT 345010AE
345010BA    E9 71030000           JMP     34501430
345010BF    83F9 FF               CMP     ECX,-1
345010C2    0F84 68030000         JE      34501430
345010C8    8B4424 28             MOV     EAX,DWORD PTR SS:[ESP+28]
345010CC    8D1489                LEA     EDX,DWORD PTR DS:[ECX+ECX*4]
345010CF    03C1                  ADD     EAX,ECX
345010D1    8A4C50 08             MOV     CL,BYTE PTR DS:[EAX+EDX*2+8]
345010D5    84C9                  TEST    CL,CL
345010D7    8D0450                LEA     EAX,DWORD PTR DS:[EAX+EDX*2]
345010DA    0F85 CB000000         JNZ     345011AB
345010E0    8A48 09               MOV     CL,BYTE PTR DS:[EAX+9]
345010E3    83E1 07               AND     ECX,7
345010E6    83F9 04               CMP     ECX,4
345010E9    75 64                 JNZ     SHORT 3450114F
345010EB    8A48 0A               MOV     CL,BYTE PTR DS:[EAX+A]
345010EE    80F9 03               CMP     CL,3
345010F1    75 14                 JNZ     SHORT 34501107
345010F3    885E FF               MOV     BYTE PTR DS:[ESI-1],BL
345010F6    8A48 09               MOV     CL,BYTE PTR DS:[EAX+9]
345010F9    80E1 3F               AND     CL,3F
345010FC    C646 01 24            MOV     BYTE PTR DS:[ESI+1],24
34501100    880E                  MOV     BYTE PTR DS:[ESI],CL
34501102    E9 29030000           JMP     34501430
34501107    80F9 04               CMP     CL,4
3450110A    75 1D                 JNZ     SHORT 34501129
3450110C    885E FF               MOV     BYTE PTR DS:[ESI-1],BL
3450110F    8A50 09               MOV     DL,BYTE PTR DS:[EAX+9]
34501112    80E2 3F               AND     DL,3F
34501115    C646 01 24            MOV     BYTE PTR DS:[ESI+1],24
34501119    80CA 40               OR      DL,40
3450111C    8816                  MOV     BYTE PTR DS:[ESI],DL
3450111E    8A40 04               MOV     AL,BYTE PTR DS:[EAX+4]
34501121    8846 02               MOV     BYTE PTR DS:[ESI+2],AL
34501124    E9 07030000           JMP     34501430
34501129    80F9 07               CMP     CL,7
3450112C    0F85 FE020000         JNZ     34501430
34501132    885E FF               MOV     BYTE PTR DS:[ESI-1],BL
34501135    8A48 09               MOV     CL,BYTE PTR DS:[EAX+9]
34501138    80E1 3F               AND     CL,3F
3450113B    C646 01 24            MOV     BYTE PTR DS:[ESI+1],24
3450113F    80C9 80               OR      CL,80
34501142    880E                  MOV     BYTE PTR DS:[ESI],CL
34501144    8B50 04               MOV     EDX,DWORD PTR DS:[EAX+4]
34501147    8956 02               MOV     DWORD PTR DS:[ESI+2],EDX
3450114A    E9 E1020000           JMP     34501430
3450114F    83F9 05               CMP     ECX,5
34501152    8A48 0A               MOV     CL,BYTE PTR DS:[EAX+A]
34501155    75 40                 JNZ     SHORT 34501197
34501157    80F9 03               CMP     CL,3
3450115A    75 19                 JNZ     SHORT 34501175
3450115C    885E FF               MOV     BYTE PTR DS:[ESI-1],BL
3450115F    8A48 09               MOV     CL,BYTE PTR DS:[EAX+9]
34501162    80E1 3F               AND     CL,3F
34501165    80C9 40               OR      CL,40
34501168    880E                  MOV     BYTE PTR DS:[ESI],CL
3450116A    8A50 04               MOV     DL,BYTE PTR DS:[EAX+4]
3450116D    8856 01               MOV     BYTE PTR DS:[ESI+1],DL
34501170    E9 BB020000           JMP     34501430
34501175    80F9 06               CMP     CL,6
34501178    0F85 B2020000         JNZ     34501430
3450117E    885E FF               MOV     BYTE PTR DS:[ESI-1],BL
34501181    8A48 09               MOV     CL,BYTE PTR DS:[EAX+9]
34501184    80E1 3F               AND     CL,3F
34501187    80C9 80               OR      CL,80
3450118A    880E                  MOV     BYTE PTR DS:[ESI],CL
3450118C    8B50 04               MOV     EDX,DWORD PTR DS:[EAX+4]
3450118F    8956 01               MOV     DWORD PTR DS:[ESI+1],EDX
34501192    E9 99020000           JMP     34501430
34501197    80F9 02               CMP     CL,2
3450119A  ^ 75 BB                 JNZ     SHORT 34501157
3450119C    885E FF               MOV     BYTE PTR DS:[ESI-1],BL
3450119F    8A40 09               MOV     AL,BYTE PTR DS:[EAX+9]
345011A2    24 3F                 AND     AL,3F
345011A4    8806                  MOV     BYTE PTR DS:[ESI],AL
345011A6    E9 85020000           JMP     34501430
345011AB    80F9 01               CMP     CL,1
345011AE    0F85 B3000000         JNZ     34501267
345011B4    33C9                  XOR     ECX,ECX
345011B6    8A48 09               MOV     CL,BYTE PTR DS:[EAX+9]
345011B9    8BD1                  MOV     EDX,ECX
345011BB    C1E9 04               SHR     ECX,4
345011BE    83E2 07               AND     EDX,7
345011C1    83E1 07               AND     ECX,7
345011C4    8078 0A 02            CMP     BYTE PTR DS:[EAX+A],2
345011C8    0F85 62020000         JNZ     34501430
345011CE    8B40 04               MOV     EAX,DWORD PTR DS:[EAX+4]
345011D1    83F8 06               CMP     EAX,6
345011D4    0F83 56020000         JNB     34501430
345011DA    85C0                  TEST    EAX,EAX
345011DC    75 13                 JNZ     SHORT 345011F1
345011DE    80C9 F8               OR      CL,0F8
345011E1    C646 FF 09            MOV     BYTE PTR DS:[ESI-1],9
345011E5    C0E1 03               SHL     CL,3
345011E8    0ACA                  OR      CL,DL
345011EA    880E                  MOV     BYTE PTR DS:[ESI],CL
345011EC    E9 3F020000           JMP     34501430
345011F1    83F8 01               CMP     EAX,1
345011F4    75 13                 JNZ     SHORT 34501209
345011F6    80C9 F8               OR      CL,0F8
345011F9    C646 FF 21            MOV     BYTE PTR DS:[ESI-1],21
345011FD    C0E1 03               SHL     CL,3
34501200    0ACA                  OR      CL,DL
34501202    880E                  MOV     BYTE PTR DS:[ESI],CL
34501204    E9 27020000           JMP     34501430
34501209    83F8 02               CMP     EAX,2
3450120C    75 13                 JNZ     SHORT 34501221
3450120E    80C9 F8               OR      CL,0F8
34501211    C646 FF 33            MOV     BYTE PTR DS:[ESI-1],33
34501215    C0E1 03               SHL     CL,3
34501218    0ACA                  OR      CL,DL
3450121A    880E                  MOV     BYTE PTR DS:[ESI],CL
3450121C    E9 0F020000           JMP     34501430
34501221    83F8 03               CMP     EAX,3
34501224    75 12                 JNZ     SHORT 34501238
34501226    80C9 F8               OR      CL,0F8
34501229    8846 FF               MOV     BYTE PTR DS:[ESI-1],AL
3450122C    C0E1 03               SHL     CL,3
3450122F    0ACA                  OR      CL,DL
34501231    880E                  MOV     BYTE PTR DS:[ESI],CL
34501233    E9 F8010000           JMP     34501430
34501238    83F8 04               CMP     EAX,4
3450123B    75 13                 JNZ     SHORT 34501250
3450123D    80C9 F8               OR      CL,0F8
34501240    C646 FF 2B            MOV     BYTE PTR DS:[ESI-1],2B
34501244    C0E1 03               SHL     CL,3
34501247    0ACA                  OR      CL,DL
34501249    880E                  MOV     BYTE PTR DS:[ESI],CL
3450124B    E9 E0010000           JMP     34501430
34501250    83F8 05               CMP     EAX,5
34501253    75 03                 JNZ     SHORT 34501258
34501255    885E FF               MOV     BYTE PTR DS:[ESI-1],BL
34501258    80C9 F8               OR      CL,0F8
3450125B    C0E1 03               SHL     CL,3
3450125E    0ACA                  OR      CL,DL
34501260    880E                  MOV     BYTE PTR DS:[ESI],CL
34501262    E9 C9010000           JMP     34501430
34501267    80F9 02               CMP     CL,2
3450126A    75 6B                 JNZ     SHORT 345012D7
3450126C    8A48 09               MOV     CL,BYTE PTR DS:[EAX+9]
3450126F    83E1 07               AND     ECX,7
34501272    83F9 04               CMP     ECX,4
34501275    75 20                 JNZ     SHORT 34501297
34501277    8078 0A 07            CMP     BYTE PTR DS:[EAX+A],7
3450127B    0F85 AF010000         JNZ     34501430
34501281    C646 FF C7            MOV     BYTE PTR DS:[ESI-1],0C7
34501285    C606 04               MOV     BYTE PTR DS:[ESI],4
34501288    C646 01 24            MOV     BYTE PTR DS:[ESI+1],24
3450128C    8B40 04               MOV     EAX,DWORD PTR DS:[EAX+4]
3450128F    8946 02               MOV     DWORD PTR DS:[ESI+2],EAX
34501292    E9 99010000           JMP     34501430
34501297    83F9 05               CMP     ECX,5
3450129A    75 20                 JNZ     SHORT 345012BC
3450129C    8078 0A 07            CMP     BYTE PTR DS:[EAX+A],7
345012A0    0F85 8A010000         JNZ     34501430
345012A6    C646 FF C7            MOV     BYTE PTR DS:[ESI-1],0C7
345012AA    C606 45               MOV     BYTE PTR DS:[ESI],45
345012AD    C646 01 00            MOV     BYTE PTR DS:[ESI+1],0
345012B1    8B48 04               MOV     ECX,DWORD PTR DS:[EAX+4]
345012B4    894E 02               MOV     DWORD PTR DS:[ESI+2],ECX
345012B7    E9 74010000           JMP     34501430
345012BC    8078 0A 06            CMP     BYTE PTR DS:[EAX+A],6
345012C0    0F85 6A010000         JNZ     34501430
345012C6    C646 FF C7            MOV     BYTE PTR DS:[ESI-1],0C7
345012CA    880E                  MOV     BYTE PTR DS:[ESI],CL
345012CC    8B50 04               MOV     EDX,DWORD PTR DS:[EAX+4]
345012CF    8956 01               MOV     DWORD PTR DS:[ESI+1],EDX
345012D2    E9 59010000           JMP     34501430
345012D7    80F9 03               CMP     CL,3
345012DA    75 5B                 JNZ     SHORT 34501337
345012DC    8A48 0A               MOV     CL,BYTE PTR DS:[EAX+A]
345012DF    80F9 02               CMP     CL,2
345012E2    75 23                 JNZ     SHORT 34501307
345012E4    8A48 09               MOV     CL,BYTE PTR DS:[EAX+9]
345012E7    84C9                  TEST    CL,CL
345012E9    75 0E                 JNZ     SHORT 345012F9
345012EB    C646 FF 74            MOV     BYTE PTR DS:[ESI-1],74
345012EF    8A40 04               MOV     AL,BYTE PTR DS:[EAX+4]
345012F2    8806                  MOV     BYTE PTR DS:[ESI],AL
345012F4    E9 37010000           JMP     34501430
345012F9    C646 FF 75            MOV     BYTE PTR DS:[ESI-1],75
345012FD    8A48 04               MOV     CL,BYTE PTR DS:[EAX+4]
34501300    880E                  MOV     BYTE PTR DS:[ESI],CL
34501302    E9 29010000           JMP     34501430
34501307    80F9 06               CMP     CL,6
3450130A    0F85 20010000         JNZ     34501430
34501310    8A48 09               MOV     CL,BYTE PTR DS:[EAX+9]
34501313    C646 FF 0F            MOV     BYTE PTR DS:[ESI-1],0F
34501317    84C9                  TEST    CL,CL
34501319    75 0E                 JNZ     SHORT 34501329
3450131B    C606 84               MOV     BYTE PTR DS:[ESI],84
3450131E    8B50 04               MOV     EDX,DWORD PTR DS:[EAX+4]
34501321    8956 01               MOV     DWORD PTR DS:[ESI+1],EDX
34501324    E9 07010000           JMP     34501430
34501329    C606 85               MOV     BYTE PTR DS:[ESI],85
3450132C    8B40 04               MOV     EAX,DWORD PTR DS:[EAX+4]
3450132F    8946 01               MOV     DWORD PTR DS:[ESI+1],EAX
34501332    E9 F9000000           JMP     34501430
34501337    80F9 04               CMP     CL,4
3450133A    75 5B                 JNZ     SHORT 34501397
3450133C    8A48 0A               MOV     CL,BYTE PTR DS:[EAX+A]
3450133F    80F9 02               CMP     CL,2
34501342    75 22                 JNZ     SHORT 34501366
34501344    8078 09 05            CMP     BYTE PTR DS:[EAX+9],5
34501348    75 0E                 JNZ     SHORT 34501358
3450134A    C646 FF 72            MOV     BYTE PTR DS:[ESI-1],72
3450134E    8A48 04               MOV     CL,BYTE PTR DS:[EAX+4]
34501351    880E                  MOV     BYTE PTR DS:[ESI],CL
34501353    E9 D8000000           JMP     34501430
34501358    C646 FF 73            MOV     BYTE PTR DS:[ESI-1],73
3450135C    8A50 04               MOV     DL,BYTE PTR DS:[EAX+4]
3450135F    8816                  MOV     BYTE PTR DS:[ESI],DL
34501361    E9 CA000000           JMP     34501430
34501366    80F9 06               CMP     CL,6
34501369    0F85 C1000000         JNZ     34501430
3450136F    8A48 09               MOV     CL,BYTE PTR DS:[EAX+9]
34501372    C646 FF 0F            MOV     BYTE PTR DS:[ESI-1],0F
34501376    80F9 05               CMP     CL,5
34501379    75 0E                 JNZ     SHORT 34501389
3450137B    C606 82               MOV     BYTE PTR DS:[ESI],82
3450137E    8B40 04               MOV     EAX,DWORD PTR DS:[EAX+4]
34501381    8946 01               MOV     DWORD PTR DS:[ESI+1],EAX
34501384    E9 A7000000           JMP     34501430
34501389    C606 83               MOV     BYTE PTR DS:[ESI],83
3450138C    8B48 04               MOV     ECX,DWORD PTR DS:[EAX+4]
3450138F    894E 01               MOV     DWORD PTR DS:[ESI+1],ECX
34501392    E9 99000000           JMP     34501430
34501397    80F9 05               CMP     CL,5
3450139A    75 27                 JNZ     SHORT 345013C3
3450139C    C646 FF FF            MOV     BYTE PTR DS:[ESI-1],0FF
345013A0    C606 24               MOV     BYTE PTR DS:[ESI],24
345013A3    8A48 09               MOV     CL,BYTE PTR DS:[EAX+9]
345013A6    8AD1                  MOV     DL,CL
345013A8    80E1 F1               AND     CL,0F1
345013AB    80E2 07               AND     DL,7
345013AE    D0E2                  SHL     DL,1
345013B0    0AD1                  OR      DL,CL
345013B2    C0E2 02               SHL     DL,2
345013B5    80CA 05               OR      DL,5
345013B8    8856 01               MOV     BYTE PTR DS:[ESI+1],DL
345013BB    8B40 04               MOV     EAX,DWORD PTR DS:[EAX+4]
345013BE    8946 02               MOV     DWORD PTR DS:[ESI+2],EAX
345013C1    EB 6D                 JMP     SHORT 34501430
345013C3    80F9 06               CMP     CL,6
345013C6    75 4B                 JNZ     SHORT 34501413
345013C8    8A48 0A               MOV     CL,BYTE PTR DS:[EAX+A]
345013CB    80F9 02               CMP     CL,2
345013CE    75 1C                 JNZ     SHORT 345013EC
345013D0    8078 09 07            CMP     BYTE PTR DS:[EAX+9],7
345013D4    75 0B                 JNZ     SHORT 345013E1
345013D6    C646 FF 76            MOV     BYTE PTR DS:[ESI-1],76
345013DA    8A48 04               MOV     CL,BYTE PTR DS:[EAX+4]
345013DD    880E                  MOV     BYTE PTR DS:[ESI],CL
345013DF    EB 4F                 JMP     SHORT 34501430
345013E1    C646 FF 77            MOV     BYTE PTR DS:[ESI-1],77
345013E5    8A50 04               MOV     DL,BYTE PTR DS:[EAX+4]
345013E8    8816                  MOV     BYTE PTR DS:[ESI],DL
345013EA    EB 44                 JMP     SHORT 34501430
345013EC    80F9 06               CMP     CL,6
345013EF    75 3F                 JNZ     SHORT 34501430
345013F1    8A48 09               MOV     CL,BYTE PTR DS:[EAX+9]
345013F4    C646 FF 0F            MOV     BYTE PTR DS:[ESI-1],0F
345013F8    80F9 07               CMP     CL,7
345013FB    75 0B                 JNZ     SHORT 34501408
345013FD    C606 86               MOV     BYTE PTR DS:[ESI],86
34501400    8B40 04               MOV     EAX,DWORD PTR DS:[EAX+4]
34501403    8946 01               MOV     DWORD PTR DS:[ESI+1],EAX
34501406    EB 28                 JMP     SHORT 34501430
34501408    C606 87               MOV     BYTE PTR DS:[ESI],87
3450140B    8B48 04               MOV     ECX,DWORD PTR DS:[EAX+4]
3450140E    894E 01               MOV     DWORD PTR DS:[ESI+1],ECX
34501411    EB 1D                 JMP     SHORT 34501430
34501413    80F9 07               CMP     CL,7
34501416    75 18                 JNZ     SHORT 34501430
34501418    8A50 0A               MOV     DL,BYTE PTR DS:[EAX+A]
3450141B    33C9                  XOR     ECX,ECX
3450141D    84D2                  TEST    DL,DL
3450141F    76 0F                 JBE     SHORT 34501430
34501421    33D2                  XOR     EDX,EDX
34501423    C6440E FF 90          MOV     BYTE PTR DS:[ESI+ECX-1],90
34501428    8A50 0A               MOV     DL,BYTE PTR DS:[EAX+A]
3450142B    41                    INC     ECX
3450142C    3BCA                  CMP     ECX,EDX
3450142E  ^ 7C F1                 JL      SHORT 34501421
34501430    46                    INC     ESI
34501431    8D46 FF               LEA     EAX,DWORD PTR DS:[ESI-1]
34501434    3D 00405B00           CMP     EAX,5B4000
34501439  ^ 0F82 2AFCFFFF         JB      34501069
3450143F    8B5424 10             MOV     EDX,DWORD PTR SS:[ESP+10]
34501443    8D4C24 10             LEA     ECX,DWORD PTR SS:[ESP+10]
34501447    51                    PUSH    ECX
34501448    52                    PUSH    EDX
34501449    68 00301B00           PUSH    1B3000
3450144E    68 00104000           PUSH    401000
34501453    FF15 00505034         CALL    DWORD PTR DS:[34505000]          ; kernel32.VirtualProtect
34501459    5F                    POP     EDI
3450145A    5E                    POP     ESI
3450145B    5D                    POP     EBP
3450145C    33C0                  XOR     EAX,EAX
3450145E    5B                    POP     EBX
3450145F    83C4 14               ADD     ESP,14
34501462    C3                    RETN
34501463    90                    NOP
34501464    90                    NOP
34501465    90                    NOP
34501466    90                    NOP
34501467    90                    NOP
34501468    90                    NOP
34501469    90                    NOP
3450146A    90                    NOP
3450146B    90                    NOP
3450146C    90                    NOP
3450146D    90                    NOP
3450146E    90                    NOP
3450146F    90                    NOP
34501470    68 B48A0000           PUSH    8AB4
34501475    68 898C6500           PUSH    658C89
3450147A    E8 C1FBFFFF           CALL    34501040
3450147F    83C4 08               ADD     ESP,8
34501482    C3                    RETN
2010-10-26 14:09
0
findlakes
雪    币: 295
活跃值: (11)
能力值: ( LV5,RANK:60 )
在线值:
发帖
回帖
粉丝
私信
11
还是海风强大啊。。
2010-10-26 14:27
0
jerrynpc
雪    币: 284
活跃值: (16)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
12
膜拜后学习,紧紧跟随风月大神身后
2010-10-26 14:48
0
DiKeN
雪    币: 1126
活跃值: (156)
能力值: ( LV9,RANK:210 )
在线值:
发帖
回帖
粉丝
私信
13
这个也来点源代码吧。
2010-10-26 15:20
0
frozenrain
雪    币: 107
活跃值: (1693)
能力值: ( LV6,RANK:80 )
在线值:
发帖
回帖
粉丝
私信
14
代码太烂,自动删掉了
2010-10-26 16:29
0
海风月影
雪    币: 7318
活跃值: (3793)
能力值: (RANK:1130 )
在线值:
发帖
回帖
粉丝
私信
15
FixGame.dll的源码

disasm.cpp                                od的汇编引擎
FixNanomite.cpp                                修复Nanomites
FixIat.cpp                                 修复IAT
FixPeHeader.cpp                                修复偷到PE头里面的代码
FixSDK.cpp                                修复SDK部分
GetHash.cpp                                壳用的hash函数

其中SDK我是手工修复的,这里只是贴代码而已,其他3个都是程序实现的

Nanomite我是暴力枚举hash,还是ccfer的代码比较强,用特征码去判断
上传的附件:
2010-10-26 16:38
0
frozenrain
雪    币: 107
活跃值: (1693)
能力值: ( LV6,RANK:80 )
在线值:
发帖
回帖
粉丝
私信
16
代码收下,每次看到海风大侠出手,不由想到了海大富的化骨绵掌,太恐怖了,膜拜
用垃圾代码把海风大侠代码骗出来了
2010-10-26 16:56
0
DiKeN
雪    币: 1126
活跃值: (156)
能力值: ( LV9,RANK:210 )
在线值:
发帖
回帖
粉丝
私信
17
ccfer用汇编写的。好变态。我开始以为是反汇编别人的...
有些地址找不到:
fixcode count error: 24
Address: 00424EF4
Address: 0042ECFC
Address: 00487441
Address: 004874C7
Address: 004B20EB
Address: 004B2101
Address: 004B3CCC
Address: 004B3D5A
Address: 004B3D73
Address: 004B3D88
Address: 004B3DE5
Address: 004B3E08
Address: 004B3E22
Address: 004B3EB3
Address: 004B3F35
Address: 004B3F7E
Address: 004B3F8E
Address: 004B3FE5
Address: 004B4056
Address: 004B40A3
Address: 004B40AE
Address: 005087AB
Address: 005087FB
Address: 005366CC

SDK解密部分
//Fix SDK Code;
                                    //0x00401B89
                                    //0x00401CA6
                                    //46D867DF-46D8677A=65
                                    {
                                        BYTE SDK_BEGIN[10] = {0xEB, 0x08, 0x90, 0x90,  0x90, 0x90, 0x90, 0x90, 0x90, 0x90};
                                        BYTE SDK_END[10]   = {0xEB, 0x08, 0x91, 0x91,  0x91, 0x91, 0x91, 0x91, 0x91, 0x91};
                                        DWORD SDK_ADDRESS[2] = {0x00401B89, 0x00401CA6};
                                        for (int j = 0; j < 2; j++)
                                        {
                                            DWORD Addr = SDK_ADDRESS[j];
                                            DWORD Size = *((DWORD *)(&Image[Addr + 6 - ImageBase])) - 0x46D8677A;
                                            memcpy(&Image[Addr - ImageBase], &SDK_BEGIN, sizeof(SDK_BEGIN));
                                            memcpy(&Image[Addr - ImageBase + sizeof(SDK_BEGIN) + Size], &SDK_END, sizeof(SDK_END));
                                            BYTE *pByte = &Image[Addr - ImageBase + sizeof(SDK_BEGIN)];
                                            for (DWORD i = Size; i > 0; i--)
                                            {
                                                BYTE AByte = *pByte;
                                                AByte += (i & 0xFF);
                                                AByte = _ror8(AByte, 5);//0x95=0x90 + 5
                                                AByte ^= 0xAD;
                                                AByte -= 0x8E;
                                                AByte = _ror8(AByte, 6);//0x4E=0x48 + 6
                                                AByte += (i & 0xFF);
                                                AByte ^= (i & 0xFF);
                                                AByte ^= 0x40;
                                                AByte = _rol8(AByte, 5);//0x4D=0x48 + 5
                                                AByte--;
                                                *pByte = AByte;
                                                pByte++;
                                            };
                                        }; 

                                        //
                                        //0x373E0B3 - 0x333C740; = 0x401973
                                        {
                                            DWORD Addr = 0x401973;
                                            DWORD Size = 0x60491AB - 0x6049173;//0x38
                                            BYTE SDK_BEGIN[0x26] = {
                                                0xEB, 0x24, 0x90, 0x90, 0x90, 0x90, 
                                                0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
                                                0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
                                                0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
                                                0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90
                                            };
                                            BYTE SDK_END[0x35] = {
                                                0xEB, 0x33, 0x90, 0x90, 0x90,
                                                0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
                                                0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
                                                0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
                                                0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
                                                0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
                                                0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90
                                            };
                                            memcpy(&Image[Addr - ImageBase], &SDK_BEGIN, sizeof(SDK_BEGIN));
                                            memcpy(&Image[Addr - ImageBase + sizeof(SDK_BEGIN) + Size], &SDK_END, sizeof(SDK_END));
                                            BYTE *pByte = &Image[Addr - ImageBase + sizeof(SDK_BEGIN)];
                                            for (DWORD i = Size; i > 0; i--)
                                            {
                                                BYTE AByte = *pByte;
                                                AByte += (i & 0xFF);
                                                AByte = _ror8(AByte, 5);//0x95=0x90 + 5
                                                AByte ^= 0xAD;
                                                AByte -= 0x8E;
                                                AByte = _ror8(AByte, 6);//0x4E=0x48 + 6
                                                AByte += (i & 0xFF);
                                                AByte ^= (i & 0xFF);
                                                AByte ^= 0x40;
                                                AByte = _rol8(AByte, 5);//0x4D=0x48 + 5
                                                AByte--;

                                                AByte ^= 0x70;
                                                AByte -= 0xC9;

                                                *pByte = AByte;
                                                pByte++;
                                            };
                                        };
                                    };
2010-10-26 16:58
0
海风月影
雪    币: 7318
活跃值: (3793)
能力值: (RANK:1130 )
在线值:
发帖
回帖
粉丝
私信
18
ccfer使用c写的,VC6编译的,然后抠出来的代码,贴出来的

DiKeN把SDK的解密算法也逆出来了啊,我看到一共3处,就懒得弄了。
2010-10-26 17:00
0
GuluYZ
雪    币: 296
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
19
唐叔叔乃第一闲人。
2010-10-26 17:02
0
achillis
雪    币: 7651
活跃值: (523)
能力值: ( LV9,RANK:610 )
在线值:
发帖
回帖
粉丝
私信
20
壳盲路过,膜拜风月、ccfer等牛……
2010-10-26 17:03
0
EricAzhe
雪    币: 407
活跃值: (125)
能力值: ( LV13,RANK:280 )
在线值:
发帖
回帖
粉丝
私信
21
牛人啊,膜拜
2010-10-26 17:06
0
moonife
雪    币: 370
活跃值: (52)
能力值: ( LV13,RANK:350 )
在线值:
发帖
回帖
粉丝
私信
22
感谢牛人们的分享  严重学习
2010-10-26 17:24
0
accessd
雪    币: 1115
活跃值: (122)
能力值: ( LV7,RANK:100 )
在线值:
发帖
回帖
粉丝
私信
23
好厉害,学习了
2010-10-26 17:27
0
sessiondiy
雪    币: 2067
活跃值: (82)
能力值: ( LV9,RANK:180 )
在线值:
发帖
回帖
粉丝
私信
24
膜拜2位CUGII
2010-10-26 17:30
0
疯子鱼
雪    币: 358
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
25
LZ两天时间相当于写了个脱壳机。 真不是一般的强大。。。。。。
2010-10-26 17:56
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//