-
-
[求助]脱壳UPX 0.89.6 - 1.02 1.05 - 1.24 (Delphi) stub - Markus & Laszlor的问题
-
发表于:
2010-11-24 15:21
5598
-
[求助]脱壳UPX 0.89.6 - 1.02 1.05 - 1.24 (Delphi) stub - Markus & Laszlor的问题
载入OD
00706030 > 60 pushad
00706031 BE 00106000 mov esi,QHGXS.00601000
00706036 8DBE 0000E0FF lea edi,dword ptr ds:[esi+FFE00000]
0070603C C787 A0072700 B00F>mov dword ptr ds:[edi+2707A0],2D970FB0
00706046 57 push edi
00706047 83CD FF or ebp,FFFFFFFF
然后用esp定律 F9之后进入下
007061D6 8D4424 80 lea eax,dword ptr ss:[esp-80]
007061DA 6A 00 push 0
007061DC 39C4 cmp esp,eax
007061DE ^ 75 FA jnz short QHGXS.007061DA
007061E0 83EC 80 sub esp,-80
007061E3 ^ E9 18A0F6FF jmp QHGXS.00670200
00670200 55 push ebp
00670201 8BEC mov ebp,esp
00670203 B9 07000000 mov ecx,7
00670208 6A 00 push 0
0067020A 6A 00 push 0
0067020C 49 dec ecx
0067020D ^ 75 F9 jnz short QHGXS.00670208
0067020F B8 80BE6600 mov eax,QHGXS.0066BE80
00670214 E8 9B7CD9FF call QHGXS.00407EB4
00670219 33C0 xor eax,eax
0067021B 55 push ebp
0067021C 68 62046700 push QHGXS.00670462
之后不知道如何跟进。。 请大家指教一下。如何继续...
直接用670200修复提示OEP无效
现在把原程序传上来。大家看看..
[课程]Android-CTF解题方法汇总!
