upx壳信息:UPX 0.89.6 - 1.02 / 1.05 - 2.90 (Delphi) stub -> Markus & Laszlo
语言:Delphi
问题描述:软件一开始有个账户密码登录窗口,默认密码进去后,会进入主体窗口。用PEiD自带的脱壳插件,脱壳完。打开程序,成功进入登录窗口,默认密码写完确认后,程序退出。
用OllyDBG对脱壳完的程序进行调试,F8一直到登录窗口输完密码,确认按钮按下后,目标程序和OD一起退出,求高手指点。
00611DF0 > $ 55 push ebp
00611DF1 . 8BEC mov ebp, esp
00611DF3 . 83C4 F0 add esp, -10
00611DF6 . 53 push ebx
00611DF7 . B8 C0146100 mov eax, 006114C0
00611DFC . E8 1F55DFFF call 00407320
00611E01 . 8B1D 147C6100 mov ebx, dword ptr [617C14] ; BoYing11.00619BF4
00611E07 . 8B03 mov eax, dword ptr [ebx]
00611E09 . E8 D61FE8FF call 00493DE4
00611E0E . 8B0D 047D6100 mov ecx, dword ptr [617D04] ; BoYing11.0061C720
00611E14 . 8B03 mov eax, dword ptr [ebx]
00611E16 . 8B15 E0F45F00 mov edx, dword ptr [5FF4E0] ; BoYing11.005FF52C
00611E1C . E8 DB1FE8FF call 00493DFC
00611E21 . 8B0D D4806100 mov ecx, dword ptr [6180D4] ; BoYing11.0061C730
00611E27 . 8B03 mov eax, dword ptr [ebx]
00611E29 . 8B15 4CE26000 mov edx, dword ptr [60E24C] ; BoYing11.0060E298
00611E2F . E8 C81FE8FF call 00493DFC
00611E34 . 8B0D BC796100 mov ecx, dword ptr [6179BC] ; BoYing11.0061C718
00611E3A . 8B03 mov eax, dword ptr [ebx]
00611E3C . 8B15 00565E00 mov edx, dword ptr [5E5600] ; BoYing11.005E564C
00611E42 . E8 B51FE8FF call 00493DFC
00611E47 . 8B0D 347C6100 mov ecx, dword ptr [617C34] ; BoYing11.0061C0A8
00611E4D . 8B03 mov eax, dword ptr [ebx]
00611E4F . 8B15 18165500 mov edx, dword ptr [551618] ; BoYing11.00551664
00611E55 . E8 A21FE8FF call 00493DFC
00611E5A . 8B0D 087B6100 mov ecx, dword ptr [617B08] ; BoYing11.0061C0E8
00611E60 . 8B03 mov eax, dword ptr [ebx]
00611E62 . 8B15 FCDB5500 mov edx, dword ptr [55DBFC] ; BoYing11.0055DC48
00611E68 . E8 8F1FE8FF call 00493DFC
00611E6D . 8B0D EC786100 mov ecx, dword ptr [6178EC] ; BoYing11.0061C0E0
00611E73 . 8B03 mov eax, dword ptr [ebx]
00611E75 . 8B15 44D75500 mov edx, dword ptr [55D744] ; BoYing11.0055D790
00611E7B . E8 7C1FE8FF call 00493DFC
00611E80 . 8B0D 94766100 mov ecx, dword ptr [617694] ; BoYing11.0061C0D8
00611E86 . 8B03 mov eax, dword ptr [ebx]
00611E88 . 8B15 7CD05500 mov edx, dword ptr [55D07C] ; BoYing11.0055D0C8
00611E8E . E8 691FE8FF call 00493DFC
00611E93 . 8B0D 9C806100 mov ecx, dword ptr [61809C] ; BoYing11.0061BF88
00611E99 . 8B03 mov eax, dword ptr [ebx]
00611E9B . 8B15 78075200 mov edx, dword ptr [520778] ; BoYing11.005207C4
00611EA1 . E8 561FE8FF call 00493DFC
00611EA6 . 8B0D 9C7E6100 mov ecx, dword ptr [617E9C] ; BoYing11.0061BF80
00611EAC . 8B03 mov eax, dword ptr [ebx]
00611EAE . 8B15 ACFF5100 mov edx, dword ptr [51FFAC] ; BoYing11.0051FFF8
00611EB4 . E8 431FE8FF call 00493DFC
00611EB9 . 8B0D CC7C6100 mov ecx, dword ptr [617CCC] ; BoYing11.0061C67C
00611EBF . 8B03 mov eax, dword ptr [ebx]
00611EC1 . 8B15 98435900 mov edx, dword ptr [594398] ; BoYing11.005943E4
00611EC7 . E8 301FE8FF call 00493DFC
00611ECC . 8B0D 08786100 mov ecx, dword ptr [617808] ; BoYing11.0061BF70
00611ED2 . 8B03 mov eax, dword ptr [ebx]
00611ED4 . 8B15 F4D65100 mov edx, dword ptr [51D6F4] ; BoYing11.0051D740
00611EDA . E8 1D1FE8FF call 00493DFC
00611EDF . 8B0D FC7D6100 mov ecx, dword ptr [617DFC] ; BoYing11.0061C124
00611EE5 . 8B03 mov eax, dword ptr [ebx]
00611EE7 . 8B15 6CC25600 mov edx, dword ptr [56C26C] ; BoYing11.0056C2B8
00611EED . E8 0A1FE8FF call 00493DFC
00611EF2 . 8B03 mov eax, dword ptr [ebx]
00611EF4 E8 831FE8FF call 00493E7C ********弹出登录窗口
00611EF9 5B pop ebx
00611EFA E8 ED2BDFFF call 00404AEC
是脱壳不彻底吗?
上传未脱壳的exe,帮忙看下是什么原因
[课程]Android-CTF解题方法汇总!