一个用ASProtect 2.0x Registered -> Alexey Solodovnikov加壳的程序,用OD载入后,忽略所有异常,隐藏OD,一运行,运行一会就被关闭了。不知道是运行到哪一步关闭了OD,下BP ExitWindow断点不行,用CTRL+N看,没有ExitWindow这个函数(里头才几个函数,好像还没有被解码),想用插件apibreake下断点,也没EXITWINDOW函数,也没其他合适的函数,选择退出线程函数,也没断下来。
第一次关闭OD之前,OD给出了错误提示,信息如下:
OS: Windows XP Professional, SP3
CPU: GenuineIntel, Intel Pentium III, MMX @ 0 MHz
Application data:
VmVyc2lvbjogDQpJbWFnZUJhc2U6IDAwNDAwMDAwDQpFaXA6IEFERjg
xRg0KRWF4OiAwDQpFY3g6IDANCkVkeDogQUVBMTY4DQpFYng6IEFERj
YyQw0KRXNpOiAwDQpFZGk6IEFCMDAwMA0KRWJwOiAxMkZGOTgNCkVzc
DogMTJGRjc4DQpFcnJvckNvZGU6IA0KODMsQzQsNCw4RCwzNCwxMSw1
RSw2OCxEMCxFMixBQiwwLDY4LDkwLEY4LEFELDAsNjgsMzAsRDUsQUQ
sMCw2OCw0LEUzLEFELDAsNjgsRUMsRDEsQUQsMCw2OCxCNCxDMCxBRC
wwLDY4LDY0LEVBLEFELDAsQzMsMzMsQzAsNUEsNTksNTksNjQsODksM
TAsMC4uLg0KQ29kZSA9IFswXQ0KLSAwDQotIDANCi0gMA0KLSAwDQot
IFtdDQo+IEY6XEZcaHRsZWFyblxvc1zE5s/yuaSzzFy62tOlxsa94sz
huN+w4FwgzOyy3cbGveLIqyC8r1zM7LLd1tC8trDgXDahorK7zdG/x8
bGveIoQVNQcm90ZWN0IDIuMFgpXFJlZ2lzdHJ5IE9wZXJhdG9yXFJlZ
09wdC5leGUNCg0KUmVnaXN0cnkgT3BlcmF0b3IgMy4yDQozLCAyLCAw
LCAxDQpSZWdpc3RyeSBPcGVyYXRvcg0KQ29weXJpZ2h0IChDKSAyMDA
1DQpSZWdPcHQuRVhFDQozLCAyLCAwLCAxDQpSZWdpc3RyeSBPcGVyYX
Rvcg0KDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbnRkbGwuZGxsDQo+I
EM6XFdJTkRPV1Ncc3lzdGVtMzJca2VybmVsMzIuZGxsDQo+IEM6XFdJ
TkRPV1Ncc3lzdGVtMzJcb2xlYXV0MzIuZGxsDQo+IEM6XFdJTkRPV1N
cc3lzdGVtMzJcQURWQVBJMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdG
VtMzJcUlBDUlQ0LmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFNlY
3VyMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcR0RJMzIuZGxs
DQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcVVNFUjMyLmRsbA0KPiBDOlx
XSU5ET1dTXHN5c3RlbTMyXG1zdmNydC5kbGwNCj4gQzpcV0lORE9XU1
xzeXN0ZW0zMlxvbGUzMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zM
lxJTU0zMi5ETEwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxMUEsuRExM
DQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcVVNQMTAuZGxsDQo+IEM6XFd
JTkRPV1Ncc3lzdGVtMzJcdmVyc2lvbi5kbGwNCj4gQzpcV0lORE9XU1
xzeXN0ZW0zMlx3c29jazMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3Rlb
TMyXFdTMl8zMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxXUzJI
RUxQLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXHV4dGhlbWUuZGx
sDQo+IEM6XFByb2dyYW0gRmlsZXNcMzYwc2FmZVxzYWZlbW9uXHNhZm
Vtb24uZGxsDQoNCjM2MC5jbg0KMzYwsLLIq87Ayr8gzfi23LfAu6TEo
7/pDQo2LCA4LCAxLCAxMDIwDQpzYWZlbW9uLmRsbA0KKEMpIDM2MC5j
biBJbmMuIEFsbCBSaWdodHMgUmVzZXJ2ZWQuDQpzYWZlbW9uLmRsbA0
KNiwgOCwgMSwgMTAyMA0KMzYwsLLIq87Ayr8NCg0KPiBDOlxXSU5ET1
dTXHN5c3RlbTMyXFNIRUxMMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzd
GVtMzJcU0hMV0FQSS5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxN
U1ZDUDYwLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFdJTklORVQ
uZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQ1JZUFQzMi5kbGwNCj
4gQzpcV0lORE9XU1xzeXN0ZW0zMlxNU0FTTjEuZGxsDQo+IEM6XFdJT
kRPV1Ncc3lzdGVtMzJcUFNBUEkuRExMDQo+IEM6XFdJTkRPV1NcV2lu
U3hTXHg4Nl9NaWNyb3NvZnQuV2luZG93cy5Db21tb24tQ29udHJvbHN
fNjU5NWI2NDE0NGNjZjFkZl82LjAuMjYwMC42MDI4X3gtd3dfNjFlNj
UyMDJcY29tY3RsMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcY
29tY3RsMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbXNjdGZp
bWUuaW1l
第二次再打开OD运行程序,就没提示,直接关闭了。
请教大侠们,如何找到OD被关闭的原因以及解决方法?谢谢!
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
