-
-
[求助]NP1.80 DEMO版本,脱壳以后无法正常运行!
-
发表于:
2011-4-11 20:37
4338
-
[求助]NP1.80 DEMO版本,脱壳以后无法正常运行!
这个软件加壳很简单,没有IAT加密,也没有任何的STOLEN CODE,所以脱壳起来很简单,不过是一个打着NP名头的压缩壳而已,但是我脱壳以后发现有一个地方的初始化有问题,程序是BC++写的!,出现异常的部分,似乎是某个控件或者例程的初始化?
,本人小菜,这只是我的猜测而已,希望能有对BC++有研究的高手,提点一下!
push ebp
.text:004012C1 8B EC mov ebp, esp
.text:004012C3 83 C4 D4 add esp, 0FFFFFFD4h
.text:004012C6 B8 EC A7 58 00 mov eax, offset unk_58A7EC
.text:004012CB 53 push ebx
.text:004012CC 56 push esi
.text:004012CD 57 push edi
.text:004012CE E8 45 BE 17 00 call sub_57D118
.text:004012D3 66 C7 45 E4 08 00 mov [ebp+var_1C], 8
.text:004012D9 8B 15 D8 57 5C 00 mov edx, off_5C57D8
.text:004012DF 8B 02 mov eax, [edx]
.text:004012E1 E8 9E F6 12 00 call sub_530984
.text:004012E6 66 C7 45 E4 14 00 mov [ebp+var_1C], 14h
.text:004012EC BA AC A7 58 00 mov edx, offset aRouletteServer ; "Roulette Server"
.text:004012F1 8D 45 F8 lea eax, [ebp+var_8]
.text:004012F4 E8 7B 67 18 00 call sub_587A74
.text:004012F9 FF 45 F0 inc [ebp+var_10]
.text:004012FC 8B 10 mov edx, [eax]
.text:004012FE 8B 0D D8 57 5C 00 mov ecx, off_5C57D8
.text:00401304 8B 01 mov eax, [ecx]
.text:00401306 E8 7D F2 12 00 call @Forms@TApplication@SetTitle$qqrx17System@AnsiString ; Forms::TApplication::SetTitle(System::AnsiString)
.text:0040130B FF 4D F0 dec [ebp+var_10]
.text:0040130E 8D 45 F8 lea eax, [ebp+var_8]
.text:00401311 BA 02 00 00 00 mov edx, 2
.text:00401316 E8 B9 68 18 00 call sub_587BD4
.text:0040131B 8B 0D D8 57 5C 00 mov ecx, off_5C57D8
.text:00401321 8B 01 mov eax, [ecx]
.text:00401323 8B 0D A8 55 5C 00 mov ecx, off_5C55A8
.text:00401329 8B 15 A4 BC 5A 00 mov edx, off_5ABCA4
.text:0040132F E8 68 F6 12 00 call ErrorFunction
.text:00401334 A1 D8 57 5C 00 mov eax, off_5C57D8
.text:00401339 8B 00 mov eax, [eax]
.text:0040133B 8B 0D AC 55 5C 00 mov ecx, off_5C55AC
.text:00401341 8B 15 60 11 5B 00 mov edx, off_5B1160
.text:00401347 E8 50 F6 12 00 call ErrorFunction
.text:0040134C A1 D8 57 5C 00 mov eax, off_5C57D8
.text:00401351 8B 00 mov eax, [eax]
.text:00401353 8B 0D B0 55 5C 00 mov ecx, off_5C55B0
.text:00401359 8B 15 C8 17 5B 00 mov edx, off_5B17C8
.text:0040135F E8 38 F6 12 00 call ErrorFunction
.text:00401364 A1 D8 57 5C 00 mov eax, off_5C57D8
.text:00401369 8B 00 mov eax, [eax]
.text:0040136B 8B 0D B4 55 5C 00 mov ecx, off_5C55B4
ERROR FUNTION 就是我在OD里面跟踪出来出错的部分,我脱壳的程序,
http://u.115.com/file/t22c6babcd
我脱壳后的程序在这里,原版本的我就不发了,免得被说是求脱。
希望高手能帮帮我这个菜鸟
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课