首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 看雪峰会 看雪商城 证书查询
  1. 社区
  2. 加壳脱壳
    3. 发新帖
[求助]ZP脱壳修复后无法运行
发表于: 2012-5-10 14:16 11216

[求助]ZP脱壳修复后无法运行

kingswb 活跃值
2012-5-10 14:16
11216
第一步来到OEP用lordpe修复improtRCE工具修复,取得了所有的无效函数

第二步用ZPFIXER修复IAT,根据improtrce里的信息填入
process id                16d8
code srart                006006BC
code end                 00600934
估后根据OD找下面二个的内容
找patch va

1、进入OEP下面的第一个CALL跟随进去

2、来到这里的点JMP跟随来到下图中继续跟随JMP

3、来到下图中后取下面RET的地址填入   patch va 00CD2847

4、跟进RET上在的CALL来到
00CD2122    A1 4466CD00     mov eax,dword ptr ds:[0xCD6644]
00CD2127    8078 34 00      cmp byte ptr ds:[eax+0x34],0x0
00CD212B    74 57           je X00CD2184
00CD212D    FF15 E810CC00   call dword ptr ds:[0xCC10E8]
00CD2133    8BC8            mov ecx,eax
00CD2135    2B0D 1065CD00   sub ecx,dword ptr ds:[0xCD6510]          ; pubwin.004B1485
00CD213B    81F9 88130000   cmp ecx,0x1388
00CD2141    76 41           jbe X00CD2184
00CD2143    FF35 1465CD00   push dword ptr ds:[0xCD6514]
00CD2149    A3 1065CD00     mov dword ptr ds:[0xCD6510],eax
00CD214E    FF15 5810CC00   call dword ptr ds:[0xCC1058]
00CD2154    833D 9C6CCD00 0>cmp dword ptr ds:[0xCD6C9C],0x3     
                                                                                     取这里的DS::[0xCD6C9C]00CD215B    7C 08           jl X00CD2165
00CD215D    6A 00           push 0x0
00CD215F    FF15 EC10CC00   call dword ptr ds:[0xCC10EC]
00CD2165    803D 9066CD00 0>cmp byte ptr ds:[0xCD6690],0x0
00CD216C    74 08           je X00CD2176
00CD216E    FF05 9C6CCD00   inc dword ptr ds:[0xCD6C9C]
00CD2174    EB 07           jmp X00CD217D
00CD2176    8325 9C6CCD00 0>and dword ptr ds:[0xCD6C9C],0x0
00CD217D    C605 9066CD00 0>mov byte ptr ds:[0xCD6690],0x1
00CD2184    56              push esi
00CD2185    FF7424 08       push dword ptr ss:[esp+0x8]
00CD2189    FF15 2C65CD00   call dword ptr ds:[0xCD652C]
00CD218F    8BF0            mov esi,eax
00CD2191    A1 646CCD00     mov eax,dword ptr ds:[0xCD6C64]
00CD2196    2B05 606CCD00   sub eax,dword ptr ds:[0xCD6C60]
00CD219C    C1F8 02         sar eax,0x2
00CD219F    3BF0            cmp esi,eax
00CD21A1    72 05           jb X00CD21A8
00CD21A3    E8 7649FFFF     call 00CC6B1E
00CD21A8    A1 606CCD00     mov eax,dword ptr ds:[0xCD6C60]
00CD21AD    8B04B0          mov eax,dword ptr ds:[eax+esi*4]

将上面取得的00CD6C9C填入 zero va 00CD6C9C
然后点START
获得地址13F0000
来到OD在13F0000新建OEP
在最下面xor eax,eax下断
去掉前面理的ESP硬件断点
按F9运行后程序停在XOR EAX,EAX处
手动查找IAT的起始与结束,一共找到了12段,分段修复
然后用IMPORTREC获取IAT全部有效
IAT树文件
; Thunk 中每个函数语法 (分隔符为 TAB)
; ------------------------------------------------------------
; 标志   RVA   模块名   序号   名称
;
; 关于 <Valid> 参数细节:
; ------------------------------
; 标志:  0 = valid: no  -> - 名称包含已重定位的 API 的地址 (你可以设置
;                            其为零如果你要编辑它的话).
;                          - 序号不被考虑但你需要使用 '0000' 作为值.
;                          - 模块名将不会被考虑但你需要使用 '?' 作为值.
;
;        1 = valid: yes -> 所有在此行的下个参数将被考虑.
;                          函数按序号输入应没有名称 (需要有第四个制表符(TAB)
;                          放在前面).
;
;        2 = 等于 0 但其用于载入器.
;
;        3 = 等于 1 但其用于载入器.
;
;        4 = 等于 0 并带有 (R) 标签.
;
;        5 = 等于 1 并带有 (R) 标签.
;
; 最后, 你可自己冒险编辑此文件! :-)
Target: F:\练手软件\pubwin助手\pubwin助手.exe
OEP: 00022D80 IATRVA: 0020019C IATSize: 00002000
FThunk: 0020019C NbFunc: 0000000E
1 0020019C advapi32.dll 01FC RegSetValueA
1 002001A0 advapi32.dll 01D0 RegCreateKeyExA
1 002001A4 advapi32.dll 01E6 RegOpenKeyExA
1 002001A8 advapi32.dll 01F0 RegQueryValueExA
1 002001AC advapi32.dll 01FD RegSetValueExA
1 002001B0 advapi32.dll 01D5 RegDeleteValueA
1 002001B4 advapi32.dll 01D3 RegDeleteKeyA
1 002001B8 advapi32.dll 01E5 RegOpenKeyA
1 002001BC advapi32.dll 01D9 RegEnumKeyA
1 002001C0 advapi32.dll 01CF RegCreateKeyA
1 002001C4 advapi32.dll 01EF RegQueryValueA
1 002001C8 advapi32.dll 0227 SetFileSecurityA
1 002001CC advapi32.dll 00F1 GetFileSecurityA
1 002001D0 advapi32.dll 01CC RegCloseKey
FThunk: 00200208 NbFunc: 00000023
1 00200208 comctl32.dll 000D MakeDragList
1 0020020C comctl32.dll 002C ImageList_Create
1 00200210 comctl32.dll 003F ImageList_LoadImage
1 00200214 comctl32.dll 0042 ImageList_Merge
1 00200218 comctl32.dll 0043 ImageList_Read
1 0020021C comctl32.dll 0052 ImageList_Write
1 00200220 comctl32.dll 000E LBItemFromPt
1 00200224 comctl32.dll 003C ImageList_GetImageCount
1 00200228 comctl32.dll 0027 ImageList_Add
1 0020022C comctl32.dll 0029 ImageList_AddMasked
1 00200230 comctl32.dll 0044 ImageList_Remove
1 00200234 comctl32.dll 0045 ImageList_Replace
1 00200238 comctl32.dll 0046 ImageList_ReplaceIcon
1 0020023C comctl32.dll 003A ImageList_GetIcon
1 00200240 comctl32.dll 0032 ImageList_Draw
1 00200244 comctl32.dll 004B ImageList_SetBkColor
1 00200248 comctl32.dll 0037 ImageList_GetBkColor
1 0020024C comctl32.dll 0051 ImageList_SetOverlayImage
1 00200250 comctl32.dll 003D ImageList_GetImageInfo
1 00200254 comctl32.dll 002A ImageList_BeginDrag
1 00200258 comctl32.dll 0036 ImageList_EndDrag
1 0020025C comctl32.dll 0030 ImageList_DragMove
1 00200260 comctl32.dll 004C ImageList_SetDragCursorImage
1 00200264 comctl32.dll 0031 ImageList_DragShowNolock
1 00200268 comctl32.dll 0038 ImageList_GetDragImage
1 0020026C comctl32.dll 002E ImageList_DragEnter
1 00200270 comctl32.dll 002F ImageList_DragLeave
1 00200274 comctl32.dll 0011 InitCommonControls
1 00200278 comctl32.dll 0008 CreateMappedBitmap
1 0020027C comctl32.dll 0050 ImageList_SetImageCount
1 00200280 comctl32.dll 002B ImageList_Copy
1 00200284 comctl32.dll 0056 PropertySheet
1 00200288 comctl32.dll 0017 DestroyPropertySheetPage
1 0020028C comctl32.dll 000C CreatePropertySheetPage
1 00200290 comctl32.dll 002D ImageList_Destroy
FThunk: 002002DC NbFunc: 000000C6
1 002002DC gdi32.dll 01A6 GetRgnBox
1 002002E0 gdi32.dll 01F2 PtInRegion
1 002002E4 gdi32.dll 01F6 RectInRegion
1 002002E8 gdi32.dll 002F CreateDCA
1 002002EC gdi32.dll 0042 CreateICA
1 002002F0 gdi32.dll 002E CreateCompatibleDC
1 002002F4 gdi32.dll 016D GetDeviceCaps
1 002002F8 gdi32.dll 0152 GetBrushOrgEx
1 002002FC gdi32.dll 021B SetBrushOrgEx
1 00200300 gdi32.dll 00D3 EnumObjects
1 00200304 gdi32.dll 0210 SelectObject
1 00200308 gdi32.dll 0195 GetNearestColor
1 0020030C gdi32.dll 01F5 RealizePalette
1 00200310 gdi32.dll 0255 UpdateColors
1 00200314 gdi32.dll 014E GetBkColor
1 00200318 gdi32.dll 014F GetBkMode
1 0020031C gdi32.dll 01A0 GetPolyFillMode
1 00200320 gdi32.dll 01A1 GetROP2
1 00200324 gdi32.dll 01A8 GetStretchBltMode
1 00200328 gdi32.dll 01B1 GetTextColor
1 0020032C gdi32.dll 018F GetMapMode
1 00200330 gdi32.dll 01C2 GetViewportOrgEx
1 00200334 gdi32.dll 01C1 GetViewportExtEx
1 00200338 gdi32.dll 01C5 GetWindowOrgEx
1 0020033C gdi32.dll 01C4 GetWindowExtEx
1 00200340 gdi32.dll 0052 DPtoLP
1 00200344 gdi32.dll 01CD LPtoDP
1 00200348 gdi32.dll 00E9 FillRgn
1 0020034C gdi32.dll 00EE FrameRgn
1 00200350 gdi32.dll 01CA InvertRgn
1 00200354 gdi32.dll 01DE PaintRgn
1 00200358 gdi32.dll 01F3 PtVisible
1 0020035C gdi32.dll 01F7 RectVisible
1 00200360 gdi32.dll 0167 GetCurrentPositionEx
1 00200364 gdi32.dll 000C Arc
1 00200368 gdi32.dll 01F0 Polyline
1 0020036C gdi32.dll 001A Chord
1 00200370 gdi32.dll 0095 Ellipse
1 00200374 gdi32.dll 01E1 Pie
1 00200378 gdi32.dll 01EF Polygon
1 0020037C gdi32.dll 01EB PolyPolygon
1 00200380 gdi32.dll 01F8 Rectangle
1 00200384 gdi32.dll 0203 RoundRect
1 00200388 gdi32.dll 01DF PatBlt
1 0020038C gdi32.dll 0013 BitBlt
1 00200390 gdi32.dll 024B StretchBlt
1 00200394 gdi32.dll 019E GetPixel
1 00200398 gdi32.dll 0233 SetPixel
1 0020039C gdi32.dll 00EC FloodFill
1 002003A0 gdi32.dll 00DC ExtFloodFill
1 002003A4 gdi32.dll 0250 TextOutA
1 002003A8 gdi32.dll 01B6 GetTextExtentPoint32A
1 002003AC gdi32.dll 01AD GetTextAlign
1 002003B0 gdi32.dll 01BB GetTextFaceA
1 002003B4 gdi32.dll 01BE GetTextMetricsA
1 002003B8 gdi32.dll 01D6 OffsetRgn
1 002003BC gdi32.dll 015A GetCharWidthA
1 002003C0 gdi32.dll 014A GetAspectRatioFilterEx
1 002003C4 gdi32.dll 00D5 Escape
1 002003C8 gdi32.dll 0219 SetBoundsRect
1 002003CC gdi32.dll 0150 GetBoundsRect
1 002003D0 gdi32.dll 01FF ResetDCA
1 002003D4 gdi32.dll 019A GetOutlineTextMetricsA
1 002003D8 gdi32.dll 0153 GetCharABCWidthsA
1 002003DC gdi32.dll 017B GetFontData
1 002003E0 gdi32.dll 0189 GetKerningPairs
1 002003E4 gdi32.dll 0181 GetGlyphOutline
1 002003E8 gdi32.dll 0247 StartDocA
1 002003EC gdi32.dll 024A StartPage
1 002003F0 gdi32.dll 0099 EndPage
1 002003F4 gdi32.dll 0212 SetAbortProc
1 002003F8 gdi32.dll 0001 AbortDoc
1 002003FC gdi32.dll 0097 EndDoc
1 00200400 gdi32.dll 01D0 MaskBlt
1 00200404 gdi32.dll 01E6 PlgBlt
1 00200408 gdi32.dll 0235 SetPixelV
1 0020040C gdi32.dll 0009 AngleArc
1 00200410 gdi32.dll 0149 GetArcDirection
1 00200414 gdi32.dll 01EC PolyPolyline
1 00200418 gdi32.dll 0164 GetColorAdjustment
1 0020041C gdi32.dll 0166 GetCurrentObject
1 00200420 gdi32.dll 01E7 PolyBezier
1 00200424 gdi32.dll 0094 DrawEscape
1 00200428 gdi32.dll 00DB ExtEscape
1 0020042C gdi32.dll 0154 GetCharABCWidthsFloatA
1 00200430 gdi32.dll 015B GetCharWidthFloatA
1 00200434 gdi32.dll 0002 AbortPath
1 00200438 gdi32.dll 0012 BeginPath
1 0020043C gdi32.dll 001E CloseFigure
1 00200440 gdi32.dll 009A EndPath
1 00200444 gdi32.dll 00E8 FillPath
1 00200448 gdi32.dll 00EB FlattenPath
1 0020044C gdi32.dll 0194 GetMiterLimit
1 00200450 gdi32.dll 019D GetPath
1 00200454 gdi32.dll 0231 SetMiterLimit
1 00200458 gdi32.dll 024D StrokeAndFillPath
1 0020045C gdi32.dll 024E StrokePath
1 00200460 gdi32.dll 0258 WidenPath
1 00200464 gdi32.dll 00F5 GdiComment
1 00200468 gdi32.dll 01E2 PlayEnhMetaFile
1 0020046C gdi32.dll 008D DeleteDC
1 00200470 gdi32.dll 0209 SaveDC
1 00200474 gdi32.dll 0202 RestoreDC
1 00200478 gdi32.dll 0211 SelectPalette
1 0020047C gdi32.dll 0218 SetBkMode
1 00200480 gdi32.dll 0236 SetPolyFillMode
1 00200484 gdi32.dll 0237 SetROP2
1 00200488 gdi32.dll 023A SetStretchBltMode
1 0020048C gdi32.dll 0034 CreateDIBitmap
1 00200490 gdi32.dll 01B8 GetTextExtentPointA
1 00200494 gdi32.dll 022D SetMapMode
1 00200498 gdi32.dll 00D4 EqualRgn
1 0020049C gdi32.dll 0022 CombineRgn
1 002004A0 gdi32.dll 0238 SetRectRgn
1 002004A4 gdi32.dll 01A4 GetRegionData
1 002004A8 gdi32.dll 00DA ExtCreateRegion
1 002004AC gdi32.dll 01E0 PathToRegion
1 002004B0 gdi32.dll 004E CreateRoundRectRgn
1 002004B4 gdi32.dll 004A CreatePolyPolygonRgn
1 002004B8 gdi32.dll 004B CreatePolygonRgn
1 002004BC gdi32.dll 0037 CreateEllipticRgnIndirect
1 002004C0 gdi32.dll 0036 CreateEllipticRgn
1 002004C4 gdi32.dll 004D CreateRectRgnIndirect
1 002004C8 gdi32.dll 004C CreateRectRgn
1 002004CC gdi32.dll 0201 ResizePalette
1 002004D0 gdi32.dll 0196 GetNearestPaletteIndex
1 002004D4 gdi32.dll 000A AnimatePalette
1 002004D8 gdi32.dll 0232 SetPaletteEntries
1 002004DC gdi32.dll 019C GetPaletteEntries
1 002004E0 gdi32.dll 0040 CreateHalftonePalette
1 002004E4 gdi32.dll 0046 CreatePalette
1 002004E8 gdi32.dll 0035 CreateDiscardableBitmap
1 002004EC gdi32.dll 002D CreateCompatibleBitmap
1 002004F0 gdi32.dll 014D GetBitmapDimensionEx
1 002004F4 gdi32.dll 0216 SetBitmapDimensionEx
1 002004F8 gdi32.dll 014C GetBitmapBits
1 002004FC gdi32.dll 0215 SetBitmapBits
1 00200500 gdi32.dll 0029 CreateBitmapIndirect
1 00200504 gdi32.dll 003A CreateFontA
1 00200508 gdi32.dll 003B CreateFontIndirectA
1 0020050C gdi32.dll 0032 CreateDIBPatternBrushPt
1 00200510 gdi32.dll 0047 CreatePatternBrush
1 00200514 gdi32.dll 002A CreateBrushIndirect
1 00200518 gdi32.dll 0041 CreateHatchBrush
1 0020051C gdi32.dll 0051 CreateSolidBrush
1 00200520 gdi32.dll 0049 CreatePenIndirect
1 00200524 gdi32.dll 00D9 ExtCreatePen
1 00200528 gdi32.dll 0044 CreateMetaFileA
1 0020052C gdi32.dll 001F CloseMetaFile
1 00200530 gdi32.dll 0038 CreateEnhMetaFileA
1 00200534 gdi32.dll 001D CloseEnhMetaFile
1 00200538 gdi32.dll 00DE ExtTextOutA
1 0020053C gdi32.dll 0169 GetDCOrgEx
1 00200540 gdi32.dll 0162 GetClipBox
1 00200544 gdi32.dll 0028 CreateBitmap
1 00200548 gdi32.dll 023E SetTextColor
1 0020054C gdi32.dll 0217 SetBkColor
1 00200550 gdi32.dll 0197 GetObjectA
1 00200554 gdi32.dll 01A7 GetStockObject
1 00200558 gdi32.dll 0254 UnrealizeObject
1 0020055C gdi32.dll 0198 GetObjectType
1 00200560 gdi32.dll 01AE GetTextCharacterExtra
1 00200564 gdi32.dll 008F DeleteMetaFile
1 00200568 gdi32.dll 00CB EnumFontFamiliesExA
1 0020056C gdi32.dll 0026 CopyMetaFileA
1 00200570 gdi32.dll 024C StretchDIBits
1 00200574 gdi32.dll 01E4 PlayMetaFile
1 00200578 gdi32.dll 00D2 EnumMetaFile
1 0020057C gdi32.dll 01E5 PlayMetaFileRecord
1 00200580 gdi32.dll 00DD ExtSelectClipRgn
1 00200584 gdi32.dll 020D SelectClipPath
1 00200588 gdi32.dll 0163 GetClipRgn
1 0020058C gdi32.dll 0090 DeleteObject
1 00200590 gdi32.dll 01E8 PolyBezierTo
1 00200594 gdi32.dll 021C SetColorAdjustment
1 00200598 gdi32.dll 01F1 PolylineTo
1 0020059C gdi32.dll 01E9 PolyDraw
1 002005A0 gdi32.dll 0213 SetArcDirection
1 002005A4 gdi32.dll 000D ArcTo
1 002005A8 gdi32.dll 022E SetMapperFlags
1 002005AC gdi32.dll 023D SetTextCharacterExtra
1 002005B0 gdi32.dll 023F SetTextJustification
1 002005B4 gdi32.dll 023C SetTextAlign
1 002005B8 gdi32.dll 01CF LineTo
1 002005BC gdi32.dll 01D3 MoveToEx
1 002005C0 gdi32.dll 01D5 OffsetClipRgn
1 002005C4 gdi32.dll 01C9 IntersectClipRect
1 002005C8 gdi32.dll 00D8 ExcludeClipRect
1 002005CC gdi32.dll 020E SelectClipRgn
1 002005D0 gdi32.dll 020B ScaleWindowExtEx
1 002005D4 gdi32.dll 0244 SetWindowExtEx
1 002005D8 gdi32.dll 01D8 OffsetWindowOrgEx
1 002005DC gdi32.dll 0245 SetWindowOrgEx
1 002005E0 gdi32.dll 020A ScaleViewportExtEx
1 002005E4 gdi32.dll 0240 SetViewportExtEx
1 002005E8 gdi32.dll 01D7 OffsetViewportOrgEx
1 002005EC gdi32.dll 0241 SetViewportOrgEx
1 002005F0 gdi32.dll 0048 CreatePen
FThunk: 002006BC NbFunc: 0000009F
1 002006BC kernel32.dll 016D GetLocaleInfoW
1 002006C0 kernel32.dll 0302 SetEnvironmentVariableA
1 002006C4 kernel32.dll 0327 SetStdHandle
1 002006C8 kernel32.dll 01D9 GetUserDefaultLCID
1 002006CC kernel32.dll 00AD EnumSystemLocalesA
1 002006D0 kernel32.dll 016C GetLocaleInfoA
1 002006D4 kernel32.dll 0232 IsValidCodePage
1 002006D8 kernel32.dll 0234 IsValidLocale
1 002006DC kernel32.dll 0225 IsBadCodePtr
1 002006E0 kernel32.dll 0344 Sleep
1 002006E4 kernel32.dll 02DF SetConsoleCtrlHandler
1 002006E8 kernel32.dll 0338 SetUnhandledExceptionFilter
1 002006EC kernel32.dll 01B5 GetStringTypeW
1 002006F0 kernel32.dll 01B2 GetStringTypeA
1 002006F4 kernel32.dll 0039 CompareStringW
1 002006F8 kernel32.dll 0038 CompareStringA
1 002006FC kernel32.dll 0238 LCMapStringW
1 00200700 kernel32.dll 0237 LCMapStringA
1 00200704 kernel32.dll 0370 VirtualAlloc
1 00200708 kernel32.dll 0210 HeapReAlloc
1 0020070C kernel32.dll 0206 HeapAlloc
1 00200710 kernel32.dll 0373 VirtualFree
1 00200714 kernel32.dll 0208 HeapCreate
1 00200718 kernel32.dll 020A HeapDestroy
1 0020071C kernel32.dll 01DF GetVersionExA
1 00200720 kernel32.dll 0151 GetEnvironmentVariableA
1 00200724 kernel32.dll 015F GetFileType
1 00200728 kernel32.dll 0258 LockResource
1 0020072C kernel32.dll 0150 GetEnvironmentStringsW
1 00200730 kernel32.dll 014E GetEnvironmentStrings
1 00200734 kernel32.dll 00F0 FreeEnvironmentStringsW
1 00200738 kernel32.dll 00EF FreeEnvironmentStringsA
1 0020073C kernel32.dll 035D UnhandledExceptionFilter
1 00200740 kernel32.dll 020C HeapFree
1 00200744 kernel32.dll 00BF FatalAppExitA
1 00200748 kernel32.dll 016B GetLocalTime
1 0020074C kernel32.dll 01BF GetSystemTime
1 00200750 kernel32.dll 01D8 GetTimeZoneInformation
1 00200754 kernel32.dll 00F7 GetACP
1 00200758 kernel32.dll 01B1 GetStdHandle
1 0020075C kernel32.dll 0077 DebugBreak
1 00200760 kernel32.dll 029A RaiseException
1 00200764 kernel32.dll 00B8 ExitThread
1 00200768 kernel32.dll 006D CreateThread
1 0020076C kernel32.dll 0216 HeapValidate
1 00200770 kernel32.dll 034C TerminateProcess
1 00200774 kernel32.dll 00B7 ExitProcess
1 00200778 kernel32.dll 010A GetCommandLineA
1 0020077C kernel32.dll 01AF GetStartupInfoA
1 00200780 kernel32.dll 02C8 RtlUnwind
1 00200784 kernel32.dll 03B4 lstrcpyW
1 00200788 kernel32.dll 0308 SetFileAttributesA
1 0020078C kernel32.dll 0349 SystemTimeToFileTime
1 00200790 kernel32.dll 024D LocalFileTimeToFileTime
1 00200794 kernel32.dll 015C GetFileSize
1 00200798 kernel32.dll 00E1 FindResourceExA
1 0020079C kernel32.dll 0146 GetDiskFreeSpaceA
1 002007A0 kernel32.dll 015E GetFileTime
1 002007A4 kernel32.dll 030E SetFileTime
1 002007A8 kernel32.dll 01CA GetTempFileNameA
1 002007AC kernel32.dll 0157 GetFileAttributesA
1 002007B0 kernel32.dll 01AD GetShortPathNameA
1 002007B4 kernel32.dll 01B3 GetStringTypeExA
1 002007B8 kernel32.dll 0162 GetFullPathNameA
1 002007BC kernel32.dll 01E1 GetVolumeInformationA
1 002007C0 kernel32.dll 00D1 FindFirstFileA
1 002007C4 kernel32.dll 00CD FindClose
1 002007C8 kernel32.dll 0082 DeleteFileA
1 002007CC kernel32.dll 0261 MoveFileA
1 002007D0 kernel32.dll 0301 SetEndOfFile
1 002007D4 kernel32.dll 035E UnlockFile
1 002007D8 kernel32.dll 0256 LockFile
1 002007DC kernel32.dll 00E7 FlushFileBuffers
1 002007E0 kernel32.dll 030A SetFilePointer
1 002007E4 kernel32.dll 0391 WriteFile
1 002007E8 kernel32.dll 02A7 ReadFile
1 002007EC kernel32.dll 0050 CreateFileA
1 002007F0 kernel32.dll 013C GetCurrentProcess
1 002007F4 kernel32.dll 0092 DuplicateHandle
1 002007F8 kernel32.dll 0304 SetErrorMode
1 002007FC kernel32.dll 018C GetOEMCP
1 00200800 kernel32.dll 00FE GetCPInfo
1 00200804 kernel32.dll 027F OutputDebugStringA
1 00200808 kernel32.dll 01D0 GetThreadLocale
1 0020080C kernel32.dll 03BA lstrlenW
1 00200810 kernel32.dll 0040 CopyFileA
1 00200814 kernel32.dll 01FD GlobalSize
1 00200818 kernel32.dll 0343 SizeofResource
1 0020081C kernel32.dll 01A6 GetProfileIntA
1 00200820 kernel32.dll 0376 VirtualProtect
1 00200824 kernel32.dll 00C3 FileTimeToLocalFileTime
1 00200828 kernel32.dll 00C4 FileTimeToSystemTime
1 0020082C kernel32.dll 0228 IsBadReadPtr
1 00200830 kernel32.dll 022B IsBadWritePtr
1 00200834 kernel32.dll 0229 IsBadStringPtrA
1 00200838 kernel32.dll 022A IsBadStringPtrW
1 0020083C kernel32.dll 01A4 GetProcessVersion
1 00200840 kernel32.dll 013A GetCurrentDirectoryA
1 00200844 kernel32.dll 0396 WritePrivateProfileStringA
1 00200848 kernel32.dll 0195 GetPrivateProfileStringA
1 0020084C kernel32.dll 018F GetPrivateProfileIntA
1 00200850 kernel32.dll 01F4 GlobalFlags
1 00200854 kernel32.dll 0353 TlsGetValue
1 00200858 kernel32.dll 0252 LocalReAlloc
1 0020085C kernel32.dll 0354 TlsSetValue
1 00200860 kernel32.dll 0097 EnterCriticalSection
1 00200864 kernel32.dll 01FC GlobalReAlloc
1 00200868 kernel32.dll 0244 LeaveCriticalSection
1 0020086C kernel32.dll 0352 TlsFree
1 00200870 kernel32.dll 01F8 GlobalHandle
1 00200874 kernel32.dll 0080 DeleteCriticalSection
1 00200878 kernel32.dll 0351 TlsAlloc
1 0020087C kernel32.dll 0219 InitializeCriticalSection
1 00200880 kernel32.dll 03B5 lstrcpyn
1 00200884 kernel32.dll 0267 MulDiv
1 00200888 kernel32.dll 02C2 SetLastError
1 0020088C kernel32.dll 02C3 ResumeThread
1 00200890 kernel32.dll 01D1 GetThreadPriority
1 00200894 kernel32.dll 0333 SetThreadPriority
1 00200898 kernel32.dll 0245 LoadLibraryA
1 0020089C kernel32.dll 00F1 FreeLibrary
1 002008A0 kernel32.dll 01DE GetVersion
1 002008A4 kernel32.dll 03A9 lstrcat
1 002008A8 kernel32.dll 01F6 GlobalGetAtomNameA
1 002008AC kernel32.dll 01EC GlobalAddAtomA
1 002008B0 kernel32.dll 01F1 GlobalFindAtomA
1 002008B4 kernel32.dll 03B2 lstrcpy
1 002008B8 kernel32.dll 0177 GetModuleHandleA
1 002008BC kernel32.dll 0199 GetProcAddress
1 002008C0 kernel32.dll 01D5 GetTickCount
1 002008C4 kernel32.dll 0384 WideCharToMultiByte
1 002008C8 kernel32.dll 0221 InterlockedIncrement
1 002008CC kernel32.dll 0200 GlobalUnlock
1 002008D0 kernel32.dll 01F5 GlobalFree
1 002008D4 kernel32.dll 0258 LockResource
1 002008D8 kernel32.dll 00E0 FindResourceA
1 002008DC kernel32.dll 024A LoadResource
1 002008E0 kernel32.dll 00F3 FreeResource
1 002008E4 kernel32.dll 004C CreateEventA
1 002008E8 kernel32.dll 0346 SuspendThread
1 002008EC kernel32.dll 0305 SetEvent
1 002008F0 kernel32.dll 0380 WaitForSingleObject
1 002008F4 kernel32.dll 0032 CloseHandle
1 002008F8 kernel32.dll 0175 GetModuleFileNameA
1 002008FC kernel32.dll 0169 GetLastError
1 00200900 kernel32.dll 01F9 GlobalLock
1 00200904 kernel32.dll 01EE GlobalAlloc
1 00200908 kernel32.dll 01F0 GlobalDeleteAtom
1 0020090C kernel32.dll 03AC lstrcmp
1 00200910 kernel32.dll 03AF lstrcmpi
1 00200914 kernel32.dll 013E GetCurrentThread
1 00200918 kernel32.dll 013F GetCurrentThreadId
1 0020091C kernel32.dll 00EC FormatMessageA
1 00200920 kernel32.dll 024B LocalAlloc
1 00200924 kernel32.dll 024F LocalFree
1 00200928 kernel32.dll 021D InterlockedDecrement
1 0020092C kernel32.dll 03B8 lstrlen
1 00200930 kernel32.dll 0268 MultiByteToWideChar
1 00200934 kernel32.dll 01AA GetProfileStringA
FThunk: 002009E0 NbFunc: 00000028
1 002009E0 oleaut32.dll 00CA CreateErrorInfo
1 002009E4 oleaut32.dll 00C8 GetErrorInfo
1 002009E8 oleaut32.dll 0006 SysFreeString
1 002009EC oleaut32.dll 0009 VariantClear
1 002009F0 oleaut32.dll 0008 VariantInit
1 002009F4 oleaut32.dll 000A VariantCopy
1 002009F8 oleaut32.dll 000C VariantChangeType
1 002009FC oleaut32.dll 0002 SysAllocString
1 00200A00 oleaut32.dll 0004 SysAllocStringLen
1 00200A04 oleaut32.dll 0095 SysStringByteLen
1 00200A08 oleaut32.dll 00B9 VariantTimeToSystemTime
1 00200A0C oleaut32.dll 000E DosDateTimeToVariantTime
1 00200A10 oleaut32.dll 0011 SafeArrayGetDim
1 00200A14 oleaut32.dll 0012 SafeArrayGetElemsize
1 00200A18 oleaut32.dll 0007 SysStringLen
1 00200A1C oleaut32.dll 0096 SysAllocStringByteLen
1 00200A20 oleaut32.dll 0005 SysReAllocStringLen
1 00200A24 oleaut32.dll 0018 SafeArrayUnaccessData
1 00200A28 oleaut32.dll 0017 SafeArrayAccessData
1 00200A2C oleaut32.dll 0013 SafeArrayGetUBound
1 00200A30 oleaut32.dll 0014 SafeArrayGetLBound
1 00200A34 oleaut32.dll 0028 SafeArrayRedim
1 00200A38 oleaut32.dll 000F SafeArrayCreate
1 00200A3C oleaut32.dll 0068 VarCyFromStr
1 00200A40 oleaut32.dll 0071 VarBstrFromCy
1 00200A44 oleaut32.dll 005E VarDateFromStr
1 00200A48 oleaut32.dll 0072 VarBstrFromDate
1 00200A4C oleaut32.dll 001B SafeArrayCopy
1 00200A50 oleaut32.dll 0025 SafeArrayAllocData
1 00200A54 oleaut32.dll 0024 SafeArrayAllocDescriptor
1 00200A58 oleaut32.dll 0019 SafeArrayGetElement
1 00200A5C oleaut32.dll 0094 SafeArrayPtrOfIndex
1 00200A60 oleaut32.dll 001A SafeArrayPutElement
1 00200A64 oleaut32.dll 0015 SafeArrayLock
1 00200A68 oleaut32.dll 0016 SafeArrayUnlock
1 00200A6C oleaut32.dll 0010 SafeArrayDestroy
1 00200A70 oleaut32.dll 0027 SafeArrayDestroyData
1 00200A74 oleaut32.dll 0026 SafeArrayDestroyDescriptor
1 00200A78 oleaut32.dll 00A1 LoadTypeLib
1 00200A7C oleaut32.dll 00C9 SetErrorInfo
FThunk: 00200ACC NbFunc: 00000001
1 00200ACC olepro32.dll 00FD OleCreateFontIndirect
FThunk: 00200AFC NbFunc: 00000005
1 00200AFC shell32.dll 012B SHGetFileInfo
1 00200B00 shell32.dll 008C DragQueryFile
1 00200B04 shell32.dll 008B DragFinish
1 00200B08 shell32.dll 008A DragAcceptFiles
1 00200B0C shell32.dll 00D8 ExtractIconA
FThunk: 00200B40 NbFunc: 000000EE
1 00200B40 user32.dll 00BD DrawTextA
1 00200B44 user32.dll 00B4 DrawFocusRect
1 00200B48 user32.dll 00B6 DrawFrameControl
1 00200B4C user32.dll 00B3 DrawEdge
1 00200B50 user32.dll 00BB DrawStateA
1 00200B54 user32.dll 00B7 DrawIcon
1 00200B58 user32.dll 0196 InvertRect
1 00200B5C user32.dll 00EA FrameRect
1 00200B60 user32.dll 00E3 FillRect
1 00200B64 user32.dll 00E1 ExcludeUpdateRgn
1 00200B68 user32.dll 02D5 WindowFromDC
1 00200B6C user32.dll 015C GetSysColorBrush
1 00200B70 user32.dll 0296 SubtractRect
1 00200B74 user32.dll 02B0 UnionRect
1 00200B78 user32.dll 018B InflateRect
1 00200B7C user32.dll 026E SetRectEmpty
1 00200B80 user32.dll 026D SetRect
1 00200B84 user32.dll 020C PtInRect
1 00200B88 user32.dll 01A9 IsRectEmpty
1 00200B8C user32.dll 01F7 OpenIcon
1 00200B90 user32.dll 0045 CloseWindow
1 00200B94 user32.dll 01B8 LoadCursorA
1 00200B98 user32.dll 0203 PostThreadMessageA
1 00200B9C user32.dll 016C GetWindowContextHelpId
1 00200BA0 user32.dll 0242 SendNotifyMessageA
1 00200BA4 user32.dll 0118 GetForegroundWindow
1 00200BA8 user32.dll 0258 SetForegroundWindow
1 00200BAC user32.dll 028E ShowCaret
1 00200BB0 user32.dll 0180 HideCaret
1 00200BB4 user32.dll 0247 SetCaretPos
1 00200BB8 user32.dll 00F6 GetCaretPos
1 00200BBC user32.dll 004F CreateCaret
1 00200BC0 user32.dll 0107 GetClipboardViewer
1 00200BC4 user32.dll 0105 GetClipboardOwner
1 00200BC8 user32.dll 0145 GetOpenClipboardWindow
1 00200BCC user32.dll 01F4 OpenClipboard
1 00200BD0 user32.dll 024C SetClipboardViewer
1 00200BD4 user32.dll 0020 ChangeClipboardChain
1 00200BD8 user32.dll 00E8 FlashWindow
1 00200BDC user32.dll 02D6 WindowFromPoint
1 00200BE0 user32.dll 0267 SetParent
1 00200BE4 user32.dll 003E ChildWindowFromPointEx
1 00200BE8 user32.dll 003D ChildWindowFromPoint
1 00200BEC user32.dll 0291 ShowScrollBar
1 00200BF0 user32.dll 0144 GetNextDlgTabItem
1 00200BF4 user32.dll 0143 GetNextDlgGroupItem
1 00200BF8 user32.dll 00A9 DlgDirSelectComboBoxExA
1 00200BFC user32.dll 00AB DlgDirSelectExA
1 00200C00 user32.dll 00A6 DlgDirListComboBoxA
1 00200C04 user32.dll 00A5 DlgDirListA
1 00200C08 user32.dll 010F GetDesktopWindow
1 00200C0C user32.dll 0245 SetCapture
1 00200C10 user32.dll 01B3 KillTimer
1 00200C14 user32.dll 027B SetTimer
1 00200C18 user32.dll 00C4 EnableScrollBar
1 00200C1C user32.dll 0216 RedrawWindow
1 00200C20 user32.dll 01CD LockWindowUpdate
1 00200C24 user32.dll 010E GetDCEx
1 00200C28 user32.dll 0290 ShowOwnedPopups
1 00200C2C user32.dll 01B0 IsWindowVisible
1 00200C30 user32.dll 02C7 ValidateRgn
1 00200C34 user32.dll 0195 InvalidateRgn
1 00200C38 user32.dll 0194 InvalidateRect
1 00200C3C user32.dll 0166 GetUpdateRgn
1 00200C40 user32.dll 0165 GetUpdateRect
1 00200C44 user32.dll 02BC UpdateWindow
1 00200C48 user32.dll 022B ReleaseDC
1 00200C4C user32.dll 016D GetWindowDC
1 00200C50 user32.dll 010D GetDC
1 00200C54 user32.dll 00C9 EndPaint
1 00200C58 user32.dll 000E BeginPaint
1 00200C5C user32.dll 0041 ClientToScreen
1 00200C60 user32.dll 0010 BringWindowToTop
1 00200C64 user32.dll 0176 GetWindowRgn
1 00200C68 user32.dll 0285 SetWindowRgn
1 00200C6C user32.dll 000B ArrangeIconicWindows
1 00200C70 user32.dll 01B1 IsZoomed
1 00200C74 user32.dll 0181 HiliteMenuItem
1 00200C78 user32.dll 015D GetSystemMenu
1 00200C7C user32.dll 015F GetTabbedTextExtentA
1 00200C80 user32.dll 025E SetMenu
1 00200C84 user32.dll 012D GetMenu
1 00200C88 user32.dll 0293 ShowWindow
1 00200C8C user32.dll 01EA MoveWindow
1 00200C90 user32.dll 0287 SetWindowTextA
1 00200C94 user32.dll 01A1 IsDialogMessage
1 00200C98 user32.dll 0236 ScrollWindowEx
1 00200C9C user32.dll 01A4 IsDlgButtonChecked
1 00200CA0 user32.dll 0254 SetDlgItemTextA
1 00200CA4 user32.dll 0253 SetDlgItemInt
1 00200CA8 user32.dll 0114 GetDlgItemTextA
1 00200CAC user32.dll 0113 GetDlgItemInt
1 00200CB0 user32.dll 003C CheckRadioButton
1 00200CB4 user32.dll 0039 CheckDlgButton
1 00200CB8 user32.dll 01BC LoadIconA
1 00200CBC user32.dll 0092 DeleteMenu
1 00200CC0 user32.dll 0100 GetClientRect
1 00200CC4 user32.dll 01D8 MapWindowPoints
1 00200CC8 user32.dll 015B GetSysColor
1 00200CCC user32.dll 0257 SetFocus
1 00200CD0 user32.dll 0003 AdjustWindowRectEx
1 00200CD4 user32.dll 0232 ScreenToClient
1 00200CD8 user32.dll 00E0 EqualRect
1 00200CDC user32.dll 0091 DeferWindowPos
1 00200CE0 user32.dll 000D BeginDeferWindowPos
1 00200CE4 user32.dll 004B CopyRect
1 00200CE8 user32.dll 00C6 EndDeferWindowPos
1 00200CEC user32.dll 0235 ScrollWindow
1 00200CF0 user32.dll 0156 GetScrollInfo
1 00200CF4 user32.dll 026F SetScrollInfo
1 00200CF8 user32.dll 0158 GetScrollRange
1 00200CFC user32.dll 0271 SetScrollRange
1 00200D00 user32.dll 0157 GetScrollPos
1 00200D04 user32.dll 0270 SetScrollPos
1 00200D08 user32.dll 0164 GetTopWindow
1 00200D0C user32.dll 019F IsChild
1 00200D10 user32.dll 00F4 GetCapture
1 00200D14 user32.dll 02D3 WinHelpA
1 00200D18 user32.dll 00F7 GetClassInfoA
1 00200D1C user32.dll 0217 RegisterClassA
1 00200D20 user32.dll 02A5 TrackPopupMenu
1 00200D24 user32.dll 0283 SetWindowPlacement
1 00200D28 user32.dll 0179 GetWindowTextLengthA
1 00200D2C user32.dll 0178 GetWindowTextA
1 00200D30 user32.dll 00FD GetClassNameA
1 00200D34 user32.dll 0111 GetDlgCtrlID
1 00200D38 user32.dll 0061 CreateWindowExA
1 00200D3C user32.dll 00FB GetClassLongA
1 00200D40 user32.dll 026B SetPropA
1 00200D44 user32.dll 02AF UnhookWindowsHookEx
1 00200D48 user32.dll 014B GetPropA
1 00200D4C user32.dll 001C CallWindowProcA
1 00200D50 user32.dll 022D RemovePropA
1 00200D54 user32.dll 0009 AppendMenuA
1 00200D58 user32.dll 003A CheckMenuItem
1 00200D5C user32.dll 02D9 wsprintfA
1 00200D60 user32.dll 021F RegisterHotKey
1 00200D64 user32.dll 02B4 UnregisterClassA
1 00200D68 user32.dll 0088 DefDlgProcA
1 00200D6C user32.dll 01AF IsWindowUnicode
1 00200D70 user32.dll 023C SendMessageA
1 00200D74 user32.dll 00C3 EnableMenuItem
1 00200D78 user32.dll 0260 SetMenuDefaultItem
1 00200D7C user32.dll 0131 GetMenuDefaultItem
1 00200D80 user32.dll 008F DefWindowProcA
1 00200D84 user32.dll 013E GetMessageTime
1 00200D88 user32.dll 013D GetMessagePos
1 00200D8C user32.dll 0281 SetWindowLongA
1 00200D90 user32.dll 021B RegisterClipboardFormatA
1 00200D94 user32.dll 01F3 OffsetRect
1 00200D98 user32.dll 0193 IntersectRect
1 00200D9C user32.dll 029A SystemParametersInfoA
1 00200DA0 user32.dll 01A7 IsIconic
1 00200DA4 user32.dll 0174 GetWindowPlacement
1 00200DA8 user32.dll 0175 GetWindowRect
1 00200DAC user32.dll 01D3 MapDialogRect
1 00200DB0 user32.dll 0284 SetWindowPos
1 00200DB4 user32.dll 016B GetWindow
1 00200DB8 user32.dll 0280 SetWindowContextHelpId
1 00200DBC user32.dll 017E GrayStringA
1 00200DC0 user32.dll 0234 ScrollDC
1 00200DC4 user32.dll 005E CreateMenu
1 00200DC8 user32.dll 005F CreatePopupMenu
1 00200DCC user32.dll 00B9 DrawMenuBar
1 00200DD0 user32.dll 01A8 IsMenu
1 00200DD4 user32.dll 021B RegisterClipboardFormatA
1 00200DD8 user32.dll 01EF OemToCharA
1 00200DDC user32.dll 0031 CharToOemA
1 00200DE0 user32.dll 00C7 EndDialog
1 00200DE4 user32.dll 00EC GetActiveWindow
1 00200DE8 user32.dll 0244 SetActiveWindow
1 00200DEC user32.dll 0053 CreateDialogIndirectParamA
1 00200DF0 user32.dll 009A DestroyWindow
1 00200DF4 user32.dll 0112 GetDlgItem
1 00200DF8 user32.dll 029C TabbedTextOutA
1 00200DFC user32.dll 0200 PostMessageA
1 00200E00 user32.dll 01AC IsWindow
1 00200E04 user32.dll 012F GetMenuCheckMarkDimensions
1 00200E08 user32.dll 01B6 LoadBitmapA
1 00200E0C user32.dll 0262 SetMenuItemBitmaps
1 00200E10 user32.dll 0117 GetFocus
1 00200E14 user32.dll 013B GetMessageA
1 00200E18 user32.dll 02AB TranslateMessage
1 00200E1C user32.dll 00A2 DispatchMessageA
1 00200E20 user32.dll 0122 GetKeyState
1 00200E24 user32.dll 001B CallNextHookEx
1 00200E28 user32.dll 02C6 ValidateRect
1 00200E2C user32.dll 01FE PeekMessageA
1 00200E30 user32.dll 010C GetCursorPos
1 00200E34 user32.dll 028B SetWindowsHookExA
1 00200E38 user32.dll 016F GetWindowLongA
1 00200E3C user32.dll 0146 GetParent
1 00200E40 user32.dll 0129 GetLastActivePopup
1 00200E44 user32.dll 01AD IsWindowEnabled
1 00200E48 user32.dll 01DD MessageBoxA
1 00200E4C user32.dll 00C5 EnableWindow
1 00200E50 user32.dll 024E SetCursor
1 00200E54 user32.dll 0202 PostQuitMessage
1 00200E58 user32.dll 02B7 UnregisterHotKey
1 00200E5C user32.dll 00E4 FindWindowA
1 00200E60 user32.dll 015E GetSystemMetrics
1 00200E64 user32.dll 0133 GetMenuItemCount
1 00200E68 user32.dll 0134 GetMenuItemID
1 00200E6C user32.dll 0138 GetMenuState
1 00200E70 user32.dll 0139 GetMenuStringA
1 00200E74 user32.dll 0135 GetMenuItemInfoA
1 00200E78 user32.dll 015A GetSubMenu
1 00200E7C user32.dll 018E InsertMenuA
1 00200E80 user32.dll 01E5 ModifyMenuA
1 00200E84 user32.dll 022C RemoveMenu
1 00200E88 user32.dll 01C4 LoadMenuA
1 00200E8C user32.dll 01C5 LoadMenuIndirectA
1 00200E90 user32.dll 025F SetMenuContextHelpId
1 00200E94 user32.dll 0130 GetMenuContextHelpId
1 00200E98 user32.dll 003B CheckMenuRadioItem
1 00200E9C user32.dll 02DB wvsprintfA
1 00200EA0 user32.dll 01C9 LoadStringA
1 00200EA4 user32.dll 022A ReleaseCapture
1 00200EA8 user32.dll 02D1 WaitMessage
1 00200EAC user32.dll 017C GetWindowThreadProcessId
1 00200EB0 user32.dll 01B4 LoadAcceleratorsA
1 00200EB4 user32.dll 02A7 TranslateAccelerator
1 00200EB8 user32.dll 0098 DestroyMenu
1 00200EBC user32.dll 0231 ReuseDDElParam
1 00200EC0 user32.dll 02B3 UnpackDDElParam
1 00200EC4 user32.dll 0103 GetClipboardFormatNameA
1 00200EC8 user32.dll 00F3 GetAsyncKeyState
1 00200ECC user32.dll 0250 SetCursorPos
1 00200ED0 user32.dll 0096 DestroyCursor
1 00200ED4 user32.dll 0110 GetDialogBaseUnits
1 00200ED8 user32.dll 002B CharNextA
1 00200EDC user32.dll 0047 CopyAcceleratorTableA
1 00200EE0 user32.dll 01DC MessageBeep
1 00200EE4 user32.dll 0035 CharUpperA
1 00200EE8 user32.dll 0096 DestroyCursor
1 00200EEC user32.dll 0189 InSendMessage
1 00200EF0 user32.dll 01A0 IsClipboardFormatAvailable
1 00200EF4 user32.dll 0237 SendDlgItemMessageA
FThunk: 00200FE0 NbFunc: 00000003
1 00200FE0 winspool.drv 0086 ClosePrinter
1 00200FE4 winspool.drv 0105 OpenPrinterA
1 00200FE8 winspool.drv 00B1 DocumentPropertiesA
FThunk: 00201018 NbFunc: 00000007
1 00201018 comdlg32.dll 0075 PrintDlgA
1 0020101C comdlg32.dll 0073 PageSetupDlgA
1 00201020 comdlg32.dll 0065 ChooseColorA
1 00201024 comdlg32.dll 006C GetFileTitleA
1 00201028 comdlg32.dll 006E GetOpenFileNameA
1 0020102C comdlg32.dll 0070 GetSaveFileNameA
1 00201030 comdlg32.dll 0069 CommDlgExtendedError
FThunk: 00201064 NbFunc: 00000048
1 00201064 ole32.dll 0104 OleLockRunning
1 00201068 ole32.dll 0112 OleSetContainedObject
1 0020106C ole32.dll 00E9 OleCreateFromData
1 00201070 ole32.dll 00EF OleCreateLinkFromData
1 00201074 ole32.dll 00F4 OleCreateStaticFromData
1 00201078 ole32.dll 00EB OleCreateFromFile
1 0020107C ole32.dll 00F1 OleCreateLinkToFile
1 00201080 ole32.dll 00E5 OleCreate
1 00201084 ole32.dll 0102 OleLoad
1 00201088 ole32.dll 010E OleSave
1 0020108C ole32.dll 013A StgIsStorageILockBytes
1 00201090 ole32.dll 00A1 GetHGlobalFromILockBytes
1 00201094 ole32.dll 00FC OleGetIconOfClass
1 00201098 ole32.dll 0150 WriteClassStm
1 0020109C ole32.dll 010F OleSaveToStream
1 002010A0 ole32.dll 0101 OleIsRunning
1 002010A4 ole32.dll 0107 OleQueryCreateFromData
1 002010A8 ole32.dll 0108 OleQueryLinkFromData
1 002010AC ole32.dll 00FB OleGetClipboard
1 002010B0 ole32.dll 0113 OleSetMenuDescriptor
1 002010B4 ole32.dll 0099 DoDragDrop
1 002010B8 ole32.dll 010A OleRegEnumVerbs
1 002010BC ole32.dll 010B OleRegGetMiscStatus
1 002010C0 ole32.dll 00F3 OleCreateMenuDescriptor
1 002010C4 ole32.dll 00F5 OleDestroyMenuDescriptor
1 002010C8 ole32.dll 0090 CreateOleAdviseHolder
1 002010CC ole32.dll 0088 CreateDataAdviseHolder
1 002010D0 ole32.dll 0114 OleTranslateAccelerator
1 002010D4 ole32.dll 00D7 IsAccelerator
1 002010D8 ole32.dll 00A4 GetRunningObjectTable
1 002010DC ole32.dll 0139 StgIsStorageFile
1 002010E0 ole32.dll 0133 StgCreateDocfileOnILockBytes
1 002010E4 ole32.dll 0140 StgOpenStorageOnILockBytes
1 002010E8 ole32.dll 00F9 OleFlushClipboard
1 002010EC ole32.dll 0111 OleSetClipboard
1 002010F0 ole32.dll 0100 OleIsCurrentClipboard
1 002010F4 ole32.dll 005D CoRevokeClassObject
1 002010F8 ole32.dll 0051 CoRegisterClassObject
1 002010FC ole32.dll 0024 CoGetClassObject
1 00201100 ole32.dll 0123 ReleaseStgMedium
1 00201104 ole32.dll 0069 CoTreatAsClass
1 00201108 ole32.dll 0143 StringFromCLSID
1 0020110C ole32.dll 011D ReadClassStg
1 00201110 ole32.dll 011F ReadFmtUserTypeStg
1 00201114 ole32.dll 010C OleRegGetUserType
1 00201118 ole32.dll 014F WriteClassStg
1 0020111C ole32.dll 0151 WriteFmtUserTypeStg
1 00201120 ole32.dll 012D SetConvertStg
1 00201124 ole32.dll 0066 CoTaskMemFree
1 00201128 ole32.dll 0086 CreateBindCtx
1 0020112C ole32.dll 0065 CoTaskMemAlloc
1 00201130 ole32.dll 00F8 OleDuplicateData
1 00201134 ole32.dll 0054 CoRegisterMessageFilter
1 00201138 ole32.dll 001E CoFreeUnusedLibraries
1 0020113C ole32.dll 0115 OleUninitialize
1 00201140 ole32.dll 00FE OleInitialize
1 00201144 ole32.dll 0012 CoCreateInstance
1 00201148 ole32.dll 010D OleRun
1 0020114C ole32.dll 000A CLSIDFromString
1 00201150 ole32.dll 0008 CLSIDFromProgID
1 00201154 ole32.dll 013D StgOpenStorage
1 00201158 ole32.dll 0132 StgCreateDocfile
1 0020115C ole32.dll 0030 CoGetMalloc
1 00201160 ole32.dll 0093 CreateStreamOnHGlobal
1 00201164 ole32.dll 0017 CoDisconnectObject
1 00201168 ole32.dll 009D GetClassFile
1 0020116C ole32.dll 008C CreateGenericComposite
1 00201170 ole32.dll 008B CreateFileMoniker
1 00201174 ole32.dll 008E CreateItemMoniker
1 00201178 ole32.dll 0144 StringFromGUID2
1 0020117C ole32.dll 0045 CoLockObjectExternal
1 00201180 ole32.dll 008D CreateILockBytesOnHGlobal
FThunk: 002011E8 NbFunc: 00000007
1 002011E8 oledlg.dll 0003 OleUIInsertObjectA
1 002011EC oledlg.dll 0007 OleUIConvertA
1 002011F0 oledlg.dll 0006 OleUIChangeIconA
1 002011F4 oledlg.dll 0005 OleUIEditLinksA
1 002011F8 oledlg.dll 0009 OleUIUpdateLinksA
1 002011FC oledlg.dll 0004 OleUIPasteSpecialA
1 00201200 oledlg.dll 0008 OleUIBusyA

补了这么多程序没有提示内存错误了,程序一闪而过了,OD载入运行来到了这里
00422E94  |?  8AE4          mov ah,ah
00422E96  |.  92            xchg eax,edx
00422E97  |?  7C 00         jl Xdumped_.00422E99
00422E99  |?  0000          add byte ptr ds:[eax],al
00422E9B  |?  00BC2E 4200A8>add byte ptr ds:[esi+ebp+0x2EA80042],bh
00422EA2  |?  42            inc edx
00422EA3  |?  00BC2E 42001E>add byte ptr ds:[esi+ebp+0x1E0042],bh
00422EAA  |?  00C0          add al,al
00422EAC  |.  0000          add byte ptr ds:[eax],al
00422EAE  |?  0000          add byte ptr ds:[eax],al
00422EB0  |?  0000          add byte ptr ds:[eax],al
00422EB2  |.  0000          add byte ptr ds:[eax],al
00422EB4  |?  6B15 40000000>imul edx,dword ptr ds:[0x40],0x0                           停在了这里
00422EBB  |?  003F          add byte ptr ds:[edi],bh
00422EBD  |?  0001          add byte ptr ds:[ecx],al
00422EBF  |.  0000          add byte ptr ds:[eax],al
00422EC1  |?  0000          add byte ptr ds:[eax],al
00422EC3  |.  0000          add byte ptr ds:[eax],al
00422EC5  |?  0000          add byte ptr ds:[eax],al
00422EC7  |?  0000          add byte ptr ds:[eax],al
00422EC9  |.  0000          add byte ptr ds:[eax],al
00422ECB  |?  0000          add byte ptr ds:[eax],al
00422ECD   .  0000          add byte ptr ds:[eax],al
00422ECF   ?  0000          add byte ptr ds:[eax],al
00422ED1   ?  0000          add byte ptr ds:[eax],al
00422ED3   .  0000          add byte ptr ds:[eax],al
00422ED5   ?  0000          add byte ptr ds:[eax],al
00422ED7   ?  007F 02       add byte ptr ds:[edi+0x2],bh
00422EDA   ?  FFFF          ???                                      ;  未知命令
数据窗口中的地址无法显示
ds:[00000040]=???
edx=7C9232BC (ntdll.7C9232BC)
dumped_.<ModuleEntryPoint>+134

请大牛帮我看看是不是我在哪里弄错了附上原文件
http://1000eb.com/968j

[课程]FART 脱壳王!加量不加价!FART作者讲授!

收藏
免费 0
支持
分享
最新回复 (9)
无聊的菜鸟
雪    币: 622
活跃值: (294)
能力值: ( LV13,RANK:410 )
在线值:
发帖
回帖
粉丝
私信
2
很明显,422e94并不是OEP。
2012-5-10 14:58
0
kingswb
雪    币: 6664
活跃值: (947)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
3
肯定不是啊那是我截的代码第一行而已
不到达OEP我也修复不了函数啊
2012-5-10 15:24
0
zenghw
雪    币: 418
活跃值: (63)
能力值: ( LV12,RANK:260 )
在线值:
发帖
回帖
粉丝
私信
4
这个ZP简单了。。
解码值: 02F07521B36AF55D591ACCFAD2ED11B9

OEP:
00422D80



是什么东东..
上传的附件:
  • 1.jpg (73.96kb,94次下载)
2012-5-16 01:24
0
liyizhu
雪    币: 57
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
5
膜拜学习 4楼牛友是在OD调试中解码显示的吧 关键是解码后的脱壳修复
2012-5-25 08:03
0
xie风腾
雪    币: 12037
活跃值: (4758)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
6

好像是OEP不对吧
2012-5-25 08:46
0
kingswb
雪    币: 6664
活跃值: (947)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
7
[QUOTE=zenghw;1072751]这个ZP简单了。。
解码值: 02F07521B36AF55D591ACCFAD2ED11B9

OEP:
00422D80



是什么东东..[/QUOTE]

我也不知道什么东西只是练飞ZP脱壳下载的软件并不知道什么用途,这个我也成功脱掉了,修复AIT的时候麻烦了点,不过谢谢大牛
2012-5-28 13:05
0
cjteam
雪    币: 239
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
8
网吧的一个加啥来着的
2012-7-12 23:46
0
乐呵呵堂
雪    币: 98
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
9
修复后出错。
没有搞掂,楼主可以出个录像膜拜一下吗。
2013-5-13 14:28
0
乐呵呵堂
雪    币: 98
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
10
下来练习,修复后出错,楼主可以出个录像膜拜一下吗。感谢!
2013-5-16 09:52
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//