首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. 付费问答
    3. 发新帖
[旧帖] ASProtect 2.3脱壳问题求教 0.00雪花
发表于: 2012-8-20 00:29 5261

[旧帖] ASProtect 2.3脱壳问题求教 0.00雪花

phoenix083 活跃值
2012-8-20 00:29
5261
新学脱壳,一程序,用PEid v0.94 探查,显示为 ASProtect 1.2x - 1.3x [Registered] -> Alexey Solodovnikov
进一步用VerA 0.15 查得详细版本为 Version: ASProtect 2.3 SKE build 04.26 Beta [3]

用OllyICE v1.10版本载入, 用插件ODbgScript运行脚本Aspr2.XX_unpacker_v1.0SC.osc

显示Error对话框,详细内容如下,点击OK后进程终止,请赐教,万分感谢!!!

OS: Windows XP Professional, SP3
CPU: GenuineIntel, Intel Pentium III Xeon, MMX @ 2300 MHz

Module name: C:\Hzkqs.exe

Application data:
VmVyc2lvbjogV3RLazBjQ3d5TlQzeHYyMXdWb2tLRks1N0x1MVZpQXN
BQWRWUENFOE1ISmtlSDUyTXlNZ09pY2pObFJ5WTNsRk5UbEJhVzkrYk
hSNGMycDdkeElxZEdSZ2J3SnhabmR4ZDNkalpYTk9aMlowQnc9PQ0KS
W1hZ2VCYXNlOiAwMDQwMDAwMA0KRWlwOiBGNDAwMjUNCkVheDogMjlB
MjlBRjYNCkVjeDogMUEzMDYwMA0KRWR4OiAxQTQwNjAwDQpFYng6IDF
BNTEwMDANCkVzaTogRkNFM0U2N0UNCkVkaTogNzg3QkE5RkENCkVicD
ogMUE2MDYwMA0KRXNwOiAxMkZGNTgNCkVycm9yQ29kZTogDQoyQiwzL
DkwLDkwLDgzLEMzLDQsOTAsOTAsOTAsOTAsOTAsOTAsOTAsOTAsOTAs
M0IsREUsNzIsRUMsMyxDNyw4OSw0NSwwLDgzLEM1LDgsODMsQzEsOCw
4MyxDMiw4LDgxLDM5LDEzLEZBLEE5LDdCLDc1LEMyLEI5LDQsMCxBMy
wxLEJBLDQsMCxBNCwwLi4uDQpDb2RlID0gWzIxNF0NCi0gMA0KLSAwD
QotIDIyNw0KLSAwDQotIDANCi0gW10NCj4gQzpcUHJvZ3JhbSBGaWxl
c1y749aqv7zH4cvJv7zK1M+1zbMzLjBcV2luWFC437y2sOZcSHprcXM
uZXhlDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbnRkbGwuZGxsDQo+IE
M6XFdJTkRPV1Ncc3lzdGVtMzJca2VybmVsMzIuZGxsDQo+IEM6XFdJT
kRPV1Ncc3lzdGVtMzJcdXNlcjMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5
c3RlbTMyXEdESTMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXGF
kdmFwaTMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFJQQ1JUNC
5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxTZWN1cjMyLmRsbA0KP
iBDOlxXSU5ET1dTXHN5c3RlbTMyXG9sZWF1dDMyLmRsbA0KPiBDOlxX
SU5ET1dTXHN5c3RlbTMyXG1zdmNydC5kbGwNCj4gQzpcV0lORE9XU1x
zeXN0ZW0zMlxvbGUzMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMl
x2ZXJzaW9uLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXGNvbWN0b
DMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXGltbTMyLmRsbA0K
PiBDOlxXSU5ET1dTXHN5c3RlbTMyXHdpbnNwb29sLmRydg0KPiBDOlx
XSU5ET1dTXHN5c3RlbTMyXHNoZWxsMzIuZGxsDQo+IEM6XFdJTkRPV1
Ncc3lzdGVtMzJcU0hMV0FQSS5kbGwNCj4gQzpcV0lORE9XU1xzeXN0Z
W0zMlx3aW5pbmV0LmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXE5v
cm1hbGl6LmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXHVybG1vbi5
kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxpZXJ0dXRpbC5kbGwNCj
4gQzpcV0lORE9XU1xzeXN0ZW0zMlxuZXRhcGkzMi5kbGwNCj4gQzpcV
0lORE9XU1xzeXN0ZW0zMlx3c29jazMyLmRsbA0KPiBDOlxXSU5ET1dT
XHN5c3RlbTMyXFdTMl8zMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0
zMlxXUzJIRUxQLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXExQSy
5ETEwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxVU1AxMC5kbGwNCj4gQ
zpcV0lORE9XU1xXaW5TeFNceDg2X01pY3Jvc29mdC5XaW5kb3dzLkNv
bW1vbi1Db250cm9sc182NTk1YjY0MTQ0Y2NmMWRmXzYuMC4yNjAwLjY
wMjhfeC13d182MWU2NTIwMlxjb21jdGwzMi5kbGwNCj4gQzpcV0lORE
9XU1xzeXN0ZW0zMlx1eHRoZW1lLmRsbA0KPiBDOlxQcm9ncmFtIEZpb
GVzXDM2MFwzNjBTYWZlXHNhZmVtb25cc2FmZW1vbi5kbGwNCg0KMzYw
LmNuDQozNjCwssirzsDKvyDN+Lbct8C7pMSjv+kNCjgsIDEsIDEsIDE
xMjANCnNhZmVtb24uZGxsDQooQykgMzYwLmNuIEluYy4gQWxsIFJpZ2
h0cyBSZXNlcnZlZC4NCnNhZmVtb24uZGxsDQo4LCAxLCAxLCAxMTIwD
QozNjCwssirzsDKvw0KDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcUFNB
UEkuRExMDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcTVNDVEYuZGxsDQo
+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbXNjdGZpbWUuaW1l

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 0
支持
分享
最新回复 (3)
Viv微微
雪    币: 42
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
2
。。。。把你的 C:\Hzkqs.exe 发上来呗、、、帮你看看、、、
2012-8-21 14:09
0
rainisa
雪    币: 258
活跃值: (30)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
3
既然你用脚本,那还不如直接用脱壳机。ASProtect_unpacker,支持ASProtecte1.x、ASProtecte SKE 2.x,可以支持SKE的API修复。
2012-8-21 16:42
0
小小酥
雪    币: 39
活跃值: (86)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
4
这个意思

Version: WtKk0cCwyNT3xv21wVokKFK57Lu1ViAsAAdVPCE8MHJkeH52MyMgOicjNlRyY3lFNTlBaW9+bHR4c2p7dxIqdGRgbwJxZndxd3djZXNOZ2Z0Bw==
ImageBase: 00400000
Eip: F40025
Eax: 29A29AF6
Ecx: 1A30600
Edx: 1A40600
Ebx: 1A51000
Esi: FCE3E67E
Edi: 787BA9FA
Ebp: 1A60600
Esp: 12FF58
ErrorCode:
2B,3,90,90,83,C3,4,90,90,90,90,90,90,90,90,90,3B,DE,72,EC,3,C7,89,45,0,83,C5,8,83,C1,8,83,C2,8,81,39,13,FA,A9,7B,75,C2,B9,4,0,A3,1,BA,4,0,A4,0...
Code = [214]
- 0
- 0
- 227
- 0
- 0
- []
> C:\Program Files\汇知考轻松考试系统3.0\WinXP高级版\Hzkqs.exe
> C:\WINDOWS\system32\ntdll.dll
> C:\WINDOWS\system32\kernel32.dll
> C:\WINDOWS\system32\user32.dll
> C:\WINDOWS\system32\GDI32.dll
> C:\WINDOWS\system32\advapi32.dll
> C:\WINDOWS\system32\RPCRT4.dll
> C:\WINDOWS\system32\Secur32.dll
> C:\WINDOWS\system32\oleaut32.dll
> C:\WINDOWS\system32\msvcrt.dll
> C:\WINDOWS\system32\ole32.dll
> C:\WINDOWS\system32\version.dll
> C:\WINDOWS\system32\comctl32.dll
> C:\WINDOWS\system32\imm32.dll
> C:\WINDOWS\system32\winspool.drv
> C:\WINDOWS\system32\shell32.dll
> C:\WINDOWS\system32\SHLWAPI.dll
> C:\WINDOWS\system32\wininet.dll
> C:\WINDOWS\system32\Normaliz.dll
> C:\WINDOWS\system32\urlmon.dll
> C:\WINDOWS\system32\iertutil.dll
> C:\WINDOWS\system32\netapi32.dll
> C:\WINDOWS\system32\wsock32.dll
> C:\WINDOWS\system32\WS2_32.dll
> C:\WINDOWS\system32\WS2HELP.dll
> C:\WINDOWS\system32\LPK.DLL
> C:\WINDOWS\system32\USP10.dll
> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
> C:\WINDOWS\system32\uxtheme.dll
> C:\Program Files\360\360Safe\safemon\safemon.dll

360.cn
360安全卫士 网盾防护模块
8, 1, 1, 1120
safemon.dll
(C) 360.cn Inc. All Rights Reserved.
safemon.dll
8, 1, 1, 1120
360安全卫士

> C:\WINDOWS\system32\PSAPI.DLL
> C:\WINDOWS\system32\MSCTF.dll
> C:\WINDOWS\system32\msctfime.ime
2012-9-19 10:28
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//