-
-
[旧帖] [求助]我用upx脱壳后为啥运行不了呢? 0.00雪花
-
发表于: 2012-9-27 11:25
-
代码里也没看到有什么检查的地方?请指点。
00427FD4 >/$ 55 push ebp 00427FD5 |. 8BEC mov ebp,esp 00427FD7 |. 6A FF push -1 00427FD9 |. 68 F8E84200 push svConver.0042E8F8 00427FDE |. 68 C87F4200 push <jmp.&MSVCRT._except_handler3> ; SE 处理程序安装 00427FE3 |. 64:A1 0000000>mov eax,dword ptr fs:[0] 00427FE9 |. 50 push eax 00427FEA |. 64:8925 00000>mov dword ptr fs:[0],esp 00427FF1 |. 83EC 68 sub esp,68 00427FF4 |. 53 push ebx 00427FF5 |. 56 push esi 00427FF6 |. 57 push edi 00427FF7 |. 8965 E8 mov dword ptr ss:[ebp-18],esp 00427FFA |. 33DB xor ebx,ebx 00427FFC |. 895D FC mov dword ptr ss:[ebp-4],ebx 00427FFF |. 6A 02 push 2 00428001 |. FF15 FCA54200 call near dword ptr ds:[<&MSVCRT.__se>; msvcrt.__set_app_type 00428007 |. 59 pop ecx 00428008 |. 830D 68685700>or dword ptr ds:[576868],FFFFFFFF 0042800F |. 830D 6C685700>or dword ptr ds:[57686C],FFFFFFFF 00428016 |. FF15 F8A54200 call near dword ptr ds:[<&MSVCRT.__p_>; msvcrt.__p__fmode 0042801C |. 8B0D A0625700 mov ecx,dword ptr ds:[5762A0] 00428022 |. 8908 mov dword ptr ds:[eax],ecx 00428024 |. FF15 F4A54200 call near dword ptr ds:[<&MSVCRT.__p_>; msvcrt.__p__commode 0042802A |. 8B0D 9C625700 mov ecx,dword ptr ds:[57629C] 00428030 |. 8908 mov dword ptr ds:[eax],ecx 00428032 |. A1 F0A54200 mov eax,dword ptr ds:[<&MSVCRT._adju> 00428037 |. 8B00 mov eax,dword ptr ds:[eax] 00428039 |. A3 64685700 mov dword ptr ds:[576864],eax 0042803E |. E8 50030000 call svConver.00428393 00428043 |. 391D D05A4400 cmp dword ptr ds:[445AD0],ebx 00428049 |. 75 0C jnz short svConver.00428057 0042804B |. 68 90834200 push svConver.00428390 00428050 |. FF15 ECA54200 call near dword ptr ds:[<&MSVCRT.__se>; msvcrt.__setusermatherr 00428056 |. 59 pop ecx 00428057 |> E8 22030000 call svConver.0042837E 0042805C |. 68 4C204300 push svConver.0043204C 00428061 |. 68 48204300 push svConver.00432048 00428066 |. E8 0D030000 call <jmp.&MSVCRT._initterm> 0042806B |. A1 98625700 mov eax,dword ptr ds:[576298] 00428070 |. 8945 94 mov dword ptr ss:[ebp-6C],eax 00428073 |. 8D45 94 lea eax,dword ptr ss:[ebp-6C] 00428076 |. 50 push eax 00428077 |. FF35 94625700 push dword ptr ds:[576294] 0042807D |. 8D45 9C lea eax,dword ptr ss:[ebp-64] 00428080 |. 50 push eax 00428081 |. 8D45 90 lea eax,dword ptr ss:[ebp-70] 00428084 |. 50 push eax 00428085 |. 8D45 A0 lea eax,dword ptr ss:[ebp-60] 00428088 |. 50 push eax 00428089 |. FF15 E4A54200 call near dword ptr ds:[<&MSVCRT.__ge>; msvcrt.__getmainargs 0042808F |. 68 44204300 push svConver.00432044 00428094 |. 68 00204300 push svConver.00432000 00428099 |. E8 DA020000 call <jmp.&MSVCRT._initterm> 0042809E |. 83C4 24 add esp,24 004280A1 |. A1 E0A54200 mov eax,dword ptr ds:[<&MSVCRT._acmd> 004280A6 |. 8B30 mov esi,dword ptr ds:[eax] 004280A8 |. 8975 8C mov dword ptr ss:[ebp-74],esi 004280AB |. 803E 22 cmp byte ptr ds:[esi],22 004280AE |. 75 3A jnz short svConver.004280EA 004280B0 |> 46 /inc esi 004280B1 |. 8975 8C |mov dword ptr ss:[ebp-74],esi 004280B4 |. 8A06 |mov al,byte ptr ds:[esi] 004280B6 |. 3AC3 |cmp al,bl 004280B8 |. 74 04 |je short svConver.004280BE 004280BA |. 3C 22 |cmp al,22 004280BC |.^ 75 F2 \jnz short svConver.004280B0 004280BE |> 803E 22 cmp byte ptr ds:[esi],22 004280C1 |. 75 04 jnz short svConver.004280C7 004280C3 |> 46 inc esi 004280C4 |. 8975 8C mov dword ptr ss:[ebp-74],esi 004280C7 |> 8A06 mov al,byte ptr ds:[esi] 004280C9 |. 3AC3 cmp al,bl 004280CB |. 74 04 je short svConver.004280D1 004280CD |. 3C 20 cmp al,20 004280CF |.^ 76 F2 jbe short svConver.004280C3 004280D1 |> 895D D0 mov dword ptr ss:[ebp-30],ebx 004280D4 |. 8D45 A4 lea eax,dword ptr ss:[ebp-5C] 004280D7 |. 50 push eax ; /pStartupinfo 004280D8 |. FF15 F4A04200 call near dword ptr ds:[<&KERNEL32.Ge>; \GetStartupInfoA 004280DE |. F645 D0 01 test byte ptr ss:[ebp-30],1 004280E2 |. 74 11 je short svConver.004280F5 004280E4 |. 0FB745 D4 movzx eax,word ptr ss:[ebp-2C] 004280E8 |. EB 0E jmp short svConver.004280F8 004280EA |> 803E 20 /cmp byte ptr ds:[esi],20 004280ED |.^ 76 D8 |jbe short svConver.004280C7 004280EF |. 46 |inc esi 004280F0 |. 8975 8C |mov dword ptr ss:[ebp-74],esi 004280F3 |.^ EB F5 \jmp short svConver.004280EA 004280F5 |> 6A 0A push 0A 004280F7 |. 58 pop eax 004280F8 |> 50 push eax 004280F9 |. 56 push esi 004280FA |. 53 push ebx 004280FB |. 53 push ebx ; /pModule 004280FC |. FF15 B4A04200 call near dword ptr ds:[<&KERNEL32.Ge>; \GetModuleHandleA 00428102 |. 50 push eax 00428103 |. E8 92020000 call svConver.0042839A 00428108 |. 8945 98 mov dword ptr ss:[ebp-68],eax 0042810B |. 50 push eax ; /status 0042810C |. FF15 94A54200 call near dword ptr ds:[<&MSVCRT.exit>; \exit 00428112 |. 8B45 EC mov eax,dword ptr ss:[ebp-14] 00428115 |. 8B08 mov ecx,dword ptr ds:[eax] 00428117 |. 8B09 mov ecx,dword ptr ds:[ecx] 00428119 |. 894D 88 mov dword ptr ss:[ebp-78],ecx 0042811C |. 50 push eax 0042811D |. 51 push ecx 0042811E |. E8 4F020000 call <jmp.&MSVCRT._XcptFilter> 00428123 |. 59 pop ecx 00428124 |. 59 pop ecx 00428125 \. C3 retn
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
