一程序PEID查壳显示:yoda's Protector v1.02 (.dll,.ocx) -> Ashkbiz Danehkar (h) *
OD载入
直接停在
00A933D7 . E8 2FFFFFFF call ZtGame.00A9330B
F9 运行
直接停到 已终止
00A8F621 F0:F1 lock int1 ; 不允许锁定前缀
SHIFT + F9
也是一样
直接停到 已终止
00A8F621 F0:F1 lock int1 ; 不允许锁定前缀
求教如何脱壳!
······························
OD载入时的代码段:
00A933D7 . E8 2FFFFFFF call ZtGame.00A9330B
00A933DC . 05 8B0B0000 add eax,0xB8B
00A933E1 . FFE0 jmp eax
00A933E3 $ E8 C6010000 call ZtGame.00A935AE
00A933E8 . 29B5 A8004308 sub dword ptr ss:[ebp+0x84300A8],esi
00A933EE . 1A7E 12 sbb bh,byte ptr ds:[esi+0x12]
00A933F1 . 8A6B D0 mov ch,byte ptr ds:[ebx-0x30]
00A933F4 . 7D 13 jge XZtGame.00A93409
00A933F6 . 02FE add bh,dh
00A933F8 . CE into
00A933F9 . 0030 add byte ptr ds:[eax],dh
00A933FB . 5E pop esi
00A933FC . 8A21 mov ah,byte ptr ds:[ecx]
00A933FE . E0 48 loopdne XZtGame.00A93448
00A93400 . 2908 sub dword ptr ds:[eax],ecx
00A93402 . 6B3A 1A imul edi,dword ptr ds:[edx],0x1A
00A93405 . 2212 and dl,byte ptr ds:[edx]
00A93407 38 db 38 ; CHAR '8'
00A93408 65 db 65 ; CHAR 'e'
00A93409 . 4E dec esi
00A9340A . 1BFE sbb edi,esi
00A9340C . 2E:006B 84 add byte ptr cs:[ebx-0x7C],ch
00A93410 . 36:6F outs dx,dword ptr es:[edi]
00A93412 03 db 03
00A93413 . 2D 64864F09 sub eax,0x94F8664
00A93418 . 5C pop esp
00A93419 . 110A adc dword ptr ds:[edx],ecx
00A9341B . D86F 29 fsubr dword ptr ds:[edi+0x29]
00A9341E . 58 pop eax
00A9341F . 8120 2E8B0CA6 and dword ptr ds:[eax],0xA60C8B2E
00A93425 . A6 cmps byte ptr ds:[esi],byte ptr es:[edi]
00A93426 . CB retf
00A93427 31 db 31 ; CHAR '1'
00A93428 08 db 08
00A93429 07 db 07
00A9342A 01 db 01
00A9342B 89 db 89
···············································
F9 停止处 代码段
00A8F621 F0:F1 lock int1 ; 不允许锁定前缀
00A8F623 . E9 BC0E0000 jmp ZtGame.00A904E4
00A8F628 00 db 00
00A8F629 00 db 00
00A8F62A > 890C24 mov dword ptr ss:[esp],ecx
00A8F62D . B9 3DF6A800 mov ecx,ZtGame.00A8F63D
00A8F632 . 870C24 xchg dword ptr ss:[esp],ecx
00A8F635 . C3 retn
00A8F636 > E9 3D1D0000 jmp ZtGame.00A91378
00A8F63B 00 db 00
00A8F63C 00 db 00
00A8F63D > 81C6 18A13F4E add esi,0x4E3FA118
00A8F643 . 873424 xchg dword ptr ss:[esp],esi
00A8F646 . E9 81010000 jmp ZtGame.00A8F7CC
00A8F64B . 57 push edi
00A8F64C . 68 E58DB14A push 0x4AB18DE5
00A8F651 .^ E9 59D6FFFF jmp ZtGame.00A8CCAF
00A8F656 00 db 00
00A8F657 00 db 00
00A8F658 F0:CC lock int3 ; 不允许锁定前缀
00A8F65A . 0F86 B0020000 jbe ZtGame.00A8F910
00A8F660 . 0F80 97130000 jo ZtGame.00A909FD
00A8F666 . 1BF7 sbb esi,edi
00A8F668 .^ E9 B0DBFFFF jmp ZtGame.00A8D21D
00A8F66D 0F db 0F
求高手指教!!!
.如何操作,我是新手!谢谢!
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!