第一发表
无狗脱狗壳
在这里就不说明了什么狗了
用OD加载到这里
00415628 ~> E8 00000000 call ~dumped_.0041562D
0041562D 5B pop ebx
0041562E 81EB 75164000 sub ebx,~dumped_.00401675
00415634 FF3424 push dword ptr ss:[esp]
00415637 E8 1CFAFFFF call ~dumped_.00415058
0041563C 90 nop
0041563D 0BC0 or eax,eax
0041563F 75 05 jnz short ~dumped_.00415646
00415641 E9 4D020000 jmp ~dumped_.00415893
00415646 8983 5D134000 mov dword ptr ds:[ebx+40135D],eax
0041564C 8D83 25144000 lea eax,dword ptr ds:[ebx+401425]
00415652 50 push eax
00415653 FFB3 5D134000 push dword ptr ds:[ebx+40135D]
00415659 E8 DCFAFFFF call ~dumped_.0041513A
0041565E 0BC0 or eax,eax
00415660 75 05 jnz short ~dumped_.00415667
00415662 E9 2C020000 jmp ~dumped_.00415893
00415667 8983 0C144000 mov dword ptr ds:[ebx+40140C],eax
0041566D 8D83 18144000 lea eax,dword ptr ds:[ebx+401418]
00415673 50 push eax
----------------------------------------------------------
F9运行几次
来到
00415243 90 nop
00415244 90 nop
00415245 90 nop
00415246 90 nop
00415247 90 nop
00415248 90 nop
00415249 90 nop
0041524A 90 nop
0041524B 8B4D F8 mov ecx,dword ptr ss:[ebp-8]
0041524E 90 nop
0041524F 90 nop
00415250 90 nop
00415251 90 nop
00415252 90 nop
00415253 90 nop
00415254 90 nop
00415255 90 nop
00415256 F3:A6 repe cmps byte ptr es:[edi],byte ptr ds>
00415258 75 03 jnz short ~dumped_.0041525D
0041525A 5E pop esi
0041525B EB 1C jmp short ~dumped_.00415279
0041525D 5E pop esi
0041525E 83C3 04 add ebx,4
00415261 90 nop
00415262 90 nop
00415263 90 nop
00415264 90 nop
00415265 90 nop
00415266 90 nop
00415267 90 nop
00415268 90 nop
00415269 42 inc edx
0041526A 90 nop
0041526B 90 nop
0041526C 90 nop
0041526D 90 nop
0041526E 90 nop
0041526F 90 nop
00415270 90 nop
00415271 90 nop
00415272 3B56 18 cmp edx,dword ptr ds:[esi+18]
00415275 ^ 72 B3 jb short ~dumped_.0041522A //这里本人不明白为什么有狗也跳没有狗也跳 但是这在里不让它跳它就完了,
00415277 EB 7A jmp short ~dumped_.004152F3
00415279 2B5E 20 sub ebx,dword ptr ds:[esi+20]
把
00415275 ^ 72 B3 jb short ~dumped_.0041522A //改成
00415275 ^ 74 B3 je short ~dumped_.0041522A
好了,一真走下就就到OEP了
就这么简单
附件:new.rar
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法