本人刚学脱壳
这个软件以前是用老王壳加过,最后又加一个壳这个软件大小,66.5MB
现在我把狗壳脱了,可是出现错误
但是我同样脱了另外一个软件7.5MB大小和这个软件加密方法是一样的,都能正常运行,而这个就不行
不修复时提示
修复后是提示
程序OEP代码,
脱壳后的
----------------------------------------------------------------
00488700 2222> 55 push ebp
00488701 8BEC mov ebp,esp
00488703 6A FF push -1
00488705 68 B0C26700 push 222222.0067C2B0
0048870A 68 78D74800 push 222222.0048D778
0048870F 64:A1 00000000 mov eax,dword ptr fs:[0]
00488715 50 push eax
00488716 64:8925 0000000>mov dword ptr fs:[0],esp
0048871D 83C4 A4 add esp,-5C
00488720 53 push ebx
00488721 56 push esi
00488722 57 push edi
00488723 8965 E8 mov dword ptr ss:[ebp-18],esp
00488726 FF15 E0BA6B00 call dword ptr ds:[<&kernel32.GetV>; kernel32.GetVersion
0048872C A3 6C706B00 mov dword ptr ds:[6B706C],eax
00488731 A1 6C706B00 mov eax,dword ptr ds:[6B706C]
00488736 C1E8 08 shr eax,8
00488739 25 FF000000 and eax,0FF
0048873E A3 78706B00 mov dword ptr ds:[6B7078],eax
00488743 8B0D 6C706B00 mov ecx,dword ptr ds:[6B706C]
00488749 81E1 FF000000 and ecx,0FF
0048874F 890D 74706B00 mov dword ptr ds:[6B7074],ecx
00488755 8B15 74706B00 mov edx,dword ptr ds:[6B7074]
0048875B C1E2 08 shl edx,8
0048875E 0315 78706B00 add edx,dword ptr ds:[6B7078]
00488764 8915 70706B00 mov dword ptr ds:[6B7070],edx
0048876A A1 6C706B00 mov eax,dword ptr ds:[6B706C]
0048876F C1E8 10 shr eax,10
00488772 25 FFFF0000 and eax,0FFFF
00488777 A3 6C706B00 mov dword ptr ds:[6B706C],eax
0048877C 6A 01 push 1
0048877E E8 2D7A0000 call 222222.004901B0
00488783 83C4 04 add esp,4
00488786 85C0 test eax,eax
00488788 75 0A jnz short 222222.00488794
0048878A 6A 1C push 1C
0048878C E8 0F010000 call 222222.004888A0
00488791 83C4 04 add esp,4
00488794 E8 57670000 call 222222.0048EEF0
00488799 85C0 test eax,eax
0048879B 75 0A jnz short 222222.004887A7
0048879D 6A 10 push 10
0048879F E8 FC000000 call 222222.004888A0
004887A4 83C4 04 add esp,4
004887A7 C745 FC 0000000>mov dword ptr ss:[ebp-4],0
004887AE E8 BDD70000 call 222222.00495F70
004887B3 FF15 A4B96B00 call dword ptr ds:[<&kernel32.GetC>; kernel32.GetCommandLineA
004887B9 A3 C88B6B00 mov dword ptr ds:[6B8BC8],eax
004887BE E8 8DD50000 call 222222.00495D50
004887C3 A3 58706B00 mov dword ptr ds:[6B7058],eax
004887C8 E8 73D00000 call 222222.00495840
004887CD E8 1ECF0000 call 222222.004956F0
004887D2 E8 992D0000 call 222222.0048B570
004887D7 C745 D0 0000000>mov dword ptr ss:[ebp-30],0
004887DE 8D4D A4 lea ecx,dword ptr ss:[ebp-5C]
004887E1 51 push ecx
004887E2 FF15 A8B96B00 call dword ptr ds:[<&kernel32.GetS>; kernel32.GetStartupInfoA
004887E8 E8 43CE0000 call 222222.00495630
004887ED 8945 9C mov dword ptr ss:[ebp-64],eax
004887F0 8B55 D0 mov edx,dword ptr ss:[ebp-30]
004887F3 83E2 01 and edx,1
004887F6 85D2 test edx,edx
004887F8 74 0D je short 222222.00488807
004887FA 8B45 D4 mov eax,dword ptr ss:[ebp-2C]
004887FD 25 FFFF0000 and eax,0FFFF
00488802 8945 94 mov dword ptr ss:[ebp-6C],eax
00488805 EB 07 jmp short 222222.0048880E
00488807 C745 94 0A00000>mov dword ptr ss:[ebp-6C],0A
0048880E 8B4D 94 mov ecx,dword ptr ss:[ebp-6C]
00488811 51 push ecx
00488812 8B55 9C mov edx,dword ptr ss:[ebp-64]
00488815 52 push edx
00488816 6A 00 push 0
00488818 6A 00 push 0
0048881A FF15 ECB86B00 call dword ptr ds:[<&kernel32.GetM>; kernel32.GetModuleHandleA
00488820 50 push eax
00488821 E8 3AF30100 call 222222.004A7B60
00488826 8945 A0 mov dword ptr ss:[ebp-60],eax
00488829 8B45 A0 mov eax,dword ptr ss:[ebp-60]
0048882C 50 push eax
0048882D E8 7E2D0000 call 222222.0048B5B0
00488832 8B4D EC mov ecx,dword ptr ss:[ebp-14]
00488835 8B11 mov edx,dword ptr ds:[ecx]
00488837 8B02 mov eax,dword ptr ds:[edx]
00488839 8945 98 mov dword ptr ss:[ebp-68],eax
0048883C 8B4D EC mov ecx,dword ptr ss:[ebp-14]
0048883F 51 push ecx
00488840 8B55 98 mov edx,dword ptr ss:[ebp-68]
00488843 52 push edx
00488844 E8 87C60000 call 222222.00494ED0
00488849 83C4 08 add esp,8
0048884C C3 retn
0048884D 8B65 E8 mov esp,dword ptr ss:[ebp-18]
00488850 8B45 98 mov eax,dword ptr ss:[ebp-68]
00488853 50 push eax
00488854 E8 772D0000 call 222222.0048B5D0
00488859 8B4D F0 mov ecx,dword ptr ss:[ebp-10]
0048885C 64:890D 0000000>mov dword ptr fs:[0],ecx
00488863 5F pop edi
00488864 5E pop esi
00488865 5B pop ebx
00488866 8BE5 mov esp,ebp
00488868 5D pop ebp
00488869 C3 retn
0048886A CC int3
0048886B CC int3
0048886C CC int3
0048886D CC int3
0048886E CC int3
0048886F CC int3
00488870 55 push ebp
00488871 8BEC mov ebp,esp
00488873 833D 60706B00 0>cmp dword ptr ds:[6B7060],1
0048887A 75 05 jnz short 222222.00488881
0048887C E8 BFDA0000 call 222222.00496340
00488881 8B45 08 mov eax,dword ptr ss:[ebp+8]
00488884 50 push eax
00488885 E8 06DB0000 call 222222.00496390
0048888A 83C4 04 add esp,4
0048888D 68 FF000000 push 0FF
00488892 FF15 04EF6A00 call dword ptr ds:[6AEF04] ; 222222.0048B5D0
00488898 83C4 04 add esp,4
0048889B 5D pop ebp
0048889C C3 retn
0048889D CC int3
0048889E CC int3
0048889F CC int3
004888A0 55 push ebp
004888A1 8BEC mov ebp,esp
004888A3 833D 60706B00 0>cmp dword ptr ds:[6B7060],1
004888AA 75 05 jnz short 222222.004888B1
004888AC E8 8FDA0000 call 222222.00496340
004888B1 8B45 08 mov eax,dword ptr ss:[ebp+8]
004888B4 50 push eax
004888B5 E8 D6DA0000 call 222222.00496390
004888BA 83C4 04 add esp,4
004888BD 68 FF000000 push 0FF
004888C2 FF15 94B96B00 call dword ptr ds:[<&kernel32.Exit>; kernel32.ExitProcess
004888C8 5D pop ebp
004888C9 C3 retn
004888CA CC int3
004888CB CC int3
004888CC CC int3
004888CD CC int3
004888CE CC int3
004888CF CC int3
004888D0 8B4C24 08 mov ecx,dword ptr ss:[esp+8]
004888D4 57 push edi
004888D5 53 push ebx
004888D6 56 push esi
004888D7 8A11 mov dl,byte ptr ds:[ecx]
004888D9 8B7C24 10 mov edi,dword ptr ss:[esp+10]
004888DD 84D2 test dl,dl
004888DF 74 69 je short 222222.0048894A
004888E1 8A71 01 mov dh,byte ptr ds:[ecx+1]
004888E4 84F6 test dh,dh
004888E6 74 4F je short 222222.00488937
004888E8 8BF7 mov esi,edi
004888EA 8B4C24 14 mov ecx,dword ptr ss:[esp+14]
004888EE 8A07 mov al,byte ptr ds:[edi]
004888F0 46 inc esi
004888F1 38D0 cmp al,dl
004888F3 74 15 je short 222222.0048890A
004888F5 84C0 test al,al
004888F7 74 0B je short 222222.00488904
004888F9 8A06 mov al,byte ptr ds:[esi]
004888FB 46 inc esi
004888FC 38D0 cmp al,dl
004888FE 74 0A je short 222222.0048890A
00488900 84C0 test al,al
00488902 ^ 75 F5 jnz short 222222.004888F9
00488904 5E pop esi
00488905 5B pop ebx
00488906 5F pop edi
00488907 33C0 xor eax,eax
00488909 C3 retn
0048890A 8A06 mov al,byte ptr ds:[esi]
0048890C 46 inc esi
0048890D 38F0 cmp al,dh
0048890F ^ 75 EB jnz short 222222.004888FC
00488911 8D7E FF lea edi,dword ptr ds:[esi-1]
00488914 8A61 02 mov ah,byte ptr ds:[ecx+2]
00488917 84E4 test ah,ah
00488919 74 28 je short 222222.00488943
0048891B 8A06 mov al,byte ptr ds:[esi]
0048891D 83C6 02 add esi,2
00488920 38E0 cmp al,ah
00488922 ^ 75 C4 jnz short 222222.004888E8
00488924 8A41 03 mov al,byte ptr ds:[ecx+3]
00488927 84C0 test al,al
00488929 74 18 je short 222222.00488943
0048892B 8A66 FF mov ah,byte ptr ds:[esi-1]
0048892E 83C1 02 add ecx,2
00488931 38E0 cmp al,ah
00488933 ^ 74 DF je short 222222.00488914
00488935 ^ EB B1 jmp short 222222.004888E8
00488937 33C0 xor eax,eax
00488939 5E pop esi
0048893A 5B pop ebx
0048893B 5F pop edi
0048893C 8AC2 mov al,dl
0048893E E9 73DC0000 jmp 222222.004965B6
00488943 8D47 FF lea eax,dword ptr ds:[edi-1]
00488946 5E pop esi
00488947 5B pop ebx
00488948 5F pop edi
00488949 C3 retn
0048894A 8BC7 mov eax,edi
0048894C 5E pop esi
0048894D 5B pop ebx
0048894E 5F pop edi
0048894F C3 retn
00488950 55 push ebp
00488951 8BEC mov ebp,esp
00488953 51 push ecx
00488954 6A 0C push 0C
00488956 E8 D5720000 call 222222.0048FC30
0048895B 83C4 04 add esp,4
0048895E 8B45 08 mov eax,dword ptr ss:[ebp+8]
00488961 50 push eax
00488962 E8 19000000 call 222222.00488980
00488967 83C4 04 add esp,4
0048896A 8945 FC mov dword ptr ss:[ebp-4],eax
0048896D 6A 0C push 0C
0048896F E8 5C730000 call 222222.0048FCD0
00488974 83C4 04 add esp,4
00488977 8B45 FC mov eax,dword ptr ss:[ebp-4]
0048897A 8BE5 mov esp,ebp
0048897C 5D pop ebp
0048897D C3 retn
0048897E CC int3
0048897F CC int3
00488980 55 push ebp
00488981 8BEC mov ebp,esp
00488983 83EC 08 sub esp,8
00488986 A1 88706B00 mov eax,dword ptr ds:[6B7088]
0048898B 8945 F8 mov dword ptr ss:[ebp-8],eax
0048898E 833D 08896B00 0>cmp dword ptr ds:[6B8908],0
这是不是跨系统平台的问题,如何解决
请大侠指教
[课程]Android-CTF解题方法汇总!