-
-
[求助]关于vfp&exeNc V5_00加壳的程序脱壳的问题,请高手指导,谢谢!!!
-
发表于:
2005-11-30 18:16
4037
-
[求助]关于vfp&exeNc V5_00加壳的程序脱壳的问题,请高手指导,谢谢!!!
用OD载入,忽略所有异常
PUSHAD
CALL L002
L002:
POP EBP
SUB EBP,SPKS.00401006
LEA EAX,DWORD PTR SS:[EBP+401056]
PUSH EAX
PUSH DWORD PTR FS:[0]
MOV DWORD PTR FS:[0],ESP
INT3
NOP
POP DWORD PTR FS:[0]
ADD ESP,4
JE L016
JNZ L016
JMP L017
POP ECX
L016:
LEA EBX,DWORD PTR SS:[EBP+401000]
L017:
PUSH EBX
POP EDI
SUB EDI,EDX
PUSH EDI
L021:
MOV AL,BYTE PTR DS:[EBX]
XOR BYTE PTR DS:[EDI],AL
INC EBX
INC EDI
LOOPD L021
POP EAX
MOV DWORD PTR SS:[ESP+1C],EAX
POPAD
JMP EAX 这里到42D001入口处
JE SHORT SPKS.0042E4A6
JNZ SHORT SPKS.0042E4A6
JMP SHORT SPKS.0042E49F
PUSH EBP
...................
42d001:
PUSHAD
CALL L702
JMP 459FD4F7
PUSH EBP
RETN
CALL L702
JMP SHORT SPKS.0042D072
MOV EBX,-13
ADD EBX,EBP
SUB EBX,2D000
CMP DWORD PTR SS:[EBP+422],0
MOV DWORD PTR SS:[EBP+422],EBX
JNZ SPKS.0042D39A
LEA EAX,DWORD PTR SS:[EBP+42E]
PUSH EAX
CALL DWORD PTR SS:[EBP+F4D]
MOV DWORD PTR SS:[EBP+426],EAX
MOV EDI,EAX
LEA EBX,DWORD PTR SS:[EBP+5E]
PUSH EBX
PUSH EAX
INT3
XCHG EAX,EBP
DEC ECX
SLDT WORD PTR DS:[EAX]
MOV DWORD PTR SS:[EBP+54D],EAX 此时EBP=77E40000,这句根 本过不去,请问各位,为什么?
LEA EBX,DWORD PTR SS:[EBP+6B]
PUSH EBX
PUSH EDI
CALL DWORD PTR SS:[EBP+F49]
.....
[课程]Android-CTF解题方法汇总!
