最初由 fly 发布
脱壳后无法运行有的是脱壳问题有的是检验
你说的太笼统,如同问别人:“这里有个程序,怎么破解呀?”
需要你自己去调试分析,看看究竟是啥原因导致无法运行
我使用UPX 通用脱壳机脱的壳,到底什么问题我也不清楚。
脱壳后,用PEid扫描,无论是标准扫描还是深度和核心扫描都显示已经脱壳。只有外部扫描,显示的是Nothing found *
在扩展的额外信息中,入口点(未加壳),EP检测(已加壳),快速检测(未加壳)。
还望朋友多多指点,我还是一个菜鸟。
这是在EP区段获取的信息,在这一段上显示(也许已加壳)
00401000: 04 10 ADD AL,10
00401002: 40 INC EAX
00401003: 00 03 ADD [EBX],AL
00401005: 07 POP ES
00401006: 42 INC EDX
00401007: 6F OUTS DX,DWORD PTR DS:[ESI]
00401008: 6F OUTS DX,DWORD PTR DS:[ESI]
00401009: 6C INS BYTE PTR ES:[EDI],DX
0040100A: 65 61 POPAD
0040100C: 6E OUTS DX,BYTE PTR DS:[ESI]
0040100D: 01 00 ADD [EAX],EAX
0040100F: 00 00 ADD [EAX],AL
00401011: 00 01 ADD [ECX],AL
00401013: 00 00 ADD [EAX],AL
00401015: 00 00 ADD [EAX],AL
00401017: 10 40 00 ADC [EAX+00],AL
0040101A: 05 46 61 6C 73 ADD EAX,736C6146
0040101F: 65 04 54 ADD AL,54
00401022: 72 75 JB 00401099
00401024: 65 8D 40 00 LEA EAX,GS:[EAX+00]
00401028: 2C 10 SUB AL,10
0040102A: 40 INC EAX
0040102B: 00 02 ADD [EDX],AL
0040102D: 04 43 ADD AL,43
0040102F: 68 61 72 01 00 PUSH 00017261
00401034: 00 00 ADD [EAX],AL
00401036: 00 FF ADD BH,BH
00401038: 00 00 ADD [EAX],AL
0040103A: 00 90 40 10 40 00 ADD [EAX+00401040],DL
00401040: 01 08 ADD [EAX],ECX
00401042: 53 PUSH EBX
00401043: 6D INS DWORD PTR ES:[EDI],DX
00401044: 61 POPAD
00401045: 6C INS BYTE PTR ES:[EDI],DX
00401046: 6C INS BYTE PTR ES:[EDI],DX
00401047: 69 6E 74 02 00 80 FF IMUL EBP,[ESI+74],FF800002
0040104E: FF FF UNKNOWN
00401050: 7F 00 JNLE 00401052
00401052: 00 90 58 10 40 00 ADD [EAX+00401058],DL
00401058: 01 07 ADD [EDI],EAX
0040105A: 49 DEC ECX
0040105B: 6E OUTS DX,BYTE PTR DS:[ESI]
0040105C: 74 65 JZ 004010C3
0040105E: 67 数据是坏的――――这里的两个坏数据如何解决?
0040105F: 65 数据是坏的
00401060: 72 04 JB 00401066
00401062: 00 00 ADD [EAX],AL
00401064: 00 80 FF FF FF 7F ADD [EAX+7FFFFFFF],AL
0040106A: 8B C0 MOV EAX,EAX
0040106C: 70 10 JO 0040107E
0040106E: 40 INC EAX
0040106F: 00 01 ADD [ECX],AL
00401071: 04 42 ADD AL,42
00401073: 79 74 JNS 004010E9
00401075: 65 01 00 ADD GS:[EAX],EAX
00401078: 00 00 ADD [EAX],AL
0040107A: 00 FF ADD BH,BH
0040107C: 00 00 ADD [EAX],AL
0040107E: 00 90 84 10 40 00 ADD [EAX+00401084],DL
00401084: 01 04 57 ADD [EDX*2+EDI],EAX
00401087: 6F OUTS DX,DWORD PTR DS:[ESI]
00401088: 72 64 JB 004010EE
0040108A: 03 00 ADD EAX,[EAX]
0040108C: 00 00 ADD [EAX],AL
0040108E: 00 FF ADD BH,BH
00401090: FF 00 INC DWORD PTR [EAX]
00401092: 00 90 98 10 40 00 ADD [EAX+00401098],DL
00401098: 01 08 ADD [EAX],ECX
0040109A: 43 INC EBX
0040109B: 61 POPAD
0040109C: 72 64 JB 00401102
0040109E: 69 6E 61 6C 05 00 00 IMUL EBP,[ESI+61],0000056C
004010A5: 00 00 ADD [EAX],AL
004010A7: FF FF UNKNOWN
004010A9: FF FF UNKNOWN
004010AB: 90 NOP
004010AC: B0 10 MOV AL,10
004010AE: 40 INC EAX
004010AF: 00 03 ADD [EBX],AL
004010B1: 08 57 6F OR [EDI+6F],DL
004010B4: 72 64 JB 0040111A
004010B6: 42 INC EDX
004010B7: 6F OUTS DX,DWORD PTR DS:[ESI]
004010B8: 6F OUTS DX,DWORD PTR DS:[ESI]
004010B9: 6C INS BYTE PTR ES:[EDI],DX
004010BA: 02 00 ADD AL,[EAX]
004010BC: 00 00 ADD [EAX],AL
004010BE: 80 FF FF CMP BH,FF
004010C1: FF 7F UNKNOWN
004010C3: AC LODS AL,BYTE PTR DS:[ESI]
004010C4: 10 40 00 ADC [EAX+00],AL
004010C7: 05 46 61 6C 73 ADD EAX,736C6146
004010CC: 65 04 54 ADD AL,54
004010CF: 72 75 JB 00401146
004010D1: 65 8B C0 MOV EAX,EAX
004010D4: D8 10 FCOM REAL4 PTR [EAX]
004010D6: 40 INC EAX
004010D7: 00 0A ADD [EDX],CL
004010D9: 06 PUSH ES
004010DA: 53 PUSH EBX
004010DB: 74 72 JZ 0040114F
004010DD: 69 6E 67 E4 10 40 00 IMUL EBP,[ESI+67],004010E4
004010E4: 0B 0A OR ECX,[EDX]
004010E6: 57 PUSH EDI
004010E7: 69 64 65 53 74 72 69 6E IMUL ESP,[EBP+53],6E697274
004010EF: 67 F4 HLT
004010F1: 10 40 00 ADC [EAX+00],AL
004010F4: 0C 07 OR AL,07
004010F6: 56 PUSH ESI
004010F7: 61 POPAD
004010F8: 72 69 JB 00401163
004010FA: 61 POPAD
004010FB: 6E OUTS DX,BYTE PTR DS:[ESI]
004010FC: 74 8D JZ 0040108B
004010FE: 40 INC EAX
004010FF: 00 04 11 ADD [EDX+ECX],AL
00401102: 40 INC EAX
00401103: 00 0C 0A ADD [ECX+EDX],CL
00401106: 4F DEC EDI
00401107: 6C INS BYTE PTR ES:[EDI],DX
00401108: 65 56 PUSH ESI
0040110A: 61 POPAD
0040110B: 72 69 JB 00401176
0040110D: 61 POPAD
0040110E: 6E OUTS DX,BYTE PTR DS:[ESI]
0040110F: 74 5C JZ 0040116D
00401111: 11 40 00 ADC [EAX+00],EAX
00401114: 00 00 ADD [EAX],AL
00401116: 00 00 ADD [EAX],AL
00401118: 00 00 ADD [EAX],AL
0040111A: 00 00 ADD [EAX],AL
0040111C: 00 00 ADD [EAX],AL
0040111E: 00 00 ADD [EAX],AL
00401120: 00 00 ADD [EAX],AL
00401122: 00 00 ADD [EAX],AL
00401124: 00 00 ADD [EAX],AL
00401126: 00 00 ADD [EAX],AL
00401128: 00 00 ADD [EAX],AL
0040112A: 00 00 ADD [EAX],AL
0040112C: 00 00 ADD [EAX],AL
0040112E: 00 00 ADD [EAX],AL
00401130: 5C POP ESP
00401131: 11 40 00 ADC [EAX+00],EAX
00401134: 04 00 ADD AL,00
00401136: 00 00 ADD [EAX],AL
00401138: 00 00 ADD [EAX],AL
0040113A: 00 00 ADD [EAX],AL
0040113C: A4 MOVS BYTE PTR DS:[ESI],BYTE PTR ES:[EDI]
0040113D: 31 40 00 XOR [EAX+00],EAX
00401140: B0 31 MOV AL,31
00401142: 40 INC EAX
00401143: 00 B4 31 40 00 B8 31 ADD [ESI+ECX+31B80040],DH
0040114A: 40 INC EAX
0040114B: 00 AC 31 40 00 10 2F ADD [ESI+ECX+2F100040],CH
00401152: 40 INC EAX
00401153: 00 24 2F ADD [EBP+EDI],AH
00401156: 40 INC EAX
00401157: 00 70 2F ADD [EAX+2F],DH
0040115A: 40 INC EAX
0040115B: 00 07 ADD [EDI],AL
0040115D: 54 PUSH ESP
0040115E: 4F DEC EDI
0040115F: 62 6A 65 BOUND EBP,[EDX+65]
00401162: 63 74 68 11 ARPL [EBP*2+EAX+11],SI
00401166: 40 INC EAX
00401167: 00 07 ADD [EDI],AL
00401169: 07 POP ES
0040116A: 54 PUSH ESP
0040116B: 4F DEC EDI
0040116C: 62 6A 65 BOUND EBP,[EDX+65]
0040116F: 63 74 5C 11 ARPL [EBX*2+ESP+11],SI
00401173: 40 INC EAX
00401174: 00 00 ADD [EAX],AL
00401176: 00 00 ADD [EAX],AL
00401178: 00 00 ADD [EAX],AL
0040117A: 00 06 ADD [ESI],AL
0040117C: 53 PUSH EBX
0040117D: 79 73 JNS 004011F2
0040117F: 74 65 JZ 004011E6
00401181: 6D INS DWORD PTR ES:[EDI],DX
00401182: 00 00 ADD [EAX],AL
00401184: 88 11 MOV [ECX],DL
00401186: 40 INC EAX
00401187: 00 0F ADD [EDI],CL
00401189: 08 49 55 OR [ECX+55],CL
0040118C: 6E OUTS DX,BYTE PTR DS:[ESI]
0040118D: 6B 6E 6F 77 IMUL EBP,[ESI+6F],77
00401191: 6E OUTS DX,BYTE PTR DS:[ESI]
00401192: 00 00 ADD [EAX],AL
00401194: 00 00 ADD [EAX],AL
00401196: 01 00 ADD [EAX],EAX
00401198: 00 00 ADD [EAX],AL
0040119A: 00 00 ADD [EAX],AL
0040119C: 00 00 ADD [EAX],AL
0040119E: 00 C0 ADD AL,AL
004011A0: 00 00 ADD [EAX],AL
004011A2: 00 00 ADD [EAX],AL
004011A4: 00 00 ADD [EAX],AL
004011A6: 46 INC ESI
004011A7: 06 PUSH ES
004011A8: 53 PUSH EBX
004011A9: 79 73 JNS 0040121E
004011AB: 74 65 JZ 00401212
004011AD: 6D INS DWORD PTR ES:[EDI],DX
004011AE: 00 00 ADD [EAX],AL
004011B0: B4 11 MOV AH,11
004011B2: 40 INC EAX
004011B3: 00 0F ADD [EDI],CL
004011B5: 09 49 44 OR [ECX+44],ECX
004011B8: 69 73 70 61 74 63 68 IMUL ESI,[EBX+70],68637461
004011BF: 84 11 TEST [ECX],DL
004011C1: 40 INC EAX
004011C2: 00 01 ADD [ECX],AL
004011C4: 00 04 02 ADD [EAX+EDX],AL
004011C7: 00 00 ADD [EAX],AL
004011C9: 00 00 ADD [EAX],AL
004011CB: 00 C0 ADD AL,AL
004011CD: 00 00 ADD [EAX],AL
004011CF: 00 00 ADD [EAX],AL
004011D1: 00 00 ADD [EAX],AL
004011D3: 46 INC ESI
004011D4: 06 PUSH ES
004011D5: 53 PUSH EBX
004011D6: 79 73 JNS 0040124B
004011D8: 74 65 JZ 0040123F
004011DA: 6D INS DWORD PTR ES:[EDI],DX
004011DB: 00 00 ADD [EAX],AL
004011DD: 8D 40 00 LEA EAX,[EAX+00]
004011E0: CC INT3
004011E1: 83 44 24 04 F8 ADD DWORD PTR [ESP+04],F8
004011E6: E9 55 50 00 00 JMP 00406240
004011EB: 83 44 24 04 F8 ADD DWORD PTR [ESP+04],F8
004011F0: E9 73 50 00 00 JMP 00406268
004011F5: 83 44 24 04 F8 ADD DWORD PTR [ESP+04],F8
004011FA: E9 7D 50 00 00 JMP 0040627C
004011FF: CC INT3