-
-
arm脱壳,找到oep,但用Import REC修复时提示'无效的PE header'
-
发表于:
2006-6-2 09:29
5962
-
arm脱壳,找到oep,但用Import REC修复时提示'无效的PE header'
如下:
04A156F0 55 push ebp ; This is the OEP! Found By: fly
04A156F1 8BEC mov ebp,esp
04A156F3 B9 07000000 mov ecx,7
04A156F8 6A 00 push 0
04A156FA 6A 00 push 0
04A156FC 49 dec ecx
04A156FD ^ 75 F9 jnz short U.04A156F8
04A156FF 53 push ebx
04A15700 56 push esi
04A15701 57 push edi
04A15702 B8 783AA104 mov eax,U.04A13A78
04A15707 E8 403278FF call U.0419894C
04A1570C 33C0 xor eax,eax
04A1570E 55 push ebp
04A1570F 68 1F5BA104 push U.04A15B1F
04A15714 64:FF30 push dword ptr fs:[eax]
04A15717 64:8920 mov dword ptr fs:[eax],esp
04A1571A 6A 0C push 0C
04A1571C E8 773C78FF call U.04199398 ; jmp to USER32.GetDesktopWindow
请问各位大虾这是怎么回事?
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
