-
-
[求助]关于UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo的壳很奇怪请帮忙~~
-
2006-7-9 05:46
3817
-
[求助]关于UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo的壳很奇怪请帮忙~~
0042C1E9 > /8A07 MOV AL,BYTE PTR DS:[EDI]
0042C1EB . |47 INC EDI
0042C1EC . |08C0 OR AL,AL
0042C1EE .^|74 DC JE SHORT WinRAR.0042C1CC
0042C1F0 . |89F9 MOV ECX,EDI
0042C1F2 . |79 07 JNS SHORT WinRAR.0042C1FB
0042C1F4 . |0FB707 MOVZX EAX,WORD PTR DS:[EDI]
0042C1F7 . |47 INC EDI
0042C1F8 . |50 PUSH EAX
0042C1F9 . |47 INC EDI
0042C1FA |B9 DB B9
0042C1FB . |57 PUSH EDI
0042C1FC . |48 DEC EAX
0042C1FD . |F2:AE REPNE SCAS BYTE PTR ES:[EDI]
0042C1FF . |55 PUSH EBP
0042C200 . |FF96 48180300 CALL DWORD PTR DS:[ESI+31848]
0042C206 . |09C0 OR EAX,EAX
0042C208 . |74 07 JE SHORT WinRAR.0042C211
0042C20A . |8903 MOV DWORD PTR DS:[EBX],EAX
0042C20C . |83C3 04 ADD EBX,4
0042C20F .^\EB D8 JMP SHORT WinRAR.0042C1E9
0042C211 > FF96 4C180300 CALL DWORD PTR DS:[ESI+3184C]
0042C217 > 61 POPAD
0042C218 .- E9 E34DFDFF JMP WinRAR.00401000
到最后这里应该正常到61断点就可以得到OEP了``可是我到那里怎么下断点怎么又弹回
0042C1E9
这里 请大侠们帮忙~~
[培训]内核驱动高级班,冲击BAT一流互联网大厂工
作,每周日13:00-18:00直播授课
