小弟第一次脱ASProtect 2.1x SKE,用OD载入,F9运行程序,系统会自动关机.
载入后来到了
00401000 > 68 01105000 PUSH 复制外挂.00501001
00401005 E8 01000000 CALL 复制外挂.0040100B
0040100A C3 RETN
0040100B C3 RETN
0040100C 6E OUTS DX,BYTE PTR ES:[EDI] ; I/O 命令
0040100D 40 INC EAX
0040100E 7A F3 JPE SHORT 复制外挂.00401003
00401010 5D POP EBP
00401011 5F POP EDI
00401012 40 INC EAX
00401013 D187 7D05078D ROL DWORD PTR DS:[EDI+8D07057D],1
00401019 AD LODS DWORD PTR DS:[ESI]
0040101A 16 PUSH SS
0040101B C3 RETN
0040101C 133439 ADC ESI,DWORD PTR DS:[ECX+EDI]
0040101F 48 DEC EAX
00401020 C2 2F4F RETN 4F2F
00401023 D4 39 AAM 39
00401025 F6F8 IDIV AL
00401027 D89D 0859E214 FCOMP DWORD PTR SS:[EBP+14E25908]
0040102D A0 0CF24CB6 MOV AL,BYTE PTR DS:[B64CF20C]
00401032 C6 ??? ; 未知命令
00401033 50 PUSH EAX
00401034 5B POP EBX
00401035 - 78 AB JS SHORT 复制外挂.00400FE2
00401037 C1346E 35 SAL DWORD PTR DS:[ESI+EBP*2],35 ; 移位常量超出 1..31 的范围
0040103B A6 CMPS BYTE PTR DS:[ESI],BYTE PTR ES:[EDI]
0040103C 96 XCHG EAX,ESI
0040103D 37 AAA
F8三下,来到了
00501001 60 PUSHAD
00501002 E8 03000000 CALL 复制外挂.0050100A
00501007 - E9 EB045D45 JMP 45AD14F7
0050100C 55 PUSH EBP
0050100D C3 RETN
0050100E E8 01000000 CALL 复制外挂.00501014
00501013 EB 5D JMP SHORT 复制外挂.00501072
00501015 BB EDFFFFFF MOV EBX,-13
0050101A 03DD ADD EBX,EBP
0050101C 81EB 00101000 SUB EBX,101000
00501022 807D 4D 01 CMP BYTE PTR SS:[EBP+4D],1
00501026 75 0C JNZ SHORT 复制外挂.00501034
00501028 8B7424 28 MOV ESI,DWORD PTR SS:[ESP+28]
0050102C 83FE 01 CMP ESI,1
0050102F 895D 4E MOV DWORD PTR SS:[EBP+4E],EBX
00501032 75 31 JNZ SHORT 复制外挂.00501065
00501034 8D45 53 LEA EAX,DWORD PTR SS:[EBP+53]
00501037 50 PUSH EAX
00501038 53 PUSH EBX
00501039 FFB5 ED090000 PUSH DWORD PTR SS:[EBP+9ED]
0050103F 8D45 35 LEA EAX,DWORD PTR SS:[EBP+35]
00501042 50 PUSH EAX
00501043 E9 82000000 JMP 复制外挂.005010CA
00501048 0000 ADD BYTE PTR DS:[EAX],AL
0050104A 0000 ADD BYTE PTR DS:[EAX],AL
0050104C 0000 ADD BYTE PTR DS:[EAX],AL
0050104E 0000 ADD BYTE PTR DS:[EAX],AL
00501050 0000 ADD BYTE PTR DS:[EAX],AL
00501052 0000 ADD BYTE PTR DS:[EAX],AL
00501054 0000 ADD BYTE PTR DS:[EAX],AL
接着在继续单步下去.就被强行关机了,, 高人请来帮我看看...帮帮小弟
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课