peid 0.94::ASProtect 2.1x SKE -> Alexey Solodovnikov
OD,忽略所有异常,隐藏OD
00401000 > 68 01B05700 push abslogde.0057B001 ;停在入口处
00401005 E8 01000000 call abslogde.0040100B
0040100A C3 retn
BP GetModuleHandleA,Shift+F9,清除硬件断点,Alt+F9
00C094AC 85C0 test eax,eax
; kernel32.77E40000,返回这里
问题出在避开IAT加密
Ctrl+S 搜索命令:
mov edx,dword ptr ss:[ebp+C]
mov edx,dword ptr ds:[edx]
mov dword ptr ds:[edx],eax
可以找到4处,shift+f9,断在第一处,
修改为::mov dword ptr ds:[edx],ebx
在一次shift+f9
ERROR::
OS: Windows XP Professional, SP2
CPU: GenuineIntel, Intel Pentium 4, MMX @ 2000 MHz
Application data:
VmVyc2lvbjogUUhGeWJtcGdaWEJzYW1oSVptcHRKQ2s1SmlvN0p5dzh
JUzA5QXdVOVBpRWdNWEJuZW45d05DVW1PQ2NrTjBwOWRYeDdhWDQxDQ
pJbWFnZUJhc2U6IDAwNDAwMDAwDQpFaXA6IDExQzc2NDgNCkVheDogN
0M5MzE4OEENCkVjeDogMTJGREUwDQpFZHg6IDANCkVieDogMTIwMEQ2
OA0KRXNpOiAxNg0KRWRpOiAxMkZFMDINCkVicDogMTJGRjA4DQpFc3A
6IDEyRkRGNA0KRXJyb3JDb2RlOiANCjg5LDFBLDkwLDhCLDEyLDg5LD
IsRTksMjAsMSwwLDAsMzMsQzAsOEEsNDMsMzUsM0IsRjAsNzQsMjIsM
zMsQzAsOEEsNDMsMzYsM0IsRjAsNzQsMTksMzMsQzAsOEEsNDMsMzcs
M0IsRjAsNzQsMTAsMzMsQzAsOEEsNDMsMzksM0IsRjAsRiw4NSxBRCw
wLDAsMC4uLg0KQ29kZSA9IFsyMTBdDQotIDE2MA0KLSA5Ng0KLSAyMj
cNCi0gMA0KLSBbXQ0KPiBDOlxEb2N1bWVudHMgYW5kIFNldHRpbmdzX
EFkbWluaXN0cmF0b3Jc18DD5lxtamRkcDMwc2V0dXBcbWpkZHAzLjAu
ZXhlDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbnRkbGwuZGxsDQo+IEM
6XFdJTkRPV1Ncc3lzdGVtMzJca2VybmVsMzIuZGxsDQo+IEM6XFdJTk
RPV1Ncc3lzdGVtMzJcdXNlcjMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c
3RlbTMyXEdESTMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXGFk
dmFwaTMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFJQQ1JUNC5
kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxvbGVhdXQzMi5kbGwNCj
4gQzpcV0lORE9XU1xzeXN0ZW0zMlxtc3ZjcnQuZGxsDQo+IEM6XFdJT
kRPV1Ncc3lzdGVtMzJcb2xlMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lz
dGVtMzJcdmVyc2lvbi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlx
jb21jdGwzMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxzaGVsbD
MyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFNITFdBUEkuZGxsD
Qo+IEM6XERvY3VtZW50cyBhbmQgU2V0dGluZ3NcQWRtaW5pc3RyYXRv
clzXwMPmXG1qZGRwMzBzZXR1cFxkZHAuZGF0MQ0KPiBDOlxXSU5ET1d
TXHN5c3RlbTMyXG1mYzQyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbT
MyXElNTTMyLkRMTA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXExQSy5ET
EwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxVU1AxMC5kbGwNCj4gQzpc
V0lORE9XU1xXaW5TeFNceDg2X01pY3Jvc29mdC5XaW5kb3dzLkNvbW1
vbi1Db250cm9sc182NTk1YjY0MTQ0Y2NmMWRmXzYuMC4yNjAwLjIxOD
BfeC13d19hODRmMWZmOVxjb21jdGwzMi5kbGwNCj4gQzpcV0lORE9XU
1xzeXN0ZW0zMlxNRkM0MkxPQy5ETEwNCj4gQzpcV0lORE9XU1xzeXN0
ZW0zMlx3c29jazMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFd
TMl8zMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxXUzJIRUxQLm
RsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXE1TQ1RGLmRsbA0KPiBDO
lxXSU5ET1dTXHN5c3RlbTMyXG1zY3RmaW1lLmltZQ==
[课程]Android-CTF解题方法汇总!