首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 看雪峰会 看雪商城 证书查询
  1. 社区
  2. 加壳脱壳
    3. 发新帖
[分享]Asprotect2.XX IAT fixer v2.2S 中秋快乐
发表于: 2006-10-5 20:59 188814

[分享]Asprotect2.XX IAT fixer v2.2S 中秋快乐

VolX 活跃值
4
2006-10-5 20:59
188814
Aspr2.xx_IAT_fixer_v2.2s 脚本支持

Asprotect 1.32, 1.33, ,1.35, 1.4, 2.0, 2.1, 2.11, 2.2beta, 2.2, 2.3

EXE/DLL 包括高级输入表保护选项

需要的就下 !
/*
Script written by VolX
version : v2.2 special edition
Date    : 7-Aug-2006
Test Environment : OllyDbg 1.1
                   ODBGScript 1.47 under WINXP
Thanks : Oleh Yuschuk - author of OllyDbg
         SHaG - author of OllyScript
         Epsylon3 - author of ODbgScript
*/
//support Asprotect 1.32, 1.33, ,1.35, 1.4, 2.0, 2.1, 2.11, 2.2beta, 2.2, 2.3

var tmp1            
var tmp2            
var tmp3            
var tmp4            
var tmp5            
var tmp6            
var tmp7            
var tmp8            
var tmp9            
var imgbase
var imgbasefromdisk
var 1stsecbase
var 1stsecsize
var dllimgbase
var count
var transit1
var transit2
var func1
var func2
var func3
var func4
var OEP_rva
var caller

//for IAT fixing
var patch1
var patch2
var patch3
var ori1
var ori2
var ori3
var ori4
var iatstartaddr
var iatstart_rva
var iatendaddr
var iatsize
var EBXaddr
var ESIaddr
var lastsecbase
var lastsecsize
var type3dataloc
var thunkdataloc
var thunkpt
var thunkstop
var type3API
var type3count
var type1API
var E8count
var writept2
var APIpoint3
var crcpoint1
var FF15flag
var ESIpara1
var ESIpara2
var ESIpara3
var ESIpara4
var nortype
var v1.32
var v2.0x
var type1fixed

//for stolencode after API
var SCafterAPIcount

//for dll
var reloc_rva
var reloc_size
var isdll

dbh
cmp $VERSION, "1.47"
jb odbgver
BPHWCALL                //clear hardware breakpoint
GMI eip, MODULEBASE     //get imagebase
mov imgbase, $RESULT
log imgbase
mov tmp1, imgbase
add tmp1, 3C              //40003C
mov tmp1, [tmp1]
add tmp1, imgbase         //tmp1=signature VA
mov tmp3, tmp1
add tmp1, 34
mov imgbasefromdisk, [tmp1]
log imgbasefromdisk
mov tmp1, tmp3
add tmp1, f8              //1st section
log tmp1
add tmp1, 8
mov 1stsecsize, [tmp1]
log 1stsecsize
add tmp1, 4
mov 1stsecbase, [tmp1]
add 1stsecbase, imgbase
log 1stsecbase
mov tmp1, tmp3
add tmp1, f8             //1st section
add tmp3, 6
mov tmp2, [tmp3]
and tmp2, 0FFFF

last:
cmp tmp2, 1
je lab1
add tmp1, 28
sub tmp2, 1
jmp last

lab1:
log tmp1
add tmp1, 8
mov lastsecsize, [tmp1]
log lastsecsize
add tmp1, 4
mov tmp3, [tmp1]
add tmp3, imgbase
mov lastsecbase, tmp3
log lastsecbase

//check if its an exe or dll
GPI EXEFILENAME
mov tmp1, $RESULT
cmp tmp1, 0
je error
GPI PROCESSNAME
mov tmp2, $RESULT
GPI CURRENTDIR
mov tmp3, $RESULT
eval "{tmp3}{tmp2}.exe"
mov tmp4, $RESULT
eval "{tmp3}{tmp2}.dll"
mov tmp5, $RESULT
scmp tmp1, tmp4
je lab1_1
scmp tmp1, tmp5
jne error
mov isdll, 1

lab1_1:
log isdll
gpa "GetSystemTime", "kernel32.dll"
bp $RESULT
esto
bc $RESULT
rtr
sti
GMEMI eip, MEMORYOWNER
mov dllimgbase, $RESULT
cmp dllimgbase, 0
je error
log dllimgbase
find dllimgbase, #3135310D0A#
mov tmp1, $RESULT
cmp tmp1, 0
je wrongver
find dllimgbase, #0F318901895104#      //check rdtsc trick
mov tmp1, $RESULT
cmp tmp1, 0
je lab2
log tmp1
sub tmp1, 80
find tmp1, #558BEC#
mov tmp1, $RESULT
cmp tmp1, 0
je error
bp tmp1
esto
bc tmp1
mov eip, [esp]
add esp, 4

lab2:
mov tmp1, dllimgbase
add tmp1, 010e00
find tmp1, #892D????????3b6C24??#
mov tmp2, $RESULT
cmp tmp2, 0
je error45
find tmp2, #833C240074??#
mov tmp4, $RESULT
cmp tmp4, 0
je error45
add tmp4, 4
log tmp4
bp tmp4
eob lab3
eoe lab3
esto

lab3:
cmp eip, tmp4
je lab4
esto

lab4:
bc tmp4
mov tmp1, eip
sub tmp1, 1000
find tmp1, #F3A566A5#  //search "rep movs[edi],[esi]","movs [edi],[esi]"
mov tmp1, $RESULT
cmp tmp1, 0
je error
find tmp1, #0F84??000000#
mov thunkstop, $RESULT
log thunkstop
bp thunkstop
find dllimgbase, #45894500#   //search "inc ebp", "mov [ebp],eax"
mov tmp2, $RESULT
cmp tmp2, 0
je error
sub tmp2, 27
mov APIpoint3, tmp2
log APIpoint3
find dllimgbase, #40890383C704#
mov tmp1, $RESULT
add tmp1, 1
mov thunkpt, tmp1
log thunkpt
cmp isdll, 1
jne lab7_1
mov !zf, 1
mov tmp1, eip
mov tmp2, [tmp1+2]
log tmp2
and tmp2, 0FFFF
cmp tmp2, 5C03             //chk if "add ebx, [esp+4]"
je lab5
cmp tmp2, 5C8B             //chk if "mov ebx, [esp+4]"
jne error
mov reloc_rva, esi
mov tmp1, esi
jmp lab6

lab5:
mov reloc_rva, ebx
mov tmp1, ebx

lab6:
add tmp1, imgbase
find tmp1, #0000000000000000#
mov tmp2, $RESULT
sub tmp2, imgbase
sub tmp2, reloc_rva
mov tmp3, tmp2
and tmp3, 0F
cmp tmp3, 0
jne size0
jmp lab7

size0:
cmp tmp3, 4
ja size1
and tmp2, 0FFFFFFF0
add tmp2, 4
jmp lab7

size1:
cmp tmp3, 8
ja size2
and tmp2, 0FFFFFFF0
add tmp2, 8
jmp lab7

size2:
cmp tmp3, C
ja size3
and tmp2, 0FFFFFFF0
add tmp2, C
jmp lab7

size3:
and tmp2, 0FFFFFFF0
add tmp2, 10

lab7:
mov reloc_size, tmp2

lab7_1:
bp thunkpt
find dllimgbase, #33C08A433?3BF0#   //search "xor eax,eax", "mov al, {ebx+3?]", "cmp esi,eax"
mov patch1, $RESULT
cmp patch1, 0
je error
add patch1, 7
log patch1
mov tmp1, patch1
sub tmp1, 3
mov tmp2, [tmp1]
and tmp2, FF
log tmp2
cmp tmp2, 3F
jne lab8
mov v1.32, 1

lab8:
mov tmp1, dllimgbase
add tmp1, 200        
mov thunkdataloc, tmp1
log thunkdataloc
find dllimgbase, #0036300D0A#
mov tmp1, $RESULT
cmp tmp1, 0
je error
find tmp1, #68????????68????????68????????68????????#
mov tmp2, $RESULT
log tmp2
mov tmp1, tmp2
add tmp1, 14
mov tmp3, [tmp1]
and tmp3, 0FFFF
log tmp3
cmp tmp3, 35FF
je lab11
mov crcpoint1, tmp1
log crcpoint1
bp crcpoint1
eob lab9
eoe lab9
esto

lab9:
cmp eip, crcpoint1
je lab10
esto

lab10:
eob
eoe
bc crcpoint1
bc thunkpt
bc thunkstop
rtr
sti
bp thunkpt
bp thunkstop

lab11:
eob lab12
eoe lab12
esto

lab12:
cmp eip, thunkpt
je lab13
cmp eip, thunkstop
je lab18
esto

lab13:
bc thunkpt
mov ESIaddr, esi
log ESIaddr
mov ori1, [patch1]
mov ori2, [patch1+4]
find eip, #3A5E3?7517#
mov tmp1, $RESULT
cmp tmp1, 0
je error
mov ESIpara1, [tmp1]
log ESIpara1
add tmp1, 6
find tmp1, #3A5E3?7517#
mov tmp2, $RESULT
cmp tmp2, 0
je error
mov ESIpara2, [tmp2]
log ESIpara2
add tmp2, 6
find tmp2, #3A5E3?75??#
mov tmp1, $RESULT
cmp tmp1, 0
je error
mov ESIpara3, [tmp1]
log ESIpara3
add tmp1, 6
find tmp1, #473A5E3?#
mov tmp2, $RESULT
cmp tmp2, 0
je error
add tmp2, 1
mov tmp3, [tmp2]
and tmp3, 00FFFFFF
add tmp3, 74000000
mov ESIpara4, tmp3
log ESIpara4
find eip, #834424080447EB1A#  //search "add [esp+8],4", "inc edi"
mov tmp1, $RESULT
cmp tmp1, 0
je lab13_1
mov nortype, 1
log nortype

//checking iatendaddr
lab13_1:
mov tmp7, eip         //save eip
mov tmp1, dllimgbase
mov [tmp1], #609CBE740E8C00BD000F8600C74500000286008B4D008B0305000000018901834500048BFB83C70A83C1048939834500#
add tmp1, 30   //30
mov [tmp1], #0433C0B9FFFFFFFFF2AE8A1F3A5E3474373A5E37750883C707FF45FCEBEC3A5E38750883C705FF45FCEBDF3A5E3A7508#
add tmp1, 30  //60
mov [tmp1], #83C704FF45FCEBD283C703668B0783C00203F8FF45FCEBC2807D04017465478BDF833B00758DC6450401C74508000286#
add tmp1, 30  //90
mov [tmp1], #00C745FC000000008B45088B0089450C8945148B45088B4004894510834508088B45088B0083F80074213B450C720E89#
add tmp1, 30  //C0
mov [tmp1], #450C8B5D088B5B04895D10EB083B4514770389451483450808EBD58B7D10E94EFFFFFFB8000286008B0883F90074113B# 
add tmp1, 30  //F0
mov [tmp1], #4D147407C741FC0000000083C008EBE89D61909000#
mov tmp1, dllimgbase
mov tmp2, dllimgbase
add tmp2, 0F00          //dllimgbase+F00
add tmp1, 3     //3
mov [tmp1], ESIaddr
add tmp1, 5     //8
mov [tmp1], tmp2
add tmp1, 7     //F
mov [tmp1], thunkdataloc
add tmp1, A    //19
mov [tmp1], imgbase
add tmp1, 23    //3C
mov [tmp1], ESIpara4
add tmp1, 5     //41
mov [tmp1], ESIpara1
add tmp1, D     //4E
mov [tmp1], ESIpara2
add tmp1, D     //5B
mov [tmp1], ESIpara3
add tmp1, 32    //8D
mov [tmp1], thunkdataloc
add tmp1, 57    //E4
mov [tmp1], thunkdataloc
cmp nortype, 1
je lab14
mov tmp1, dllimgbase
add tmp1, 60       //60
mov [tmp1], #83C705FF#

lab14:
cob
coe
mov tmp4, dllimgbase
add tmp4, 102      //end point
bp tmp4
mov eip, dllimgbase
run
bc tmp4
mov eip, tmp7       //restore eip
mov tmp1, dllimgbase
add tmp1, 0EFC
mov tmp2, [tmp1]     //API count of last dll
log tmp2            
mov tmp3, [tmp1+10]  //last thunk addr
log tmp3            
shl tmp2, 2
add tmp3, tmp2
mov iatendaddr, tmp3
log iatendaddr
mov iatstartaddr, [tmp1+18]
log iatstartaddr
mov iatstart_rva, iatstartaddr
sub iatstart_rva, imgbase
log iatstart_rva
mov [iatendaddr], 0
mov tmp1, iatendaddr
sub tmp1, iatstartaddr
add tmp1, 4
mov iatsize, tmp1
fill dllimgbase, f20, 00

//force to decrypt all api
mov tmp1, dllimgbase
cmp v1.32, 1
je lab15
mov [tmp1], #570FB67B353BF775040FB673365F3BF00F8500000000E900000000#
jmp lab16

lab15:
mov [tmp1], #570FB67B393BF775040FB6733A5F3BF00F8500000000E900000000#

lab16:
add tmp1, 10
mov tmp2, patch1
add tmp2, 60
eval "jnz {tmp2}" 
asm tmp1, $RESULT
add tmp1, 6
mov tmp2, patch1
add tmp2, 5
eval "jmp {tmp2}"
asm tmp1, $RESULT
eval "jmp {dllimgbase}"
asm patch1, $RESULT
find patch1, #3B432?74656AFF#  //search "cmp eax,[ebx+2?]","je xxxxxx","push -1"  
mov patch2, $RESULT
cmp patch2, 0
je lab17
add patch2, 3
log patch2
mov ori3, [patch2]
mov [patch2], #EB#

lab17:
find patch1, #3B432?741b6AFF#  //search "cmp eax,[ebx+2?]","je xxxxxx","push -1"
mov patch3, $RESULT
cmp patch3, 0
je error
add patch3, 3
log patch3
mov ori4, [patch3]
mov [patch3], #EB#
eob lab12
eoe lab12
esto

lab18:
bc thunkstop
bphwc thunkpt
fill dllimgbase, 20, 00
mov [patch1], ori1
mov tmp1, patch1
add tmp1, 4
mov [tmp1], ori2
cmp patch2, 0
je lab19
mov [patch2], ori3

lab19:
mov [patch3], ori4

find dllimgbase, #8B432C2BC583E805#
mov tmp1, $RESULT
cmp tmp1, 0
je error
add tmp1, 8
mov writept2, tmp1
log writept2
bphws writept2, "x"
find dllimgbase, #0036300D0A#
mov tmp1, $RESULT
cmp tmp1, 0
je error
sub tmp1, 60
log tmp1
find tmp1, #5?C3#
mov tmp2, $RESULT
cmp tmp2, 0
je error
log tmp2
add tmp2, 1
mov transit1, tmp2
log transit1
bp transit1
BPHWS APIpoint3, "x"
eoe lab20
eob lab20
esto

lab20:
cmp eip, APIpoint3
je lab21
cmp eip, writept2
je lab23
cmp eip, transit1
je lab25
esto

lab21:
mov type3API, 1
cmp EBXaddr, 0
jne lab22
mov EBXaddr, ebx
log EBXaddr
mov tmp1, [EBXaddr+4A]
and tmp1, 0FF
mov FF15flag, tmp1
log FF15flag

lab22:
bphwc APIpoint3
eob lab20
eoe lab20
esto

lab23:
bphwc writept2
cmp EBXaddr, 0
jne lab24
mov EBXaddr, ebx
log EBXaddr
mov tmp1, [EBXaddr+4A]
and tmp1, 0FF
mov FF15flag, tmp1
log FF15flag

lab24:
mov type1API, 1
log type1API
eob lab20
eoe lab20
esto

lab25:
bphwc APIpoint3
bphwc writept2
bc transit1
cmp type3API, 0
je lab30

//fix type3 API
mov tmp4, APIpoint3
sub tmp4, 100
find tmp4, #05FF000000508BC3#
mov tmp1, $RESULT
cmp tmp1, 0
je error
add tmp1, 8
log tmp1
opcode tmp1
mov func1, $RESULT_1
log func1
add tmp1, 5
find tmp1, #8BC3E8??#
mov tmp2, $RESULT
cmp tmp2, 0
je error
add tmp2, 2
opcode tmp2
mov func2, $RESULT_1
log func2
add tmp2, 5
find tmp2, #8BC3E8??#
mov tmp1, $RESULT
cmp tmp1, 0
je error
add tmp1, 2
opcode tmp1
mov func3, $RESULT_1
log func3
mov tmp3, [tmp1-D]
log tmp3
and tmp3, 0FF
cmp tmp3, 50
je lab26
mov v1.32, 1
log v1.32

lab26:
mov tmp1, dllimgbase
mov [tmp1], #60BB6806CA00BD000DC4008B73548D7B408B43188945608B83E000000089453433C08A078D04408B4C83688BC6FFD18B#
add tmp1, 30     //30
mov [tmp1], #C8034B24038BE000000033C08A47098D04408B5483688BC6FFD2807B20000F854C0100003C010F8544010000894D7033#
add tmp1, 30     //60
mov [tmp1], #C08A47078D04408B5483688BC6FFD289452433C08A47088D04408B5483688BC6FFD289452833C08A47028D04408B5483#
add tmp1, 30     //90
mov [tmp1], #688BC6FFD289453C33C08A47068D04408B5483688BC6FFD28845408B83E000000001453C8B453C5033C08A454005FF00#
add tmp1, 30     //C0
mov [tmp1], #0000508BC3E85A6A03008BC88B53108BC3E8725803008B552403553403D08955248B55282B55342BD089552833C08A47#
add tmp1, 30     //F0
mov [tmp1], #038D04408B5483688BC6FFD28945348B83E000000001453433C08A47018D04408B5483688BC6FFD28845388D452C5066#
add tmp1, 30     //120
mov [tmp1], #8B4D24668B55288BC3E8126503008B552C0393E0000000909090909060E82E00000066B9FF153E8A4538363A434A7405#
add tmp1, 30    //150
mov [tmp1], #6681C100108B457066890883C002893061EB3A00000000000000000000000090BEE02150003916740D83C60481FE3C2A#
add tmp1, 30    //180
mov [tmp1], #0210770FEBEF81EE0000400081C600004000C390900000000000000000FF4568FF4D6003B3E4000000837D60000F876D#
add tmp1, 30    //1B0
mov [tmp1], #FEFFFF6190#
mov tmp1, dllimgbase
mov tmp2, dllimgbase
add tmp2, 0D00        //dllimgbase+D00
mov tmp3, dllimgbase
add tmp3, 0D68        //Dllimgbase+D68
add tmp1, 2           //2
mov [tmp1], EBXaddr
add tmp1, 5           //7
mov [tmp1], tmp2
add tmp1, BE          //C5
eval "{func1}"
asm tmp1, $RESULT
add tmp1, 0C          //D1
eval "{func2}"
asm tmp1, $RESULT
add tmp1, 58          //129
eval "{func3}"
asm tmp1, $RESULT
add tmp1, 48          //171
mov [tmp1], iatstartaddr
add tmp1, D           //17E
mov [tmp1], iatendaddr
add tmp1, A           //188
mov [tmp1], imgbase
add tmp1, 6           //18E
mov [tmp1], imgbasefromdisk
add tmp1, 5           //193   error point   
mov tmp5, tmp1
bp tmp5
add tmp1, 21          //1B4   end point
mov tmp6, tmp1
bp tmp6
mov tmp7, eip         //store eip
cmp v1.32, 1
jne lab27
mov tmp1, dllimgbase
add tmp1, 11B         //dllimgbase+11B
mov [tmp1], #90909090#
add tmp1, 13          //dllimgbase+12E
mov [tmp1], #8BD090909090909090#

lab27:
mov eip, dllimgbase
eob lab28
eoe lab28
run

lab28:
cmp eip, tmp5      //error
je lab36
cmp eip, tmp6      //OK
je lab29

lab29:
bc tmp5
bc tmp6
mov type3count, [tmp3]
log type3count
fill dllimgbase, 0E00, 00
mov eip, tmp7           //restore eip

//get all call xxxxxxxx
lab30:
cmp type1API, 0
je lab78
MSGYN "Fix call xxxxxxxx now?"
cmp $RESULT, 1
jne lab78
mov caller, "lab30"

fixtype1:
find dllimgbase, #3130320D0A#          //search "102"
mov tmp6, $RESULT
cmp tmp6, 0
je error
find tmp6, #05FF00000050#          //"Add eax,FF"  "push eax"
mov tmp1, $RESULT
cmp tmp1, 0
je error
find tmp1, #8B45F4E8#
mov tmp2, $RESULT
cmp tmp2, 0
je error
add tmp2, 3
log tmp2
opcode tmp2
mov func1, $RESULT_1
log func1
add tmp2, 5
find tmp2, #8B45F4E8#
mov tmp1, $RESULT
cmp tmp1, 0
je error
add tmp1, 3
opcode tmp1
mov func2, $RESULT_1
log func2
add tmp1, 5
find tmp1, #8B45F4E8????????#
mov tmp2, $RESULT
cmp tmp2, 0
je error
add tmp2, 3
opcode tmp2
mov func3, $RESULT_1
log func3
mov tmp1, tmp2
add tmp1, 5
mov tmp3, [tmp1]
//log tmp3
find tmp1, #8B55FCE8#
mov tmp2, $RESULT
cmp tmp2, 0
je error
add tmp2, 3
opcode tmp2
mov func4, $RESULT_1
log func4
cmp tmp3, A1FC4589
jne lab31
log tmp1
find tmp1, #8B83080100008B401C#
mov tmp2, $RESULT
cmp tmp2, 0
je lab30_1
mov v2.0x, 1
jmp lab31

lab30_1:
mov v1.32, 1

lab31:
log v1.32
log v2.0x
mov tmp1, dllimgbase
mov [tmp1], #609CBB000E0201BE00104000803EE875188B460103C683C0053B432C750B893500C09E00E8170000004681FE00705900#
add tmp1, 30     //30
mov [tmp1], #72DA9D6190909000000000000000009060BD0009FB00A100C09E00894510BB000E02018B480103C883C1053B4B2C7421#
add tmp1, 30     //60
mov [tmp1], #61C3909090909090909090909090909090909090909090909090909090909090908B45102B43148B55102B53242B93E0#
add tmp1, 30     //90
mov [tmp1], #0000008955F83B43280F83600400008D53408955E48B53188955F48B551083C2058A123293E00000008BFA81E7FF0000#
add tmp1, 30     //C0
mov [tmp1], #0025FF00000033F83B7DF40F87AE0100008B83E4000000F7EF0343548945FC8B45E40FB6008D04408B7483688B45FCFF#
add tmp1, 30     //F0
mov [tmp1], #D68BF03B75F80F8574010000807B2000741B8B45E40FB640098D04408B5483688B45FCFFD23C010F843B0200008D75FC#
add tmp1, 30     //120
mov [tmp1], #33C08A43428D04408BD38B7C82688B06FFD78945B833C08A43438D04408BD38B7C82688B06FFD78BF833C08A43458D04#
add tmp1, 30     //150
mov [tmp1], #408BD38B5482688B06FFD28845B733C08A43418D04408BD38B5482688B06FFD28845BF8B83E00000000345B88945D433#
add tmp1, 30     //180
mov [tmp1], #C08A43478D04408BD38B5482688B06FFD28945E003BBE00000005733C08A45B705FF000000508BC3E88BB102008BC88B#
add tmp1, 30     //1B0
mov [tmp1], #53108BC3E80B9F02008945D033C08A43488D04408BD38B7C82688B06FFD78B55D00155E08B5510422B022B45D08B5510#
add tmp1, 30     //1E0
mov [tmp1], #0FB61203C28BD38B522C2B551083EA0503C28D55CC52668B4DE08BD08BC3E8E9AB02008B83E00000000145CC837DD4FF#
add tmp1, 30     //210
mov [tmp1], #740E8B45108B5D14890383C304895D148B5DCCE9A8020000909090909090909090909090909090909090909090909090#
add tmp1, 30     //240
mov [tmp1], #BE00705900391E741183C60481FE747A59000F87A7020000EBEB81EE0000400081C600004000C3000000000000000090#
add tmp1, 30     //270
mov [tmp1], #81C7FF0000003B7DF40F8652FEFFFF8B83080100008B401C488945F48B43188B55F4423BC27405E9630200008B45F485#
add tmp1, 30     //2A0
mov [tmp1], #C00F8C58020000408945E0C745EC000000008B83080100008B55ECE8800000008BF88B45E40FB6008D04408B7483688B#
add tmp1, 30     //2D0
mov [tmp1], #4704FFD68BF03B75F8753F807B200074178B45E40FB640098D04408B5483688B4704FFD23C01746883C7048BF7E91EFE#
add tmp1, 30     //300
mov [tmp1], #FFFF909090900000000000000000000000000000000090909090FF45ECFF4DE07590E9D8010000909090909000000000#
add tmp1, 30     //330
mov [tmp1], #0000000000000000000000000000000033C985D27C0B3B501C7D068B40188B0C908BC1C3909090908D75FCEB08909090#
add tmp1, 30     //360
mov [tmp1], #83C7048BF733C08A43478D04408BD38B7C82688B06FFD78945EC33C08A43488D04408BD38B7C82688B06FFD78945E833#
add tmp1, 30     //390
mov [tmp1], #C08A43428D04408BD38B7C82688B06FFD78BF833C08A43468D04408BD38B5482688B06FFD28845DF03BBE00000005733#
add tmp1, 30     //3C0
mov [tmp1], #C08A45DF05FF000000508BC3E867AF02008BC88B53108BC3E8E79C02008945D833C08A43438D04408BD38B7C82688B06#
add tmp1, 30     //3F0
mov [tmp1], #FFD78BF803BBE00000008B45EC03C70345D88945EC8B45E82BC72B45D88945E833C08A43418D04408BD38B5482688B06#
add tmp1, 30     //420
mov [tmp1], #FFD28845BF895D208BD88D45B450668B4DEC668B55E88B4520E8AEA902008B45208B80E00000000345B48945FC8945CC#
add tmp1, 30     //450
mov [tmp1], #576A008D4DE08B45208B403C8B55FCE8106D02008945FC8B45E08B00E81F0000000045BF8B5DCCEB5700000000000000#
add tmp1, 30     //480
mov [tmp1], #00000000000000000000000000000090516689C1C1C0106601C828E059C30000#
add tmp1, 30     //4B0
mov [tmp1], #0000000000000000000000000000000090909090909090909090909090909090E86BFDFFFF66B9FF158B5DE48A430A3A#
add tmp1, 30     //4E0
mov [tmp1], #45BF74056681C100108B5D1066890B83C3028933FF05000E900061C390909090#

mov tmp1, dllimgbase
mov tmp2, tmp1
add tmp1, 3       //3
mov [tmp1], EBXaddr
add tmp1, 5       //8
mov [tmp1], 1stsecbase
add tmp1, 18      //20
mov tmp4, dllimgbase
add tmp4, 0E04       //dllimgbase+0E04
mov [tmp1], tmp4
add tmp1, 0C      //2C
mov tmp3, 1stsecbase
add tmp3, 1stsecsize
mov [tmp1], tmp3
add tmp1, 16      //42
mov tmp2, dllimgbase
add tmp2, 900        //dllimgbase+900
mov [tmp1], tmp2
add tmp1, 5       //47
mov [tmp1], tmp4
add tmp1, 8       //4F
mov [tmp1], EBXaddr
add tmp1, 159     //1A8
eval "{func1}"
asm tmp1, $RESULT
add tmp1, C       //1B4
eval "{func2}"
asm tmp1, $RESULT
add tmp1, 4A      //1FE
eval "{func3}"
asm tmp1, $RESULT
add tmp1, 43      //241
mov [tmp1], iatstartaddr
add tmp1, D       //24E
mov [tmp1], iatendaddr
add tmp1, E       //25C
mov [tmp1], imgbase
add tmp1, 6       //262
mov [tmp1], imgbasefromdisk
add tmp1, 16A     //3CC
eval "{func1}"
asm tmp1, $RESULT
add tmp1, C       //3D8
eval "{func2}"
asm tmp1, $RESULT
add tmp1, 61      //439
eval "{func3}"
asm tmp1, $RESULT
add tmp1, 26      //45F
eval "{func4}"
asm tmp1, $RESULT
add tmp1, 97      //4F6
mov tmp2, dllimgbase
add tmp2, E00        //dllimgbase+E00  for storing E8count
mov [tmp1], tmp2
mov tmp2, dllimgbase
add tmp2, 914        //dllimgbase+900
mov [tmp2], lastsecbase    //loc for storing sc after API
mov tmp2, dllimgbase
add tmp2, 34         //34 -- end point
bp tmp2
mov tmp3, dllimgbase
add tmp3, 4FF        //4FF -- error point
bp tmp3
cmp v1.32, 1
jne lab32
mov tmp4, dllimgbase
add tmp4, 203        //203
mov [tmp4], #8945CC83C404909090#
add tmp4, 7C         //27F
mov [tmp4], #8B830401#
add tmp4, 33         //2B2
mov [tmp4], #8B830401#
add tmp4, 18C        //43E
mov [tmp4], #83C404909090909090909090#
jmp lab33

lab32:
cmp v2.0x, 1
jne lab33
mov tmp4, dllimgbase
add tmp4, 203        //203
mov [tmp4], #8945CC83C404909090#
add tmp4, 23b        //43E
mov [tmp4], #83C404909090909090909090#

lab33:
mov tmp6, eip
mov eip, dllimgbase
eob lab34
eoe lab34
run

lab34:
cmp eip, tmp2
je lab35
cmp eip, tmp3
je lab36
run

lab35:
bc tmp2
bc tmp3
mov eip, tmp6
mov tmp1, dllimgbase
add tmp1, 0E00
mov tmp2, [tmp1]
mov E8count, tmp2
log E8count
mov type1fixed, 1
jmp lab47

lab36:
msg "Unexpected termination of the process"
pause
jmp end

//lab37_lab46

lab47:
mov tmp1, dllimgbase
add tmp1, 914
mov tmp2, [tmp1]
mov tmp3, lastsecbase          //loc for storing sc after API
cmp tmp3, tmp2
je lab56
sub tmp2, tmp3
//dm tmp3, tmp2, "SCafAPI.bin"
shr tmp2, 2
mov SCafterAPIcount, tmp2
log SCafterAPIcount
//msg "Advanced IAT protection detected, press OK to fix it"
//pause
fill dllimgbase, 0E10, 00

//Advanced Import protection
find dllimgbase, #3130320D0A#  //search "102"
mov tmp6, $RESULT
cmp tmp6, 0
je error
find tmp6, #8B80E4000000E8#   //search "mov eax,[eax+E4]" "call xxxxxxxx"
mov tmp1, $RESULT
cmp tmp1, 0
je error
add tmp1, 6
log tmp1
opcode tmp1
mov func1, $RESULT_1
log func1
add tmp1 , 6
find tmp1, #8BC7E8????????#        //search "mov eax,edi","call xxxxxxx" 
mov tmp2, $RESULT
cmp tmp2, 0
je error
add tmp2, 2
opcode tmp2
mov func2, $RESULT_1
log func2
add tmp2, 8
mov ori1, [tmp2]
log ori1
find tmp2, #E8????????#
mov tmp1, $RESULT
cmp tmp1, 0
je error
opcode tmp1
mov func3, $RESULT_1
log func3

lab50:
mov tmp9, eip                 //save eip

mov tmp1, dllimgbase
mov [tmp1], #60BB6806F400BD000BEE00BF000BEE008B57048BC3E8860900008945D88D73408B83E4000000E821250000897DDC8BF8#
add tmp1, 30   //30
mov [tmp1], #8B8BE40000008B55D88BC7E87C6000006A10B9C0B7F1008B93E40000008BC7E8E848010033C08A46028D04408BD38B54#
add tmp1, 30   //60
mov [tmp1], #82688BC7FFD28945F033C08A46038D04408BD38B5482688BC7FFD28945EC33C08A46018D04408BD38B5482688BC7FFD2#
add tmp1, 30   //90
mov [tmp1], #3A434A74443A434B0F84420000003A434C0F84890000003A434D0F84800000003A434F0F84A70600003A43500F841E07#
add tmp1, 30  //C0
mov [tmp1], #00003A43510F84750700003A43520F84DC070000E907090000E9E208000090908B8BE0000000034DEC034D908B7DDC8B#
add tmp1, 30  //F0
mov [tmp1], #3F8B1F83C3068BC12BC38BD07905F7D283C20481FA81000000770BC603EB83E802884301EB09C603E983E805894301E9#
add tmp1, 30  //120
mov [tmp1], #9C0800009090909090909090909090908845D033C08945AC8945B08945B48945B88945BC8A46078D04408B5483688BC7#
add tmp1, 30  //150
mov [tmp1], #FFD28945B033C08A46058D04408B5483688BC7FFD28BD080EA080F92C280FA01750A8945B0C745B40100000033C08A46#
add tmp1, 30  //180
mov [tmp1], #088D04408B5483688BC7FFD28945B833C08A46068D04408B5483688BC7FFD28BD080EA080F92C280FA01750A8945B8C7#
add tmp1, 30  //1B0
mov [tmp1], #45BC0100000033C08A46098D04408B5483688BC7FFD284C0742EFEC87430FEC87432FEC80F8466010000FEC80F841E02#
add tmp1, 30  //1E0
mov [tmp1], #0000FEC80F8416030000FEC80F84BE030000E9E907000090E9C307000090E9BD0700009057538B7DDC8B3F8B0F83C106#
add tmp1, 30  //210
mov [tmp1], #837DB4010F85B8000000837DBC017547B83900000033D23E8A55B8C0E2033E0255B086F203C2807DB004740E807DB005#
add tmp1, 30  //240
mov [tmp1], #741166890183C102EB18668901C6410224EB0C0500400000668901C641020083C103E9D00000003E8B55B881FA800000#
add tmp1, 30  //270
mov [tmp1], #007307B883380000EB05B88138000033D23E8A55B086F203C2807DB004740E807DB005741466890183C102EB1B668901#
add tmp1, 30  //2A0
mov [tmp1], #C641022483C103EB0F0500400000668901C641020083C1033E8B55B881FA800000007307881183C101EB6C891183C104#
add tmp1, 30  //2D0
mov [tmp1], #EB658B45900145B0837DBC017521B83905000033D23E8A55B8C0E20386F203C26689013E8B55B089510283C106EB383E#
add tmp1, 30  //300
mov [tmp1], #8B55B881FA800000007317B8833D00006689013E8B45B089410288510683C107EB15B8813D00006689013E8B45B08941#
add tmp1, 30  //330
mov [tmp1], #0289510683C10A8BD9E952030000909057538B7DDC8B3F8B0F83C106837DB4010F858A060000837DBC017544B83B0000#
add tmp1, 30  //360
mov [tmp1], #0033D23E8A55B0C0E2033E0255B886F203C2807DB804740E807DB805741166890183C102EB3C668901C6410224EB0C05# 
add tmp1, 30  //390
mov [tmp1], #00400000668901C641020083C103EB22B83B05000033D23E8A55B0C0E20386F203C26689013E8B55B803559089510283#
add tmp1, 30  //3C0
mov [tmp1], #C1068BD9E9C702000000000000000000#
add tmp1, 30  //3F0
mov [tmp1], #9090909090909090909090909090909057538B7DDC8B3F8B1F83C306837DB4010F859F000000837DBC017551807DB005#
add tmp1, 30  //420
mov [tmp1], #742AB83800000033D23E8A55B8C0E2033E0255B086F203C266890383C302807DB0047524C6032483C301EB1CB8384500#
add tmp1, 30  //450
mov [tmp1], #0033D23E8A55B8C0E20386F203C2668903C643020083C303E923020000807DB0047423807DB005742BB88038000033D2#
add tmp1, 30  //480
mov [tmp1], #3E8A55B086F203C26689038B55B888530283C303EB5AC703833C24008B55B8885303EB0CC703837D00008A55B8885303#
add tmp1, 30  //4B0
mov [tmp1], #83C304EB3B837DBC017521B83805000033D23E8A55B8C0E20386F203C26689033E8B55B089530283C306EB1466C70380#
add tmp1, 30  //4E0
mov [tmp1], #3D8B55B08953028A45B888430683C307E99B010000909090909090909090909057538B7DDC8B3F8B1F83C306837DB401#
add tmp1, 30  //510
mov [tmp1], #0F85CA040000837DBC017544B83A00000033D23E8A55B0C0E2033E0255B886F203C2807DB804740E807DB80574116689#
add tmp1, 30  //540
mov [tmp1], #0383C302EB39668903C6430224EB0C0500400000668903C643020083C303EB1FB83A05000033D23E8A55B0C0E20386F2#
add tmp1, 30  //570
mov [tmp1], #03C26689033E8B55B889530283C306E90C010000900000000000000000000000#
add tmp1, 30  //5A0
mov [tmp1], #0000000090909090909090909090909057538B7DDC8B3F8B1F83C306837DB4010F851A040000837DBC01751EB83BC000#
add tmp1, 30  //5D0
mov [tmp1], #0033D23E8A55B0C0E2033E0255B886F203C266890383C302EB4B3E8B55B881FA80000000731AB883F8000033C93E8A4D#
add tmp1, 30  //600
mov [tmp1], #B086E903C166890388530283C303EB258B4DB083F900750BC6033D89530183C305EB12B881F8000086E903C166890389#
add tmp1, 30  //630
mov [tmp1], #530283C306EB59909090909090909090#
add tmp1, 30  //660
add tmp1, 30  //690
mov [tmp1], #895DAC5B5F33C08A45D03A434C0F851D0300009090909090909090909090909033C08A46048D04408BD38B5482688BC7#
add tmp1, 30  //6C0
mov [tmp1], #FFD23C06740E3C07740E3C0A740E3C0B740EEB0EB00AEB0AB00BEB06B006EB02B007508B83E00000000345EC0345908B#
add tmp1, 30  //6F0
mov [tmp1], #55AC8BCA2BC87826F7D14980F980720B5883C0708802884A01EB3D5886E0050F80000066890283E904894A02EB2AF7D1#
add tmp1, 30  //720
mov [tmp1], #4181F981000000770E5883C070880283E902884A01EB115886E0050F80000066890283E906894A02E973020000000000#
add tmp1, 30  //750
mov [tmp1], #0000000000000000000000000090909033C08A46058D04408BD38B5482688BC7FFD28845EB33C08A46078D04408BD38B#
add tmp1, 30  //780
mov [tmp1], #5482688BC7FFD28BC88B7DDC8B3F8B1F83C3063D80000000771433C08A45EB86E00583C00000668903884B02EB1E33C0#
add tmp1, 30  //7B0
mov [tmp1], #8A45EB3C007508C60305894B01EB0D86E00581C00000668903894B02E9EF010000000000000000000000000000000090#
add tmp1, 30  //7E0
mov [tmp1], #33C08A46058D04408BD38B5482688BC7FFD28845EB33C08A46068D04408BD38B5482688BC7FFD28845EA8B7DDC8B3F8B#
add tmp1, 30  //810
mov [tmp1], #1F33C08A45EBC1E0030245EA86E0058BC0000066894306E9940100000000000000000000000000000000000000000000#
add tmp1, 30  //840
mov [tmp1], #33C08A46058D04408BD38B5482688BC7FFD28845EB33C08A46078D04408BD38B5482688BC7FFD28BC8034D908B7DDC8B#
add tmp1, 30  //870
mov [tmp1], #3F8B1F83C306807DEB00741733C08A45EBC0E00386E00589050000668903894B02EB06C603A3894B01E9220100000000#
add tmp1, 30  //8A0
mov [tmp1], #0000000000000090909090909090909033C08A46058D04408BD38B5482688BC7FFD28845EB33C08A46068D04408BD38B#
add tmp1, 30  //8D0
mov [tmp1], #5482688BC7FFD28845EA33C08A46078D04408BD38B5482688BC7FFD28BC88B7DDC8B3F8B1F83C306807DEB04743B3D80#
add tmp1, 30  //900
mov [tmp1], #000000771A33C08A45EAC0E0030245EB86E00589400000668903884B02EB5533C08A45EAC0E0030245EB86E005898000#
add tmp1, 30  //930
mov [tmp1], #00668903894B02EB3B3D80000000771B33C08A45EAC0E00386E00589440000668903C6430224884B03EB1933C08A45EA#
add tmp1, 30  //960
mov [tmp1], #C0E00386E00589840000668903C6430224894B03EB4A90909000000000000000#
add tmp1, 30  //990
mov [tmp1], #0000000000000000000000000000009053568BF28BD83B731C7602EB338BC6F7ABE40000000343585E5BC39000000000# 
add tmp1, 30  //9C0
mov [tmp1], #8B7DDC8B0783C004833800740A8907FF4704E92AF6FFFF6190900000000000009090#



mov tmp1, dllimgbase
add tmp1, 2     //2
mov [tmp1], EBXaddr
mov tmp2, dllimgbase
add tmp2, 0B00
add tmp1, 5    //7
mov [tmp1], tmp2
add tmp1, 5    //C
mov [tmp1], tmp2
mov [tmp2], lastsecbase    //loc for storing sc after API
add tmp1, 1A   //26
eval "{func1}"
asm tmp1, $RESULT
add tmp1, 15   //3B
eval "{func2}"
asm tmp1, $RESULT
add tmp1, 8   //43
mov [tmp1], ori1
add tmp1, 0C  //4F
eval "{func3}"
asm tmp1, $RESULT
mov tmp1, dllimgbase
mov tmp2, tmp1
mov tmp3, tmp1
mov tmp4, tmp1
mov tmp5, tmp1
add tmp5, A90        //dllimgbase+A90
mov [tmp5], imgbasefromdisk
add tmp3, 1F8        //cmp type 0
bp tmp3
add tmp4, 1FE        //cmp type 1
bp tmp4
add tmp1, 9d8        //9d8   
bp tmp1              //end point
add tmp2, 9E0        //error point 
bp tmp2
mov eip, dllimgbase
eob lab51
eoe lab51
esto

lab51:
cmp eip, tmp1
je lab52
cmp eip, tmp2
je lab53
cmp eip, tmp3
je lab54
cmp eip, tmp4
je lab55
jmp error

lab52:
bc tmp1
bc tmp2
bc tmp3
bc tmp4
mov eip, tmp9            //restore eip
jmp lab56

lab53:
msg "Something error"
pause
jmp end

lab54:
msg "cmp type 0"
pause
eob lab51
eoe lab51
esto

lab55:
msg "cmp type 1"
pause
eob lab51
eoe lab51
esto

lab56:
fill dllimgbase, E10, 00
fill lastsecbase, lastsecsize, 00

mov tmp1, type3count
add tmp1, E8count
mov tmp2, [EBXaddr+18]
cmp tmp1, tmp2
je lab57
msg "Warning, there are some API not resolved!"
pause

lab57:
scmp caller, "lab30"
je lab78
scmp caller, "lab80"
je lab80_1
jmp error

lab78:
mov caller, "nil"
mov tmp1, dllimgbase
add tmp1, 1000
find tmp1, #C6463401#    //search "mov byte[esi+34], 1"
mov tmp2, $RESULT
cmp tmp2, 0
je error
find tmp2, #68????????68????????68#
mov transit2, $RESULT
cmp transit2, 0
je error
bp transit2
eob lab79
eoe lab79
esto

lab79:
cmp eip, transit2
je lab80
esto

lab80:
bc transit2
cmp type1API, 0
je lab80_1
cmp type1fixed, 1
je lab80_1
mov caller, "lab80"
jmp fixtype1

lab80_1:
cob
coe
mov caller, "nil"
mov tmp1, dllimgbase
add tmp1, 1000
find tmp1, #3135330D0A#    //search ASCII"153"
mov tmp2, $RESULT
sub tmp2, 40
find tmp2, #5?5?C3#
mov tmp3, $RESULT
cmp tmp3, 0
je error
add tmp3, 2
rtr
bp tmp3
eob lab81
eoe lab81
esto

lab81:
cmp eip, tmp3
je lab82
esto

lab82:
bc tmp3
mov tmp1, dllimgbase
add tmp1, 1000
find tmp1, #3130330D0A#     //search ASCII"103"
mov tmp2, $RESULT
cmp tmp2, 0
je wrongver
find tmp2, #8D00C3#        //search "lea eax,[eax]" "ret"
mov tmp1, $RESULT
cmp tmp1, 0
je wrongver
bphws tmp1, "x"
eob lab83
eoe lab83
esto

lab83:
cmp eip, tmp1
je lab84
esto

lab84:
cmp isdll, 1
jne lab85
log reloc_rva
log reloc_size

lab85:
log iatstartaddr
log iatstart_rva
log iatsize
bphwc tmp1
cob
coe
mov tmp1, [esp+C]
cmp tmp1, esi
je lab86
mov tmp1, [esp+8]
cmp tmp1, 0
jne lab87
mov tmp1, [esp+C]
cmp tmp1, 0
je lab88
jmp lab89

//version is build 4.23 or above
lab86:
mov tmp1, [esp+8]
cmp tmp1, 0
jne lab89
jmp lab88

lab87:
mov tmp1, [esp+10]
cmp tmp1, 0
je lab88
GMEMI tmp1, MEMORYOWNER
mov tmp2, $RESULT
GMEMI esp, MEMORYOWNER
mov tmp3, $RESULT
cmp tmp2, tmp3
jne lab89

lab88: 
bprm 1stsecbase, 1stsecsize
esto
bpmc
mov tmp1, eip
sub tmp1, imgbase
mov OEP_rva, tmp1
log OEP_rva
msg "IAT fixed. No stolen code at the OEP! Check the address and size of IAT in log window"
//jmp end
mov tmp3, eip
jmp lab94

lab89:
bp tmp1
esto
bc tmp1
mov tmp5, eip
find eip, #0000000000000000#
mov tmp2, $RESULT
mov tmp1, tmp2
add tmp1, 8
mov tmp4, 10

loop16:
cmp tmp4, 0
je notfound
mov tmp2, [tmp1]
and tmp2, ff
cmp tmp2, 0
jne lab90
add tmp1, 1
sub tmp4, 1
jmp loop16

lab90:
add tmp1, 3
mov tmp2, [tmp1]
and tmp2, ff
cmp tmp2, 0
jne error
sub tmp1, b
mov tmp6, tmp1
sub tmp1, 4
mov tmp4, 200
mov count, 0

loop17:
cmp tmp4, 0
je notfound
mov tmp2, [tmp1]
cmp tmp2, 00000000
je lab91
sub tmp1, 8
sub tmp4, 8
jmp loop17

lab91:
cmp count, 1
je lab92
add count, 1
sub tmp1, 8
sub tmp4, 8
jmp loop17

lab92:
mov tmp4, tmp1
add tmp4, 4
mov tmp7, tmp4

loop18:
cmp tmp4, tmp6
jae lab93
mov tmp1, [tmp4]
add tmp1, imgbase
eval "{tmp1}"
add tmp4, 4
mov tmp2, [tmp4]
add tmp2, tmp5             //tmp2== address to put comment
cmt tmp2, $RESULT
add tmp4, 4
jmp loop18

lab93:
mov tmp1, tmp6
sub tmp1, tmp7
dm tmp7, tmp1, "st_table.bin"
GCMT eip
mov tmp1, $RESULT
ATOI tmp1
mov tmp2, $RESULT
sub tmp2, imgbase
mov OEP_rva, tmp2
log OEP_rva
msg "IAT fixed. Stolen code start, check the address and size of IAT in log window"
//jmp end
mov tmp3, $RESULT

lab94:
GPI PROCESSNAME
mov tmp1, $RESULT
cmp isdll, 1
je lab95
eval "un_{tmp1}.exe"
mov tmp2, $RESULT
jmp lab96

lab95:
eval "un_{tmp1}.dll"
mov tmp2, $RESULT

lab96:
dpe tmp2, tmp3
jmp end

error:
msg "Error!"
pause
jmp end

wrongver:
msg "Unsupported Aspr version or it is not packed with Aspr?"
pause
jmp end

error45:
msg "Error 45!"
pause
jmp end

odbgver:
msg "This script work with ODbgscript 1.47 or above"
jmp end

notfound:
msg "Not found"
pause

end:
ret

[课程]Android-CTF解题方法汇总!

上传的附件:
收藏
免费 7
支持
分享
最新回复 (247)
shoooo
雪    币: 398
活跃值: (343)
能力值: (RANK:650 )
在线值:
发帖
回帖
粉丝
私信
2
哇~~~~
2006-10-5 21:02
0
LOCKLOSE
雪    币: 13597
活跃值: (4393)
能力值: ( LV7,RANK:100 )
在线值:
发帖
回帖
粉丝
私信
3
哇哇...
2006-10-5 21:03
0
shoooo
雪    币: 398
活跃值: (343)
能力值: (RANK:650 )
在线值:
发帖
回帖
粉丝
私信
4
哇哇哇~~~
2006-10-5 21:03
0
liuyilin
雪    币: 303
活跃值: (461)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
5
哇哇哇~~~哇哇哇~~~
2006-10-5 21:08
0
shoooo
雪    币: 398
活跃值: (343)
能力值: (RANK:650 )
在线值:
发帖
回帖
粉丝
私信
6
哇哇哇哇~~~~
2006-10-5 21:09
0
bestchao
雪    币: 7
能力值: (RANK:50 )
在线值:
发帖
回帖
粉丝
私信
7
哇哇哇哇~~~~

又升级了
2006-10-5 21:14
0
大彻大悟
雪    币: 0
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
私信
8
哇哇哇哇~~~~

又升级了
2006-10-5 21:16
0
winndy
雪    币: 450
活跃值: (552)
能力值: ( LV9,RANK:690 )
在线值:
发帖
回帖
粉丝
私信
9
太好了。
2006-10-5 21:20
0
girl
雪    币: 214
活跃值: (40)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
10
支持
2006-10-5 21:22
0
木头
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
11
谢谢

2006-10-5 21:23
0
bestchao
雪    币: 7
能力值: (RANK:50 )
在线值:
发帖
回帖
粉丝
私信
12
发现一个BUG

脱同一个程序


Asprotect 2.XX SKE IAT Fixer v1.02
结果如下
记录数据, 条目 6
消息=iatstartaddr: 00512190
记录数据, 条目 5
消息=iatsize: 000007F4

拿 Aspr2.xx_IAT_fixer_v2.2s  结果如下
记录数据, 条目 4
消息=iatstartaddr: 00512190
记录数据, 条目 3
消息=iatstart_rva: 00112190
记录数据, 条目 2
消息=iatsize: 000007F0

RAV大小偏差4 修复XX 不修复都是偏差4

虽然不怎么影响 希望楼主完美下

另外感谢楼主的好脚本 祝中秋快乐,家庭美满幸福
2006-10-5 21:27
0
大彻大悟
雪    币: 0
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
私信
13
脱2.3 6.26 提示错误
2006-10-5 21:31
0
shoooo
雪    币: 398
活跃值: (343)
能力值: (RANK:650 )
在线值:
发帖
回帖
粉丝
私信
14
最初由 bestchao 发布
发现一个BUG

脱同一个程序


........


最BS你这种人,这也叫bug?
你知道这个脚本有多强大么?
无聊!
2006-10-5 21:33
0
shoooo
雪    币: 398
活跃值: (343)
能力值: (RANK:650 )
在线值:
发帖
回帖
粉丝
私信
15
最初由 大彻大悟 发布
脱2.3 6.26 提示错误


不好用就删了吧
2006-10-5 21:33
0
modi
雪    币: 158
活跃值: (43)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
私信
16
多谢礼物,
2006-10-5 21:34
0
windycandy
雪    币: 236
活跃值: (100)
能力值: ( LV9,RANK:210 )
在线值:
发帖
回帖
粉丝
私信
17
多谢,中秋快乐!!!
2006-10-5 21:37
0
bestchao
雪    币: 7
能力值: (RANK:50 )
在线值:
发帖
回帖
粉丝
私信
18
最初由 shoooo 发布
最BS你这种人,这也叫bug?
你知道这个脚本有多强大么?
无聊!


1.因为你的脱壳技术比我高 你的确可以BS我 但是我想没必要?
2.这个脚本因为强大,所以才提一点意见,也是为了完美.
3.经过测试另外一个,发现这个错误只针对我第一个测试过的软件,应该也不算BUG 但是不明白,2个脚本会出现2个情况 虽然几率才万分之一
2006-10-5 21:39
0
shoooo
雪    币: 398
活跃值: (343)
能力值: (RANK:650 )
在线值:
发帖
回帖
粉丝
私信
19
最初由 bestchao 发布
1.因为你的脱壳技术比我高 你的确可以BS我 但是我想没必要?
2.这个脚本因为强大,所以才提一点意见,也是为了完美.
3.经过测试另外一个,发现这个错误只针对我第一个测试过的软件,应该也不算BUG 但是不明白,2个脚本会出现2个情况 虽然几率才万分之一


我BS不是因为你的技术,而是BS你测试不负责任
volx的脚本很强大, 1.02到2.2时间跨度有很长时间
这个很有可能是1.02的bug,而2.2修正了
你应该多试一些样本,而不是只测了1,2个就马上认为是bug

很感谢volx分享他的强大的脚本
写的这么长是很不容易
2006-10-5 21:40
0
bestchao
雪    币: 7
能力值: (RANK:50 )
在线值:
发帖
回帖
粉丝
私信
20
最初由 shoooo 发布
不好用就删了吧


都是朋友 我想你也是站在作者这边

但是你这个态度实在是让人```
2006-10-5 21:40
0
bestchao
雪    币: 7
能力值: (RANK:50 )
在线值:
发帖
回帖
粉丝
私信
21
都是支持楼主的

但是表达方式不一样

希望大家都换个角度看。不要太过份
2006-10-5 21:41
0
LOCKLOSE
雪    币: 13597
活跃值: (4393)
能力值: ( LV7,RANK:100 )
在线值:
发帖
回帖
粉丝
私信
22
SHOOOO不是恶意的啦.
2006-10-5 21:42
0
qq7119
雪    币: 207
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
23
等待  脱壳机中~~
2006-10-5 21:44
0
shoooo
雪    币: 398
活跃值: (343)
能力值: (RANK:650 )
在线值:
发帖
回帖
粉丝
私信
24
最初由 bestchao 发布
都是朋友 我想你也是站在作者这边

但是你这个态度实在是让人```


这是实话,作者们写了辛苦一个东西,当然不可能非常完美
能共享出来不容易

但是很多人还是吹毛求疵。
2006-10-5 21:44
0
bestchao
雪    币: 7
能力值: (RANK:50 )
在线值:
发帖
回帖
粉丝
私信
25
最初由 shoooo 发布
我BS不是因为你的技术,而是BS你测试不负责任
volx的脚本很强大, 1.02到2.2时间跨度有很长时间
这个很有可能是1.02的bug,而2.2修正了
你应该多试一些样本,而不是只测了1,2个就马上认为是bug

........


我后来马上跟帖 你却先把我X了在说`

但是理解你 的确我有问题 但是都是为楼主好

都是朋友shoooo中秋快乐 以后多多指教
2006-10-5 21:45
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//