这个是我用手工脱ASProtect 2.1x SKE -> Alexey Solodovnikov后的文件信息
我自己无法找到IAT重建,请各位大侠指点..
0065BC9C >/$ 55 PUSH EBP
0065BC9D |. 8BEC MOV EBP,ESP
0065BC9F |. 83C4 F0 ADD ESP,-10
0065BCA2 |. 53 PUSH EBX
0065BCA3 |. 33C0 XOR EAX,EAX
0065BCA5 |. 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
0065BCA8 |. B8 5CB06500 MOV EAX,123.0065B05C
0065BCAD |. E8 9AC6DAFF CALL 123.0040834C
0065BCB2 |. 8B1D ECAB6600 MOV EBX,DWORD PTR DS:[66ABEC] ; 123.0066C7D8
0065BCB8 |. 33C0 XOR EAX,EAX
0065BCBA |. 55 PUSH EBP
0065BCBB |. 68 53BE6500 PUSH 123.0065BE53
0065BCC0 |. 64:FF30 PUSH DWORD PTR FS:[EAX]
0065BCC3 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
0065BCC6 |. E8 712EEEFF CALL 123.0053EB3C
0065BCCB |. E8 501EEEFF CALL 123.0053DB20
0065BCD0 |. E8 F7EDFFFF CALL 123.0065AACC
0065BCD5 |. E8 FAF1FFFF CALL 123.0065AED4
0065BCDA |. E8 117AE7FF CALL 123.004D36F0
0065BCDF |. B2 54 MOV DL,54
0065BCE1 |. E8 627CE7FF CALL 123.004D3948
0065BCE6 |. 8B15 24AA6600 MOV EDX,DWORD PTR DS:[66AA24] ; 123.0066D26C
0065BCEC |. 8802 MOV BYTE PTR DS:[EDX],AL
0065BCEE |. E8 FD79E7FF CALL 123.004D36F0
0065BCF3 |. B2 45 MOV DL,45
0065BCF5 |. E8 4E7CE7FF CALL 123.004D3948
0065BCFA |. 84C0 TEST AL,AL
0065BCFC |. 74 21 JE SHORT 123.0065BD1F
0065BCFE |. E8 ED79E7FF CALL 123.004D36F0
0065BD03 |. 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
0065BD06 |. B2 45 MOV DL,45
0065BD08 |. E8 877CE7FF CALL 123.004D3994
0065BD0D |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
0065BD10 |. E8 93D4E4FF CALL 123.004A91A8
0065BD15 |. 8B15 F8A06600 MOV EDX,DWORD PTR DS:[66A0F8] ; 123.0066D270
0065BD1B |. 8902 MOV DWORD PTR DS:[EDX],EAX
0065BD1D |. EB 09 JMP SHORT 123.0065BD28
0065BD1F |> A1 F8A06600 MOV EAX,DWORD PTR DS:[66A0F8]
0065BD24 |. 33D2 XOR EDX,EDX
0065BD26 |. 8910 MOV DWORD PTR DS:[EAX],EDX
0065BD28 |> 8B03 MOV EAX,DWORD PTR DS:[EBX]
0065BD2A |. BA 68BE6500 MOV EDX,123.0065BE68 ; ASCII "GetDataBack"
0065BD2F |. E8 A4C5DFFF CALL 123.004582D8
0065BD34 |. 8B0D B0A26600 MOV ECX,DWORD PTR DS:[66A2B0] ; 123.0066F094
0065BD3A |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
0065BD3C |. 8B15 2CD56200 MOV EDX,DWORD PTR DS:[62D52C] ; 123.0062D578
0065BD42 |. E8 8DC9DFFF CALL 123.004586D4
0065BD47 |. 8B0D F0AB6600 MOV ECX,DWORD PTR DS:[66ABF0] ; 123.0066E848
0065BD4D |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
0065BD4F |. 8B15 0C445500 MOV EDX,DWORD PTR DS:[55440C] ; 123.00554458
0065BD55 |. E8 7AC9DFFF CALL 123.004586D4
0065BD5A |. 8B0D 6C9F6600 MOV ECX,DWORD PTR DS:[669F6C] ; 123.0066DA28
0065BD60 |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
0065BD62 |. 8B15 F8C04E00 MOV EDX,DWORD PTR DS:[4EC0F8] ; 123.004EC144
0065BD68 |. E8 67C9DFFF CALL 123.004586D4
0065BD6D |. 8B0D E8A16600 MOV ECX,DWORD PTR DS:[66A1E8] ; 123.0066D380
0065BD73 |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
0065BD75 |. 8B15 FC2F4D00 MOV EDX,DWORD PTR DS:[4D2FFC] ; 123.004D3048
0065BD7B |. E8 54C9DFFF CALL 123.004586D4
0065BD80 |. 8B0D 4CA56600 MOV ECX,DWORD PTR DS:[66A54C] ; 123.0066EF80
0065BD86 |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
0065BD88 |. 8B15 D4AA6100 MOV EDX,DWORD PTR DS:[61AAD4] ; 123.0061AB20
0065BD8E |. E8 41C9DFFF CALL 123.004586D4
0065BD93 |. 8B0D 08A06600 MOV ECX,DWORD PTR DS:[66A008] ; 123.0066EA68
0065BD99 |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
0065BD9B |. 8B15 2C925800 MOV EDX,DWORD PTR DS:[58922C] ; 123.00589278
0065BDA1 |. E8 2EC9DFFF CALL 123.004586D4
0065BDA6 |. 8B0D 089E6600 MOV ECX,DWORD PTR DS:[669E08] ; 123.0066EF28
0065BDAC |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
0065BDAE |. 8B15 CC0E6100 MOV EDX,DWORD PTR DS:[610ECC] ; 123.00610F18
0065BDB4 |. E8 1BC9DFFF CALL 123.004586D4
0065BDB9 |. 8B0D 38A46600 MOV ECX,DWORD PTR DS:[66A438] ; 123.0066F050
0065BDBF |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
0065BDC1 |. 8B15 9C686200 MOV EDX,DWORD PTR DS:[62689C] ; 123.006268E8
0065BDC7 |. E8 08C9DFFF CALL 123.004586D4
0065BDCC |. 8B0D 50AD6600 MOV ECX,DWORD PTR DS:[66AD50] ; 123.0066DB30
0065BDD2 |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
0065BDD4 |. 8B15 40A05000 MOV EDX,DWORD PTR DS:[50A040] ; 123.0050A08C
0065BDDA |. E8 F5C8DFFF CALL 123.004586D4
0065BDDF |. 8B0D 44AE6600 MOV ECX,DWORD PTR DS:[66AE44] ; 123.0066E654
0065BDE5 |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
0065BDE7 |. 8B15 FC945300 MOV EDX,DWORD PTR DS:[5394FC] ; 123.00539548
0065BDED |. E8 E2C8DFFF CALL 123.004586D4
0065BDF2 |. 8B0D 349E6600 MOV ECX,DWORD PTR DS:[669E34] ; 123.0066EA44
0065BDF8 |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
0065BDFA |. 8B15 D0465800 MOV EDX,DWORD PTR DS:[5846D0] ; 123.0058471C
0065BE00 |. E8 CFC8DFFF CALL 123.004586D4
0065BE05 |. 8B0D 789C6600 MOV ECX,DWORD PTR DS:[669C78] ; 123.0066EA54
0065BE0B |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
0065BE0D |. 8B15 10715800 MOV EDX,DWORD PTR DS:[587110] ; 123.0058715C
0065BE13 |. E8 BCC8DFFF CALL 123.004586D4
0065BE18 |. 8B0D 40A96600 MOV ECX,DWORD PTR DS:[66A940] ; 123.0066EE64
0065BE1E |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
0065BE20 |. 8B15 14065C00 MOV EDX,DWORD PTR DS:[5C0614] ; 123.005C0660
0065BE26 |. E8 A9C8DFFF CALL 123.004586D4
0065BE2B |. A1 D0B26600 MOV EAX,DWORD PTR DS:[66B2D0]
0065BE30 |. C700 01000000 MOV DWORD PTR DS:[EAX],1
0065BE36 |. 8B03 MOV EAX,DWORD PTR DS:[EBX]
0065BE38 |. E8 17C9DFFF CALL 123.00458754
0065BE3D |. 33C0 XOR EAX,EAX
0065BE3F |. 5A POP EDX
0065BE40 |. 59 POP ECX
0065BE41 |. 59 POP ECX
0065BE42 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
0065BE45 |. 68 5ABE6500 PUSH 123.0065BE5A
0065BE4A |> 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
0065BE4D |. E8 FA84DAFF CALL 123.0040434C
0065BE52 \. C3 RETN
0065BE53 .^ E9 B47EDAFF JMP 123.00403D0C
0065BE58 .^ EB F0 JMP SHORT 123.0065BE4A
[课程]Android-CTF解题方法汇总!
