一个DLL文件正常去掉一层壳后,再用PEID查为还有一层ASPack 2.12 -> Alexey Solodovnikov的壳,但是不去掉这壳,也能正常看到并修改里面的内容,
但是这个DLL文件,同样是XP系统,但是在有一些版本的系统能注册成功,换另一个版本的XP系统注册不成功,请问如何解决
脱了一层壳后,显视的代码但用正常的这处手动脱壳方法不行
1100B001 > 60 pushad
1100B002 E8 03000000 call RUNDLLS-.1100B00A
1100B007 - E9 EB045D45 jmp 565DB4F7
1100B00C 55 push ebp
1100B00D C3 retn
1100B00E E8 01000000 call RUNDLLS-.1100B014
1100B013 EB 5D jmp short RUNDLLS-.1100B072
1100B015 BB EDFFFFFF mov ebx,-13
1100B01A 03DD add ebx,ebp
1100B01C 81EB 00B00000 sub ebx,0B000
1100B022 83BD 22040000 0>cmp dword ptr ss:[ebp+422],0
1100B029 899D 22040000 mov dword ptr ss:[ebp+422],e>
1100B02F 0F85 65030000 jnz RUNDLLS-.1100B39A
1100B035 8D85 2E040000 lea eax,dword ptr ss:[ebp+42>
1100B03B 50 push eax
1100B03C FF95 4D0F0000 call dword ptr ss:[ebp+F4D]
1100B042 8985 26040000 mov dword ptr ss:[ebp+426],e>
1100B048 8BF8 mov edi,eax
1100B04A 8D5D 5E lea ebx,dword ptr ss:[ebp+5E>
1100B04D 53 push ebx
1100B04E 50 push eax
1100B04F FF95 490F0000 call dword ptr ss:[ebp+F49]
未壳前的代码
1100F197 > 9C pushfd
1100F198 60 pushad
1100F199 E8 00000000 call rundlls-.1100F19E
1100F19E 5D pop ebp
1100F19F B8 07000000 mov eax,7
1100F1A4 2BE8 sub ebp,eax
1100F1A6 8DB5 BDFEFFFF lea esi,dword ptr ss:[ebp-14>
1100F1AC 8A06 mov al,byte ptr ds:[esi]
1100F1AE 3C 00 cmp al,0
1100F1B0 74 12 je short rundlls-.1100F1C4
1100F1B2 8BF5 mov esi,ebp
1100F1B4 8DB5 E5FEFFFF lea esi,dword ptr ss:[ebp-11>
1100F1BA 8A06 mov al,byte ptr ds:[esi]
1100F1BC 3C 01 cmp al,1
1100F1BE 0F84 42020000 je rundlls-.1100F406
1100F1C4 C606 01 mov byte ptr ds:[esi],1
1100F1C7 8BD5 mov edx,ebp
1100F1C9 2B95 79FEFFFF sub edx,dword ptr ss:[ebp-18>
1100F1CF 8995 79FEFFFF mov dword ptr ss:[ebp-187],e>
1100F1D5 0195 A9FEFFFF add dword ptr ss:[ebp-157],e>
1100F1DB 8DB5 EDFEFFFF lea esi,dword ptr ss:[ebp-
请问有谁能给一些指导,谢谢
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
