能力值:
( LV6,RANK:90 )
|
-
-
2 楼
Ultra String Reference
Address Disassembly Text String
0040118A mov dword ptr ss:[ebp-4],feixplay.004071 Can't open file!
00401275 mov dword ptr ss:[ebp-4],feixplay.004071 Can't retrieve the temporary directory!
0040128D push feixplay.00407190 E_%X
004012C3 push feixplay.0040718C \
00401317 mov dword ptr ss:[ebp-4],feixplay.004071 Insufficient memory!
00401342 mov dword ptr ss:[ebp-4],feixplay.004071 Failed to decompress data!
00401378 mov dword ptr ss:[esp],feixplay.0040714C krnln.fnr
0040138F push feixplay.00407140 krnln.fne
00401421 mov dword ptr ss:[ebp-4],feixplay.004071 Not found the kernel library!
00401464 mov dword ptr ss:[ebp-4],feixplay.004071 Failed to load kernel library!
0040146D push feixplay.004070F4 GetNewSock
0040147D mov dword ptr ss:[ebp-4],feixplay.004070 The kernel library is invalid!
00401494 mov dword ptr ss:[ebp-4],feixplay.004070 The interface of kernel library is invalid!
0040149D mov dword ptr ss:[ebp-4],feixplay.004070 Invalid data in the file!
004014A6 mov dword ptr ss:[ebp-4],feixplay.004070 Failed to read file or invalid data in file!
004014AF mov dword ptr ss:[ebp-4],feixplay.004070 Invalid data in the file!
004014B8 mov dword ptr ss:[ebp-4],feixplay.004070 Failed to read data from the file!
004014E7 push feixplay.00407030 Error
00401BF8 mov dword ptr ds:[edi+18],feixplay.00407 invalid block type
00401C10 mov dword ptr ds:[edi+18],feixplay.00407 invalid stored block lengths
00401C80 mov dword ptr ds:[edi+18],feixplay.00407 too many length or distance symbols
00401CAC mov dword ptr ds:[edi+18],feixplay.00407 invalid bit length repeat
004022FA mov dword ptr ds:[esi+18],feixplay.00407 invalid literal/length code
0040232F mov dword ptr ds:[esi+18],feixplay.00407 invalid distance code
00402669 mov dword ptr ds:[esi+18],feixplay.00407 invalid distance code
004026C6 mov dword ptr ds:[esi+18],feixplay.00407 invalid literal/length code
00402905 mov dword ptr ds:[esi+18],feixplay.00407 unknown compression method
00402928 mov dword ptr ds:[esi+18],feixplay.00407 invalid window size
00402978 mov dword ptr ds:[esi+18],feixplay.00407 incorrect header check
00402ABC mov dword ptr ds:[esi+18],feixplay.00407 incorrect data check
00402B93 mov dword ptr ds:[esi+18],feixplay.00407 need dictionary
00402C3D mov dword ptr ds:[esi+18],feixplay.00408 oversubscribed dynamic bit lengths tree
00402C55 mov dword ptr ds:[esi+18],feixplay.00408 incomplete dynamic bit lengths tree
004030AA mov dword ptr ds:[esi+18],feixplay.00408 oversubscribed distance tree
004030B8 mov dword ptr ds:[esi+18],feixplay.00408 incomplete distance tree
004030C6 mov dword ptr ds:[esi+18],feixplay.00408 empty distance tree with lengths
004030D4 mov dword ptr ds:[esi+18],feixplay.00408 oversubscribed literal/length tree
004030E2 mov dword ptr ds:[esi+18],feixplay.00408 incomplete literal/length tree
0040324A push feixplay.0040727C 1.1.3
00403831 push ebp (Initial CPU selection)
00404E32 push feixplay.004065D4 <program name unknown>
00404E74 push feixplay.004065D0 ...
00404E88 push feixplay.004065B4 Runtime Error!\n\nProgram:
00404EA6 push feixplay.004065B0 \n\n
00404ECE push feixplay.00406588 Microsoft Visual C++ Runtime Library
00405674 push feixplay.0040661C user32.dll
0040568B push feixplay.00406610 MessageBoxA
0040569C push feixplay.00406600 GetActiveWindow
004056A4 push feixplay.004065EC GetLastActivePopup
这是OD的字串参考。
|
能力值:
(RANK:10 )
|
-
-
3 楼
软件没有壳,是E语言的东西
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
那如何下断,或找关键句呢?
字串里我总看不出什么有用的信息,下了几个常用断点也没断下。。郁闷中
|
能力值:
(RANK:570 )
|
-
-
5 楼
http://monkeycz.pediy.com/
E语言的东西用这个搞
|
能力值:
( LV2,RANK:10 )
|
-
-
6 楼
多谢斑竹啊
是不是有overlay后缀的,都是E格式的,
怎么分辨哪些是E格式的呢?
而且ECE好象没有字串参考,那是怎么分析的呢
|
能力值:
( LV2,RANK:10 )
|
-
-
7 楼
那为大哥可以告诉我[Overlay]是什么意思。
|
能力值:
(RANK:350 )
|
-
-
8 楼
最初由 壳圣 发布 那为大哥可以告诉我[Overlay]是什么意思。 http://pediy.com/bbshtml/BBS6/pediy6923.htm
|
能力值:
( LV9,RANK:850 )
|
-
-
9 楼
[overlay]版的`是易语言写的`
带这个[overlay]版是致命的``->
OD载入后,F9运行起来,输好假信息之后 回到 OD,alt+m打开内存镜像,在.ecode区F2下断`再点注册。就到关键处了`
|
能力值:
( LV9,RANK:850 )
|
-
-
10 楼
回后再补充下``E写的别去找字符串了~、除非你吃饱没事做~~
只会浪费时间``呵`
|
能力值:
(RANK:570 )
|
-
-
11 楼
没有看过E CODE
也没看过你的程序
我看到别人说是 E CODE,我刚好知道那个工具,就介绍你用了
|
能力值:
( LV2,RANK:10 )
|
-
-
12 楼
谢谢斑竹 了解了
|
能力值:
( LV2,RANK:10 )
|
-
-
13 楼
学了段E语言,中国出的
|
能力值:
( LV2,RANK:10 )
|
-
-
14 楼
请恕我愚顿,我用斑竹的方法分析,但内存景象中找不到.ecode,用ECE分析也说没有封装易格式文件,但是PEID分析也是Microsoft Visual C++ 6.0 [Overlay],这是怎么回事,要如何解决呢?
|
能力值:
( LV12,RANK:210 )
|
-
-
15 楼
00401378 mov dword ptr ss:[esp],feixplay.0040714C krnln.fnr
0040138F push feixplay.00407140 krnln.fne
e语言专用的dll
另外, 其他的那些英文是zlib库带的.
|
能力值:
( LV2,RANK:10 )
|
-
-
16 楼
还有些软件的壳是象这种形式:ASPack 2.12 -> Alexey Solodovnikov [Overlay],脱壳并解决附加程序后,程序才能正常运行,但用PEID查看,形式如:Borland Delphi 6.0 - 7.0 [Overlay]。用ECE分析并不是E格式,那怎么对这种程序做分析呢?请高手指点。
|
能力值:
( LV2,RANK:10 )
|
-
-
17 楼
哪为大哥给解决下 谢谢啊
|
能力值:
( LV6,RANK:90 )
|
-
-
18 楼
00401378 mov dword ptr ss:[esp],feixplay.0040714C krnln.fnr
0040138F push feixplay.00407140 krnln.fne
看出是E语言的。
E语言生成的exe是VC6 overlay的
网上似乎有e的反编译……
|