加密与解密配套光盘练习Acid Bytes的CrackMe#4.exe
UPX 0.89.6 - 1.02 / 1.05 - 1.24 (Delphi) stub -> Markus & Laszlo
od载入,
1.bp GetProcAddress
2.取消断点,Ctrl+F9
3.F8,到下面
0046F805 09C0 OR EAX,EAX ; ntdll.RtlDeleteCriticalSection
0046F807 74 07 JE SHORT CrackMe#.0046F810
0046F809 8903 MOV DWORD PTR DS:[EBX],EAX
0046F80B 83C3 04 ADD EBX,4
0046F80E ^ EB E1 JMP SHORT CrackMe#.0046F7F1
0046F810 FF96 64010700 CALL DWORD PTR DS:[ESI+70164]
0046F816 61 POPAD
0046F817 ^ E9 348AFEFF JMP CrackMe#.00458250
0046F81C 34 F8 XOR AL,0F8
0046F81E 46 INC ESI
0046F81F 0044F8 46 ADD BYTE PTR DS:[EAX+EDI*8+46],AL
0046F823 00D0 ADD AL,DL
0046F825 B4 45 MOV AH,45
找到jmp CrackMe#.00458250
可是没有00458250啊,怎么办啊?
0045824B 0000 ADD BYTE PTR DS:[EAX],AL
0045824D 8145 00 558BEC8>ADD DWORD PTR SS:[EBP],83EC8B55
00458254 C4F4 LES ESI,ESP ; 非法使用寄存器
00458256 B8 28814500 MOV EAX,CrackMe#.00458128
0045825B E8 84D9FAFF CALL CrackMe#.00405BE4
00458260 A1 98A54500 MOV EAX,DWORD PTR DS:[45A598]
00458265 8B00 MOV EAX,DWORD PTR DS:[EAX]
00458267 E8 D47CFEFF CALL CrackMe#.0043FF40
0045826C A1 98A54500 MOV EAX,DWORD PTR DS:[45A598]
00458271 8B00 MOV EAX,DWORD PTR DS:[EAX]
00458273 BA B0824500 MOV EDX,CrackMe#.004582B0 ; ASCII "Official CFF CrackMe #4"
在00458254下断点,F9,出现异常,如何解决啊?CFF CrackMe #3和CFF CrackMe #2两个都没问题的啊
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课