本人只会暴破,想学习脱壳。试着用THEMIDA给一软件加壳来试试。OL载入加壳过的EXE(不用脚本也不知道怎么用)来到这里,按暴破法查FIND ASII 什么也没有无法下手
006C9014 P> B8 00000000 mov eax,0
006C9019 60 pushad
006C901A 0BC0 or eax,eax
006C901C 74 58 je short Project2.006C9076
006C901E E8 00000000 call Project2.006C9023
006C9023 58 pop eax
006C9024 05 43000000 add eax,43
006C9029 8038 E9 cmp byte ptr ds:[eax],0E9
006C902C 75 03 jnz short Project2.006C9031
006C902E 61 popad
006C902F EB 35 jmp short Project2.006C9066
006C9031 E8 00000000 call Project2.006C9036
006C9036 58 pop eax
006C9037 25 00F0FFFF and eax,FFFFF000
006C903C 33FF xor edi,edi
006C903E 66:BB 195A mov bx,5A19
006C9042 66:83C3 34 add bx,34
006C9046 66:3918 cmp word ptr ds:[eax],bx
006C9049 75 12 jnz short Project2.006C905D
006C904B 0FB750 3C movzx edx,word ptr ds:[eax+3C]
后来发现先运行EXE在打开OD附加打开的EXE再停再在这里:
77FA144C C3 retn
77FA144D n> CC int3
77FA144E C3 retn
77FA144F 8B4424 04 mov eax,dword ptr ss:[esp+4]
77FA1453 CC int3
77FA1454 C2 0400 retn 4
F9后再暂停,查看窗口,已经看的见加密狗的窗口了,随便选一个跟随后来到:
00447ED8 55 push ebp
00447ED9 8BEC mov ebp,esp
00447EDB 51 push ecx
00447EDC 53 push ebx
00447EDD 8D5D FC lea ebx,dword ptr ss:[ebp-4]
00447EE0 A1 749B5E00 mov eax,dword ptr ds:[5E9B74]
00447EE5 8B55 08 mov edx,dword ptr ss:[ebp+8]
00447EE8 8990 80010000 mov dword ptr ds:[eax+180],edx
00447EEE A1 749B5E00 mov eax,dword ptr ds:[5E9B74]
00447EF3 8B80 8C010000 mov eax,dword ptr ds:[eax+18C]
00447EF9 50 push eax
00447EFA 6A FC push -4
00447EFC 8B45 08 mov eax,dword ptr ss:[ebp+8]
00447EFF 50 push eax
00447F00 E8 CB04FCFF call Project2.004083D0
00447F05 6A F0 push -10
00447F07 8B45 08 mov eax,dword ptr ss:[ebp+8]
00447F0A 50 push eax
00447F0B E8 6802FCFF call Project2.00408178
和未加密是差不多,但不能修改,(改出来的也不能运行)既然已经看见了是否可以直接DMUP出来再修复啊?希望高手指点
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)