[求助]ARM Protector 0.1 怎么脱壳-安全工具-看雪-安全社区|安全招聘|kanxue.com

最新回复 (2)
skylly 雪币： 304 活跃值： (82) 能力值： ( LV9，RANK：170 ) 在线值：发帖 70 回帖 1087 粉丝 2 关注私信	skylly 4 2 楼压缩壳 #log //code by skylly //arm protector 0.1/0.3 go to oep msg "忽略所有异常" gpa "VirtualProtect","kernel32.dll" cmp $RESULT,0 je err find $RESULT,#C21000# cmp $RESULT,0 je err var LA mov LA,$RESULT lop: go LA cmp eip,LA jne lop var temp mov temp,[esp] bp temp esto bc eip //到用户代码了 mov temp,eip find temp,#8986B8000000# cmp $RESULT,0 je err go $RESULT mov temp,eax bp temp esto bc eip OEP: cmt eip,"OEP!" ret err: msg "error" ret 2007-7-18 18:13 0
mrghost 雪币： 202 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 5 回帖 53 粉丝 0 关注私信	mrghost 3 楼 /* 11h21 PM Monday 10 January 2005 ARM Protector 0.1 OEP Finder - EXE Shield 0.8 OEP Finder Author : dqtln Email : dqtlncrk@gmail.com OS : WinXP Pro SP1 , OllyDbg 1.10 , OllyScript 0.92 Website : www.phudu.com For opinions & bugreport send me a email Thank you very much */ var x var y gmi eip,CODEBASE mov x,$RESULT gmi eip,CODESIZE mov y,$RESULT run esto bprm x,y esti run bpmc msg "Please press No if have a question" an eip cmt eip,"This is the OEP - Found by dqtln" msg "Dump and fix IAT now - Good day" ret 2007-7-18 20:48 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (2)
skylly 雪币： 304 活跃值： (82) 能力值： ( LV9，RANK：170 ) 在线值：发帖 70 回帖 1087 粉丝 2 关注私信	skylly 4 2 楼压缩壳 #log //code by skylly //arm protector 0.1/0.3 go to oep msg "忽略所有异常" gpa "VirtualProtect","kernel32.dll" cmp $RESULT,0 je err find $RESULT,#C21000# cmp $RESULT,0 je err var LA mov LA,$RESULT lop: go LA cmp eip,LA jne lop var temp mov temp,[esp] bp temp esto bc eip //到用户代码了 mov temp,eip find temp,#8986B8000000# cmp $RESULT,0 je err go $RESULT mov temp,eax bp temp esto bc eip OEP: cmt eip,"OEP!" ret err: msg "error" ret 2007-7-18 18:13 0
mrghost 雪币： 202 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 5 回帖 53 粉丝 0 关注私信	mrghost 3 楼 /* 11h21 PM Monday 10 January 2005 ARM Protector 0.1 OEP Finder - EXE Shield 0.8 OEP Finder Author : dqtln Email : dqtlncrk@gmail.com OS : WinXP Pro SP1 , OllyDbg 1.10 , OllyScript 0.92 Website : www.phudu.com For opinions & bugreport send me a email Thank you very much */ var x var y gmi eip,CODEBASE mov x,$RESULT gmi eip,CODESIZE mov y,$RESULT run esto bprm x,y esti run bpmc msg "Please press No if have a question" an eip cmt eip,"This is the OEP - Found by dqtln" msg "Dump and fix IAT now - Good day" ret 2007-7-18 20:48 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复