-
-
[旧帖]
[求助]哪个牛人能脱QQ堂3.0的壳?
0.00雪花
-
发表于:
2008-7-10 03:31
3546
-
[旧帖] [求助]哪个牛人能脱QQ堂3.0的壳?
0.00雪花
PEID显示是 ASPack 2.12 -> Alexey Solodovnikov 用OD的脚本查找出口跳到这里
0070DC38 60 PUSHAD ; This is the OEP! Found by hacnho/VCT2k4
0070DC39 60 PUSHAD
0070DC3A 60 PUSHAD
0070DC3B 9C PUSHFD
0070DC3C 8F4424 3C POP DWORD PTR SS:[ESP+3C]
0070DC40 9C PUSHFD
0070DC41 50 PUSH EAX
0070DC42 E9 CF010000 JMP Client.0070DE16
0070DC47 56 PUSH ESI
0070DC48 8910 MOV DWORD PTR DS:[EAX],EDX
0070DC4A 882C24 MOV BYTE PTR SS:[ESP],CH
0070DC4D 55 PUSH EBP
0070DC4E 8D6424 34 LEA ESP,DWORD PTR SS:[ESP+34]
0070DC52 ^ E9 88F5FFFF JMP Client.0070D1DF
0070DC38这里应该不是真正的出口吧?要怎么脱呢?
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
