能力值:
( LV2,RANK:10 )
|
-
-
2 楼
没有会吗? 高手在哪里?
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
这个地址上的文件我没下下来,不过我有这个壳你可以试一下。用OD 加载后停在CALL。跟进去,然后在HEX中找到FF60 3C 反汇编窗口中是一个跳转。F4运行到这后F8单步就到了OEP了。
00400154 8725 BC0D4100 XCHG DWORD PTR DS:[410DBC],ESP
0040015A 61 POPAD
0040015B 94 XCHG EAX,ESP
0040015C 55 PUSH EBP
0040015D B6 80 MOV DH,80
0040015F A4 MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
00400160 FF13 CALL DWORD PTR DS:[EBX]
00400162 ^ 73 F9 JNB SHORT 2.0040015D
00400164 33C9 XOR ECX,ECX
00400166 FF13 CALL DWORD PTR DS:[EBX]
00400168 73 16 JNB SHORT 2.00400180
0040016A 33C0 XOR EAX,EAX
0040016C FF13 CALL DWORD PTR DS:[EBX]
0040016E 73 1F JNB SHORT 2.0040018F
00400170 B6 80 MOV DH,80
00400172 41 INC ECX
00400173 B0 10 MOV AL,10
00400175 FF13 CALL DWORD PTR DS:[EBX]
00400177 12C0 ADC AL,AL
00400179 ^ 73 FA JNB SHORT 2.00400175
0040017B 75 3A JNZ SHORT 2.004001B7
0040017D AA STOS BYTE PTR ES:[EDI]
0040017E ^ EB E0 JMP SHORT 2.00400160
00400180 FF53 08 CALL DWORD PTR DS:[EBX+8]
00400183 02F6 ADD DH,DH
00400185 83D9 01 SBB ECX,1
00400188 75 0E JNZ SHORT 2.00400198
0040018A FF53 04 CALL DWORD PTR DS:[EBX+4]
0040018D EB 24 JMP SHORT 2.004001B3
0040018F AC LODS BYTE PTR DS:[ESI]
00400190 D1E8 SHR EAX,1
00400192 74 2D JE SHORT 2.004001C1
00400194 13C9 ADC ECX,ECX
00400196 EB 18 JMP SHORT 2.004001B0
00400198 91 XCHG EAX,ECX
00400199 48 DEC EAX
0040019A C1E0 08 SHL EAX,8
0040019D AC LODS BYTE PTR DS:[ESI]
0040019E FF53 04 CALL DWORD PTR DS:[EBX+4]
004001A1 3B43 F8 CMP EAX,DWORD PTR DS:[EBX-8]
004001A4 73 0A JNB SHORT 2.004001B0
004001A6 80FC 05 CMP AH,5
004001A9 73 06 JNB SHORT 2.004001B1
004001AB 83F8 7F CMP EAX,7F
004001AE 77 02 JA SHORT 2.004001B2
004001B0 41 INC ECX
004001B1 41 INC ECX
004001B2 95 XCHG EAX,EBP
004001B3 8BC5 MOV EAX,EBP
004001B5 B6 00 MOV DH,0
004001B7 56 PUSH ESI
004001B8 8BF7 MOV ESI,EDI
004001BA 2BF0 SUB ESI,EAX
004001BC F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>
004001BE 5E POP ESI
004001BF ^ EB 9F JMP SHORT 2.00400160
004001C1 5E POP ESI
004001C2 AD LODS DWORD PTR DS:[ESI]
004001C3 97 XCHG EAX,EDI
004001C4 AD LODS DWORD PTR DS:[ESI]
004001C5 50 PUSH EAX
004001C6 FF53 10 CALL DWORD PTR DS:[EBX+10]
004001C9 95 XCHG EAX,EBP
004001CA 8B07 MOV EAX,DWORD PTR DS:[EDI]
004001CC 40 INC EAX
004001CD ^ 78 F3 JS SHORT 2.004001C2
004001CF 75 03 JNZ SHORT 2.004001D4
004001D1 FF63 0C JMP DWORD PTR DS:[EBX+C] //找到这F4运行到这,F8一步到OEP.
上传不了图片,只能复制上来了,嘿嘿。看看吧
|
能力值:
( LV9,RANK:160 )
|
-
-
4 楼
很好很强大
很黄很暴力
|
能力值:
( LV2,RANK:10 )
|
-
-
5 楼
3楼厉害啊我也试试看
|
能力值:
( LV2,RANK:10 )
|
-
-
6 楼
无法登录 FTP :(
|
能力值:
(RANK:10 )
|
-
-
7 楼
[QUOTE=hackyong;492343]这个脱怎么脱? 谢谢,
软件地址:ftp://221.208.255.164/NSKY308433.exe
pEID查脱是 StarForce V3.X DLL -> StarForce Copy Protection System [Overlay] *
安装后,要脱的文件...[/QUOTE]
http://bbs.pediy.com/showthread.php?t=71978
CLOSE.
|