一个e语言写的软件脱壳修复后,在其他机器上基本都不能运行(试了10台2台能用),可本机运行良好,在其他机器上脱壳后本机也无法运行。
用od打开看了看。这里出了问题
本机脱壳的:
00403EC4 FF15 54205000 call dword ptr [<&kernel32.#520>] ; kernel32.HeapCreate
00403ECA 85C0 test eax, eax
00403ECC A3 509F4000 mov dword ptr [409F50], eax
00403ED1 74 15 je short 00403EE8
00403ED3 E8 17000000 call 00403EEF
00403ED8 85C0 test eax, eax
00403EDA 75 0F jnz short 00403EEB
00403EDC FF35 509F4000 push dword ptr [409F50]
00403EE2 FF15 50205000 call dword ptr [<&kernel32.#522>] ; kernel32.HeapDestroy
00403EE8 33C0 xor eax, eax
00403EEA C3 retn
00403EEB 6A 01 push 1
00403EED 58 pop eax
00403EEE C3 retn
00403EEF 68 40010000 push 140
00403EF4 6A 00 push 0
00403EF6 FF35 509F4000 push dword ptr [409F50]
00403EFC FF15 34205000 call dword ptr [<&kernel32.#518>] ; ntdll.RtlAllocateHeap
非本机的:
00403EC4 FF15 54205000 call dword ptr [<&kernel32.#520>] ; kernel32.HeapDestroy
00403ECA 85C0 test eax, eax
00403ECC A3 509F4000 mov dword ptr [409F50], eax
00403ED1 74 15 je short 00403EE8
00403ED3 E8 17000000 call 00403EEF
00403ED8 85C0 test eax, eax
00403EDA 75 0F jnz short 00403EEB
00403EDC FF35 509F4000 push dword ptr [409F50]
00403EE2 FF15 50205000 call dword ptr [<&kernel32.#522>] ; ntdll.RtlFreeHeap
00403EE8 33C0 xor eax, eax
00403EEA C3 retn
00403EEB 6A 01 push 1
00403EED 58 pop eax
00403EEE C3 retn
00403EEF 68 40010000 push 140
00403EF4 6A 00 push 0
00403EF6 FF35 509F4000 push dword ptr [409F50]
00403EFC FF15 34205000 call dword ptr [<&kernel32.#518>] ; kernel32.HeapCreate
00403F02 85C0 test eax, eax
00403F04 A3 4C9F4000 mov dword ptr [409F4C], eax
00403F09 75 01 jnz short 00403F0C
代码都一模一样,可一个注释为 kernel32.HeapCreate,一个注释为kernel32.HeapDestroy,偶就不明所以了
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
