脱Armadillo 3.78 - 4.xx 带KEY 遇到问题
2008-11-1 18:09
OD载入停在
00452000 > 60 PUSHAD
00452001 E8 00000000 CALL 2007.00452006
00452006 5D POP EBP
00452007 50 PUSH EAX
00452008 51 PUSH ECX
00452009 0FCA BSWAP EDX
下“he GetDlgItem” 断点 Shift+F9运行 出现异常 c000001e (invalid lock sequence)
0045B5C3 F0: PREFIX LOCK: ; 多余的前缀
0045B5C4 F0:C7 ???
0045B5C6 C8 64678F ENTER 6764,8F
0045B5CA 06 PUSH ES
0045B5CB 0000 ADD BYTE PTR DS:[EAX],AL
多次shift+f9后第一次断下再次shift+f9出现对话框确定后断在
77D2436E > 8BFF MOV EDI,EDI
77D24370 55 PUSH EBP
77D24371 8BEC MOV EBP,ESP
77D24373 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
77D24376 E8 6541FFFF CALL USER32.77D184E0
77D2437B 85C0 TEST EAX,EAX
77D2437D 74 1F JE SHORT USER32.77D2439E
77D2437F 56 PUSH ESI
77D24380 FF75 0C PUSH DWORD PTR SS:[EBP+C]
77D24383 50 PUSH EAX
77D24384 E8 A9FFFFFF CALL USER32.77D24332
77D24389 85C0 TEST EAX,EAX
77D2438B 0F84 00DD0000 JE USER32.77D32091
77D24391 8B30 MOV ESI,DWORD PTR DS:[EAX]
77D24393 85F6 TEST ESI,ESI
77D24395 0F84 F8DC0000 JE USER32.77D32093
77D2439B 8BC6 MOV EAX,ESI
77D2439D 5E POP ESI
77D2439E 5D POP EBP
77D2439F C2 0800 RETN 8
77D243A2 53 PUSH EBX
alt+f9返回 问题出在这边了!不知道进哪个CALL里面替换ID
00BB4384 50 PUSH EAX
00BB4385 68 15040000 PUSH 415
00BB438A 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
00BB438D 52 PUSH EDX
00BB438E FF15 2C34BE00 CALL DWORD PTR DS:[BE342C] ; USER32.GetDlgItem
00BB4394 50 PUSH EAX
00BB4395 68 07040000 PUSH 407
00BB439A 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00BB439D 50 PUSH EAX
00BB439E FF15 2C34BE00 CALL DWORD PTR DS:[BE342C] ; USER32.GetDlgItem
00BB43A4 50 PUSH EAX
00BB43A5 E8 26FEFEFF CALL 00BA41D0
00BB43AA 83C4 0C ADD ESP,0C
00BB43AD 8B0D 3C29BF00 MOV ECX,DWORD PTR DS:[BF293C]
00BB43B3 E8 88C6FCFF CALL 00B80A40
00BB43B8 0FB6C8 MOVZX ECX,AL
00BB43BB 85C9 TEST ECX,ECX
00BB43BD 75 61 JNZ SHORT 00BB4420
00BB43BF 0FB615 48C7BE00 MOVZX EDX,BYTE PTR DS:[BEC748]
00BB43C6 85D2 TEST EDX,EDX
00BB43C8 74 56 JE SHORT 00BB4420
00BB43CA A1 3C29BF00 MOV EAX,DWORD PTR DS:[BF293C]
00BB43CF 8985 DCF9FFFF MOV DWORD PTR SS:[EBP-624],EAX
00BB43D5 8B8D DCF9FFFF MOV ECX,DWORD PTR SS:[EBP-624]
00BB43DB E8 60C6FCFF CALL 00B80A40
00BB43E0 0FB6C8 MOVZX ECX,AL
00BB43E3 85C9 TEST ECX,ECX
00BB43E5 74 0E JE SHORT 00BB43F5
00BB43E7 8B15 00C0BE00 MOV EDX,DWORD PTR DS:[BEC000]
00BB43ED 8995 B8F9FFFF MOV DWORD PTR SS:[EBP-648],EDX
00BB43F3 EB 0F JMP SHORT 00BB4404
00BB43F5 8B85 DCF9FFFF MOV EAX,DWORD PTR SS:[EBP-624]
00BB43FB 83C0 08 ADD EAX,8
00BB43FE 8985 B8F9FFFF MOV DWORD PTR SS:[EBP-648],EAX
00BB4404 8B8D B8F9FFFF MOV ECX,DWORD PTR SS:[EBP-648]
00BB440A 51 PUSH ECX
00BB440B 68 07040000 PUSH 407
00BB4410 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
00BB4413 52 PUSH EDX
00BB4414 FF15 2C34BE00 CALL DWORD PTR DS:[BE342C] ; USER32.GetDlgItem
00BB441A 50 PUSH EAX
00BB441B E8 D0360100 CALL 00BC7AF0
00BB4420 6A 00 PUSH 0
00BB4422 6A 00 PUSH 0
00BB4424 68 64040000 PUSH 464
00BB4429 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00BB442C 50 PUSH EAX
00BB442D FF15 E434BE00 CALL DWORD PTR DS:[BE34E4] ; USER32.SendMessageA
00BB4433 6A 00 PUSH 0
00BB4435 68 F4010000 PUSH 1F4
00BB443A 6A 01 PUSH 1
00BB443C 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00BB443F 51 PUSH ECX
00BB4440 FF15 9834BE00 CALL DWORD PTR DS:[BE3498] ; USER32.SetTimer
00BB4446 68 07040000 PUSH 407
00BB444B 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
00BB444E 52 PUSH EDX
00BB444F FF15 2C34BE00 CALL DWORD PTR DS:[BE342C] ; USER32.GetDlgItem
00BB4455 85C0 TEST EAX,EAX
00BB4457 74 63 JE SHORT 00BB44BC
00BB4459 68 F8A5BF00 PUSH 0BFA5F8
00BB445E E8 6D770100 CALL 00BCBBD0
00BB4463 83C4 04 ADD ESP,4
00BB4466 85C0 TEST EAX,EAX
00BB4468 74 50 JE SHORT 00BB44BA
00BB446A 68 F8A5BF00 PUSH 0BFA5F8
00BB446F 68 15040000 PUSH 415
00BB4474 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00BB4477 50 PUSH EAX
00BB4478 FF15 2C34BE00 CALL DWORD PTR DS:[BE342C] ; USER32.GetDlgItem
00BB447E 50 PUSH EAX
00BB447F 68 07040000 PUSH 407
00BB4484 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00BB4487 51 PUSH ECX
00BB4488 FF15 2C34BE00 CALL DWORD PTR DS:[BE342C] ; USER32.GetDlgItem
00BB448E 50 PUSH EAX
00BB448F E8 8CFCFEFF CALL 00BA4120
00BB4494 83C4 0C ADD ESP,0C
00BB4497 0FB6D0 MOVZX EDX,AL
00BB449A 85D2 TEST EDX,EDX
00BB449C 74 1C JE SHORT 00BB44BA
00BB449E 6A 00 PUSH 0
00BB44A0 6A 00 PUSH 0
00BB44A2 68 F5000000 PUSH 0F5
00BB44A7 6A 01 PUSH 1
00BB44A9 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00BB44AC 50 PUSH EAX
00BB44AD FF15 2C34BE00 CALL DWORD PTR DS:[BE342C] ; USER32.GetDlgItem
00BB44B3 50 PUSH EAX
00BB44B4 FF15 E434BE00 CALL DWORD PTR DS:[BE34E4] ; USER32.SendMessageA
00BB44BA EB 48 JMP SHORT 00BB4504
00BB44BC 68 F8A5BF00 PUSH 0BFA5F8
00BB44C1 E8 0A770100 CALL 00BCBBD0
00BB44C6 83C4 04 ADD ESP,4
00BB44C9 85C0 TEST EAX,EAX
00BB44CB 74 37 JE SHORT 00BB4504
00BB44CD 68 F8A5BF00 PUSH 0BFA5F8
00BB44D2 68 15040000 PUSH 415
00BB44D7 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00BB44DA 51 PUSH ECX
00BB44DB FF15 2C34BE00 CALL DWORD PTR DS:[BE342C] ; USER32.GetDlgItem
00BB44E1 50 PUSH EAX
00BB44E2 FF15 4434BE00 CALL DWORD PTR DS:[BE3444] ; USER32.SetWindowTextA
00BB44E8 6A 00 PUSH 0
00BB44EA 6A 00 PUSH 0
00BB44EC 68 F5000000 PUSH 0F5
00BB44F1 6A 01 PUSH 1
00BB44F3 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
00BB44F6 52 PUSH EDX
00BB44F7 FF15 2C34BE00 CALL DWORD PTR DS:[BE342C] ; USER32.GetDlgItem
00BB44FD 50 PUSH EAX
00BB44FE FF15 E434BE00 CALL DWORD PTR DS:[BE34E4] ; USER32.SendMessageA
00BB4504 6A 00 PUSH 0
00BB4506 6A 00 PUSH 0
00BB4508 6A 00 PUSH 0
00BB450A 6A 00 PUSH 0
00BB450C 6A 00 PUSH 0
00BB450E 6A 00 PUSH 0
00BB4510 6A 00 PUSH 0
00BB4512 6A 00 PUSH 0
00BB4514 6A 00 PUSH 0
00BB4516 6A 20 PUSH 20
00BB4518 E8 C319FEFF CALL 00B95EE0
00BB451D 83C4 28 ADD ESP,28
00BB4520 50 PUSH EAX
00BB4521 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00BB4524 50 PUSH EAX
00BB4525 E8 F6320100 CALL 00BC7820
00BB452A 6A 00 PUSH 0
00BB452C 6A 00 PUSH 0
00BB452E 6A 00 PUSH 0
00BB4530 6A 00 PUSH 0
00BB4532 6A 00 PUSH 0
00BB4534 6A 00 PUSH 0
00BB4536 6A 00 PUSH 0
00BB4538 6A 00 PUSH 0
00BB453A 6A 00 PUSH 0
00BB453C 6A 17 PUSH 17
00BB453E E8 9D19FEFF CALL 00B95EE0
00BB4543 83C4 28 ADD ESP,28
00BB4546 50 PUSH EAX
00BB4547 68 43040000 PUSH 443
00BB454C 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00BB454F 51 PUSH ECX
00BB4550 FF15 2C34BE00 CALL DWORD PTR DS:[BE342C] ; USER32.GetDlgItem
00BB4556 50 PUSH EAX
00BB4557 E8 B4350100 CALL 00BC7B10
00BB455C 6A 00 PUSH 0
00BB455E 6A 00 PUSH 0
00BB4560 6A 00 PUSH 0
00BB4562 6A 00 PUSH 0
00BB4564 6A 00 PUSH 0
00BB4566 6A 00 PUSH 0
00BB4568 6A 00 PUSH 0
00BB456A 6A 00 PUSH 0
00BB456C 6A 00 PUSH 0
00BB456E 6A 1E PUSH 1E
00BB4570 E8 6B19FEFF CALL 00B95EE0
00BB4575 83C4 28 ADD ESP,28
00BB4578 50 PUSH EAX
00BB4579 68 18040000 PUSH 418
00BB457E 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
00BB4581 52 PUSH EDX
00BB4582 FF15 2C34BE00 CALL DWORD PTR DS:[BE342C] ; USER32.GetDlgItem
00BB4588 50 PUSH EAX
00BB4589 E8 82350100 CALL 00BC7B10
00BB458E 6A 00 PUSH 0
00BB4590 6A 00 PUSH 0
00BB4592 6A 00 PUSH 0
00BB4594 6A 00 PUSH 0
00BB4596 6A 00 PUSH 0
00BB4598 6A 00 PUSH 0
00BB459A 6A 00 PUSH 0
00BB459C 6A 00 PUSH 0
00BB459E 6A 00 PUSH 0
00BB45A0 6A 1D PUSH 1D
00BB45A2 E8 3919FEFF CALL 00B95EE0
00BB45A7 83C4 28 ADD ESP,28
00BB45AA 50 PUSH EAX
00BB45AB 68 19040000 PUSH 419
00BB45B0 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00BB45B3 50 PUSH EAX
00BB45B4 FF15 2C34BE00 CALL DWORD PTR DS:[BE342C] ; USER32.GetDlgItem
00BB45BA 50 PUSH EAX
00BB45BB E8 50350100 CALL 00BC7B10
00BB45C0 6A 00 PUSH 0
00BB45C2 6A 00 PUSH 0
00BB45C4 6A 00 PUSH 0
00BB45C6 6A 00 PUSH 0
00BB45C8 6A 00 PUSH 0
00BB45CA 6A 00 PUSH 0
00BB45CC 6A 00 PUSH 0
00BB45CE 6A 00 PUSH 0
00BB45D0 6A 00 PUSH 0
00BB45D2 6A 10 PUSH 10
00BB45D4 E8 0719FEFF CALL 00B95EE0
00BB45D9 83C4 28 ADD ESP,28
00BB45DC 50 PUSH EAX
00BB45DD 6A 01 PUSH 1
00BB45DF 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00BB45E2 51 PUSH ECX
00BB45E3 FF15 2C34BE00 CALL DWORD PTR DS:[BE342C] ; USER32.GetDlgItem
00BB45E9 50 PUSH EAX
00BB45EA E8 21350100 CALL 00BC7B10
00BB45EF 6A 00 PUSH 0
00BB45F1 6A 00 PUSH 0
00BB45F3 6A 00 PUSH 0
00BB45F5 6A 00 PUSH 0
00BB45F7 6A 00 PUSH 0
00BB45F9 6A 00 PUSH 0
00BB45FB 6A 00 PUSH 0
00BB45FD 6A 00 PUSH 0
00BB45FF 6A 00 PUSH 0
00BB4601 6A 0D PUSH 0D
00BB4603 E8 D818FEFF CALL 00B95EE0
00BB4608 83C4 28 ADD ESP,28
00BB460B 50 PUSH EAX
00BB460C 6A 02 PUSH 2
00BB460E 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
00BB4611 52 PUSH EDX
00BB4612 FF15 2C34BE00 CALL DWORD PTR DS:[BE342C] ; USER32.GetDlgItem
00BB4618 50 PUSH EAX
00BB4619 E8 F2340100 CALL 00BC7B10
00BB461E 6A 00 PUSH 0
00BB4620 6A 00 PUSH 0
00BB4622 6A 00 PUSH 0
00BB4624 6A 00 PUSH 0
00BB4626 6A 00 PUSH 0
00BB4628 6A 00 PUSH 0
00BB462A 6A 00 PUSH 0
00BB462C 6A 00 PUSH 0
00BB462E 6A 00 PUSH 0
00BB4630 6A 2A PUSH 2A
00BB4632 E8 A918FEFF CALL 00B95EE0
希望大侠们帮帮忙,找了好多教程也问了好多人都没有解决!QQ:94294932
目标程序在 http://94294932.ys168.com 网盘
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法