一个软件,名字省略拉
保护方式:ASProtect 1.23 RC1 - Alexey Solodovnikov
OD异常设置不忽略内存异常,其余全部忽略,载入程序。
00401000 r> 68 01005D00 push robot.005D0001 ///停在这里,F9运行
00401005 E8 01000000 call robot.0040100B
0040100A C3 retn
内存异常
00B0335C 3100 xor dword ptr ds:[eax],eax
00B0335E EB 01 jmp short 00B03361
最后一次异常
00B02CD1 3100 xor dword ptr ds:[eax],eax
00B02CD3 64:8F05 00000000 pop dword ptr fs:[0]// 在此处下断,F9运行,然后清除断点
00B02CDA 58 pop eax
00B02CDB 833D 7C6DB000 00 cmp dword ptr ds:[B06D7C],0
00B02CE2 74 14 je short 00B02CF8
00B02CE4 6A 0C push 0C
00B02CE6 B9 7C6DB000 mov ecx,0B06D7C
00B02CEB 8D45 F8 lea eax,dword ptr ss:[ebp-8]
00B02CEE BA 04000000 mov edx,4
00B02CF3 E8 54E1FFFF call 00B00E4C
00B02CF8 FF75 FC push dword ptr ss:[ebp-4]
00B02CFB FF75 F8 push dword ptr ss:[ebp-8]
00B02CFE 8B45 F4 mov eax,dword ptr ss:[ebp-C]
00B02D01 8338 00 cmp dword ptr ds:[eax],0
00B02D04 74 02 je short 00B02D08
00B02D06 FF30 push dword ptr ds:[eax]
00B02D08 FF75 F0 push dword ptr ss:[ebp-10]
00B02D0B FF75 EC push dword ptr ss:[ebp-14]
00B02D0E C3 retn
下内存code访问断点
F9运行,程序中断在OEP处
00529914 55 push ebp ///OEP,DUMP
00529915 8BEC mov ebp,esp
00529917 83C4 F0 add esp,-10
0052991A 53 push ebx
0052991B B8 14955200 mov eax,robot.00529514
00529920 E8 27D8EDFF call robot.0040714C
00529925 8B1D 98C65200 mov ebx,dword ptr ds:[52C698] ; robot.0052DC3C
0052992B 8B03 mov eax,dword ptr ds:[ebx]
0052992D E8 B6D5F3FF call robot.00466EE8
00529932 8B0D 38C75200 mov ecx,dword ptr ds:[52C738] ; robot.00549C90
00529938 8B03 mov eax,dword ptr ds:[ebx]
0052993A 8B15 CC795000 mov edx,dword ptr ds:[5079CC] ; robot.00507A18
00529940 E8 BBD5F3FF call robot.00466F00
00529945 8B0D 1CC95200 mov ecx,dword ptr ds:[52C91C] ; robot.0055CC08
0052994B 8B03 mov eax,dword ptr ds:[ebx]
0052994D 8B15 847C5200 mov edx,dword ptr ds:[527C84] ; robot.00527CD0
00529953 E8 A8D5F3FF call robot.00466F00
00529958 8B0D F0C45200 mov ecx,dword ptr ds:[52C4F0] ; robot.00549CDC
0052995E 8B03 mov eax,dword ptr ds:[ebx]
00529960 8B15 E4E45000 mov edx,dword ptr ds:[50E4E4] ; robot.0050E530
00529966 E8 95D5F3FF call robot.00466F00
0052996B 8B0D CCC55200 mov ecx,dword ptr ds:[52C5CC] ; robot.00549C5C
00529971 8B03 mov eax,dword ptr ds:[ebx]
00529973 8B15 884C5000 mov edx,dword ptr ds:[504C88] ; robot.00504CD4
00529979 E8 82D5F3FF call robot.00466F00
0052997E 8B0D 50C55200 mov ecx,dword ptr ds:[52C550] ; robot.00549C54
启动Import REC1.6 填入oep=129914 ,IAT自动搜索-获得输入信息-显示无效的,右键先用追踪层次1修复大部分指针,剩下的指针用Asprotect1.22插件修复。
运行修复后的程序成功运行。
:D :D :D
[课程]Android-CTF解题方法汇总!