0058CDC4 $ 55 push ebp
0058CDC5 . 8BEC mov ebp, esp
0058CDC7 . 83C4 F8 add esp, -8
0058CDCA . 53 push ebx
0058CDCB . 56 push esi
0058CDCC . 57 push edi
0058CDCD . 84D2 test dl, dl
0058CDCF . 74 08 je short 0058CDD9
0058CDD1 . 83C4 F0 add esp, -10
0058CDD4 . E8 6F67E7FF call 00403548
0058CDD9 > 8BF1 mov esi, ecx
0058CDDB . 8855 FB mov byte ptr [ebp-5], dl
0058CDDE . 8945 FC mov dword ptr [ebp-4], eax
0058CDE1 . 33C0 xor eax, eax
0058CDE3 . 55 push ebp
0058CDE4 . 68 C1CE5800 push 0058CEC1
0058CDE9 . 64:FF30 push dword ptr fs:[eax]
0058CDEC . 64:8920 mov dword ptr fs:[eax], esp
0058CDEF . 68 F0CE5800 push 0058CEF0 ; /msshell.dll
0058CDF4 . E8 F7B8E7FF call <jmp.&kernel32.LoadLibraryA> ; \LoadLibraryA
0058CDF9 . 8BD8 mov ebx, eax
0058CDFB . 8B45 FC mov eax, dword ptr [ebp-4]
0058CDFE . 8958 04 mov dword ptr [eax+4], ebx
0058CE01 . 85DB test ebx, ebx
0058CE03 . 75 1E jnz short 0058CE23
0058CE05 . 6A 10 push 10 ; /Style = MB_OK|MB_ICONHAND|MB_APPLMODAL
0058CE07 . 68 FCCE5800 push 0058CEFC ; |系统信息
0058CE0C . 68 08CF5800 push 0058CF08 ; |找不到动态库"msshell.dll"!
0058CE11 . 56 push esi ; |hOwner
0058CE12 . E8 11C3E7FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
0058CE17 . A1 108E8100 mov eax, dword ptr [818E10]
0058CE1C . 8B00 mov eax, dword ptr [eax]
0058CE1E . E8 1112EDFF call 0045E034
0058CE23 > 68 24CF5800 push 0058CF24 ; /ry2_find
0058CE28 8B45 FC mov eax, dword ptr [ebp-4]
0058CE2B 8B40 04 mov eax, dword ptr [eax+4]
0058CE2E . 50 push eax ; |hModule
0058CE2F . E8 E4B7E7FF call <jmp.&kernel32.GetProcAddress> ; \GetProcAddress
0058CE34 . 8B55 FC mov edx, dword ptr [ebp-4]
0058CE37 . 8942 08 mov dword ptr [edx+8], eax
0058CE3A . 68 30CF5800 push 0058CF30 ; /ry2_open
0058CE3F . 8B45 FC mov eax, dword ptr [ebp-4] ; |
0058CE42 8B40 04 mov eax, dword ptr [eax+4]
0058CE45 . 50 push eax ; |hModule
0058CE46 . E8 CDB7E7FF call <jmp.&kernel32.GetProcAddress> ; \GetProcAddress
0058CE4B . 8B55 FC mov edx, dword ptr [ebp-4]
0058CE4E . 8942 0C mov dword ptr [edx+C], eax
0058CE51 . 68 3CCF5800 push 0058CF3C ; /ry2_close
0058CE56 . 8B45 FC mov eax, dword ptr [ebp-4] ; |
0058CE59 8B40 04 mov eax, dword ptr [eax+4]
0058CE5C . 50 push eax ; |hModule
0058CE5D . E8 B6B7E7FF call <jmp.&kernel32.GetProcAddress> ; \GetProcAddress
0058CE62 . 8B55 FC mov edx, dword ptr [ebp-4]
0058CE65 . 8942 10 mov dword ptr [edx+10], eax
0058CE68 . 68 48CF5800 push 0058CF48 ; /ry2_genuid
0058CE6D . 8B45 FC mov eax, dword ptr [ebp-4] ; |
0058CE70 8B40 04 mov eax, dword ptr [eax+4]
0058CE73 . 50 push eax ; |hModule
0058CE74 . E8 9FB7E7FF call <jmp.&kernel32.GetProcAddress> ; \GetProcAddress
0058CE79 . 8B55 FC mov edx, dword ptr [ebp-4]
0058CE7C . 8942 14 mov dword ptr [edx+14], eax
0058CE7F . 68 54CF5800 push 0058CF54 ; /ry2_write
0058CE84 . 8B45 FC mov eax, dword ptr [ebp-4] ; |
0058CE87 8B40 04 mov eax, dword ptr [eax+4]
0058CE8A . 50 push eax ; |hModule
0058CE8B . E8 88B7E7FF call <jmp.&kernel32.GetProcAddress> ; \GetProcAddress
0058CE90 . 8B55 FC mov edx, dword ptr [ebp-4]
0058CE93 . 8942 1C mov dword ptr [edx+1C], eax
0058CE96 . 68 60CF5800 push 0058CF60 ; /ry2_read
0058CE9B . 8B45 FC mov eax, dword ptr [ebp-4] ; |
0058CE9E 8B40 04 mov eax, dword ptr [eax+4]
0058CEA1 . 50 push eax ; |hModule
0058CEA2 . E8 71B7E7FF call <jmp.&kernel32.GetProcAddress> ; \GetProcAddress
0058CEA7 . 8B55 FC mov edx, dword ptr [ebp-4]
0058CEAA . 8942 18 mov dword ptr [edx+18], eax
0058CEAD . 8BD6 mov edx, esi
0058CEAF 8B45 FC mov eax, dword ptr [ebp-4] ; (initial cpu selection)
0058CEB2 . E8 B5000000 call 0058CF6C
0058CEB7 . 33C0 xor eax, eax
0058CEB9 . 5A pop edx
0058CEBA . 59 pop ecx
0058CEBB . 59 pop ecx
0058CEBC . 64:8910 mov dword ptr fs:[eax], edx
0058CEBF . EB 0A jmp short 0058CECB
0058CEC1 .^ E9 EE67E7FF jmp 004036B4
0058CEC6 . E8 056CE7FF call 00403AD0
0058CECB > 8B45 FC mov eax, dword ptr [ebp-4]
0058CECE . 807D FB 00 cmp byte ptr [ebp-5], 0
0058CED2 . 74 0F je short 0058CEE3
0058CED4 . E8 C766E7FF call 004035A0
0058CED9 . 64:8F05 00000>pop dword ptr fs:[0]
0058CEE0 . 83C4 0C add esp, 0C
0058CEE3 > 8B45 FC mov eax, dword ptr [ebp-4]
0058CEE6 . 5F pop edi
0058CEE7 . 5E pop esi
0058CEE8 . 5B pop ebx
0058CEE9 . 59 pop ecx
0058CEEA . 59 pop ecx
0058CEEB . 5D pop ebp
0058CEEC . C3 retn
上面这里是硬件狗怎么处理呢??
下面有来了一大段软狗,这个是什么?怎么处理啊。大家看代码。
0058D370 $ 55 push ebp
0058D371 . 8BEC mov ebp, esp
0058D373 . 81C4 DCFDFFFF add esp, -224
0058D379 . 53 push ebx
0058D37A . 56 push esi
0058D37B . 57 push edi
0058D37C . 33DB xor ebx, ebx
0058D37E . 899D DCFDFFFF mov dword ptr [ebp-224], ebx
0058D384 . 899D E0FDFFFF mov dword ptr [ebp-220], ebx
0058D38A . 899D E4FDFFFF mov dword ptr [ebp-21C], ebx
0058D390 . 895D EC mov dword ptr [ebp-14], ebx
0058D393 . 8BD9 mov ebx, ecx
0058D395 . 8BF2 mov esi, edx
0058D397 . 8945 FC mov dword ptr [ebp-4], eax
0058D39A . 33C0 xor eax, eax
0058D39C . 55 push ebp
0058D39D . 68 50D65800 push 0058D650
0058D3A2 . 64:FF30 push dword ptr fs:[eax]
0058D3A5 . 64:8920 mov dword ptr fs:[eax], esp
0058D3A8 . 33D2 xor edx, edx
0058D3AA . 55 push ebp
0058D3AB . 68 20D65800 push 0058D620
0058D3B0 . 64:FF32 push dword ptr fs:[edx]
0058D3B3 . 64:8922 mov dword ptr fs:[edx], esp
0058D3B6 . 33D2 xor edx, edx
0058D3B8 . 55 push ebp
0058D3B9 . 68 0FD65800 push 0058D60F
0058D3BE . 64:FF32 push dword ptr fs:[edx]
0058D3C1 . 64:8922 mov dword ptr fs:[edx], esp
0058D3C4 . C645 FB 00 mov byte ptr [ebp-5], 0
0058D3C8 8B45 FC mov eax, dword ptr [ebp-4]
0058D3CB . FF50 08 call dword ptr [eax+8]
0058D3CE . 85C0 test eax, eax
0058D3D0 7F 30 jg short 0058D402
0058D3D2 . 6A 10 push 10 ; /Style = MB_OK|MB_ICONHAND|MB_APPLMODAL
0058D3D4 . 68 64D65800 push 0058D664 ; |Title = "系统提示"
0058D3D9 . 68 70D65800 push 0058D670 ; |Text = "软件?,B7,"",B2,"",BB,"",B4,"嬖?,BB,"虺鱿?,B4,"砦螅",A1,""
0058D3DE . 56 push esi ; |hOwner
0058D3DF . E8 44BDE7FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
0058D3E4 . A1 108E8100 mov eax, dword ptr [818E10]
0058D3E9 . 8B00 mov eax, dword ptr [eax]
0058D3EB . E8 440CEDFF call 0045E034
0058D3F0 . E8 0B67E7FF call 00403B00
0058D3F5 . 33C0 xor eax, eax
0058D3F7 . 5A pop edx
0058D3F8 . 59 pop ecx
0058D3F9 . 59 pop ecx
0058D3FA . 64:8910 mov dword ptr fs:[eax], edx
0058D3FD . E9 28020000 jmp 0058D62A
0058D402 > 8D45 F0 lea eax, dword ptr [ebp-10]
0058D405 . 50 push eax
0058D406 . 6A 00 push 0
0058D408 . 6A 00 push 0
0058D40A . 8B45 FC mov eax, dword ptr [ebp-4]
0058D40D . FF50 0C call dword ptr [eax+C]
0058D410 . 85C0 test eax, eax
0058D412 7D 24 jge short 0058D438
0058D414 . 6A 10 push 10 ; /Style = MB_OK|MB_ICONHAND|MB_APPLMODAL
0058D416 . 68 64D65800 push 0058D664 ; |Title = "系统提示"
0058D41B . 68 8CD65800 push 0058D68C ; |Text = ""B4,"蚩砑",B7,"",B4,"砦螅",A1,""
0058D420 . 56 push esi ; |hOwner
0058D421 . E8 02BDE7FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
0058D426 . E8 D566E7FF call 00403B00
0058D42B . 33C0 xor eax, eax
0058D42D . 5A pop edx
0058D42E . 59 pop ecx
0058D42F . 59 pop ecx
0058D430 . 64:8910 mov dword ptr fs:[eax], edx
0058D433 . E9 F2010000 jmp 0058D62A
0058D438 > 8945 F4 mov dword ptr [ebp-C], eax
0058D43B . 8D85 EBFDFFFF lea eax, dword ptr [ebp-215]
0058D441 . 50 push eax
0058D442 . 6A 03 push 3
0058D444 . 8B45 F4 mov eax, dword ptr [ebp-C]
0058D447 . 50 push eax
0058D448 . 8B45 FC mov eax, dword ptr [ebp-4]
0058D44B . FF50 18 call dword ptr [eax+18]
0058D44E . 85C0 test eax, eax
0058D450 . 7D 24 jge short 0058D476
0058D452 . 6A 10 push 10 ; /Style = MB_OK|MB_ICONHAND|MB_APPLMODAL
0058D454 . 68 64D65800 push 0058D664 ; |Title = "系统提示"
0058D459 . 68 A0D65800 push 0058D6A0 ; |Text = "软件?,B7,"",B6,"潦?,B4,"砦螅",A1,""
0058D45E . 56 push esi ; |hOwner
0058D45F . E8 C4BCE7FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
0058D464 . E8 9766E7FF call 00403B00
0058D469 . 33C0 xor eax, eax
0058D46B . 5A pop edx
0058D46C . 59 pop ecx
0058D46D . 59 pop ecx
0058D46E . 64:8910 mov dword ptr fs:[eax], edx
0058D471 . E9 B4010000 jmp 0058D62A
0058D476 > 8D55 EC lea edx, dword ptr [ebp-14]
0058D479 . 8D85 EBFDFFFF lea eax, dword ptr [ebp-215]
0058D47F . E8 B4EEE7FF call 0040C338
0058D484 . 8B55 EC mov edx, dword ptr [ebp-14]
0058D487 . B8 BCD65800 mov eax, 0058D6BC
0058D48C . E8 5371E7FF call 004045E4
0058D491 . 8BF8 mov edi, eax
0058D493 . 53 push ebx
0058D494 . 8BCF mov ecx, edi
0058D496 . 49 dec ecx
0058D497 . BA 01000000 mov edx, 1
0058D49C . 8B45 EC mov eax, dword ptr [ebp-14]
0058D49F . E8 5C70E7FF call 00404500
0058D4A4 . 8D45 EC lea eax, dword ptr [ebp-14]
0058D4A7 . 8BCF mov ecx, edi
0058D4A9 . BA 01000000 mov edx, 1
0058D4AE . E8 8D70E7FF call 00404540
0058D4B3 . 8D43 04 lea eax, dword ptr [ebx+4]
0058D4B6 . 8B55 EC mov edx, dword ptr [ebp-14]
0058D4B9 . E8 FE6BE7FF call 004040BC
0058D4BE . 8D85 EBFDFFFF lea eax, dword ptr [ebp-215]
0058D4C4 . 50 push eax
0058D4C5 . 6A 04 push 4
0058D4C7 . 8B45 F4 mov eax, dword ptr [ebp-C]
0058D4CA . 50 push eax
0058D4CB . 8B45 FC mov eax, dword ptr [ebp-4]
0058D4CE . FF50 18 call dword ptr [eax+18]
0058D4D1 . 85C0 test eax, eax
0058D4D3 . 7D 24 jge short 0058D4F9
0058D4D5 . 6A 10 push 10 ; /Style = MB_OK|MB_ICONHAND|MB_APPLMODAL
0058D4D7 . 68 64D65800 push 0058D664 ; |Title = "系统提示"
0058D4DC . 68 A0D65800 push 0058D6A0 ; |Text = "软件?,B7,"",B6,"潦?,B4,"砦螅",A1,""
0058D4E1 . 56 push esi ; |hOwner
0058D4E2 . E8 41BCE7FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
0058D4E7 . E8 1466E7FF call 00403B00
0058D4EC . 33C0 xor eax, eax
0058D4EE . 5A pop edx
0058D4EF . 59 pop ecx
0058D4F0 . 59 pop ecx
0058D4F1 . 64:8910 mov dword ptr fs:[eax], edx
0058D4F4 . E9 31010000 jmp 0058D62A
0058D4F9 > 8D55 EC lea edx, dword ptr [ebp-14]
0058D4FC . 8D85 EBFDFFFF lea eax, dword ptr [ebp-215]
0058D502 . E8 31EEE7FF call 0040C338
0058D507 . 8D8D E4FDFFFF lea ecx, dword ptr [ebp-21C]
0058D50D . 8B55 EC mov edx, dword ptr [ebp-14]
0058D510 . 8B45 FC mov eax, dword ptr [ebp-4]
0058D513 . E8 7CFBFFFF call 0058D094
0058D518 . 8B95 E4FDFFFF mov edx, dword ptr [ebp-21C]
0058D51E . 8D43 08 lea eax, dword ptr [ebx+8]
0058D521 . E8 966BE7FF call 004040BC
0058D526 . 8D85 EBFDFFFF lea eax, dword ptr [ebp-215]
0058D52C . 50 push eax
0058D52D . 6A 02 push 2
0058D52F . 8B45 F4 mov eax, dword ptr [ebp-C]
0058D532 . 50 push eax
0058D533 . 8B45 FC mov eax, dword ptr [ebp-4]
0058D536 . FF50 18 call dword ptr [eax+18]
0058D539 . 85C0 test eax, eax
0058D53B . 7D 24 jge short 0058D561
0058D53D . 6A 10 push 10 ; /Style = MB_OK|MB_ICONHAND|MB_APPLMODAL
0058D53F . 68 64D65800 push 0058D664 ; |Title = "系统提示"
0058D544 . 68 A0D65800 push 0058D6A0 ; |Text = "软件?,B7,"",B6,"潦?,B4,"砦螅",A1,""
0058D549 . 56 push esi ; |hOwner
0058D54A . E8 D9BBE7FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
0058D54F . E8 AC65E7FF call 00403B00
0058D554 . 33C0 xor eax, eax
0058D556 . 5A pop edx
0058D557 . 59 pop ecx
0058D558 . 59 pop ecx
0058D559 . 64:8910 mov dword ptr fs:[eax], edx
0058D55C . E9 C9000000 jmp 0058D62A
0058D561 > 8D55 EC lea edx, dword ptr [ebp-14]
0058D564 . 8D85 EBFDFFFF lea eax, dword ptr [ebp-215]
0058D56A . E8 C9EDE7FF call 0040C338
0058D56F . 8D8D E0FDFFFF lea ecx, dword ptr [ebp-220]
0058D575 . 8B55 EC mov edx, dword ptr [ebp-14]
0058D578 . 8B45 FC mov eax, dword ptr [ebp-4]
0058D57B . E8 14FBFFFF call 0058D094
0058D580 . 8B95 E0FDFFFF mov edx, dword ptr [ebp-220]
0058D586 . 8D43 0C lea eax, dword ptr [ebx+C]
0058D589 . E8 2E6BE7FF call 004040BC
0058D58E . 8D85 EBFDFFFF lea eax, dword ptr [ebp-215]
0058D594 . 50 push eax
0058D595 . 6A 01 push 1
0058D597 . 8B45 F4 mov eax, dword ptr [ebp-C]
0058D59A . 50 push eax
0058D59B . 8B45 FC mov eax, dword ptr [ebp-4]
0058D59E . FF50 18 call dword ptr [eax+18]
0058D5A1 . 85C0 test eax, eax
0058D5A3 . 7D 21 jge short 0058D5C6
0058D5A5 . 6A 10 push 10 ; /Style = MB_OK|MB_ICONHAND|MB_APPLMODAL
0058D5A7 . 68 64D65800 push 0058D664 ; |Title = "系统提示"
0058D5AC . 68 A0D65800 push 0058D6A0 ; |Text = "软件?,B7,"",B6,"潦?,B4,"砦螅",A1,""
0058D5B1 . 56 push esi ; |hOwner
0058D5B2 . E8 71BBE7FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
0058D5B7 . E8 4465E7FF call 00403B00
0058D5BC . 33C0 xor eax, eax
0058D5BE . 5A pop edx
0058D5BF . 59 pop ecx
0058D5C0 . 59 pop ecx
0058D5C1 . 64:8910 mov dword ptr fs:[eax], edx
0058D5C4 . EB 64 jmp short 0058D62A
0058D5C6 > 8D55 EC lea edx, dword ptr [ebp-14]
0058D5C9 . 8D85 EBFDFFFF lea eax, dword ptr [ebp-215]
0058D5CF . E8 64EDE7FF call 0040C338
0058D5D4 . 8D8D DCFDFFFF lea ecx, dword ptr [ebp-224]
0058D5DA . 8B55 EC mov edx, dword ptr [ebp-14]
0058D5DD . 8B45 FC mov eax, dword ptr [ebp-4]
0058D5E0 . E8 AFFAFFFF call 0058D094
0058D5E5 . 8B95 DCFDFFFF mov edx, dword ptr [ebp-224]
0058D5EB . 8D43 10 lea eax, dword ptr [ebx+10]
0058D5EE . E8 C96AE7FF call 004040BC
0058D5F3 . C645 FB 01 mov byte ptr [ebp-5], 1
0058D5F7 . 33C0 xor eax, eax
0058D5F9 . 5A pop edx
0058D5FA . 59 pop ecx
0058D5FB . 59 pop ecx
0058D5FC . 64:8910 mov dword ptr fs:[eax], edx
0058D5FF . 68 16D65800 push 0058D616
0058D604 > 8B45 F4 mov eax, dword ptr [ebp-C]
0058D607 . 50 push eax
0058D608 . 8B45 FC mov eax, dword ptr [ebp-4]
0058D60B . FF50 10 call dword ptr [eax+10]
0058D60E . C3 retn
0058D60F .^ E9 5463E7FF jmp 00403968
0058D614 .^ EB EE jmp short 0058D604
0058D616 . 33C0 xor eax, eax
0058D618 . 5A pop edx
0058D619 . 59 pop ecx
0058D61A . 59 pop ecx
0058D61B . 64:8910 mov dword ptr fs:[eax], edx
0058D61E . EB 0A jmp short 0058D62A
0058D620 .^ E9 8F60E7FF jmp 004036B4
0058D625 . E8 A664E7FF call 00403AD0
0058D62A > 33C0 xor eax, eax
0058D62C . 5A pop edx
0058D62D . 59 pop ecx
0058D62E . 59 pop ecx
0058D62F . 64:8910 mov dword ptr fs:[eax], edx
0058D632 . 68 57D65800 push 0058D657
0058D637 > 8D85 DCFDFFFF lea eax, dword ptr [ebp-224]
0058D63D . BA 03000000 mov edx, 3
0058D642 . E8 456AE7FF call 0040408C
0058D647 . 8D45 EC lea eax, dword ptr [ebp-14]
0058D64A . E8 196AE7FF call 00404068
0058D64F . C3 retn
0058D650 .^ E9 1363E7FF jmp 00403968
0058D655 .^ EB E0 jmp short 0058D637
0058D657 . 8A45 FB mov al, byte ptr [ebp-5]
0058D65A . 5F pop edi
0058D65B . 5E pop esi
0058D65C . 5B pop ebx
0058D65D . 8BE5 mov esp, ebp
0058D65F . 5D pop ebp
0058D660 . C3 retn
[课程]Android-CTF解题方法汇总!
