本人是个菜菜菜鸟,只会用一些脱壳工具脱,不要笑话我哦,我正在学习黑客的vip教程呢。。
来论坛的时间有限,基本没有吾爱币,所以在这个区发个求助帖,忘版主不要删,谢谢。
最近用Armageddon_v15那个穿山甲脱壳机脱了个程序,脱完双击程序出现《程序校验错误,请确保系统安全后到……下载安装》。
其脱壳机日志如下
载入目标文件 :
***.exe
进程名称E0
处理目标
=================================
Debug Blocker detected
child Process ID: 2A4
child Thread ID: F48
=================================
STRATEGIC CODE SPLICING ENABLED!
Code Splicing Section: .text
Old VMaddress: 03970000
Old VMsize: 0001FFCD
=================================
IAT表重定向失效!
虚拟地址: 0125B018
虚拟变量: 0128823C
=================================
IAT ELIMINATION DISABLED!
IAT elimination section: .data1
Old VMaddress: 014112C0
New VMaddress: 00995000
=================================
Tracing to OEP...
=================================
------- Code Splicing -------
Process memory buffered successfully.
Fixing spliced segments...
Potential residue after 00401478 [Rejected]
MOV EDI,EDI (be prepared to fix manually).
Potential residue after 0040E404 [Rejected]
MOV EDI,EDI (be prepared to fix manually).
Potential residue after 00410C3B [Accepted]
MOV EDI,EDI (be prepared to fix manually).
2122 splices repaired...
Splice repairing complete.
Patching process...
Patch successful.
=================================
转存目标文件 ...
完整转存!
保存文件: 15.exe
=================================
重建输入表 ...
重建输入表完成
返回代码: 0
现在,你可以测试你的程序了.祝你好运
=================================
IAT RVA: 00595000
IAT 小大: 00000C84
OEP VA: 004E24FC
OEP RVA: 000E24FC
OEP call return VA: 0125FD07
退出进程: DE0
问题是 程序校验错误 说明我脱壳没脱好出现的问题呢(PS:脱壳后用peid查看为Microsoft Visual C++ v7.0),还是脱好的程序内有自校验的部分?
[招生]系统0day安全班,企业级设备固件漏洞挖掘,Linux平台漏洞挖掘!