壳类型:
Themida/WinLicense V1.8.2.0 + -> Oreans Technologies *
运行okdodo.osc后来到:
00422B76 /. 55 push ebp
00422B77 |. 8BEC mov ebp, esp
00422B79 |. 6A FF push -1
00422B7B |. 68 30C84200 push 0042C830
00422B80 |. 68 702B4200 push 00422B70 ; SE 处理程序安装
00422B85 |. 64:A1 0000000>mov eax, dword ptr fs:[0]
00422B8B |. 50 push eax
00422B8C |. 64:8925 00000>mov dword ptr fs:[0], esp
00422B93 |. 83EC 68 sub esp, 68
00422B96 |. 53 push ebx
00422B97 |. 56 push esi
00422B98 |. 57 push edi
00422B99 |. 8965 E8 mov dword ptr [ebp-18], esp
00422B9C |. 33DB xor ebx, ebx
00422B9E |. 895D FC mov dword ptr [ebp-4], ebx
00422BA1 |. 6A 02 push 2
00422BA3 |. E8 D4278177 call msvcrt.__set_app_type
00422BA8 |. 90 nop
00422BA9 |. 59 pop ecx
00422BAA |. 830D 5C2E4600>or dword ptr [462E5C], FFFFFFFF
00422BB1 |. 830D 602E4600>or dword ptr [462E60], FFFFFFFF
00422BB8 |. E8 1EC67F77 call msvcrt.__p__fmode
00422BBD |. 90 nop
00422BBE |. 8B0D 482E4600 mov ecx, dword ptr [462E48]
00422BC4 |. 8908 mov dword ptr [eax], ecx
00422BC6 |. 90 nop
00422BC7 |. E8 D8C57F77 call msvcrt.__p__commode
00422BCC |. 8B0D 442E4600 mov ecx, dword ptr [462E44]
00422BD2 |. 8908 mov dword ptr [eax], ecx
00422BD4 |. A1 68614200 mov eax, dword ptr [426168]
00422BD9 |. 8B00 mov eax, dword ptr [eax]
00422BDB |. A3 582E4600 mov dword ptr [462E58], eax
00422BE0 |. E8 98020000 call 00422E7D
00422BE5 |. 391D 808E4300 cmp dword ptr [438E80], ebx
00422BEB |. 75 0C jnz short 00422BF9
00422BED |. 68 7A2E4200 push 00422E7A
00422BF2 |. E8 9EAA8277 call msvcrt.__setusermatherr
00422BF7 |. 90 nop
00422BF8 |. 59 pop ecx
00422BF9 |> E8 6A020000 call 00422E68
00422BFE |. 68 1CE04200 push 0042E01C
00422C03 |. 68 18E04200 push 0042E018
00422C08 |. E8 55020000 call 00422E62
00422C0D |. A1 402E4600 mov eax, dword ptr [462E40]
00422C12 |. 8945 94 mov dword ptr [ebp-6C], eax
00422C15 |. 8D45 94 lea eax, dword ptr [ebp-6C]
00422C18 |. 50 push eax
00422C19 |. FF35 3C2E4600 push dword ptr [462E3C]
00422C1F |. 8D45 9C lea eax, dword ptr [ebp-64]
00422C22 |. 50 push eax
00422C23 |. 8D45 90 lea eax, dword ptr [ebp-70]
00422C26 |. 50 push eax
00422C27 |. 8D45 A0 lea eax, dword ptr [ebp-60]
00422C2A |. 50 push eax
00422C2B |. E8 BBC27F77 call msvcrt.__getmainargs
00422C30 |. 90 nop
00422C31 |. 68 14E04200 push 0042E014
00422C36 |. 68 00E04200 push 0042E000
00422C3B |. E8 22020000 call 00422E62
00422C40 |. 83C4 24 add esp, 24
00422C43 |. A1 58614200 mov eax, dword ptr [426158]
00422C48 |. 8B30 mov esi, dword ptr [eax]
00422C4A |. 8975 8C mov dword ptr [ebp-74], esi
00422C4D |. 803E 22 cmp byte ptr [esi], 22
00422C50 |. 75 3A jnz short 00422C8C
00422C52 |> 46 /inc esi
00422C53 |. 8975 8C |mov dword ptr [ebp-74], esi
00422C56 |. 8A06 |mov al, byte ptr [esi]
00422C58 |. 3AC3 |cmp al, bl
00422C5A |. 74 04 |je short 00422C60
00422C5C |. 3C 22 |cmp al, 22
00422C5E |.^ 75 F2 \jnz short 00422C52
00422C60 |> 803E 22 cmp byte ptr [esi], 22
00422C63 |. 75 04 jnz short 00422C69
00422C65 |> 46 inc esi
00422C66 |. 8975 8C mov dword ptr [ebp-74], esi
00422C69 |> 8A06 mov al, byte ptr [esi]
00422C6B |. 3AC3 cmp al, bl
00422C6D |. 74 04 je short 00422C73
00422C6F |. 3C 20 cmp al, 20
00422C71 |.^ 76 F2 jbe short 00422C65
00422C73 |> 895D D0 mov dword ptr [ebp-30], ebx
00422C76 |. 8D45 A4 lea eax, dword ptr [ebp-5C]
00422C79 |. 50 push eax
00422C7A |. 90 nop
00422C7B |. E8 80D3CB02 call 030E0000
00422C80 |. F645 D0 01 test byte ptr [ebp-30], 1
00422C84 |. 74 11 je short 00422C97
00422C86 |. 0FB745 D4 movzx eax, word ptr [ebp-2C]
00422C8A |. EB 0E jmp short 00422C9A
00422C8C |> 803E 20 /cmp byte ptr [esi], 20
00422C8F |.^ 76 D8 |jbe short 00422C69
00422C91 |. 46 |inc esi
00422C92 |. 8975 8C |mov dword ptr [ebp-74], esi
00422C95 |.^ EB F5 \jmp short 00422C8C
00422C97 |> 6A 0A push 0A
00422C99 |. 58 pop eax
00422C9A |> 50 push eax
00422C9B |. 56 push esi
00422C9C |. 53 push ebx
00422C9D |. 53 push ebx
00422C9E |. E8 61DED402 call 03170B04
00422CA3 |. 90 nop
00422CA4 |. 50 push eax
00422CA5 |. E8 5654FEFF call 00408100
00422CAA |. 8945 98 mov dword ptr [ebp-68], eax
00422CAD |. 50 push eax ; /status
00422CAE |. 90 nop ; |
00422CAF |. E8 CA718177 call msvcrt.exit ; \exit
00422CB4 |. 8B45 EC mov eax, dword ptr [ebp-14]
00422CB7 |. 8B08 mov ecx, dword ptr [eax]
00422CB9 |. 8B09 mov ecx, dword ptr [ecx]
00422CBB |. 894D 88 mov dword ptr [ebp-78], ecx
00422CBE |. 50 push eax
00422CBF |. 51 push ecx
00422CC0 |. E8 97010000 call 00422E5C
00422CC5 |. 59 pop ecx
00422CC6 |. 59 pop ecx
00422CC7 \. C3 retn
找不到OEP,稍微指点下吧 谢谢
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课