请问我有一个小程序
脚本跑到了这里
005298F4 68 48245200 push 00522448 'OD停在这 伪OEP
005298F9 64:A1 00000000 mov eax, dword ptr fs:[0]
005298FF 50 push eax
00529900 8B4424 10 mov eax, dword ptr [esp+0x10]
00529904 896C24 10 mov dword ptr [esp+0x10], ebp
00529908 8D6C24 10 lea ebp, dword ptr [esp+0x10]
0052990C 2BE0 sub esp, eax
0052990E 53 push ebx
0052990F 56 push esi
00529910 57 push edi
00529911 8B45 F8 mov eax, dword ptr [ebp-0x8]
00529914 8965 E8 mov dword ptr [ebp-0x18], esp
00529917 50 push eax
00529918 8B45 FC mov eax, dword ptr [ebp-0x4]
0052991B C745 FC FFFFFFFF mov dword ptr [ebp-0x4], -0x1
00529922 8945 F8 mov dword ptr [ebp-0x8], eax
00529925 8D45 F0 lea eax, dword ptr [ebp-0x10]
00529928 64:A3 00000000 mov dword ptr fs:[0], eax
0052992E C3 retn
===================================
结果我就在API函数中找到了OEP地址
00465470 55 push ebp '这里是真的OEP
00465471 8BEC mov ebp, esp
00465473 6A FF push -0x1
00465475 68 60B25900 push 0059B260
0046547A 68 48245200 push 00522448
0046547F 64:A1 00000000 mov eax, dword ptr fs:[0]
00465485 50 push eax
00465486 64:8925 00000000 mov dword ptr fs:[0], esp
0046548D 81EC B8030000 sub esp, 0x3B8
00465493 A1 A0745E00 mov eax, dword ptr [0x5E74A0]
00465498 33C5 xor eax, ebp
0046549A 8945 E4 mov dword ptr [ebp-0x1C], eax
0046549D 53 push ebx
0046549E 56 push esi
0046549F 57 push edi
====================================
现在如何让OD运行到OEP 00465470处呢
如果没有运行到这里DUMP是的地址就不对,所以就DUMP不出来
请大侠帮忙解答
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
