Objective: Unpack and stop the time trial. Make the program display always
that it has 5 trials left.
e-mail: [email]nivel_999@yahoo.com[/email]
Hint: The program has anti-sice,anti-monitoring and other protections.
When you unpack it this protections will be removed.
【破解目标】:作者说得,脱掉它,在qj她!
【破解作者】:mejy【人称IPB脱盲】
【作者声明】:练手的咚咚,不对之处敬请谅解!
【简要介绍】:该壳虽然不是很难,在当今壳世界中只能算是小儿科,但是用了很多变形call和异常,
还有SMC技术,监测CC,检测调试器等技术。输入表的处理又比较弱,菜鸟研究起来也别有一番风味呀!
【脱壳过程】:
(1)查壳:拿出peid-监测结果ARM Protector 0.1 -> SMoKE 没见过的说不知是啥咚咚,fly曰:exethield的初级版
(2)掏出脱衣利器:Ollydbg1.1
(3)载入:程序停在
00419000 > E8 04000000 CALL crackme4.00419009 //程序停在这里 入口点地址在壳段里
00419005 8360 EB 0C AND DWORD PTR DS:[EAX-15],0C
00419009 5D POP EBP
004190A7 47 INC EDI
004190A8 4A DEC EDX
004190A9 ^75 B4 JNZ SHORT crackme4.0041905F 这段代码是解码
004190AB EB 01 JMP SHORT crackme4.004190AE 光标停在这里F7
