-
-
[旧帖] [求助]穿山甲脱壳后的问题 0.00雪花
-
发表于: 2009-9-16 17:18
-
我脱了一款软件的外壳,,但是有一部分无条件跳转,还是要跳到外壳的地址
00404958 31D2 xor edx, edx
0040495A - E9 14D1A402 jmp 02E51A73 //这儿
0040495F 66:87F9 xchg cx, di
00404962 66:87F9 xchg cx, di
00404965 C740 04 B848400>mov dword ptr [eax+4], dumped_.00404>
0040496C 8968 08 mov dword ptr [eax+8], ebp
0040496F A3 3CD68B00 mov dword ptr [8BD63C], eax
00404974 C3 retn
00404975 8D40 00 lea eax, dword ptr [eax]
00404978 31D2 xor edx, edx
0040497A A1 3CD68B00 mov eax, dword ptr [8BD63C]
0040497F 85C0 test eax, eax
00404981 74 1C je short dumped_.0040499F
00404983 64:8B0A mov ecx, dword ptr fs:[edx]
00404986 39C8 cmp eax, ecx
00404988 75 08 jnz short dumped_.00404992
0040498A - E9 F6D0A402 jmp 02E51A85 //这儿
0040498F C3 retn
00404990 8B09 mov ecx, dword ptr [ecx]
00404992 83F9 FF cmp ecx, -1
00404995 74 08 je short dumped_.0040499F
00404997 3901 cmp dword ptr [ecx], eax
00404999 ^ 75 F5 jnz short dumped_.00404990
0040499B 8B00 mov eax, dword ptr [eax]
0040499D 8901 mov dword ptr [ecx], eax
0040499F C3 retn
004049A0 55 push ebp
004049A1 8BEC mov ebp, esp
004049A3 83C4 F8 add esp, -8
004049A6 53 push ebx
004049A7 56 push esi
总体上讲还有不少,请问各位高手这类的问题怎么处理
另,原程序跳到外壳后有2——4句代码,然后再跳回来,也是JMP下面的一个代码处
