-
-
[旧帖] [求助][求助][求助]UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo 0.00雪花
-
发表于: 2009-10-7 00:57
-
今天下了一个软件`~是UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo的壳`~前几天开始学习脱壳~~这样的壳基本上也会脱了`但是这个壳却怎么也脱不了`~
0042F280 54 PUSH ESP
0042F281 6A 04 PUSH 4
0042F283 53 PUSH EBX
0042F284 57 PUSH EDI
0042F285 FFD5 CALL EBP
0042F287 8D87 0F020000 LEA EAX,DWORD PTR DS:[EDI+20F]
0042F28D 8020 7F AND BYTE PTR DS:[EAX],7F
0042F290 8060 28 7F AND BYTE PTR DS:[EAX+28],7F
0042F294 58 POP EAX
0042F295 50 PUSH EAX
0042F296 54 PUSH ESP
0042F297 50 PUSH EAX
0042F298 53 PUSH EBX
0042F299 57 PUSH EDI
0042F29A FFD5 CALL EBP
0042F29C 58 POP EAX
0042F29D 61 POPAD
0042F29E 8D4424 80 LEA EAX,DWORD PTR SS:[ESP-80]
0042F2A2 6A 00 PUSH 0
0042F2A4 39C4 CMP ESP,EAX
0042F2A6 ^ 75 FA JNZ SHORT 紫云原创.0042F2A2
0042F2A8 83EC 80 SUB ESP,-80
0042F2AB - E9 10B1FEFF JMP 紫云原创.0041A3C0 这个跳转应该是是到了OEP的`
0042F2B0 0000 ADD BYTE PTR DS:[EAX],AL 但是问题出现了`
0041A3C0 E8 BBFFFFFF CALL 紫云原创.0041A380 这里应该是OEP~为什么会这样
0041A3C5 E8 3CFFFFFF CALL 紫云原创.0041A306
0041A3CA 33C0 XOR EAX,EAX
0041A3CC C3 RETN
0041A3CD 90 NOP
0041A3CE 90 NOP
0041A3CF 90 NOP
0041A3D0 E8 BBFFFFFF CALL 紫云原创.0041A390
0041A3D5 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
0041A3D9 50 PUSH EAX
0041A3DA FF15 90C04100 CALL DWORD PTR DS:[41C090] ; kernel32.ExitProcess
0041A3E0 C3 RETN
0041A3E1 90 NOP
0041A3E2 90 NOP
0041A3E3 90 NOP
用了ESP定律也不行`~不知道为什么`大虾们给点建议吧
下载地址:http://www.mt30.com/Soft/safe/Sother/200908/18872.html
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
论谈这么冷呀
|
|
|
|
|
|
|
