nspack+PEncrypt 3.1一起脱壳~
入口~004AF37F E>9C pushfd
004AF380 60 pushad
004AF381 E8 00000000 call EasyImag.004AF386
用ESP定律!
00401000 B8 00C04A00 mov eax,EasyImag.004AC000 到这里~ 脱壳就搞定北斗~
00401005 FFD0 call eax F7进入
00401007 90 nop
00401008 48 dec eax
00401009 4F dec edi
0040100A 4F dec edi
0040100B 4B dec ebx
0040100C 90 nop
0040100D - E9 B8934800 jmp 0088A3CA
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
↓004AC000 /E9 25010000 jmp EasyImag.004AC12A 到这里
004AC005 |57 push edi
004AC006 |65:6E outs dx,byte ptr es:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
004AC12A 58 pop eax 跳到这里!
004AC130 48 dec eax
004AC131 2D 30114000 sub eax,EasyImag.00401130
004AC136 8DA8 05104000lea ebp,dword ptr ds:[eax+401005>
004AC13C 8D85 E1000000lea eax,dword ptr ss:
004AC142 50 push eax
004AC143 8B85 0D010000mov eax,dword ptr ss:
004AC149 FF10 call dword ptr ds:
004AC14B 8985 B8000000mov dword ptr ss:,eax
004AC151 8D85 BC000000lea eax,dword ptr ss:
004AC157 50 push eax
004AC158 FFB5 B8000000push dword ptr ss:
004AC15E E8 5C020000 call EasyImag.004AC3BF
004AC163 8945 2C mov dword ptr ss:,eax
004AC166 8D85 C9000000lea eax,dword ptr ss:
004AC16C 50 push eax
004AC16D FFB5 B8000000push dword ptr ss:
004AC173 E8 47020000 call EasyImag.004AC3BF
004AC178 8945 30 mov dword ptr ss:,eax
004AC17B 8D85 D8000000lea eax,dword ptr ss:
004AC181 50 push eax
004AC182 FFB5 B8000000push dword ptr ss:
004AC188 E8 32020000 call EasyImag.004AC3BF
004AC18D 8945 34 mov dword ptr ss:,eax
004AC190 6A 1C push 1C
004AC192 8D45 59 lea eax,dword ptr ss:
004AC195 50 push eax
004AC196 FF75 1C push dword ptr ss:
004AC199 FF55 2C call dword ptr ss:
004AC19C 54 push esp
004AC19D 6A 04 push 4
004AC19F 6A 08 push 8
004AC1A1 FF75 1C push dword ptr ss:
004AC1A4 FF55 30 call dword ptr ss:
004AC1A7 83BD 11010000 >cmp dword ptr ss:,0
↓004AC1AE 74 2F je short EasyImag.004AC1DF 跳~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
004AC1DF 56 push esi 到这里
004AC1E0 8BF5 mov esi,ebp
004AC1E2 8B56 20 mov edx,dword ptr ds:
004AC1E5 8956 75 mov dword ptr ds:,edx
004AC1E8 0BD2 or edx,edx
↓004AC1EA 74 1D je short EasyImag.004AC209 跳~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
004AC209 8B56 24 mov edx,dword ptr ds: 到这里
004AC20C 8956 75 mov dword ptr ds:,edx
004AC20F 0BD2 or edx,edx
004AC211 74 1D je short EasyImag.004AC230 这里可能是前辈说的Magic Jump,改jmp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
004AC230 8B56 28 mov edx,dword ptr ds: 到这里~
004AC233 8956 75 mov dword ptr ds:,edx
004AC236 0BD2 or edx,edx
↓004AC238 74 1D je short EasyImag.004AC257 跳~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
004AC284 58 pop eax 到这里
004AC285 FF76 1C push dword ptr ds:
004AC288 E8 B9010000 call EasyImag.004AC446
004AC28D 48 dec eax
004AC28E 2D 8D124000 sub eax,EasyImag.0040128D
004AC293 8D90 05104000lea edx,dword ptr ds:[eax+401005>
004AC299 56 push esi
004AC29A 57 push edi
004AC29B 51 push ecx
004AC29C 8B7A 1C mov edi,dword ptr ds:
004AC29F 8D72 79 lea esi,dword ptr ds:
004AC2A2 B9 08000000 mov ecx,8
004AC2A7 F3:A4 rep movs byte ptr es:,byte >
004AC2A9 59 pop ecx
004AC2AA 5F pop edi
004AC2AB 5E pop esi
004AC2AC C3 retn 跳到OEP~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
00401000 /EB 10 jmp short EasyImag.00401012 OEP~
00401002 |66:623A bound di,dword ptr ds:
00401005 |43 inc ebx
00401006 |2B2B sub ebp,dword ptr ds:
00401008 |48 dec eax
00401009 |4F dec edi
0040100A |4F dec edi
0040100B |4B dec ebx
0040100C |90 nop
0040100D -|E9 B8934800 jmp 0088A3CA
破解很简单的
爆破后随便输入注册
就出现真正注册码奇怪~
http://bbs.52pojie.cn/viewthread.php?tid=16657&page=1&extra=page%3D1
给大家做教程了~
一定要来T帖~
[ 本帖最后由 iy0507 于 2009-2-26 14:38 编辑 ] 不错,膜拜一下!
最好能把目标软件一起提供一下,也好供学习,呵呵:loveliness: 这样修改跳转到达OEP 不知道修复有没有问题:) 第二层壳感觉是没啥影响,好像伪装壳。 :loveliness: :loveliness: :loveliness: 学习膜拜中~~~~~~ 学习中,谢谢楼主了.. 学习下。。 以前不懂什么叫Magic Jump今天就修改一下~
[ 本帖最后由 iy0507 于 2009-2-26 14:39 编辑 ] 顶你!!!顶你!!!先看看
页:
[1]