WinUpack 0.2x - 0.3x快捷脱壳
本帖最后由 iy0507 于 2009-3-6 22:32 编辑WinUpack 0.2x - 0.3x
04011A4 >BE E8114000 MOV ESI,004011E8//壳入口ctrl+b 在HEX+04填入 51 56 97
004011A9 AD LODS DWORD PTR DS:
004011AA 50 PUSH EAX
004011AB AD LODS DWORD PTR DS:
004011AC 50 PUSH EAX
004011B1 6A 12 PUSH 12
004011B3 BF D4054A00 MOV EDI,004A05D4
004011B8 59 POP ECX
004011B9 F3:A5 REP MOVS DWORD PTR ES:,DWORD PTR DS>
004011BB 83C8 FF OR EAX,FFFFFFFF
004011BE 8BDF MOV EBX,EDI
004011C0 AB STOS DWORD PTR ES:
004011C1 40 INC EAX
004011C2 AB STOS DWORD PTR ES:
004011C3 40 INC EAX
004011C4 B1 04 MOV CL,4
004011C6 F3:AB REP STOS DWORD PTR ES:
004011C8 C1E0 0A SHL EAX,0A
004011CB B5 10 MOV CH,10
004011CD F3:AB REP STOS DWORD PTR ES:
004011CF BF 00104000 MOV EDI,00401000 ; ASCII "MZLoadLibraryA"
004011D4 E9 FCF10900 JMP 004A03D5
004A057E 51 PUSH ECX//跟随到这里~
004A057F 56 PUSH ESI
004A0580 97 XCHG EAX,EDI
004A0581 FFD1 CALL ECX//F2下断点 shift+f9运行 F2取消
004A0583 93 XCHG EAX,EBX
004A0584 AC LODS BYTE PTR DS:
004A0585 84C0 TEST AL,AL
004A0587^ 75 FB JNZ SHORT 004A0584
004A0589 3806 CMP BYTE PTR DS:,AL
004A058B^ 74 EA JE SHORT 004A0577
004A058D 8BC6 MOV EAX,ESI
004A058F 79 05 JNS SHORT 004A0596
004A0591 46 INC ESI
004A0592 33C0 XOR EAX,EAX
004A0594 66:AD LODS WORD PTR DS:
004A0596 50 PUSH EAX
004A0597 53 PUSH EBX
004A0598 FFD5 CALL EBP
004A059A AB STOS DWORD PTR ES:
004A059B^ EB E7 JMP SHORT 004A0584
004A059D 33C0 XOR EAX,EAX
004A059F 40 INC EAX
004A05A0 8D5485 00 LEA EDX,DWORD PTR SS:
004A05A4 FF16 CALL DWORD PTR DS:
004A05A6 13C0 ADC EAX,EAX
004A05A8 3BC1 CMP EAX,ECX
004A05AA^ 72 F4 JB SHORT 004A05A0
004A05AC 2BC1 SUB EAX,ECX
004A05AE C3 RET//F2下断点 shift+f9运行 F2取消 F7进入 到出现OEP
页:
[1]