好友
阅读权限10
听众
最后登录1970-1-1
|
只在“吾爱破解”发布-----Angel PSP Video Converter 2.41
源文件下载:http://www.onlinedown.net/soft/76135.htm
软件详细信息
Angel PSP Video Converter是视频和音频转换程序。支持大多数的视频格式,包括H264(MPEG-4 AVC), AVI, MP4视频和音频的MP4文件格式,如播放MP3 , AAC , M4A和更多。还可以提取音乐视频媒体,反之亦然。
------------------------------------------------------------------------------------------------------------------------------------------------------------
下面的是脱壳的具体方法:
先查下NO.1--->是PECompact 2.x -> Jeremy Collake的壳
OD载入吧..
00401000 > B8 C07B5B00 MOV EAX,ApspConv.005B7BC0------载入OD后停在这里---F8跟进
00401005 50 PUSH EAX
00401006 64:FF35 0000000>PUSH DWORD PTR FS:[0]
0040100D 64:8925 0000000>MOV DWORD PTR FS:[0],ESP--------ESP染红了-->直接ESP定律来
00401014 33C0 XOR EAX,EAX
00401016 8908 MOV DWORD PTR DS:[EAX],ECX
00401018 50 PUSH EAX
ESP定律应该都会吧."数据窗口中跟随"+"断点,硬件访问,字"+"F9"+"取消硬件断点"---->后到这里
7C957826 3B45 F8 CMP EAX,DWORD PTR SS:[EBP-8]-----程序停在这里---F8跟进
7C957829 72 09 JB SHORT ntdll.7C957834
7C95782B 3B45 F4 CMP EAX,DWORD PTR SS:[EBP-C]
7C95782E ^ 0F82 F731FFFF JB ntdll.7C94AA2B
7C957834 50 PUSH EAX
7C957835 E8 67000000 CALL ntdll.7C9578A1
7C95783A 84C0 TEST AL,AL
7C95783C ^ 0F84 E931FFFF JE ntdll.7C94AA2B
7C957842 F605 5AC3997C 8>TEST BYTE PTR DS:[7C99C35A],80
7C957849 0F85 20720100 JNZ ntdll.7C96EA6F----------------F8到这里的时候,跳转没有实现,看寄存器
7C95784F FF73 04 PUSH DWORD PTR DS:[EBX+4]
7C957852 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
7C957855 50 PUSH EAX
7C957856 FF75 0C PUSH DWORD PTR SS:[EBP+C]
7C957859 53 PUSH EBX
7C95785A 56 PUSH ESI
7C95785B E8 F3BEFCFF CALL ntdll.7C923753
----------------------------------------------------------------------寄存器的内容:
EAX 0012FC01
ECX 0000427C
EDX 00000000
EBX 0012FFBC
ESP 0012FC4C
EBP 0012FCBC
ESI 0012FCD4
EDI 7C930738 ntdll.7C930738
EIP 7C957849 ntdll.7C957849
C 0 ES 0023 32位 0(FFFFFFFF)
P 1 CS 001B 32位 0(FFFFFFFF)
A 0 SS 0023 32位 0(FFFFFFFF)
Z 1 DS 0023 32位 0(FFFFFFFF)----------------->改Z 1为Z 0,让上面的跳转实现
S 0 FS 003B 32位 7FFDF000(FFF)
T 0 GS 0000 NULL
D 0
----------------------------------------------------------------再F8跟进,来到这里
7C96EA6F 6A 10 PUSH 10
7C96EA71 53 PUSH EBX
7C96EA72 6A 00 PUSH 0
7C96EA74 FF75 0C PUSH DWORD PTR SS:[EBP+C]
7C96EA77 56 PUSH ESI
7C96EA78 E8 136B0100 CALL ntdll.7C985590
7C96EA7D 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
7C96EA80 ^ E9 CA8DFEFF JMP ntdll.7C95784F------------------这里就开始往回跳了.HEX有个向上的红线.
7C96EA85 57 PUSH EDI---------------------------------------点到这里就F4,不让它回跳
7C96EA86 FF75 F0 PUSH DWORD PTR SS:[EBP-10]
7C96EA89 E8 0C6B0100 CALL ntdll.7C98559A
7C96EA8E ^ E9 DC8DFEFF JMP ntdll.7C95786F
7C96EA93 8366 04 EF AND DWORD PTR DS:[ESI+4],FFFFFFEF
7C96EA97 8365 08 00 AND DWORD PTR SS:[EBP+8],0
7C96EA9B ^ E9 D88DFEFF JMP ntdll.7C957878
7C96EAA0 48 DEC EAX
7C96EAA1 74 22 JE SHORT ntdll.7C96EAC5
--------------------------------------------------------------------F4后就来到这里
005B7BF3 53 PUSH EBX
005B7BF4 51 PUSH ECX
005B7BF5 57 PUSH EDI
005B7BF6 56 PUSH ESI
005B7BF7 52 PUSH EDX
005B7BF8 8D98 DD110010 LEA EBX,DWORD PTR DS:[EAX+100011DD]------F8单步走到这里,再来个ESP定律的方法
005B7BFE 8B53 18 MOV EDX,DWORD PTR DS:[EBX+18]
005B7C01 52 PUSH EDX
------------------------------------------------------------------ESP定律完后来到这里..F8跟进
005B7C88 5E POP ESI ; ApspConv.005B1001
005B7C89 5F POP EDI
005B7C8A 59 POP ECX
005B7C8B 5B POP EBX
005B7C8C 5D POP EBP
005B7C8D FFE0 JMP EAX----------------------"JMP"跳到OEP, :-)
005B7C8F 0110 ADD DWORD PTR DS:[EAX],EDX
005B7C91 5B POP EBX
-------------------------------------------------------------------JMP到这里:
005B1001 60 PUSHAD
005B1002 E8 03000000 CALL ApspConv.005B100A
005B1007 - E9 EB045D45 JMP 45B814F7
005B100C 55 PUSH EBP
005B100D C3 RETN---------------------------看到前面这几个应该就认识了吧."ASPack"的
005B100E E8 01000000 CALL ApspConv.005B1014
005B1013 EB 5D JMP SHORT ApspConv.005B1072
005B1015 BB EDFFFFFF MOV EBX,-13
005B101A 03DD ADD EBX,EBP
005B101C 81EB 00101B00 SUB EBX,1B1000
005B1022 83BD 22040000 0>CMP DWORD PTR SS:[EBP+422],0
005B1029 899D 22040000 MOV DWORD PTR SS:[EBP+422],EBX
005B102F 0F85 65030000 JNZ ApspConv.005B139A
005B1035 8D85 2E040000 LEA EAX,DWORD PTR SS:[EBP+42E]
005B103B 50 PUSH EAX
005B103C FF95 4D0F0000 CALL DWORD PTR SS:[EBP+F4D]
005B1042 8985 26040000 MOV DWORD PTR SS:[EBP+426],EAX
005B1048 8BF8 MOV EDI,EAX
005B104A 8D5D 5E LEA EBX,DWORD PTR SS:[EBP+5E]
005B104D 53 PUSH EBX
005B104E 50 PUSH EAX
005B104F FF95 490F0000 CALL DWORD PTR SS:[EBP+F49]
保存一份...............
------------------------------------------------------------------
用保存的那份查得是ASPack 2.12 -> Alexey Solodovnikov的壳
接下去就是直接脱ASPack的壳了..也可以用ESP定律..
0055095C 55 push ebp-------------------------OEP了
0055095D 8BEC mov ebp,esp
0055095F 83C4 F0 add esp,-10
00550962 B8 AC055500 mov eax,up.005505AC
00550967 E8 7063EBFF call up.00406CDC
0055096C A1 F84A5500 mov eax,dword ptr ds:[554AF8]
00550971 8B00 mov eax,dword ptr ds:[eax]
00550973 E8 540AF2FF call up.004713CC
00550978 A1 F84A5500 mov eax,dword ptr ds:[554AF8]
0055097D 8B00 mov eax,dword ptr ds:[eax]
0055097F BA E0095500 mov edx,up.005509E0 ; ASCII "Angel PSP Video Converter"
00550984 E8 2B06F2FF call up.00470FB4
00550989 68 FC095500 push up.005509FC ; ASCII "APSPConverter"
0055098E 6A 00 push 0
00550990 6A 00 push 0
00550992 E8 DD65EBFF call up.00406F74
00550997 8B0D C4475500 mov ecx,dword ptr ds:[5547C4] ; up.0056E020
0055099D A1 F84A5500 mov eax,dword ptr ds:[554AF8]
005509A2 8B00 mov eax,dword ptr ds:[eax]
005509A4 8B15 D0245400 mov edx,dword ptr ds:[5424D0] ; up.0054251C
005509AA E8 350AF2FF call up.004713E4
ESP定律完后再用LordPEC和 ImportREC Classic修复下....这个很简单应该都会的吧.
脱完后查壳是Borland Delphi 6.0 - 7.0写的
注:具体的软件的注册码放在"原创发布区"里
http://www.52pojie.cn/viewthread ... &extra=page%3D1
Angel PSP Video Converter+脱完两个壳后的文件.rar
(527.8 KB, 下载次数: 6)
[ 本帖最后由 leektt 于 2009-1-2 23:34 编辑 ] |
|
发表于 2009-1-2 23:30
发表于 2009-1-3 09:20
