77D3AC56 C2 0400 retn 4
77D3ADCC C9 leave
77D3ADCD C2 1800 retn 18
77D3AE8A FF75 FC push dword ptr ss:[ebp-4]
77D3AE8D 8B35 E412D177 mov esi,dword ptr ds:[<&KERNEL32.HeapFree>]
77D3AE93 57 push edi
77D3AE94 FF35 A4D1D677 push dword ptr ds:[77D6D1A4]
77D3AE9A 8BD8 mov ebx,eax
77D3AE9C FFD6 call esi
77D3AE9E 397D F8 cmp dword ptr ss:[ebp-8],edi
77D3AEA1 74 0C je short USER32.77D3AEAF
77D3AEA3 FF75 F8 push dword ptr ss:[ebp-8]
77D3AEA6 57 push edi
77D3AEA7 FF35 A4D1D677 push dword ptr ds:[77D6D1A4]
77D3AEAD FFD6 call esi
77D3AEAF 8BC3 mov eax,ebx
77D3AEB1 5F pop edi
77D3AEB2 5E pop esi
77D3AEB3 5B pop ebx
77D3AEB4 C9 leave
77D3AEB5 C2 1800 retn 18
77D3AE17 5D pop ebp
77D3AE18 C2 1400 retn 14
77D3ADFB C2 1000 retn 10
====>返回到 0041F78B 看见希望啦
———————————————————, —————
下面用F7单步走,简单循环用F4跳过即可。需要一点耐心,有些东东要走很长时间
0041F78B 45 inc ebp
0041F78C 4B dec ebx
0041F78D 81CB D350FA80 or ebx,80FA50D3
0041F793 66:81F5 F613 xor bp,13F6
0041F798 E8 01000000 call 试炼ACP.0041F79E
0041F79E 83C4 04 add esp,4
0041F7A1 C1ED AF shr ebp,0AF
0041F7A4 E8 01000000 call 试炼ACP.0041F7AA
0041F7AA 83C4 04 add esp,4
0041F7AD 8BD9 mov ebx,ecx
0041F7AF E8 01000000 call 试炼ACP.0041F7B5
0041F7B5 830424 06 add dword ptr ss:[esp],6
0041F7B9 C3 retn
0041F7BA 66:BB EDA2 mov bx,0A2ED
0041F7BE 50 push eax
0041F7BF E8 01000000 call 试炼ACP.0041F7C5
0041F7C5 58 pop eax
0041F7C6 58 pop eax
0041F7C7 F8 clc
0041F7C8 50 push eax
0041F7C9 E8 01000000 call 试炼ACP.0041F7CF
0041F7CF 58 pop eax
0041F7D0 58 pop eax
0041F7D1 0F83 02000000 jnb 试炼ACP.0041F7D9
0041F7D9 E8 01000000 call 试炼ACP.0041F7DF
0041F7DF 83C4 04 add esp,4
0041F7E2 0F85 02000000 jnz 试炼ACP.0041F7EA
0041F7EA E8 01000000 call 试炼ACP.0041F7F0
0041F7F0 830424 06 add dword ptr ss:[esp],6
0041F7F4 C3 retn
0041F7F5 FC cld
0041F7F6 78 03 js short 试炼ACP.0041F7FB
0041F7F8 79 01 jns short 试炼ACP.0041F7FB
0041F7FB 49 dec ecx
0041F7FC 50 push eax
0041F7FD E8 01000000 call 试炼ACP.0041F803
0041F803 58 pop eax
0041F804 58 pop eax
0041F805 85D9 test ecx,ebx
0041F807 50 push eax
0041F808 E8 01000000 call 试炼ACP.0041F80E
0041F80E 58 pop eax
0041F80F 58 pop eax
0041F810 85CB test ebx,ecx
0041F812 E8 01000000 call 试炼ACP.0041F818
0041F818 83C4 04 add esp,4
0041F81B 87EB xchg ebx,ebp
0041F81D E8 01000000 call 试炼ACP.0041F823
0041F823 83C4 04 add esp,4
0041F826 7C 01 jl short 试炼ACP.0041F829
0041F828 FC cld
0041F829 50 push eax
0041F82A E8 01000000 call 试炼ACP.0041F830
0041F830 58 pop eax
0041F831 58 pop eax
0041F832 4D dec ebp
0041F833 7C 03 jl short 试炼ACP.0041F838
0041F835 7D 01 jge short 试炼ACP.0041F838
0041F838 66:13E8 adc bp,ax
0041F83B 50 push eax
0041F83C E8 01000000 call 试炼ACP.0041F842
0041F842 58 pop eax
0041F843 58 pop eax
0041F844 66:8BDE mov bx,si
0041F847 E8 01000000 call 试炼ACP.0041F84D
0041F84D 830424 06 add dword ptr ss:[esp],6
0041F851 C3 retn
0041F852 79 04 jns short 试炼ACP.0041F858
0041F854 66:BD 303E mov bp,3E30
0041F858 50 push eax
0041F859 E8 01000000 call 试炼ACP.0041F85F
0041F85F 58 pop eax
0041F860 58 pop eax
0041F861 0F86 02000000 jbe 试炼ACP.0041F869
0041F867 87CB xchg ebx,ecx
0041F869 74 03 je short 试炼ACP.0041F86E
0041F86B 75 01 jnz short 试炼ACP.0041F86E
0041F86E 87DD xchg ebp,ebx
0041F870 EB 01 jmp short 试炼ACP.0041F873
0041F873 66:13EE adc bp,si
0041F876 72 03 jb short 试炼ACP.0041F87B
0041F878 73 01 jnb short 试炼ACP.0041F87B
0041F87B 66:81C1 FEEE add cx,0EEFE
0041F880 EB 01 jmp short 试炼ACP.0041F883
0041F883 4D dec ebp
0041F884 50 push eax
0041F885 E8 01000000 call 试炼ACP.0041F88B
0041F88B 58 pop eax
0041F88C 58 pop eax
0041F88D 66:C1D5 54 rcl bp,54
0041F891 E8 01000000 call 试炼ACP.0041F897
0041F897 830424 06 add dword ptr ss:[esp],6
0041F89B C3 retn
0041F89C FC cld
0041F89D EB 01 jmp short 试炼ACP.0041F8A0
0041F8A0 87CB xchg ebx,ecx
0041F8A2 72 03 jb short 试炼ACP.0041F8A7
0041F8A4 73 01 jnb short 试炼ACP.0041F8A7
0041F8A7 77 03 ja short 试炼ACP.0041F8AC
0041F8AC E8 01000000 call 试炼ACP.0041F8B2
0041F8B2 830424 06 add dword ptr ss:[esp],6
0041F8B6 C3 retn
0041F8B7 66:81E9 352E sub cx,2E35
0041F8BC EB 01 jmp short 试炼ACP.0041F8BF
0041F8BF 0F88 04000000 js 试炼ACP.0041F8C9
0041F8C5 |66:C1FB C9 sar bx,0C9
0041F8C9 E8 01000000 call 试炼ACP.0041F8CF
0041F8CF 830424 06 add dword ptr ss:[esp],6
0041F8D3 C3 retn
0041F8D4 8BEB mov ebp,ebx
0041F8D6 7A 03 jpe short 试炼ACP.0041F8DB
0041F8DB 0F82 06000000 jb 试炼ACP.0041F8E7
0041F8E1 |E8 00000000 call 试炼ACP.0041F8E6
0041F8E6 |59 pop ecx
0041F8E7 EB 01 jmp short 试炼ACP.0041F8EA
0041F8EA 41 inc ecx
0041F8EB E8 01000000 call 试炼ACP.0041F8F1
0041F8F1 830424 06 add dword ptr ss:[esp],6
0041F8F5 C3 retn
0041F8F6 F9 stc
0041F8F7 50 push eax
0041F8F8 E8 01000000 call 试炼ACP.0041F8FE
0041F8FE 58 pop eax
0041F8FF 58 pop eax
0041F900 F8 clc
0041F901 E8 01000000 call 试炼ACP.0041F907
0041F907 83C4 04 add esp,4
0041F90A 0F8D 04000000 jge 试炼ACP.0041F914
0041F914 E8 01000000 call 试炼ACP.0041F91A
0041F91A 830424 06 add dword ptr ss:[esp],6
0041F91E C3 retn
0041F91F 4D dec ebp
0041F920 EB 01 jmp short 试炼ACP.0041F923
0041F923 8BDE mov ebx,esi
0041F925 50 push eax
0041F926 E8 01000000 call 试炼ACP.0041F92C
0041F92C 58 pop eax
0041F92D 58 pop eax
0041F92E 66:13E9 adc bp,cx
0041F931 E8 01000000 call 试炼ACP.0041F937
上一页 1 2 3 4 5 下一页 |
安全中国首页 > 文章中心 > 脱壳技术