ASPack_v2.思路 2.24-------2.25的版本 不是2.1*的了
0093E001 > 60 pushad
0093E002 E8 03000000 call 0093E00A ; f7
0093E007 - E9 EB045D45 jmp 45F0E4F7
0093E00C 55 push ebp
0093E00D C3 retn
0093E00E E8 01000000 call 0093E014
0093E013 EB 5D jmp short 0093E072
///////////////
F9来到:
0093E416 /75 08 jnz short 0093E420
0093E418 |B8 01000000 mov eax, 1
0093E41D |C2 0C00 retn 0C
0093E420 \68 00104000 push 00401000 ; f8 单步来到这里
0093E425 C3 retn
0093E426 8B85 8C040000 mov eax, dword ptr [ebp+48C]
0093E42C 8D8D A1040000 lea ecx, dword ptr [ebp+4A1]
//////////////////
00401000 . E8 06000000 call 0040100B
00401005 . 50 push eax ; /ExitCode
00401006 . E8 BB010000 call 004011C6 ; \ExitProcess
0040100B /$ 55 push ebp
0040100C |. 8BEC mov ebp, esp
0040100E |. 81C4 F0FEFFFF add esp, -110
00401014 |. E9 83000000 jmp 0040109C
00401019 |. 6B 72 6E 6C 6>ascii "krnln.fnr",0
00401023 |. 6B 72 6E 6C 6>ascii "krnln.fne",0
0040102D |. 47 65 74 4E 6>ascii "GetNewSock",0
00401038 |. 53 6F 66 74 7>ascii "Software\FlySky\"
00401048 |. 45 5C 49 6E 7>ascii "E\Install",0
00401052 |. 50 61 74 68 0>ascii "Path",0
00401057 |. 4E 6F 74 20 6>ascii "Not found the ke"
00401067 |. 72 6E 65 6C 2>ascii "rnel library or "
下面不清楚如可做了 呵呵 分析不明白了
[培训]科锐逆向工程师培训第53期2025年7月8日开班!
