Upack v0.33 ~ v0.34 Beta -> Dwing *
010011A4 > $ BE E8110001 MOV ESI,calc.010011E8 载入程序
010011A9 . AD LODS DWORD PTR DS:[ESI]
010011AA . 50 PUSH EAX
010011AB . AD LODS DWORD PTR DS:[ESI]
010011AC . 50 PUSH EAX
010011AD . 66:BE 5801 MOV SI,158
010011B1 . 6A 12 PUSH 12
010011B3 . BF 08670301 MOV EDI,calc.01036708
010011CB . B5 1C MOV CH,1C
010011CD . F3:AB REP STOS DWORD PTR ES:[EDI]
010011CF . BF 00100001 MOV EDI,calc.01001000 ; ASCII "MZLoadLibraryA"
010011D4 . E9 30530300 JMP calc.01036509 这里断点 单步走
010011D9 . 47 65 74 50 7>ASCII "GetProcAddress",0
01036509 57 PUSH EDI ; calc.01001000
0103650A 51 PUSH ECX
0103650B 58 POP EAX
0103650C 8D5483 58 LEA EDX,DWORD PTR DS:[EBX+EAX*4+58]
010366B3 56 PUSH ESI
010366B4 97 XCHG EAX,EDI
010366B5 FFD1 CALL ECX 关键这里断点 F9
010366B7 93 XCHG EAX,EBX
ECX=7C801D77 (kernel32.LoadLibraryA)
010366DE ^\72 F4 JB SHORT calc.010366D4
010366E0 2BC1 SUB EAX,ECX
010366E2 C3 RETN 关键这里断点 F9 F8 oep
01012475 6A 70 PUSH 70 oep ; (初始 cpu 选择)
01012477 68 E0150001 PUSH calc.010015E0
0101247C E8 47030000 CALL calc.010127C8
01012481 33DB XOR EBX,EBX
01012483 53 PUSH EBX
01012484 8B3D 20700201 MOV EDI,DWORD PTR DS:[1027020] ; kernel32.GetModuleHandleA
30988ce32b3cd7e4edda33dd3cf1337e 教程.exe
脱壳WinUpack 0.33 (Training Package)
8e7K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3&6S2L8h3W2H3j5h3&6Q4x3X3g2U0L8$3#2Q4x3V1k6V1i4K6u0r3g2$3W2F1g2i4m8S2j5$3E0Q4x3U0f1J5x3o6m8Q4x3X3f1K6x3#2)9J5y4e0t1H3i4K6t1^5g2s2u0S2K9h3&6A6L8X3N6Q4x3U0f1J5x3q4m8S2j5$3E0S2k6$3g2Q4x3U0W2Q4x3X3g2J5j5i4u0Q4x3V1j5J5k6r3t1&6y4h3f1&6j5$3k6V1x3U0p5@1x3$3c8V1y4K6x3@1k6h3u0V1x3U0N6S2j5$3t1&6x3e0p5J5x3K6S2S2x3K6f1J5x3U0j5K6y4U0c8V1k6U0k6T1x3o6l9`.
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
