能力值:
( LV2,RANK:10 )
|
-
-
26 楼
不会算法,只好秒了。upx脱壳不讲了。放上暴点。
004019A3 55 push ebp ; 开始
004019A4 8BEC mov ebp, esp
004019A6 81EC A8000000 sub esp, 0A8
004019AC 53 push ebx
004019AD 56 push esi
004019AE 57 push edi
004019AF 898D 58FFFFFF mov dword ptr [ebp-A8], ecx
004019B5 6A 01 push 1
004019B7 8B8D 58FFFFFF mov ecx, dword ptr [ebp-A8]
004019BD E8 B4D40200 call 0042EE76
004019C2 C685 78FFFFFF 0>mov byte ptr [ebp-88], 0
004019C9 B9 0F000000 mov ecx, 0F
004019CE 33C0 xor eax, eax
004019D0 8DBD 79FFFFFF lea edi, dword ptr [ebp-87]
004019D6 F3:AB rep stos dword ptr es:[edi]
004019D8 66:AB stos word ptr es:[edi]
004019DA AA stos byte ptr es:[edi]
004019DB C645 BC 00 mov byte ptr [ebp-44], 0
004019DF B9 0F000000 mov ecx, 0F
004019E4 33C0 xor eax, eax
004019E6 8D7D BD lea edi, dword ptr [ebp-43]
004019E9 F3:AB rep stos dword ptr es:[edi]
004019EB 66:AB stos word ptr es:[edi]
004019ED AA stos byte ptr es:[edi]
004019EE C745 B8 0000000>mov dword ptr [ebp-48], 0
004019F5 8B8D 58FFFFFF mov ecx, dword ptr [ebp-A8]
004019FB 83C1 5C add ecx, 5C
004019FE E8 1D080000 call 00402220
00401A03 8985 6CFFFFFF mov dword ptr [ebp-94], eax
00401A09 8B8D 58FFFFFF mov ecx, dword ptr [ebp-A8]
00401A0F 83C1 5C add ecx, 5C
00401A12 E8 49080000 call 00402260
00401A17 50 push eax
00401A18 8D85 78FFFFFF lea eax, dword ptr [ebp-88]
00401A1E 50 push eax
00401A1F E8 4C090100 call 00412370
00401A24 83C4 08 add esp, 8
00401A27 C785 70FFFFFF 0>mov dword ptr [ebp-90], 0
00401A31 C785 74FFFFFF 0>mov dword ptr [ebp-8C], 0
00401A3B 8B8D 70FFFFFF mov ecx, dword ptr [ebp-90]
00401A41 3B8D 6CFFFFFF cmp ecx, dword ptr [ebp-94]
00401A47 0F8D 89000000 jge 00401AD6
00401A4D C685 5CFFFFFF 0>mov byte ptr [ebp-A4], 0
00401A54 33D2 xor edx, edx
00401A56 8995 5DFFFFFF mov dword ptr [ebp-A3], edx
00401A5C 8995 61FFFFFF mov dword ptr [ebp-9F], edx
00401A62 8995 65FFFFFF mov dword ptr [ebp-9B], edx
00401A68 66:8995 69FFFFF>mov word ptr [ebp-97], dx
00401A6F 8895 6BFFFFFF mov byte ptr [ebp-95], dl
00401A75 6A 02 push 2
00401A77 8B85 70FFFFFF mov eax, dword ptr [ebp-90]
00401A7D 8D8C05 78FFFFFF lea ecx, dword ptr [ebp+eax-88>
00401A84 51 push ecx
00401A85 8D95 5CFFFFFF lea edx, dword ptr [ebp-A4]
00401A8B 52 push edx
00401A8C E8 6F050100 call 00412000
00401A91 83C4 0C add esp, 0C
00401A94 8B85 70FFFFFF mov eax, dword ptr [ebp-90]
00401A9A 83C0 02 add eax, 2
00401A9D 8985 70FFFFFF mov dword ptr [ebp-90], eax
00401AA3 8B8D 74FFFFFF mov ecx, dword ptr [ebp-8C]
00401AA9 8D540D BC lea edx, dword ptr [ebp+ecx-44>
00401AAD 52 push edx
00401AAE 68 A8414500 push 004541A8 ; %02x
00401AB3 8D85 5CFFFFFF lea eax, dword ptr [ebp-A4]
00401AB9 50 push eax
00401ABA E8 76080100 call 00412335
00401ABF 83C4 0C add esp, 0C
00401AC2 8B8D 74FFFFFF mov ecx, dword ptr [ebp-8C]
00401AC8 83C1 01 add ecx, 1
00401ACB 898D 74FFFFFF mov dword ptr [ebp-8C], ecx
00401AD1 ^ E9 65FFFFFF jmp 00401A3B
00401AD6 8B95 74FFFFFF mov edx, dword ptr [ebp-8C]
00401ADC 8955 B8 mov dword ptr [ebp-48], edx
00401ADF 8B45 B8 mov eax, dword ptr [ebp-48]
00401AE2 50 push eax
00401AE3 8D4D BC lea ecx, dword ptr [ebp-44]
00401AE6 51 push ecx
00401AE7 8B8D 58FFFFFF mov ecx, dword ptr [ebp-A8]
00401AED 83C1 60 add ecx, 60
00401AF0 E8 6B070000 call 00402260
00401AF5 50 push eax
00401AF6 8B8D 58FFFFFF mov ecx, dword ptr [ebp-A8]
00401AFC E8 63000000 call 00401B64
00401B01 8945 FC mov dword ptr [ebp-4], eax
00401B04 EB 26 jmp short 00401B2C
00401B06 C8 E7B9FB enter 0B9E7, 0FB
00401B0A D0E8 shr al, 1
00401B0C D2AA B1A9C1A6 shr byte ptr [edx+A6C1A9B1], c>
00401B12 B5 C4 mov ch, 0C4
00401B14 C5F3 lds esi, ebx ; 非法使用寄存器
00401B16 D3D1 rcl ecx, cl
00401B18 A3 ACD6B1BD mov dword ptr [BDB1D6AC], eax
00401B1D D3D4 rcl esp, cl
00401B1F DAD5 fcmovbe st, st(5)
00401B21 ^ E2 C0 loopd short 00401AE3
00401B23 EF out dx, eax
00401B24 C6C6 BD mov dh, 0BD
00401B27 E2 7E loopd short 00401BA7
00401B29 A3 A100837D mov dword ptr [7D8300A1], eax
00401B2E FC cld
00401B2F 00740D 8B add byte ptr [ebp+ecx-75], dh
00401B33 8D58 FF lea ebx, dword ptr [eax-1]
00401B36 FFFF ??? ; 未知命令
00401B38 E8 96FDFFFF call 004018D3 ; 注册成功子函数
00401B3D EB 0B jmp short 00401B4A
00401B3F 8B8D 58FFFFFF mov ecx, dword ptr [ebp-A8]
00401B45 E8 F1FDFFFF call 0040193B ; 注册失败子函数
00401B4A 5F pop edi
00401B4B 5E pop esi
00401B4C 5B pop ebx
00401B4D 8BE5 mov esp, ebp
00401B4F 5D pop ebp
00401B50 C3 retn
00401B51 55 push ebp
00401B52 8BEC mov ebp, esp
00401B54 51 push ecx
00401B55 894D FC mov dword ptr [ebp-4], ecx
00401B58 8B4D FC mov ecx, dword ptr [ebp-4]
00401B5B E8 50A70200 call 0042C2B0
00401B60 8BE5 mov esp, ebp
00401B62 5D pop ebp
00401B63 C3 retn
修改方法
00401B45 E8 F1FDFFFF call 0040193B ; 注册失败子函数
改为
00401B45 E8 89FDFFFF call 004018D3 ; 注册失败子函数
|
