大家帮我看看,爆破网页点击专家中的问题
大家帮我看看,爆破网页点击专家中的问题网页点击专家在华军有下载:http://www.onlinedown.net/soft/50737.htm
脱壳还比较顺利的,爆破后出错信息还在!
005282C2 .8882 D8060000 mov byte ptr ds:>
005282C8 .8B45 FC mov eax,dword ptr ss:[ebp>
005282CB .80B8 D8060000 00cmp byte ptr ds:>
005282D2 75 26 jnz short unpacked.005282>
005282D4 .E8 6BFEFFFF call unpacked.00528144
005282D9 .83F8 14 cmp eax,14
005282DC 7E 1C jle short unpacked.005282fa ////这里我改为jmp short 005282fa
005282DE .6A 20 push 20 ; /Style = MB_OK|MB_ICONQUESTION|MB_APPLMODAL
005282E0 .68 AC835200 push unpacked.005283AC ; |Title = "系统提示"
005282E5 .68 B8835200 push unpacked.005283B8 ; |Text = "没有注册!"
005282EA .A1 6C125300 mov eax,dword ptr ds:[531>; |
005282EF .8B00 mov eax,dword ptr ds:[eax>; |
005282F1 .8B40 30 mov eax,dword ptr ds:[eax>; |
005282F4 .50 push eax ; |hOwner
005282F5 .E8 72F6EDFF call <jmp.&user32.Message>; \MessageBoxA
005282FA >8B45 FC mov eax,dword ptr ss:[ebp>
005282FD .80B8 D8060000 00cmp byte ptr ds:>
00528304 75 3A jnz short unpacked.005283>/////这里我改为jmp short 00528340
00528306 .E8 39FEFFFF call unpacked.00528144
0052830B .83F8 23 cmp eax,23
0052830E 7E 30 jle short unpacked.005283> ///这里我改为jmp short 00528340
00528310 .6A 20 push 20 ; /Style = MB_OK|MB_ICONQUESTION|MB_APPLMODAL
00528312 .68 AC835200 push unpacked.005283AC ; |Title = "系统提示"
00528317 .68 B8835200 push unpacked.005283B8 ; |Text = "没有注册!"
0052831C .A1 6C125300 mov eax,dword ptr ds:[531>; |
00528321 .8B00 mov eax,dword ptr ds:[eax>; |
00528323 .8B40 30 mov eax,dword ptr ds:[eax>; |
00528326 .50 push eax ; |hOwner
00528327 .E8 40F6EDFF call <jmp.&user32.Message>; \MessageBoxA
0052832C .8B45 FC mov eax,dword ptr ss:[ebp>
0052832F .E8 58C7F4FF call unpacked.00474A8C
00528334 .A1 6C125300 mov eax,dword ptr ds:[531>
00528339 .8B00 mov eax,dword ptr ds:[eax>
0052833B .E8 78FFF4FF call unpacked.004782B8
00528340 >33C0 xor eax,eax
00528342 .5A pop edx
00528343 .59 pop ecx 壳子OEP: 0052DE3C
有点怪怪的~~ 大致试了一下,od中带壳爆破的话没问题,但脱壳后的程序一运行就退出了,估计程序中哪里有自校验。哪天有时间再仔细研究一下。 呵呵.....都是牛人啊.....看不懂
页:
[1]