ASProtcet2.11输入表加密脱壳动画
【文章标题】: ASProtcet2.11输入表加密【文章作者】: 追杀
【作者邮箱】: [email protected]
【作者主页】: 没有
【作者QQ群】: 8809635
【软件名称】: SSC
【软件大小】: 479 KB
【下载地址】: 自己搜索下载
【加壳方式】: ASPR2.11
【保护方式】: 加密
【编写语言】: DELPH
【操作平台】: WinXp2
【软件介绍】: OD ImportREC Lordepe
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
--------------------------------------------------------------------------------
【详细过程】
B1020 OEP
CTRL+B 89,45,F0,B8,00,07,00,00
E3 我机子里的。ESI的三个值
ESI=000000DC
ESI=000000B5
内存插件申请一块空间
这里上我前几次脱的,跟据时间而变化的地址都在这里
01640000 - 0F84 F37584FF je 00E875F9
01640006 81FE E3000000 cmp esi,0E3
0164000C - 0F84 427684FF je 00E87654
01640012 BE E3000000 mov esi,0E3
01640017 - E9 387684FF jmp 00E87654
0F 84 F3 75 84 FF 81 FE E3 00 00 00 0F 84 42 76 84 FF BE E3 00 00 00 E9 38 76 84 FF
00EA7190 E8 B7B3FDFF CALL 00E8254C
01640000- 0F84 F37586FF JE 00EA75F9
01640006 81FE E3000000 CMP ESI,0E3
0164000C- 0F84 427686FF JE 00EA7654
01640012 BE E3000000 MOV ESI,0E3
01640017- E9 387686FF JMP 00EA7654
0F 84 F3 75 86 FF 81 FE E3 00 00 00 0F 84 42 76 86 FF BE E3 00 00 00 E9 38 76 86 FF
解码了,
004BE1547C93188Antdll.RtlDeleteCriticalSection
004BE1587C9210EDntdll.RtlLeaveCriticalSection
004BE15C7C921005ntdll.RtlEnterCriticalSection
004BE1607C809EF1kernel32.InitializeCriticalSection
004BE1647C809AE4kernel32.VirtualFree
004BE1687C809A51kernel32.VirtualAlloc
004BE16C7C80992Fkernel32.LocalFree
004BE1707C80998Dkernel32.LocalAlloc
004BE1747C80929Ckernel32.GetTickCount
004BE1787C80A427kernel32.QueryPerformanceCounter
004BE17C7C8111DAkernel32.GetVersion
004BE1807C809728kernel32.GetCurrentThreadId
004BE1847C80977Akernel32.InterlockedDecrement
004BE1887C809766kernel32.InterlockedIncrement
004BE18C7C80B9D1kernel32.VirtualQuery
004BE1907C80A0D4kernel32.WideCharToMultiByte
004BE1947C809BF8kernel32.MultiByteToWideChar
004BE1987C80BDB6kernel32.lstrlenA
004BE19C7C810111kernel32.lstrcpynA
004BE1A07C801D4Fkernel32.LoadLibraryExA
004BE1A47C80A415kernel32.GetThreadLocale
004BE1A87C801EEEkernel32.GetStartupInfoA
004BE1AC7C80ADA0kernel32.GetProcAddress
004BE1B07C80B6A1kernel32.GetModuleHandleA
004BE1B47C80B4CFkernel32.GetModuleFileNameA
004BE1B87C80D262kernel32.GetLocaleInfoA
004BE1BC7C930331ntdll.RtlGetLastWin32Error
004BE1C07C812F1Dkernel32.GetCommandLineA
004BE1C47C80ABDEkernel32.FreeLibrary
004BE1C87C8137D9kernel32.FindFirstFileA
004BE1CC7C80EDD7kernel32.FindClose
004BE1D07C81CDDAkernel32.ExitProcess
004BE1D47C810D87kernel32.WriteFile
004BE1D87C862E62kernel32.UnhandledExceptionFilter
004BE1DC7C810B8Ekernel32.SetFilePointer
004BE1E07C832044kernel32.SetEndOfFile
004BE1E47C957A40ntdll.RtlUnwind
004BE1E87C80180Ekernel32.ReadFile
004BE1EC7C812A09kernel32.RaiseException
004BE1F07C812F39kernel32.GetStdHandle
004BE1F47C810A77kernel32.GetFileSize
004BE1F87C810E51kernel32.GetFileType
004BE1FC7C801A24kernel32.CreateFileA
004BE2007C809B47kernel32.CloseHandle
004BE20400000000
004BE20877D3119Buser32.GetKeyboardType
004BE20C77D2DFA8user32.LoadStringA
004BE21077D5058Auser32.MessageBoxA
004BE21477D2DF50user32.CharNextA
004BE21800000000
004BE21C77DA7883advapi32.RegQueryValueExA
004BE22077DA761Badvapi32.RegOpenKeyExA
004BE22477DA6BF0advapi32.RegCloseKey
004BE22800000000
004BE22C770F4850oleaut32.SysFreeString
004BE2307711C99Doleaut32.SysReAllocStringLen
004BE234770F4B59oleaut32.SysAllocStringLen
004BE23800000000
004BE23C7C809BC5kernel32.TlsSetValue
004BE2407C809740kernel32.TlsGetValue
004BE2447C80998Dkernel32.LocalAlloc
004BE2487C80B6A1kernel32.GetModuleHandleA
004BE24C00000000
004BE25077DAEBE7advapi32.RegSetValueExA
004BE25477DA7883advapi32.RegQueryValueExA
004BE25877DCC1B5advapi32.RegQueryInfoKeyA
004BE25C77DA761Badvapi32.RegOpenKeyExA
004BE26077DBB908advapi32.RegFlushKey
004BE26477DCC8C1advapi32.RegEnumKeyExA
004BE26877DAEDE5advapi32.RegDeleteValueA
004BE26C77DAEAF4advapi32.RegCreateKeyExA
004BE27077DA6BF0advapi32.RegCloseKey
004BE27400000000
004BE2787C80BE01kernel32.lstrcpyA
004BE27C7C810D87kernel32.WriteFile
004BE2807C802520kernel32.WaitForSingleObject
004BE2847C80B9D1kernel32.VirtualQuery
004BE2887C809A51kernel32.VirtualAlloc
004BE28C7C802442kernel32.Sleep
004BE2907C80BC69kernel32.SizeofResource
004BE2947C81BBBAkernel32.SetThreadLocale
004BE2987C810B8Ekernel32.SetFilePointer
004BE29C7C80A017kernel32.SetEvent
004BE2A07C80AC0Fkernel32.SetErrorMode
004BE2A47C832044kernel32.SetEndOfFile
004BE2A87C86614Bkernel32.SetCommTimeouts
004BE2AC7C80A03Bkernel32.ResetEvent
004BE2B07C80180Ekernel32.ReadFile
004BE2B47C82FA46kernel32.QueryPerformanceFrequency
004BE2B87C80A427kernel32.QueryPerformanceCounter
004BE2BC7C8097C6kernel32.MulDiv
004BE2C07C80CC97kernel32.SetHandleCount
004BE2C47C809FB5kernel32.LoadResource
004BE2C87C801D77kernel32.LoadLibraryA
004BE2CC7C9210EDntdll.RtlLeaveCriticalSection
004BE2D07C809EF1kernel32.InitializeCriticalSection
004BE2D47C80FE82kernel32.GlobalUnlock
004BE2D87C8123B9kernel32.GlobalReAlloc
004BE2DC7C834CB9kernel32.GlobalHandle
004BE2E07C80FF19kernel32.GlobalLock
004BE2E47C80FC2Fkernel32.GlobalFree
004BE2E87C8360C3kernel32.GlobalFindAtomA
004BE2EC7C830BBBkernel32.GlobalDeleteAtom
004BE2F07C80FD2Dkernel32.GlobalAlloc
004BE2F47C8360A9kernel32.GlobalAddAtomA
004BE2F87C812ADEkernel32.GetVersionExA
004BE2FC7C8111DAkernel32.GetVersion
004BE3007C80929Ckernel32.GetTickCount
004BE3047C80A415kernel32.GetThreadLocale
004BE3087C812D56kernel32.GetSystemInfo
004BE30C7C814EEAkernel32.GetSystemDirectoryA
004BE3107C8760CFkernel32.GetStringTypeExA
004BE3147C812F39kernel32.GetStdHandle
004BE3187C80ADA0kernel32.GetProcAddress
004BE31C7C80B6A1kernel32.GetModuleHandleA
004BE3207C80B4CFkernel32.GetModuleFileNameA
004BE3247C80D262kernel32.GetLocaleInfoA
004BE3287C80A7D4kernel32.GetLocalTime
004BE32C7C930331ntdll.RtlGetLastWin32Error
004BE3307C8138FCkernel32.GetFullPathNameA
004BE3347C8302EDkernel32.GetDiskFreeSpaceA
004BE3387C8361EEkernel32.GetDateFormatA
004BE33C7C809728kernel32.GetCurrentThreadId
004BE3407C809920kernel32.GetCurrentProcessId
004BE3447C822128kernel32.GetCommTimeouts
004BE3487C812E76kernel32.GetCPInfo
004BE34C7C809915kernel32.GetACP
004BE3507C8260C2kernel32.FreeResource
004BE3547C80978Ekernel32.InterlockedExchange
004BE3587C80ABDEkernel32.FreeLibrary
004BE35C7C82F7A0kernel32.FormatMessageA
004BE3607C80BE89kernel32.FindResourceA
004BE3647C8137D9kernel32.FindFirstFileA
004BE3687C80EDD7kernel32.FindClose
004BE36C7C80E866kernel32.FileTimeToLocalFileTime
004BE3707C83065Dkernel32.FileTimeToDosDateTime
004BE3747C838211kernel32.EnumCalendarInfoA
004BE3787C921005ntdll.RtlEnterCriticalSection
004BE37C7C93188Antdll.RtlDeleteCriticalSection
004BE3807C810637kernel32.CreateThread
004BE3847C801A24kernel32.CreateFileA
004BE3887C8308ADkernel32.CreateEventA
004BE38C7C80D077kernel32.CompareStringA
004BE3907C809B47kernel32.CloseHandle
004BE39400000000
004BE39877BD18BAversion.VerQueryValueA
004BE39C77BD19FFversion.GetFileVersionInfoSizeA
004BE3A077BD1A50version.GetFileVersionInfoA
004BE3A400000000
004BE3A877EFD85FGDI32.UnrealizeObject
004BE3AC77EFBBDCGDI32.TextOutA
004BE3B077EFBAC2GDI32.StretchBlt
004BE3B477EF8CFDGDI32.SetWindowOrgEx
004BE3B877F1BF4DGDI32.SetWinMetaFileBits
004BE3BC77EF7B5CGDI32.SetViewportOrgEx
004BE3C077EF5D87GDI32.SetTextColor
004BE3C477EF8B74GDI32.SetTextAlign
004BE3C877EF9581GDI32.SetStretchBltMode
004BE3CC77EFD8F8GDI32.SetROP2
004BE3D077EFB4C7GDI32.SetPixel
004BE3D477F0717DGDI32.SetEnhMetaFileBits
004BE3D877F0C36DGDI32.SetDIBColorTable
004BE3DC77EF86E4GDI32.SetBrushOrgEx
004BE3E077EF5EEBGDI32.SetBkMode
004BE3E477EF5E39GDI32.SetBkColor
004BE3E877EF832AGDI32.SelectPalette
004BE3EC77EF5B80GDI32.SelectObject
004BE3F077EF7AB0GDI32.SelectClipRgn
004BE3F477EF8AD7GDI32.SaveDC
004BE3F877F1BDCEGDI32.RoundRect
004BE3FC77EF8A11GDI32.RestoreDC
004BE40077EFE649GDI32.Rectangle
004BE40477EF81CBGDI32.RectVisible
004BE40877EFE6E6GDI32.RealizePalette
004BE40C77EFDD5DGDI32.Polyline
004BE41077EFE714GDI32.Polygon
004BE41477F19777GDI32.PlayEnhMetaFile
004BE41877F1C81EGDI32.Pie
004BE41C77EF8593GDI32.PatBlt
004BE42077EFADC3GDI32.MoveToEx
004BE42477EFAC6AGDI32.MaskBlt
004BE42877EFD9BFGDI32.LineTo
004BE42C77EFD4EFGDI32.LPtoDP
004BE43077EF6A66GDI32.IntersectClipRect
004BE43477EFDA46GDI32.GetWindowOrgEx
004BE43877F2A085GDI32.GetWinMetaFileBits
004BE43C77EFDC1FGDI32.GetTextMetricsA
004BE44077EFDF7AGDI32.GetTextExtentPointA
004BE44477F0C2A7GDI32.GetTextExtentPoint32A
004BE44877EFD44FGDI32.GetTextAlign
004BE44C77EFB2F1GDI32.GetSystemPaletteEntries
004BE45077EF61D1GDI32.GetStockObject
004BE45477EFB441GDI32.GetPixel
004BE45877EFBA42GDI32.GetPaletteEntries
004BE45C77EF8C0EGDI32.GetObjectA
004BE46077F29B9AGDI32.GetEnhMetaFilePaletteEntries
004BE46477F00325GDI32.GetEnhMetaFileHeader
004BE46877F192BEGDI32.GetEnhMetaFileBits
004BE46C77EF5A7AGDI32.GetDeviceCaps
004BE47077EFAABBGDI32.GetDIBits
004BE47477EFAC3DGDI32.GetDIBColorTable
004BE47877EFDA17GDI32.GetDCOrgEx
004BE47C77F0EAE3GDI32.GetCurrentPositionEx
004BE48077EF6AB1GDI32.GetClipBox
004BE48477EFA29DGDI32.GetBrushOrgEx
004BE48877F03849GDI32.GetBkMode
004BE48C77EF93A5GDI32.GetBkColor
004BE49077EFA197GDI32.GetBitmapBits
004BE49477EF5996GDI32.GdiFlush
004BE49877EFD422GDI32.ExtTextOutA
004BE49C77EF7884GDI32.ExtSelectClipRgn
004BE4A077F019F8GDI32.ExtCreatePen
004BE4A477EF9536GDI32.ExcludeClipRect
004BE4A877F0C48FGDI32.Ellipse
004BE4AC77EF6C0AGDI32.DeleteObject
004BE4B077EFFE86GDI32.DeleteEnhMetaFile
004BE4B477EF6E6FGDI32.DeleteDC
004BE4B877EF61B5GDI32.CreateSolidBrush
004BE4BC77EF7796GDI32.CreateRectRgn
004BE4C077EFA1FBGDI32.CreatePolygonRgn
004BE4C477F04072GDI32.CreatePenIndirect
004BE4C877EFB1F1GDI32.CreatePalette
004BE4CC77EFB2DDGDI32.CreateHalftonePalette
004BE4D077EFE2E3GDI32.CreateFontIndirectA
004BE4D477EFA905GDI32.CreateDIBitmap
004BE4D877EF9219GDI32.CreateDIBSection
004BE4DC77EF5FF0GDI32.CreateCompatibleDC
004BE4E077EF701AGDI32.CreateCompatibleBitmap
004BE4E477EFD991GDI32.CreateBrushIndirect
004BE4E877EF61FFGDI32.CreateBitmap
004BE4EC77F074EAGDI32.CopyEnhMetaFileA
004BE4F077EF6F89GDI32.BitBlt
004BE4F477F24308GDI32.Arc
004BE4F800000000
004BE4FC77D1FF33user32.CreateWindowExA
004BE50077D1BD8Euser32.WindowFromPoint
004BE50477D3EE25user32.WinHelpA
004BE50877D1940Cuser32.WaitMessage
004BE50C77D1D7F9user32.UpdateWindow
004BE51077D21656user32.UnregisterClassA
004BE51477D1F21Euser32.UnhookWindowsHookEx
004BE51877D18BF6user32.TranslateMessage
004BE51C77D2FAEFuser32.TranslateMDISysAccel
004BE52077D650EEuser32.TrackPopupMenu
004BE52477D20762user32.SystemParametersInfoA
004BE52877D1D8A4user32.ShowWindow
004BE52C77D2F2B3user32.ShowScrollBar
004BE53077D55F86user32.ShowOwnedPopups
004BE53477D2FA2Euser32.ShowCursor
004BE53877D311D1user32.SetWindowsHookExA
004BE53C77D2F52Buser32.SetWindowTextA
004BE54077D1C01Buser32.SetWindowPos
004BE54477D2D84Cuser32.SetWindowPlacement
004BE54877D1D60Duser32.SetWindowLongA
004BE54C77D18C2Euser32.SetTimer
004BE55077D2F95Buser32.SetScrollRange
004BE55477D2F710user32.SetScrollPos
004BE55877D19056user32.SetScrollInfo
004BE55C77D1B5C6user32.SetRect
004BE56077D2FFC0user32.SetPropA
004BE56477D1DCD2user32.SetParent
004BE56877D6AC36user32.SetMenuItemInfoA
004BE56C77D4F196user32.SetMenu
004BE57077D23D4Duser32.SetForegroundWindow
004BE57477D1DA60user32.SetFocus
004BE57877D1BF58user32.SetCursor
004BE57C77D30F5Euser32.SetClipboardData
004BE58077D2FE31user32.SetClassLongA
004BE58477D1D6CEuser32.SetCapture
004BE58877D23E85user32.SetActiveWindow
004BE58C77D2F383user32.SendMessageA
004BE59077D2FEF9user32.ScrollWindow
004BE59477D1BDC8user32.ScreenToClient
004BE59877D30054user32.RemovePropA
004BE59C77D28D3Euser32.RemoveMenu
004BE5A077D1869Duser32.ReleaseDC
004BE5A477D1D6EAuser32.ReleaseCapture
004BE5A877D18E28user32.RegisterWindowMessageA
004BE5AC77D18E28user32.RegisterWindowMessageA
004BE5B077D20A36user32.RegisterClassA
004BE5B477D1BF6Cuser32.RedrawWindow
004BE5B877D1BD41user32.PtInRect
004BE5BC77D2E1D1user32.PostQuitMessage
004BE5C077D1CB85user32.PostMessageA
004BE5C477D1C96Cuser32.PeekMessageA
004BE5C877D30237user32.OpenClipboard
004BE5CC77D1B631user32.OffsetRect
004BE5D077D30097user32.OemToCharA
004BE5D477D5058Auser32.MessageBoxA
004BE5D877D31F3Buser32.MessageBeep
004BE5DC77D1BB2Fuser32.MapWindowPoints
004BE5E077D2FEAAuser32.MapVirtualKeyA
004BE5E477D2DFA8user32.LoadStringA
004BE5E877D56002user32.LoadKeyboardLayoutA
004BE5EC77D208CEuser32.LoadIconA
004BE5F077D1EF69user32.LoadCursorA
004BE5F477D254F0user32.LoadBitmapA
004BE5F877D18C42user32.KillTimer
004BE5FC77D1C2B2user32.IsZoomed
004BE60077D1C465user32.IsWindowVisible
004BE60477D1BDA2user32.IsWindowEnabled
004BE60877D1B933user32.IsWindow
004BE60C77D1BF26user32.IsRectEmpty
004BE61077D1BE27user32.IsIconic
004BE61477D3C651user32.IsDialogMessageA
004BE61877D1970Euser32.IsChild
004BE61C77D1B5F5user32.InvalidateRect
004BE62077D1B53Fuser32.IntersectRect
004BE62477D4F4B0user32.InsertMenuItemA
004BE62877D3ECEEuser32.InsertMenuA
004BE62C77D1BEFDuser32.InflateRect
004BE63077D18A80user32.GetWindowThreadProcessId
004BE63477D3212Buser32.GetWindowTextA
004BE63877D1B6D4user32.GetWindowRect
004BE63C77D30387user32.GetWindowPlacement
004BE64077D1945Duser32.GetWindowLongA
004BE64477D19021user32.GetWindowDC
004BE64877D2F21Cuser32.GetTopWindow
004BE64C77D18F9Cuser32.GetSystemMetrics
004BE65077D1DB70user32.GetSystemMenu
004BE65477D18EABuser32.GetSysColorBrush
004BE65877D18E78user32.GetSysColor
004BE65C77D20C8Cuser32.GetSubMenu
004BE66077D2F747user32.GetScrollRange
004BE66477D2F6C4user32.GetScrollPos
004BE66877D20DA2user32.GetScrollInfo
004BE66C77D30002user32.GetPropA
004BE67077D1B72Fuser32.GetParent
004BE67477D1BC7Duser32.GetWindow
004BE67877D4EFEEuser32.GetMenuStringA
004BE67C77D28F8Fuser32.GetMenuState
004BE68077D21517user32.GetMenuItemInfoA
004BE68477D4EF68user32.GetMenuItemID
004BE68877D21386user32.GetMenuItemCount
004BE68C77D3147Auser32.GetMenu
004BE69077D3153Auser32.GetLastActivePopup
004BE69477D1EF29user32.GetKeyboardState
004BE69877D1C243user32.GetKeyboardLayoutList
004BE69C77D1C21Euser32.GetKeyboardLayout
004BE6A077D1C505user32.GetKeyState
004BE6A477D4F454user32.GetKeyNameTextA
004BE6A877D1F052user32.GetIconInfo
004BE6AC77D1BE4Buser32.GetForegroundWindow
004BE6B077D1BEF0user32.GetFocus
004BE6B477D1EED5user32.GetDesktopWindow
004BE6B877D1E875user32.GetDCEx
004BE6BC77D186C7user32.GetDC
004BE6C077D1BD76user32.GetCursorPos
004BE6C477D1D749user32.GetCursor
004BE6C877D30D7Auser32.GetClipboardData
004BE6CC77D1B6AEuser32.GetClientRect
004BE6D077D2F420user32.GetClassNameA
004BE6D477D3EBC7user32.GetClassInfoA
004BE6D877D194DAuser32.GetCapture
004BE6DC77D1D658user32.GetActiveWindow
004BE6E077D2F8EAuser32.FrameRect
004BE6E477D2DE87user32.FindWindowA
004BE6E877D1C257user32.FillRect
004BE6EC77D1C4A9user32.EqualRect
004BE6F077D1CD97user32.EnumWindows
004BE6F477D2F4F9user32.EnumThreadWindows
004BE6F877D1B61Duser32.EndPaint
004BE6FC77D1D8DBuser32.EndDeferWindowPos
004BE70077D1BE71user32.EnableWindow
004BE70477D67DDDuser32.EnableScrollBar
004BE70877D1F787user32.EnableMenuItem
004BE70C77D30D56user32.EmptyClipboard
004BE71077D3C6CAuser32.DrawTextA
004BE71477D4F43Cuser32.DrawMenuBar
004BE71877D1EB4Euser32.DrawIconEx
004BE71C77D3D034user32.DrawIcon
004BE72077D3E907user32.DrawFrameControl
004BE72477D2F90Fuser32.DrawFocusRect
004BE72877D2FBB6user32.DrawEdge
004BE72C77D196B8user32.DispatchMessageA
004BE73077D1DAEAuser32.DestroyWindow
004BE73477D1EFC8user32.DestroyMenu
004BE73877D1EF3Duser32.DestroyIcon
004BE73C77D1EF3Duser32.DestroyIcon
004BE74077D1FA55user32.DeleteMenu
004BE74477D1D929user32.DeferWindowPos
004BE74877D1D4EEuser32.DefWindowProcA
004BE74C77D4F754user32.DefMDIChildProcA
004BE75077D4F705user32.DefFrameProcA
004BE75477D28C29user32.CreatePopupMenu
004BE75877D2F2C7user32.CreateMenu
004BE75C77D56E8Fuser32.CreateIcon
004BE76077D30225user32.CloseClipboard
004BE76477D1C188user32.ClientToScreen
004BE76877D31A7Duser32.CheckMenuItem
004BE76C77D1F642user32.CallWindowProcA
004BE77077D1F85Buser32.CallNextHookEx
004BE77477D1B609user32.BeginPaint
004BE77877D1D907user32.BeginDeferWindowPos
004BE77C77D2DF50user32.CharNextA
004BE78077D2E6F0user32.CharLowerBuffA
004BE78477D2E5C2user32.CharLowerA
004BE78877D1AE3Fuser32.CharUpperBuffA
004BE78C77D1AEF1user32.CharToOemA
004BE79077D20272user32.AdjustWindowRectEx
004BE79477D2D32Auser32.ActivateKeyboardLayout
004BE79800000000
004BE79C7C802442kernel32.Sleep
004BE7A000000000
004BE7A47711C3A4oleaut32.SafeArrayPtrOfIndex
004BE7A8770F504Foleaut32.SafeArrayGetUBound
004BE7AC770F509Boleaut32.SafeArrayGetLBound
004BE7B07711C2E9oleaut32.SafeArrayCreate
004BE7B4770F66D9oleaut32.VariantChangeType
004BE7B87711D295oleaut32.VariantCopy
004BE7BC770F48C0oleaut32.VariantClear
004BE7C0770F4920oleaut32.VariantInit
004BE7C400000000
004BE7C877195698comctl32.ImageList_SetIconSize
004BE7CC77195650comctl32.ImageList_GetIconSize
004BE7D077195036comctl32.ImageList_Write
004BE7D4771989D9comctl32.ImageList_Read
004BE7D877194E07comctl32.ImageList_GetDragImage
004BE7DC77194F63comctl32.ImageList_DragShowNolock
004BE7E077194DB3comctl32.ImageList_SetDragCursorImage
004BE7E477194F10comctl32.ImageList_DragMove
004BE7E877194F3Bcomctl32.ImageList_DragLeave
004BE7EC77194EE2comctl32.ImageList_DragEnter
004BE7F077194E4Ccomctl32.ImageList_EndDrag
004BE7F477194E9Acomctl32.ImageList_BeginDrag
004BE7F8771955B7comctl32.ImageList_GetIcon
004BE7FC77195572comctl32.ImageList_Remove
004BE800771953B5comctl32.ImageList_DrawEx
004BE80477195323comctl32.ImageList_Replace
004BE8087719544Dcomctl32.ImageList_Draw
004BE80C7719529Acomctl32.ImageList_GetBkColor
004BE81077195254comctl32.ImageList_SetBkColor
004BE8147719520Dcomctl32.ImageList_ReplaceIcon
004BE818771951C6comctl32.ImageList_Add
004BE81C77195140comctl32.ImageList_GetImageCount
004BE82077195104comctl32.ImageList_Destroy
004BE8247719934Bcomctl32.ImageList_Create
004BE828771FB5F9comctl32.InitCommonControls
004BE82C00000000
004BE83072F77287winspool.WritePrinter
004BE83472F78367winspool.StartPagePrinter
004BE83872F841FBwinspool.StartDocPrinterA
004BE83C72F83AE1winspool.SetPrinterA
004BE84072F83767winspool.OpenPrinterA
004BE84472F859DEwinspool.GetPrinterA
004BE84872F7B051winspool.EnumPrintersA
004BE84C72F78043winspool.EndPagePrinter
004BE85072F774C8winspool.EndDocPrinter
004BE85472F75390winspool.ClosePrinter
004BE85800000000
004BE85C7D5F0C79shell32.Shell_NotifyIconA
004BE8607D610EC0shell32.ShellExecuteA
004BE86400000000
004BE86877DC3238advapi32.StartServiceA
004BE86C77DBB88Cadvapi32.OpenServiceA
004BE87077DBADA7advapi32.OpenSCManagerA
004BE87477E07071advapi32.CreateServiceA
004BE87877DB5E4Dadvapi32.CloseServiceHandle
CTRL+B:89 45 F0 B8 00 07 00 00
这个CALL改
CALL 00E8254C
jmp 01640037
01640000 BA 00104000 MOV EDX,ssc_serv.<模块入口点>
01640005 803A E8 CMP BYTE PTR DS:,0E8
01640008 75 12 JNZ SHORT 0164001C
0164000A 8B42 01 MOV EAX,DWORD PTR DS:
0164000D 03C2 ADD EAX,EDX
0164000F 83C0 05 ADD EAX,5
01640012 3D 00000F01 CMP EAX,10F0000 ; 处理变型CALL
01640017 75 03 JNZ SHORT 0164001C
01640019 EB 0C JMP SHORT 01640027
0164001B 90 NOP
0164001C 42 INC EDX
0164001D 81FA 00204B00 CMP EDX,4B2000 ; 数据段地址
01640023^ 72 E0 JB SHORT 01640005
01640025- EB FE JMP SHORT 01640025
01640027 8915 00016401 MOV DWORD PTR DS:,EDX
0164002D 60 PUSHAD
0164002E FFE2 JMP EDX
01640030 90 NOP
01640031 90 NOP
01640032 90 NOP
01640033 90 NOP
01640034 90 NOP
01640035 90 NOP
01640036 90 NOP
01640037 60 PUSHAD
01640038 B8 54E14B00 MOV EAX,4BE154
0164003D 90 NOP
0164003E 3910 CMP DWORD PTR DS:,EDX
01640040 75 20 JNZ SHORT 01640062
01640042 8B0D 00016401 MOV ECX,DWORD PTR DS:
01640048 C701 FF250000 MOV DWORD PTR DS:,25FF
0164004E 8941 02 MOV DWORD PTR DS:,EAX
01640051 61 POPAD
01640052 90 NOP
01640053 8B15 00016401 MOV EDX,DWORD PTR DS:
01640059 90 NOP
0164005A 90 NOP
0164005B 90 NOP
0164005C^ EB BE JMP SHORT 0164001C
0164005E 90 NOP
0164005F 90 NOP
01640060 90 NOP
01640061 90 NOP
01640062 83C0 04 ADD EAX,4
01640065 3D 78E84B00 CMP EAX,4BE878
0164006A^ 7E D2 JLE SHORT 0164003E
0164006C^ EB E3 JMP SHORT 01640051
BA 00 10 40 00 80 3A E8 75 12 8B 42 01 03 C2 83 C0 05 3D 00 00 0F 01 75 03 EB 0C 90 42 81 FA 00
20 4B 00 72 E0 EB FE 89 15 00 01 64 01 60 FF E2 90 90 90 90 90 90 90 60 B8 54 E1 4B 00 90 39 10
75 20 8B 0D 00 01 64 01 C7 01 FF 25 00 00 89 41 02 61 90 8B 15 00 01 64 01 90 90 90 EB BE 90 90
90 90 83 C0 04 3D 78 E8 4B 00 7E D2 EB E3
完毕后再F9
在最后一步请先打开LordPE与IR
请等待
你的机子配置高的话也无防
这里要耗很长时间。我的是本子不好意思
PATCH有错
OK了。拜拜,我是追杀
出错原因,OEP没填对。^_^再见 QQ交流群:8809635
动画请到:http://www.namipan.com/downfile/ASProtcet2.11%E4%B9%8B%E8%BE%93%E5%85%A5%E8%A1%A8%E5%8A%A0%E5%AF%86.rar/0b78201890f63d8b0804b3b325136e9813269bae36a6d200 下载
--------------------------------------------------------------------------------
【版权声明】: 转载请注明作者并保持文章的完整, 谢谢!
2008年04月26日 PM 01:47:46
[ 本帖最后由 enjon 于 2008-4-26 14:15 编辑 ] 第一时间跟进!~~~~
谢谢!~ 非常感谢学习了/:014
一定好好看下·· 感谢楼主分享!学习!收藏!!支持!!! 下载不了了!!!/:L 貌似天草高级班里面讲到的方法 如果你认真浏览了论坛,不用看天草的也可能脱掉
:lol: 这个正找呢.谢谢啦.不过不能下载..有没有纳米地址?
[ 本帖最后由 暗里着迷 于 2008-4-27 10:27 编辑 ] 支持!学习!/:014 原帖由 暗里着迷 于 2008-4-27 10:25 发表 https://www.chinapyg.com/images/common/back.gif
这个正找呢.谢谢啦.不过不能下载..有没有纳米地址?
http://www.namipan.com/d/ASProtcet2_1_.11%e4%b9%8b%e8%be%93%e5%85%a5%e8%a1%a8%e5%8a%a0%e5%af%86.rar/27ad280c2d75327a6085000bc6fd7084a883167798fdd900
上次的由于时间关系没有把练习文件放进去,现在放进去了,麻烦大伙重下载不好意思。
这个地址
动画做得不好,请别见怪
[ 本帖最后由 enjon 于 2008-4-28 00:45 编辑 ]
页:
[1]
2