网络嗅探 脱壳 ZP 壳
按前人方法简单到达成 005D1328 55 push ebp 此为OEP下面是到解密CALL 里的
01191646 A1 94571901 mov eax,dword ptr ds:
0119164B 80B8 29010000 0>cmp byte ptr ds:,0
01191652 74 57 je short 011916AB
01191654 FF15 E8101801 call dword ptr ds:
0119165A 8BC8 mov ecx,eax
0119165C 2B0D 60561901 sub ecx,dword ptr ds:
01191662 81F9 88130000 cmp ecx,1388
01191668 76 41 jbe short 011916AB
0119166A FF35 64561901 push dword ptr ds:
01191670 A3 60561901 mov dword ptr ds:,eax
01191675 FF15 4C101801 call dword ptr ds:
0119167B 833D CC5D1901 0>cmp dword ptr ds:,3
01191682 7C 08 jl short 0119168C
01191684 6A 00 push 0
01191686 FF15 F4101801 call dword ptr ds:
0119168C 803D E0571901 0>cmp byte ptr ds:,0
01191693 74 08 je short 0119169D
01191695 FF05 CC5D1901 inc dword ptr ds:
0119169B EB 07 jmp short 011916A4
0119169D 8325 CC5D1901 0>and dword ptr ds:,0
011916A4 C605 E0571901 0>mov byte ptr ds:,1
011916AB 56 push esi
011916AC 57 push edi
011916AD FF7424 0C push dword ptr ss:
011916B1 FF15 7C561901 call dword ptr ds:
011916B7 8BF8 mov edi,eax
011916B9 BE 9C5D1901 mov esi,1195D9C
011916BE E8 973FFFFF call 0118565A
011916C3 8B00 mov eax,dword ptr ds:
011916C5 5F pop edi
011916C6 894424 2C mov dword ptr ss:,eax
011916CA 5E pop esi
011916CB C2 0400 retn 4
011916BE E8 973FFFFF call 0118565AF7进去
0118565A 8B4E 04 mov ecx,dword ptr ds:
0118565D 85C9 test ecx,ecx
0118565F 74 0C je short 0118566D
01185661 8B46 08 mov eax,dword ptr ds:
01185664 2BC1 sub eax,ecx
01185666 C1F8 02 sar eax,2
01185669 3BF8 cmp edi,eax
0118566B 72 05 jb short 01185672
0118566D E8 57100000 call 011866C9
01185672 8B46 04 mov eax,dword ptr ds:
01185675 8D04B8 lea eax,dword ptr ds:
下面是修复用的代码
011C0000 B8 78B15D00 mov eax,5DB178
011C0005 8B18 mov ebx,dword ptr ds:
011C0007 83FB 00 cmp ebx,0
011C000A 74 36 je short 011C0042
011C000C 803B 68 cmp byte ptr ds:,68
011C000F 75 40 jnz short 011C0051
011C0011 8B4B 01 mov ecx,dword ptr ds:
011C0014 50 push eax
011C0015 51 push ecx
011C0016 FF15 7C561901 call dword ptr ds:
011C001C 8BF0 mov esi,eax
011C001E BE 9C5D1901 mov esi,1195D9C
011C0023 8B4E 04 mov ecx,dword ptr ds:
011C0026 85C9 test ecx,ecx
011C0028- 0F84 3F56FCFF je 0118566D
011C002E 8B46 08 mov eax,dword ptr ds:
011C0031 2BC1 sub eax,ecx
011C0033 C1F8 02 sar eax,2
011C0036 3BF8 cmp edi,eax
011C0038- 0F82 3456FCFF jb 01185672
011C003E E8 8666FCFF call 011866C9
011C0043 8B46 04 mov eax,dword ptr ds:
011C0046 8D04B8 lea eax,dword ptr ds:
011C0049 3D 64B95D00 cmp eax,5DB964
011C004E^ 72 B5 jb short 011C0005
011C0050- E9 D31241FF jmp 网络嗅探.005D1328
011C0055 66:813B 5060 cmp word ptr ds:,6050
011C005A^ 75 EA jnz short 011C0046
011C005C 807B 02 68 cmp byte ptr ds:,68
011C0060^ 75 E4 jnz short 011C0046
011C0062 8B4B 03 mov ecx,dword ptr ds:
011C0065^ EB B1 jmp short 011C0018
运行后出错
http://bbs.52pojie.cn/attachments/month_1003/1003131527604ab70c01ef2bde.jpg
请大牛说说是哪能里出了问题,谢谢
页:
[1]