以壳解壳SVKP
【文章标题】: 以壳解壳SVKP【文章作者】: wynney
【软件名称】: 硬盘里找的
【下载地址】: 自己搜索下载
【作者声明】: 工作不怎么忙了,出来冒冒泡
--------------------------------------------------------------------------------
【详细过程】
一、到OEP去溜达,SFX
忽略所有异常,看图,Ctrl+F2,不一会就到FOEP了[如果中间有异常,Shift+F9过]
引用:
00405DC8 .53 push ebx ;SFX 代码真实入口点
00405DC9 .8BD8 mov ebx,eax ;很典型的Delphi特征
00405DCB .33C0 xor eax,eax
00405DCD .A3 9C304800 mov dword ptr ds:,eax
00405DD2 .6A 00 push 0
00405DD4 .E8 2BFFFFFF call SVKP.00405D04
00405DD9 .A3 64664800 mov dword ptr ds:,eax
00405DDE .A1 64664800 mov eax,dword ptr ds:
00405DE3 .A3 A8304800 mov dword ptr ds:,eax
00405DE8 .33C0 xor eax,eax
00405DEA .A3 AC304800 mov dword ptr ds:,eax
00405DEF .33C0 xor eax,eax
00405DF1 .A3 B0304800 mov dword ptr ds:,eax
00405DF6 .E8 C1FFFFFF call SVKP.00405DBC
00405DFB .BA A4304800 mov edx,SVKP.004830A4
00405E00 .8BC3 mov eax,ebx
00405E02 .E8 9DDDFFFF call SVKP.00403BA4
00405E07 .5B pop ebx
00405E08 .C3 retn ;返回到FOEP
引用:
004823B7 E8 0C3AF8FF call SVKP.00405DC8 ; FOEP,上面的代码被抽,今天不讲如何修复Stolen
004823BC A1 2C5C4800 mov eax,dword ptr ds: ; retn到这
二、以壳解壳点
忽略除了内存异常和指定异常外的所有异常,Ctrl+F2
引用:
005B8000 >60 pushad ; 入口
005B8001 E8 00000000 call SVKP.005B8006 ; F8到这,hr ESP
005B8006 5D pop ebp
005B8007 81ED 06000000 sub ebp,6
4次Shift+F9,到最后一次内存异常
引用:
00FBDC09 CD 01 int 1 ; 最后一次内存异常
00FBDC0B E8 01000000 call 00FBDC11
00FBDC10- E9 83C4047C jmp 7D00A098
00FBDC15 03EB add ebp,ebx
00FBDC17 039A 74FB648F add ebx,dword ptr ds:
00FBDC1D 05 00000000 add eax,0
00FBDC22 E8 02000000 call 00FBDC29
00FBDC27 CD20 83042408 vxdcall 8240483
00FBDC2D C3 retn
硬件断点不要删,到Code断下断,Shift+F9
引用:
00FDE8D3 8A06 mov al,byte ptr ds: ; 中断在这,删除内存断点
00FDE8D5 46 inc esi
00FDE8D6 47 inc edi
00FDE8D7 8843 0F mov byte ptr ds:,al
00FDE8DA 8A46 FF mov al,byte ptr ds:
00FDE8DD 55 push ebp
Shift+F9,硬件中断在SVKP的典型代码了
引用:
0012FC40 60 pushad ; 中断
0012FC41 E8 03000000 call 0012FC49
0012FC46 D2EB shr bl,cl
0012FC48 0A58 EB or bl,byte ptr ds:
0012FC4B 0148 40 add dword ptr ds:,ecx
0012FC4E EB 01 jmp short 0012FC51
0012FC50 35 FFE061E8 xor eax,E861E0FF
0012FC55 0100 add dword ptr ds:,eax
删除硬件断点,Ctrl+G:004823B7,F2,Ctrl+F11,中断在004823B7,点“运行跟踪”,看跟踪窗口
引用:
地址=0012FC53
命令=popad
修改后的寄存器=EAX=0105E159,ESP=0012FFC4
看EAX,0105E159就是Stolen开始的位置了
取消004823B7处的断点,开始LordPE,Dump了,并且补上两个取段
打开 ImportREC,OEP输入000823B7,获取IAT,全部无效,先用等级1修复,有很大一部分被修复了,
剩下10个没有修复的[这几个指针就是SVKP会特殊处理的几个指针了,大家应该比较熟悉,这里我们不需要修复她们]
,可以看看,没有被修复的指针所指向的地址全部在需要补的两个区段里
引用:
Target: D:\Downloads\以壳解壳SVKP\SVKP.exe
OEP: 000823B7IATRVA: 0019113CIATSize: 000006EC
FThunk: 00191140NbFunc: 00000022
100191140kernel32.dll0080DeleteCriticalSection
100191144kernel32.dll0241LeaveCriticalSection
100191148kernel32.dll0097EnterCriticalSection
10019114Ckernel32.dll0216InitializeCriticalSection
100191150kernel32.dll036EVirtualFree
100191154kernel32.dll036BVirtualAlloc
100191158kernel32.dll024CLocalFree
10019115Ckernel32.dll0248LocalAlloc
000191160?000001057FB8
100191164kernel32.dll013FGetCurrentThreadId
100191168kernel32.dll021AInterlockedDecrement
10019116Ckernel32.dll021EInterlockedIncrement
100191170kernel32.dll0373VirtualQuery
100191174kernel32.dll037FWideCharToMultiByte
100191178kernel32.dll0265MultiByteToWideChar
10019117Ckernel32.dll03B3lstrlen
100191180kernel32.dll03B0lstrcpyn
100191184kernel32.dll0243LoadLibraryExA
100191188kernel32.dll01CDGetThreadLocale
10019118Ckernel32.dll01ADGetStartupInfoA
100191190kernel32.dll0198GetProcAddress
000191194?00000103D19C
100191198kernel32.dll0174GetModuleFileNameA
10019119Ckernel32.dll016CGetLocaleInfoA
0001911A0?00000103A15A
1001911A4kernel32.dll00F1FreeLibrary
1001911A8kernel32.dll00D1FindFirstFileA
1001911ACkernel32.dll00CDFindClose
0001911B0?0000010376A9
1001911B4kernel32.dll038CWriteFile
1001911B8kernel32.dll0358UnhandledExceptionFilter
1001911BCkernel32.dll02C5RtlUnwind
1001911C0kernel32.dll0297RaiseException
1001911C4kernel32.dll01AFGetStdHandle
FThunk: 001911CCNbFunc: 00000004
1001911CCuser32.dll0128GetKeyboardType
1001911D0user32.dll01C9LoadStringA
0001911D4?00000105A078
1001911D8user32.dll002BCharNextA
FThunk: 001911E0NbFunc: 00000003
1001911E0advapi32.dll01EERegQueryValueExA
1001911E4advapi32.dll01E4RegOpenKeyExA
1001911E8advapi32.dll01CBRegCloseKey
FThunk: 001911F0NbFunc: 00000003
1001911F0oleaut32.dll0006SysFreeString
1001911F4oleaut32.dll0005SysReAllocStringLen
1001911F8oleaut32.dll0004SysAllocStringLen
FThunk: 00191200NbFunc: 00000004
100191200kernel32.dll034FTlsSetValue
100191204kernel32.dll034ETlsGetValue
100191208kernel32.dll0248LocalAlloc
00019120C?00000103D19C
FThunk: 00191214NbFunc: 00000003
100191214advapi32.dll01EERegQueryValueExA
100191218advapi32.dll01E4RegOpenKeyExA
10019121Cadvapi32.dll01CBRegCloseKey
FThunk: 00191224NbFunc: 00000045
100191224kernel32.dll03ADlstrcpy
100191228kernel32.dll038CWriteFile
10019122Ckernel32.dll037BWaitForSingleObject
100191230kernel32.dll0373VirtualQuery
100191234kernel32.dll036BVirtualAlloc
100191238kernel32.dll033FSleep
10019123Ckernel32.dll033ESizeofResource
100191240kernel32.dll032DSetThreadLocale
100191244kernel32.dll0307SetFilePointer
100191248kernel32.dll0302SetEvent
10019124Ckernel32.dll0301SetErrorMode
100191250kernel32.dll02FESetEndOfFile
100191254kernel32.dll02BDResetEvent
100191258kernel32.dll02A4ReadFile
10019125Ckernel32.dll0265MultiByteToWideChar
100191260kernel32.dll0264MulDiv
100191264kernel32.dll0255LockResource
100191268kernel32.dll0247LoadResource
10019126Ckernel32.dll0242LoadLibraryA
100191270kernel32.dll0241LeaveCriticalSection
100191274kernel32.dll0225IsBadReadPtr
100191278kernel32.dll0216InitializeCriticalSection
10019127Ckernel32.dll01FDGlobalUnlock
100191280kernel32.dll01F9GlobalReAlloc
100191284kernel32.dll01F5GlobalHandle
100191288kernel32.dll01F6GlobalLock
10019128Ckernel32.dll01F2GlobalFree
100191290kernel32.dll01EEGlobalFindAtomA
100191294kernel32.dll01EDGlobalDeleteAtom
100191298kernel32.dll01EBGlobalAlloc
10019129Ckernel32.dll01E9GlobalAddAtomA
0001912A0?000001058FCE
0001912A4?000001057FB8
1001912A8kernel32.dll01D2GetTickCount
1001912ACkernel32.dll01CDGetThreadLocale
1001912B0kernel32.dll01C9GetTempPathA
1001912B4kernel32.dll01B9GetSystemInfo
1001912B8kernel32.dll01B1GetStringTypeExA
1001912BCkernel32.dll01AFGetStdHandle
1001912C0kernel32.dll0198GetProcAddress
0001912C4?00000103D19C
1001912C8kernel32.dll0174GetModuleFileNameA
1001912CCkernel32.dll016CGetLocaleInfoA
1001912D0kernel32.dll016BGetLocalTime
1001912D4kernel32.dll0169GetLastError
1001912D8kernel32.dll0162GetFullPathNameA
1001912DCkernel32.dll0146GetDiskFreeSpaceA
1001912E0kernel32.dll0140GetDateFormatA
1001912E4kernel32.dll013FGetCurrentThreadId
1001912E8kernel32.dll013DGetCurrentProcessId
1001912ECkernel32.dll00FEGetCPInfo
1001912F0kernel32.dll00F7GetACP
1001912F4kernel32.dll00F3FreeResource
1001912F8kernel32.dll021BInterlockedExchange
1001912FCkernel32.dll00F1FreeLibrary
100191300kernel32.dll00ECFormatMessageA
100191304kernel32.dll00E0FindResourceA
100191308kernel32.dll00D1FindFirstFileA
10019130Ckernel32.dll00CDFindClose
100191310kernel32.dll00C3FileTimeToLocalFileTime
100191314kernel32.dll00C2FileTimeToDosDateTime
100191318kernel32.dll0098EnumCalendarInfoA
10019131Ckernel32.dll0097EnterCriticalSection
100191320kernel32.dll0080DeleteCriticalSection
100191324kernel32.dll006DCreateThread
100191328kernel32.dll0050CreateFileA
10019132Ckernel32.dll004CCreateEventA
100191330kernel32.dll0038CompareStringA
100191334kernel32.dll0032CloseHandle
FThunk: 0019133CNbFunc: 00000003
10019133Cversion.dll000BVerQueryValueA
100191340version.dll0002GetFileVersionInfoSizeA
100191344version.dll0001GetFileVersionInfoA
FThunk: 0019134CNbFunc: 0000004C
10019134Cgdi32.dll0253UnrealizeObject
100191350gdi32.dll024AStretchBlt
100191354gdi32.dll0244SetWindowOrgEx
100191358gdi32.dll0242SetWinMetaFileBits
10019135Cgdi32.dll0240SetViewportOrgEx
100191360gdi32.dll023DSetTextColor
100191364gdi32.dll0239SetStretchBltMode
100191368gdi32.dll0236SetROP2
10019136Cgdi32.dll0232SetPixel
100191370gdi32.dll0223SetEnhMetaFileBits
100191374gdi32.dll021FSetDIBColorTable
100191378gdi32.dll021ASetBrushOrgEx
10019137Cgdi32.dll0217SetBkMode
100191380gdi32.dll0216SetBkColor
100191384gdi32.dll0210SelectPalette
100191388gdi32.dll020FSelectObject
10019138Cgdi32.dll020DSelectClipRgn
100191390gdi32.dll0208SaveDC
100191394gdi32.dll0202RoundRect
100191398gdi32.dll0201RestoreDC
10019139Cgdi32.dll01F7Rectangle
1001913A0gdi32.dll01F6RectVisible
1001913A4gdi32.dll01F4RealizePalette
1001913A8gdi32.dll01EFPolyline
1001913ACgdi32.dll01EEPolygon
1001913B0gdi32.dll01E1PlayEnhMetaFile
1001913B4gdi32.dll01DEPatBlt
1001913B8gdi32.dll01D2MoveToEx
1001913BCgdi32.dll01CFMaskBlt
1001913C0gdi32.dll01CELineTo
1001913C4gdi32.dll01C8IntersectClipRect
1001913C8gdi32.dll01C4GetWindowOrgEx
1001913CCgdi32.dll01C2GetWinMetaFileBits
1001913D0gdi32.dll01C1GetViewportOrgEx
1001913D4gdi32.dll01BDGetTextMetricsA
1001913D8gdi32.dll01B7GetTextExtentPointA
1001913DCgdi32.dll01B5GetTextExtentPoint32A
1001913E0gdi32.dll01AAGetSystemPaletteEntries
1001913E4gdi32.dll01A6GetStockObject
1001913E8gdi32.dll019DGetPixel
1001913ECgdi32.dll019BGetPaletteEntries
1001913F0gdi32.dll0196GetObjectA
1001913F4gdi32.dll0176GetEnhMetaFilePaletteEntries
1001913F8gdi32.dll0175GetEnhMetaFileHeader
1001913FCgdi32.dll0172GetEnhMetaFileBits
100191400gdi32.dll016CGetDeviceCaps
100191404gdi32.dll016BGetDIBits
100191408gdi32.dll016AGetDIBColorTable
10019140Cgdi32.dll0168GetDCOrgEx
100191410gdi32.dll0166GetCurrentPositionEx
100191414gdi32.dll0165GetCurrentObject
100191418gdi32.dll0161GetClipBox
10019141Cgdi32.dll0151GetBrushOrgEx
100191420gdi32.dll014BGetBitmapBits
100191424gdi32.dll011CGdiFlush
100191428gdi32.dll00DAExtCreateRegion
10019142Cgdi32.dll00D8ExcludeClipRect
100191430gdi32.dll0090DeleteObject
100191434gdi32.dll008EDeleteEnhMetaFile
100191438gdi32.dll008DDeleteDC
10019143Cgdi32.dll0051CreateSolidBrush
100191440gdi32.dll004CCreateRectRgn
100191444gdi32.dll0049CreatePenIndirect
100191448gdi32.dll0048CreatePen
10019144Cgdi32.dll0046CreatePalette
100191450gdi32.dll0040CreateHalftonePalette
100191454gdi32.dll003BCreateFontIndirectA
100191458gdi32.dll0034CreateDIBitmap
10019145Cgdi32.dll0033CreateDIBSection
100191460gdi32.dll002ECreateCompatibleDC
100191464gdi32.dll002DCreateCompatibleBitmap
100191468gdi32.dll002ACreateBrushIndirect
10019146Cgdi32.dll0028CreateBitmap
100191470gdi32.dll0024CopyEnhMetaFileA
100191474gdi32.dll0022CombineRgn
100191478gdi32.dll0013BitBlt
FThunk: 00191480NbFunc: 000000B0
100191480user32.dll0061CreateWindowExA
100191484user32.dll02D6WindowFromPoint
100191488user32.dll02D3WinHelpA
10019148Cuser32.dll02D1WaitMessage
100191490user32.dll02BCUpdateWindow
100191494user32.dll02B4UnregisterClassA
100191498user32.dll02AFUnhookWindowsHookEx
10019149Cuser32.dll02ABTranslateMessage
1001914A0user32.dll02AATranslateMDISysAccel
1001914A4user32.dll02A5TrackPopupMenu
1001914A8user32.dll029ASystemParametersInfoA
1001914ACuser32.dll0293ShowWindow
1001914B0user32.dll0291ShowScrollBar
1001914B4user32.dll0290ShowOwnedPopups
1001914B8user32.dll028FShowCursor
1001914BCuser32.dll0285SetWindowRgn
1001914C0user32.dll028BSetWindowsHookExA
1001914C4user32.dll0287SetWindowTextA
1001914C8user32.dll0284SetWindowPos
1001914CCuser32.dll0283SetWindowPlacement
1001914D0user32.dll0282SetWindowLongW
1001914D4user32.dll0281SetWindowLongA
1001914D8user32.dll027BSetTimer
1001914DCuser32.dll0271SetScrollRange
1001914E0user32.dll0270SetScrollPos
1001914E4user32.dll026FSetScrollInfo
1001914E8user32.dll026DSetRect
1001914ECuser32.dll026BSetPropA
1001914F0user32.dll0267SetParent
1001914F4user32.dll0263SetMenuItemInfoA
1001914F8user32.dll025ESetMenu
1001914FCuser32.dll0258SetForegroundWindow
100191500user32.dll0257SetFocus
100191504user32.dll024ESetCursor
100191508user32.dll024BSetClipboardData
10019150Cuser32.dll0248SetClassLongA
100191510user32.dll0245SetCapture
100191514user32.dll0244SetActiveWindow
100191518user32.dll023CSendMessageA
10019151Cuser32.dll0235ScrollWindow
100191520user32.dll0232ScreenToClient
100191524user32.dll022DRemovePropA
100191528user32.dll022CRemoveMenu
10019152Cuser32.dll022BReleaseDC
100191530user32.dll022AReleaseCapture
100191534user32.dll021BRegisterClipboardFormatA
100191538user32.dll021BRegisterClipboardFormatA
10019153Cuser32.dll0217RegisterClassA
100191540user32.dll0216RedrawWindow
100191544user32.dll020CPtInRect
100191548user32.dll0202PostQuitMessage
10019154Cuser32.dll0200PostMessageA
100191550user32.dll01FEPeekMessageA
100191554user32.dll01F4OpenClipboard
100191558user32.dll01F3OffsetRect
10019155Cuser32.dll01EFOemToCharA
100191560user32.dll01EAMoveWindow
000191564?00000105A078
100191568user32.dll01DCMessageBeep
10019156Cuser32.dll01D8MapWindowPoints
100191570user32.dll01D4MapVirtualKeyA
100191574user32.dll01C9LoadStringA
100191578user32.dll01C0LoadKeyboardLayoutA
10019157Cuser32.dll01BCLoadIconA
100191580user32.dll01B8LoadCursorA
100191584user32.dll01B6LoadBitmapA
100191588user32.dll01B3KillTimer
10019158Cuser32.dll01B1IsZoomed
100191590user32.dll01B0IsWindowVisible
100191594user32.dll01AFIsWindowUnicode
100191598user32.dll01ADIsWindowEnabled
10019159Cuser32.dll01ACIsWindow
1001915A0user32.dll01A9IsRectEmpty
1001915A4user32.dll01A7IsIconic
1001915A8user32.dll01A1IsDialogMessage
1001915ACuser32.dll019FIsChild
1001915B0user32.dll0194InvalidateRect
1001915B4user32.dll0193IntersectRect
1001915B8user32.dll018FInsertMenuItemA
1001915BCuser32.dll018EInsertMenuA
1001915C0user32.dll018BInflateRect
1001915C4user32.dll017CGetWindowThreadProcessId
1001915C8user32.dll017AGetWindowTextLengthW
1001915CCuser32.dll017BGetWindowTextW
1001915D0user32.dll0178GetWindowTextA
1001915D4user32.dll0175GetWindowRect
1001915D8user32.dll0174GetWindowPlacement
1001915DCuser32.dll0170GetWindowLongW
1001915E0user32.dll016FGetWindowLongA
1001915E4user32.dll016DGetWindowDC
1001915E8user32.dll0164GetTopWindow
1001915ECuser32.dll015EGetSystemMetrics
1001915F0user32.dll015DGetSystemMenu
1001915F4user32.dll015CGetSysColorBrush
1001915F8user32.dll015BGetSysColor
1001915FCuser32.dll015AGetSubMenu
100191600user32.dll0158GetScrollRange
100191604user32.dll0157GetScrollPos
100191608user32.dll0156GetScrollInfo
10019160Cuser32.dll014BGetPropA
100191610user32.dll0146GetParent
100191614user32.dll016BGetWindow
100191618user32.dll0139GetMenuStringA
10019161Cuser32.dll0138GetMenuState
100191620user32.dll0135GetMenuItemInfoA
100191624user32.dll0134GetMenuItemID
100191628user32.dll0133GetMenuItemCount
10019162Cuser32.dll012DGetMenu
100191630user32.dll0129GetLastActivePopup
100191634user32.dll0127GetKeyboardState
100191638user32.dll0124GetKeyboardLayoutList
10019163Cuser32.dll0123GetKeyboardLayout
100191640user32.dll0122GetKeyState
100191644user32.dll0120GetKeyNameTextA
100191648user32.dll011BGetIconInfo
10019164Cuser32.dll0118GetForegroundWindow
100191650user32.dll0117GetFocus
100191654user32.dll0116GetDoubleClickTime
100191658user32.dll0111GetDlgCtrlID
10019165Cuser32.dll010FGetDesktopWindow
100191660user32.dll010EGetDCEx
100191664user32.dll010DGetDC
100191668user32.dll010CGetCursorPos
10019166Cuser32.dll0109GetCursor
100191670user32.dll0102GetClipboardData
100191674user32.dll0100GetClientRect
100191678user32.dll00FDGetClassNameA
10019167Cuser32.dll00F7GetClassInfoA
100191680user32.dll00F4GetCapture
100191684user32.dll00ECGetActiveWindow
100191688user32.dll00EAFrameRect
10019168Cuser32.dll00E5FindWindowExA
100191690user32.dll00E4FindWindowA
100191694user32.dll00E3FillRect
100191698user32.dll00E0EqualRect
10019169Cuser32.dll00DFEnumWindows
1001916A0user32.dll00DCEnumThreadWindows
1001916A4user32.dll00C9EndPaint
1001916A8user32.dll00C5EnableWindow
1001916ACuser32.dll00C4EnableScrollBar
1001916B0user32.dll00C3EnableMenuItem
1001916B4user32.dll00C2EmptyClipboard
1001916B8user32.dll00C0DrawTextW
1001916BCuser32.dll00BDDrawTextA
1001916C0user32.dll00B9DrawMenuBar
1001916C4user32.dll00B8DrawIconEx
1001916C8user32.dll00B7DrawIcon
1001916CCuser32.dll00B6DrawFrameControl
1001916D0user32.dll00B4DrawFocusRect
1001916D4user32.dll00B3DrawEdge
1001916D8user32.dll00A2DispatchMessageA
1001916DCuser32.dll009ADestroyWindow
1001916E0user32.dll0098DestroyMenu
1001916E4user32.dll0096DestroyCursor
1001916E8user32.dll0096DestroyCursor
1001916ECuser32.dll0092DeleteMenu
1001916F0user32.dll008FDefWindowProcA
1001916F4user32.dll008CDefMDIChildProcA
1001916F8user32.dll008ADefFrameProcA
1001916FCuser32.dll005FCreatePopupMenu
100191700user32.dll005ECreateMenu
100191704user32.dll0058CreateIcon
100191708user32.dll004ACopyImage
10019170Cuser32.dll0043CloseClipboard
100191710user32.dll0041ClientToScreen
100191714user32.dll003ACheckMenuItem
100191718user32.dll001CCallWindowProcA
10019171Cuser32.dll001BCallNextHookEx
100191720user32.dll000EBeginPaint
100191724user32.dll002BCharNextA
100191728user32.dll0028CharLowerBuffA
10019172Cuser32.dll0027CharLowerA
100191730user32.dll0036CharUpperBuffA
100191734user32.dll0031CharToOemA
100191738user32.dll0003AdjustWindowRectEx
10019173Cuser32.dll0001ActivateKeyboardLayout
FThunk: 00191744NbFunc: 00000001
100191744kernel32.dll033FSleep
FThunk: 0019174CNbFunc: 00000008
10019174Coleaut32.dll0094SafeArrayPtrOfIndex
100191750oleaut32.dll0013SafeArrayGetUBound
100191754oleaut32.dll0014SafeArrayGetLBound
100191758oleaut32.dll000FSafeArrayCreate
10019175Coleaut32.dll000CVariantChangeType
100191760oleaut32.dll000AVariantCopy
100191764oleaut32.dll0009VariantClear
100191768oleaut32.dll0008VariantInit
FThunk: 00191770NbFunc: 00000017
100191770comctl32.dll004FImageList_SetIconSize
100191774comctl32.dll003BImageList_GetIconSize
100191778comctl32.dll0052ImageList_Write
10019177Ccomctl32.dll0043ImageList_Read
100191780comctl32.dll0038ImageList_GetDragImage
100191784comctl32.dll0031ImageList_DragShowNolock
100191788comctl32.dll004CImageList_SetDragCursorImage
10019178Ccomctl32.dll0030ImageList_DragMove
100191790comctl32.dll002FImageList_DragLeave
100191794comctl32.dll002EImageList_DragEnter
100191798comctl32.dll0036ImageList_EndDrag
10019179Ccomctl32.dll002AImageList_BeginDrag
1001917A0comctl32.dll003FImageList_LoadImage
1001917A4comctl32.dll0044ImageList_Remove
1001917A8comctl32.dll0033ImageList_DrawEx
1001917ACcomctl32.dll0032ImageList_Draw
1001917B0comctl32.dll0037ImageList_GetBkColor
1001917B4comctl32.dll004BImageList_SetBkColor
1001917B8comctl32.dll0046ImageList_ReplaceIcon
1001917BCcomctl32.dll0027ImageList_Add
1001917C0comctl32.dll003CImageList_GetImageCount
1001917C4comctl32.dll002DImageList_Destroy
1001917C8comctl32.dll002CImageList_Create
FThunk: 001917D0NbFunc: 0000000D
1001917D0kernel32.dll03A0_llseek
1001917D4kernel32.dll039C_hread
1001917D8kernel32.dll039E_lclose
1001917DCkernel32.dll03A1_lopen
1001917E0kernel32.dll033ESizeofResource
1001917E4kernel32.dll0247LoadResource
1001917E8kernel32.dll00E0FindResourceA
1001917ECkernel32.dll033FSleep
1001917F0kernel32.dll024CLocalFree
1001917F4kernel32.dll0248LocalAlloc
1001917F8kernel32.dll032ESetThreadPriority
1001917FCkernel32.dll006DCreateThread
100191800kernel32.dll0032CloseHandle
FThunk: 00191808NbFunc: 00000007
100191808winmm.dll00CFwaveOutWrite
10019180Cwinmm.dll00CEwaveOutUnprepareHeader
100191810winmm.dll00C9waveOutReset
100191814winmm.dll00C8waveOutPrepareHeader
100191818winmm.dll00C6waveOutOpen
10019181Cwinmm.dll00C3waveOutGetPosition
100191820winmm.dll00BAwaveOutClose
把OEP改成00C5E159,FixDump 。。。。。
可以正常运行....
引用:
0105E159 >81C5 21AA9095 add ebp,9590AA21 ; 以壳解壳OEP
0105E15F 50 push eax
0105E160 89E4 mov esp,esp
0105E162 E9 1C0F0000 jmp Unpack_.0105F083
0105E167 E7 47 out 47,eax
0105E169 11A5 BDB4A83F adc dword ptr ss:,esp
0105E16F E8 FA4E6D58 call 5973306E
--------------------------------------------------------------------------------
【经验总结】
本文介绍的东西没什么适用价值,只是一种技术探讨,希望大家能举一反三....
--------------------------------------------------------------------------------
【版权声明】: 本文原创于看雪技术论坛, 转载请注明作者并保持文章的完整, 谢谢!
2007年11月23日 下午 04:26:14 精彩文章顶上 07年的老教程。。? 以壳解壳已不是新鲜事了`不过支持老文 样本要传上来给大家啊
页:
[1]