没壳。。 0041FB43 > $60 pushad //OD载入
0041FB44 .E8 00000000 call 0000.0041FB49
0041FB49 $5D pop ebp
0041FB4A .81ED 06104000sub ebp,0000.00401006
0041FB50 .8D85 56104000lea eax,dword ptr ss:
0041FB56 .50 push eax
0041FB57 .64:FF35 000000>push dword ptr fs:
0041FB5E .64:8925 000000>mov dword ptr fs:,esp
0041FB65 .CC int3
0041FB66 .90 nop
0041FB67 .64:8F05 000000>pop dword ptr fs: //在这里F2下断,shift+f9运行到这里
━━━━━━━━━━━━━━━━━━━━━━━━━━
0041FB89^\E2 F8 loopd short 0000.0041FB83
0041FB8B 58 pop eax
0041FB8C 894424 1C mov dword ptr ss:,eax
0041FB90 61 popad
0041FB91 FFE0 jmp eax //单步一路走到这里
━━━━━━━━━━━━━━━━━━━━━━━━━━
0041ED98 55 push ebp //脱壳吧
0041ED99 8BEC mov ebp,esp
0041ED9B B9 07000000 mov ecx,7
0041EDA0 6A 00 push 0
0041EDA2 6A 00 push 0
0041EDA4 49 dec ecx
0041EDA5^ 75 F9 jnz short 0000.0041EDA0
0041EDA7 51 push ecx
0041EDA8 53 push ebx
0041EDA9 56 push esi
[ 本帖最后由 小生我怕怕 于 2008-9-10 12:21 编辑 ] 这样算脱了么。
dumped_2.rar
页:
1
[2]