- UID
- 660
注册时间2005-4-7
阅读权限50
最后登录1970-1-1
感悟天道
 
TA的每日心情 | 慵懒
2024-3-21 21:06 |
|---|
签到天数: 1489 天 [LV.10]以坛为家III
|
手动脱ASPack 2.001壳
脱壳目标:FreeRes0.94.exe
壳 类 型:ASPack 2.001 -> Alexey Solodovnikov
脱壳工具:flyodbg-d
作 者:xbb[DFCG][PYG]
下载地址:www.pediy.com
过 程:
0051F001 f> 60 pushad <-标志
0051F002 E8 72050000 call freeRes0.0051F579 <-F8
0051F007 EB 4C jmp short freeRes0.0051F055 <-跳了 F8
0051F055 BB 7C294400 mov ebx, freeRes0.0044297C <-51F007跳到这里
0051F05A 03DD add ebx, ebp
0051F05C 2B9D AD294400 sub ebx, dword ptr ss:[ebp+4429A>
0051F062 83BD E0374400 00 cmp dword ptr ss:[ebp+4437E0], 0
0051F069 899D E0374400 mov dword ptr ss:[ebp+4437E0], e>
0051F06F 0F85 68040000 jnz freeRes0.0051F4DD
0051F075 8D85 E8374400 lea eax, dword ptr ss:[ebp+4437E>
0051F07B 50 push eax
0051F07C FF95 F4384400 call dword ptr ss:[ebp+4438F4] <-F8
0051F082 8985 E4374400 mov dword ptr ss:[ebp+4437E4], e>
0051F088 8BF8 mov edi, eax
0051F08A 8D9D F5374400 lea ebx, dword ptr ss:[ebp+4437F>
0051F090 53 push ebx
0051F091 50 push eax
0051F092 FF95 F0384400 call dword ptr ss:[ebp+4438F0] <-F8 GetProcAddress
0051F098 8985 B9294400 mov dword ptr ss:[ebp+4429B9], e>
0051F09E 8D9D 02384400 lea ebx, dword ptr ss:[ebp+44380>
0051F0A4 53 push ebx
0051F0A5 57 push edi
0051F0A6 FF95 F0384400 call dword ptr ss:[ebp+4438F0] <-F8
0051F0AC 8985 BD294400 mov dword ptr ss:[ebp+4429BD], e>
0051F0B2 8D85 4A2B4400 lea eax, dword ptr ss:[ebp+442B4>
0051F0B8 FFE0 jmp eax <-跳
0051F1CE 8B9D 422A4400 mov ebx, dword ptr ss:[ebp+442A4> <-51F0B8跳到这里
0051F1D4 0BDB or ebx, ebx
0051F1D6 74 0A je short freeRes0.0051F1E2 <-跳
0051F1D8 8B03 mov eax, dword ptr ds:[ebx]
0051F1DA 8785 462A4400 xchg dword ptr ss:[ebp+442A46], >
0051F1E0 8903 mov dword ptr ds:[ebx], eax
0051F1E2 8DB5 5A2A4400 lea esi, dword ptr ss:[ebp+442A5> <-51F1D6跳到这里
0051F1E8 833E 00 cmp dword ptr ds:[esi], 0
0051F1EB 0F84 1F010000 je freeRes0.0051F310
0051F1F1 8DB5 5A2A4400 lea esi, dword ptr ss:[ebp+442A5>
0051F1F7 6A 04 push 4
0051F1F9 68 00100000 push 1000
0051F1FE 68 00180000 push 1800
0051F203 6A 00 push 0
0051F205 FF95 B9294400 call dword ptr ss:[ebp+4429B9]
0051F20B 8985 B5294400 mov dword ptr ss:[ebp+4429B5], eax
0051F211 8B46 04 mov eax, dword ptr ds:[esi+4]
0051F214 05 0E010000 add eax, 10E
0051F219 6A 04 push 4
0051F21B 68 00100000 push 1000
0051F220 50 push eax
0051F221 6A 00 push 0
0051F223 FF95 B9294400 call dword ptr ss:[ebp+4429B9] <-VirtualAlloc
0051F229 8985 B1294400 mov dword ptr ss:[ebp+4429B1], eax
0051F22F 56 push esi
0051F230 8B1E mov ebx, dword ptr ds:[esi]
0051F232 039D E0374400 add ebx, dword ptr ss:[ebp+4437E0]
0051F238 FFB5 B5294400 push dword ptr ss:[ebp+4429B5]
0051F23E FF76 04 push dword ptr ds:[esi+4]
0051F241 50 push eax
0051F242 53 push ebx
0051F243 E8 3B030000 call freeRes0.0051F583
0051F248 80BD AC294400 00 cmp byte ptr ss:[ebp+4429AC], 0
0051F24F 75 5E jnz short freeRes0.0051F2AF
0051F251 FE85 AC294400 inc byte ptr ss:[ebp+4429AC]
0051F257 8B3E mov edi, dword ptr ds:[esi]
0051F259 03BD E0374400 add edi, dword ptr ss:[ebp+4437E0]
0051F25F FF37 push dword ptr ds:[edi]
0051F261 C607 C3 mov byte ptr ds:[edi], 0C3
0051F264 FFD7 call edi <-401000
0051F266 8F07 pop dword ptr ds:[edi]
0051F268 50 push eax
0051F269 51 push ecx
0051F26A 56 push esi
0051F26B 53 push ebx
0051F26C 8BC8 mov ecx, eax
0051F26E 83E9 06 sub ecx, 6
0051F271 8BB5 B1294400 mov esi, dword ptr ss:[ebp+4429B1]
0051F277 33DB xor ebx, ebx
0051F279 0BC9 or ecx, ecx
0051F27B 74 2E je short freeRes0.0051F2AB
0051F27D 78 2C js short freeRes0.0051F2AB
0051F27F AC lods byte ptr ds:[esi]
0051F280 3C E8 cmp al, 0E8
0051F282 74 0A je short freeRes0.0051F28E
0051F284 EB 00 jmp short freeRes0.0051F286
0051F286 3C E9 cmp al, 0E9
0051F288 74 04 je short freeRes0.0051F28E
0051F28A 43 inc ebx
0051F28B 49 dec ecx
0051F28C ^ EB EB jmp short freeRes0.0051F279 <-开始往回跳了
0051F28E 8B06 mov eax, dword ptr ds:[esi] <-F4
0051F290 EB 00 jmp short freeRes0.0051F292
0051F292 803E 16 cmp byte ptr ds:[esi], 16
0051F295 ^ 75 F3 jnz short freeRes0.0051F28A
0051F297 24 00 and al, 0
0051F299 C1C0 18 rol eax, 18
0051F29C 2BC3 sub eax, ebx
0051F29E 8906 mov dword ptr ds:[esi], eax
0051F2A0 83C3 05 add ebx, 5
0051F2A3 83C6 04 add esi, 4
0051F2A6 83E9 05 sub ecx, 5
0051F2A9 ^ EB CE jmp short freeRes0.0051F279 <-回跳
0051F2AB 5B pop ebx <-F4
0051F2AC 5E pop esi
0051F2AD 59 pop ecx
0051F2AE 58 pop eax
0051F2AF 8BC8 mov ecx, eax
0051F2B1 8B3E mov edi, dword ptr ds:[esi]
0051F2B3 03BD E0374400 add edi, dword ptr ss:[ebp+4437E0]
0051F2B9 8BB5 B1294400 mov esi, dword ptr ss:[ebp+4429B1]
0051F2BF C1F9 02 sar ecx, 2
0051F2C2 F3:A5 rep movs dword ptr es:[edi], dword ptr ds:[esi]
0051F2C4 8BC8 mov ecx, eax
0051F2C6 83E1 03 and ecx, 3
0051F2C9 F3:A4 rep movs byte ptr es:[edi], byte ptr ds:[esi]
0051F2CB 5E pop esi
0051F2CC 68 00800000 push 8000
0051F2D1 6A 00 push 0
0051F2D3 FFB5 B1294400 push dword ptr ss:[ebp+4429B1]
0051F2D9 FF95 BD294400 call dword ptr ss:[ebp+4429BD] <-VirtualFree
0051F2DF 83C6 08 add esi, 8
0051F2E2 833E 00 cmp dword ptr ds:[esi], 0
0051F2E5 ^ 0F85 26FFFFFF jnz freeRes0.0051F211 <-回跳
0051F2EB 68 00800000 push 8000 <-F4
0051F2F0 6A 00 push 0
0051F2F2 FFB5 B5294400 push dword ptr ss:[ebp+4429B5]
0051F2F8 FF95 BD294400 call dword ptr ss:[ebp+4429BD]
0051F2FE 8B9D 422A4400 mov ebx, dword ptr ss:[ebp+442A42]
0051F304 0BDB or ebx, ebx
0051F306 74 08 je short freeRes0.0051F310 <-向下跳
0051F308 8B03 mov eax, dword ptr ds:[ebx]
0051F30A 8785 462A4400 xchg dword ptr ss:[ebp+442A46], eax
0051F310 8B95 E0374400 mov edx, dword ptr ss:[ebp+4437E0] <-51F306跳到这
0051F316 8B85 3A2A4400 mov eax, dword ptr ss:[ebp+442A3A]
0051F31C 2BD0 sub edx, eax
0051F31E 74 79 je short freeRes0.0051F399 <-下跳
0051F320 8BC2 mov eax, edx
0051F322 C1E8 10 shr eax, 10
0051F325 33DB xor ebx, ebx
0051F327 8BB5 4A2A4400 mov esi, dword ptr ss:[ebp+442A4A]
0051F32D 03B5 E0374400 add esi, dword ptr ss:[ebp+4437E0]
0051F333 833E 00 cmp dword ptr ds:[esi], 0
0051F336 74 61 je short freeRes0.0051F399
0051F338 8B4E 04 mov ecx, dword ptr ds:[esi+4]
0051F33B 83E9 08 sub ecx, 8
0051F33E D1E9 shr ecx, 1
0051F340 8B3E mov edi, dword ptr ds:[esi]
0051F342 03BD E0374400 add edi, dword ptr ss:[ebp+4437E0]
0051F348 83C6 08 add esi, 8
0051F34B 66:8B1E mov bx, word ptr ds:[esi]
0051F34E C1EB 0C shr ebx, 0C
0051F351 83FB 01 cmp ebx, 1
0051F354 74 0C je short freeRes0.0051F362
0051F356 83FB 02 cmp ebx, 2
0051F359 74 16 je short freeRes0.0051F371
0051F35B 83FB 03 cmp ebx, 3
0051F35E 74 20 je short freeRes0.0051F380
0051F360 EB 2C jmp short freeRes0.0051F38E
0051F362 66:8B1E mov bx, word ptr ds:[esi]
0051F365 81E3 FF0F0000 and ebx, 0FFF
0051F36B 66:01041F add word ptr ds:[edi+ebx], ax
0051F36F EB 1D jmp short freeRes0.0051F38E
0051F371 66:8B1E mov bx, word ptr ds:[esi]
0051F374 81E3 FF0F0000 and ebx, 0FFF
0051F37A 66:01141F add word ptr ds:[edi+ebx], dx
0051F37E EB 0E jmp short freeRes0.0051F38E
0051F380 66:8B1E mov bx, word ptr ds:[esi]
0051F383 81E3 FF0F0000 and ebx, 0FFF
0051F389 01141F add dword ptr ds:[edi+ebx], edx
0051F38C EB 00 jmp short freeRes0.0051F38E
0051F38E 66:830E FF or word ptr ds:[esi], 0FFFF
0051F392 83C6 02 add esi, 2
0051F395 ^ E2 B4 loopd short freeRes0.0051F34B
0051F397 ^ EB 9A jmp short freeRes0.0051F333
0051F399 8B95 E0374400 mov edx, dword ptr ss:[ebp+4437E0] <-51F31E跳到这里
0051F39F 8BB5 85294400 mov esi, dword ptr ss:[ebp+442985]
0051F3A5 0BF6 or esi, esi |
|
IP卡
发表于 2005-4-14 21:02:33
提升卡
置顶卡
变色卡
千斤顶
显身卡
楼主
发表于 2005-4-14 21:36:58
发表于 2005-4-22 09:19:08
发表于 2005-4-24 23:24:36