我是菜鸟我求助！！！

dualiang · 发表于 2005-11-7 08:33:39

最近我看到许多的破解软件信息，自己也尝试破个，（马建农２００５版本运动会管理系统）可是怎么也脱不了壳，显示信息是aspack　2.x的壳,用工具脱不了,尝试手动脱壳用OllyDbg但是找不到入口,机器总出什么read不可读或者是不能步进提示,请高手指教,帮助.谢谢

飘云 · 发表于 2005-11-7 11:31:50

你的PEID过时了

用0.93探测

dualiang · 发表于 2005-11-7 14:42:32

我在试试，望多指教

dualiang · 发表于 2005-11-7 14:50:13

深度扫描：出ASPack 2.x (without poly) -> Alexey Solodovnikov提示

飘云 · 发表于 2005-11-7 16:50:09

写出你的跟踪过程，否则视为违规处理

dualiang · 发表于 2005-11-8 08:44:12

shaodeng wo huijia hou zhengli qu

dualiang · 发表于 2005-11-8 14:25:19

马建农２００５专业版

由于水平问题清高手指教：
打开od后出现：
00432BA2 >  60             pushad
00432BA3 E8 00000000    call tjydhen.00432BA8
00432BA8 5D             pop ebp
00432BA9 81ED 06104000 sub ebp,tjydhen.00401006
00432BAF 8D85 56104000 lea eax,dword ptr ss:[ebp+401056]
00432BB5 50             push eax
00432BB6 64:FF35 0000000>push dword ptr fs:[0]
00432BBD 64:8925 0000000>mov dword ptr fs:[0],esp
00432BC4 CC             int3
00432BC5 90             nop
00432BC6 64:8F05 0000000>pop dword ptr fs:[0]
00432BCD 83C4 04       add esp,4
00432BD0 74 05          je short tjydhen.00432BD7
00432BD2 75 03          jnz short tjydhen.00432BD7
00432BD4 EB 07          jmp short tjydhen.00432BDD
00432BD6 59             pop ecx
00432BD7 8D9D 00104000 lea ebx,dword ptr ss:[ebp+401000]
右键查找popad命令
0042F1F5 61             popad
0042F1F6 8B4E 04       mov ecx,dword ptr ds:[esi+4]
0042F1F9 83E9 08       sub ecx,8
0042F1FC D1E9          shr ecx,1
0042F1FE 8B3E          mov edi,dword ptr ds:[esi]
0042F200 03BD 22040000 add edi,dword ptr ss:[ebp+422]
0042F206 83C6 08       add esi,8
0042F209 66:8B1E       mov bx,word ptr ds:[esi]
0042F20C C1EB 0C       shr ebx,0C
0042F20F 83FB 01       cmp ebx,1
0042F212 74 0C          je short tjydhen.0042F220
0042F214 83FB 02       cmp ebx,2
0042F217 74 16          je short tjydhen.0042F22F
0042F219 83FB 03       cmp ebx,3
0042F21C 74 20          je short tjydhen.0042F23E
0042F21E /EB 2C          jmp short tjydhen.0042F24C
0042F220 |66:8B1E       mov bx,word ptr ds:[esi]
0042F223 |81E3 FF0F0000 and ebx,0FFF
0042F229 |66:01041F    add word ptr ds:[edi+ebx],ax
0042F22D |EB 1D          jmp short tjydhen.0042F24C
0042F22F |66:8B1E       mov bx,word ptr ds:[esi]
0042F232 |81E3 FF0F0000 and ebx,0FFF
0042F238 |66:01141F    add word ptr ds:[edi+ebx],dx
0042F23C |EB 0E          jmp short tjydhen.0042F24C
0042F23E |66:8B1E       mov bx,word ptr ds:[esi]
0042F241 |81E3 FF0F0000 and ebx,0FFF
0042F247 |01141F       add dword ptr ds:[edi+ebx],edx
0042F24A |EB 00          jmp short tjydhen.0042F24C
0042F24C \66:830E FF    or word ptr ds:[esi],0FFFF
0042F250 83C6 02       add esi,2
0042F253  ^ E2 B4          loopd short tjydhen.0042F209
0042F255  ^ EB 9A          jmp short tjydhen.0042F1F1 跳转地址f2断下，f9运行，再断后f8后出现不知道如何进行单步操作，因为内存地址00000000是不易读取的，请尝试更改eip或者跳过异常
0042F257 8B95 22040000 mov edx,dword ptr ss:[ebp+422]       ; tjydhen.00400000
0042F25D 8BB5 41050000 mov esi,dword ptr ss:[ebp+541]
0042F263 0BF6          or esi,esi
0042F265 74 11          je short tjydhen.0042F278

		自动登录	找回密码
密码			加入我们

我是菜鸟我求助！！！

革命尚未成功，同志仍需努力．

还是不行

hao de

我的脱壳方法，请高手指正（未成功）