|
 | 作者: yongmin [yongmin]
 论坛用户 |
登录 |
| 教你脱JDPack 1.x 'JDProtect 0.9 教你脱JDPack 1.x 'JDProtect 0.9 拿网络信息采集大师(NetGet)做试验 OD载入 00667000 > 60 pushad 00667001 E8 00000000 call 00667006 00667006 5D pop ebp 00667007 8BD5 mov edx, ebp 00667009 81ED C62B4000 sub ebp, 00402BC6 0066700F 2B95 61344000 sub edx, [ebp+403461] 00667015 81EA 06000000 sub edx, 6 0066701B 8995 65344000 mov [ebp+403465], edx 00667021 83BD 69344000 0>cmp dword ptr [ebp+403469], 0 00667028 0F85 BC030000 jnz 006673EA ; 这里是到是OEP最近地! 0066702E C785 69344000 0>mov dword ptr [ebp+403469], 1 =========================================================== CTRL + G 到 006673EA =========================================================== 006673EA 283E sub [esi], bh ; 这里F4 006673EC 7B 36 jpo short 00667424 006673EE 74 26 je short 00667416 006673F0 67:24 61 and al, 61 006673F3 41 inc ecx 006673F4 15 5D183871 adc eax, 7138185D 006673F9 3F aas =========================================================== F4后 =========================================================== 006673EA /EB 16 jmp short 00667402 ; 这里F4后 006673EC |45 inc ebp 006673ED |4D dec ebp 006673EE |42 inc edx 006673EF |52 push edx 006673F0 |41 inc ecx 006673F1 |43 inc ebx 006673F2 |45 inc ebp 006673F3 |205448 45 and [eax+ecx*2+45], dl 006673F7 |2049 4E and [ecx+4E], cl 006673FA |45 inc ebp 006673FB |56 push esi 006673FC |49 dec ecx 006673FD |54 push esp 006673FE |41 inc ecx 006673FF |42 inc edx 00667400 |4C dec esp 00667401 |45 inc ebp 00667402 \8B95 65344000 mov edx, [ebp+403465] 00667408 8B85 ED314000 mov eax, [ebp+4031ED] 0066740E 03C2 add eax, edx 00667410 894424 1C mov [esp+1C], eax 00667414 61 popad 00667415 50 push eax 00667416 C3 retn ; 返回OEP了 00667417 58 pop eax ============================================================= 走到OEP ============================================================= 0059D710 55 push ebp ; 这就是OEP 0059D711 8BEC mov ebp, esp 0059D713 83C4 F0 add esp, -10 0059D716 B8 48D05900 mov eax, 0059D048 0059D71B E8 FC9DE6FF call 0040751C ============================================================= 小Q破//看不懂上面的//我做了个动画/请下载看吧! 点击下载此动画 |
| 地主 发表时间: 06-09-23 09:54 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 编程破解
标题: 教你脱JDPack1.xJDProtect0.9