日韩性视频-久久久蜜桃-www中文字幕-在线中文字幕av-亚洲欧美一区二区三区四区-撸久久-香蕉视频一区-久久无码精品丰满人妻-国产高潮av-激情福利社-日韩av网址大全-国产精品久久999-日本五十路在线-性欧美在线-久久99精品波多结衣一区-男女午夜免费视频-黑人极品ⅴideos精品欧美棵-人人妻人人澡人人爽精品欧美一区-日韩一区在线看-欧美a级在线免费观看

歡迎訪問(wèn) 生活随笔!

生活随笔

當(dāng)前位置: 首頁(yè) > 人文社科 > 生活经验 >内容正文

生活经验

脱壳 VMProtect 1.70.4

發(fā)布時(shí)間:2023/11/27 生活经验 33 豆豆
生活随笔 收集整理的這篇文章主要介紹了 脱壳 VMProtect 1.70.4 小編覺(jué)得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
【文章標(biāo)題】:??脫殼 VMProtect 1.70.4
【文章作者】: hxqlky
【作者郵箱】: zmunlky@gmail.com
【作者主頁(yè)】: http://www.x5dj.com/hxqlky
【下載地址】: 自己搜索下載
【加殼方式】: VMProtect 1.70.4
【保護(hù)方式】: VMProtect 1.70.4
【編寫(xiě)語(yǔ)言】: MASM32 / TASM32
【使用工具】: od
【操作平臺(tái)】: xp
【作者聲明】: 只是感興趣,沒(méi)有其他目的。失誤之處敬請(qǐng)諸位大俠賜教!
--------------------------------------------------------------------------------
【詳細(xì)過(guò)程】
??脫殼 VMProtect 1.70.4
??0041A300 >??68 FE571FD7? ???push D71F57FE??
??0041A305? ? E8 B5970000? ???call Sec_Add_.00423ABF
??0041A30A??^ E2 B8? ?? ?? ???loopd short Sec_Add_.0041A2C4
??0041A30C? ? 1E? ?? ?? ?? ???push ds
??0041A30D? ? D7? ?? ?? ?? ???xlat byte ptr ds:[xbx+al]
??
??有debug??A debugger has been found running in your system.
Please, unload it from memory and
??restart your program.
??
??alt +m??下斷401000 f9運(yùn)行出現(xiàn)A debugger has been found running in your system.
Please, unload it
??from memory and restart your program.
??f12??點(diǎn)k
??77D505CA? ? E8 2D000000? ???call user32.MessageBoxExA
??77D505CF? ? 5D? ?? ?? ?? ???pop ebp
??77D505D0? ? C2 1000? ?? ?? ?retn 10? ???f2??f9
??77D505D3? ? 90? ?? ?? ?? ???nop
??
??看寄存器
??EAX 00000001
??ECX 7C93005D ntdll.7C93005D
??EDX 00000000
??EBX 0012F798 ASCII "\Sec Add 1.8 vmp\Sec Add_1.8 version.exe"
??ESP 0012F784
??EBP 0012FF98
??ESI 7C801AD0 kernel32.VirtualProtect
??EDI 004155C3 ASCII "A debugger has been found running in your system.
Please, unload it from
??memory and restart your program."
??EIP 77D505D0 user32.77D505D0
??從新再來(lái)
??go 7C801AD0
??
??7C801AD0 >??8BFF? ?? ?? ?? ?mov edi,edi
??7C801AD2? ? 55? ?? ?? ?? ???push ebp? ?? ?? ?? ?? ???f2??f9
??7C801AD3? ? 8BEC? ?? ?? ?? ?mov ebp,esp
??7C801AD5? ? FF75 14? ?? ?? ?push dword ptr ss:[ebp+14]
??7C801AD8? ? FF75 10? ?? ?? ?push dword ptr ss:[ebp+10]
??7C801ADB? ? FF75 0C? ?? ?? ?push dword ptr ss:[ebp+C]
??7C801ADE? ? FF75 08? ?? ?? ?push dword ptr ss:[ebp+8]
??7C801AE1? ? 6A FF? ?? ?? ???push -1
??7C801AE3? ? E8 75FFFFFF? ???call kernel32.VirtualProtectEx
??7C801AE8? ? 5D? ?? ?? ?? ???pop ebp
??7C801AE9? ? C2 1000? ?? ?? ?retn 10
??看堆棧
??0012F784? ?004142FA??Sec_Add_.004142FA
??0012F788? ?00401000??Sec_Add_.00401000
??0012F78C? ?0000111E
??f9??7次運(yùn)行
??從來(lái)f9??6次
??看堆棧
??0012EBE0? ?10202FA0??返回到? ? SogouPy.10202FA0
??0012EBE4? ?10000000??SogouPy.10000000
??0012EBE8? ?00001000
??看數(shù)據(jù)窗口
??00401000? ? 6A 00? ?? ?? ???push 0
??00401002? ? E8 67DF0000? ???call Sec_Add_.0040EF6E
??00401007? ? A3 08404000? ???mov dword ptr ds:[404008],eax
??0040100C? ? E8 D9730000? ???call Sec_Add_.004083EA
??00401011? ? 6A 00? ?? ?? ???push 0
??00401013? ? 68 30104000? ???push Sec_Add_.00401030
??00401018? ? 6A 00? ?? ?? ???push 0
??0040101A? ? 68 EC404000? ???push Sec_Add_.004040EC? ?? ?? ?? ?? ?? ? ; ASCII "m00n"
??alt+m 40100內(nèi)存訪問(wèn)斷點(diǎn) f9
??00401030? ? 55? ?? ?? ?? ???push ebp 斷在這里向上
??00401031? ? 8BEC? ?? ?? ?? ?mov ebp,esp
??00401033? ? 83C4 F0? ?? ?? ?add esp,-10
??00401036? ? 53? ?? ?? ?? ???push ebx
??00401037? ? 57? ?? ?? ?? ???push edi
??00401038? ? 56? ?? ?? ?? ???push esi
??00401039? ? 817D 0C 1001000>cmp dword ptr ss:[ebp+C],110
??00401040? ? 0F85 E8010000? ?jnz Sec_Add_.0040122E
??
??00401000? ? 6A 00? ?? ?? ???push 0? ???oep??
??00401002? ? E8 67DF0000? ???call Sec_Add_.0040EF6E
??00401007? ? A3 08404000? ???mov dword ptr ds:[404008],eax
??0040100C? ? E8 D9730000? ???call Sec_Add_.004083EA
??00401011? ? 6A 00? ?? ?? ???push 0
??00401013? ? 68 30104000? ???push Sec_Add_.00401030
??00401018? ? 6A 00? ?? ?? ???push 0
??0040101A? ? 68 EC404000? ???push Sec_Add_.004040EC? ?? ?? ?? ?? ?? ? ; ASCII "m00n"
??0040101F? ? FF35 08404000? ?push dword ptr ds:[404008]? ?? ?? ?? ?? ?; Sec_Add_.00400000
??00401025? ? E8 B1D80000? ???call Sec_Add_.0040E8DB
??0040102A? ? 50? ?? ?? ?? ???push eax
??0040102B? ? E8 51C70000? ???call Sec_Add_.0040D781
??
??
??dump
??0012FFC4? ?7C816FE7??返回到? ? kernel32.7C816FE7
??0012FFC8? ?7C930041??返回到? ? ntdll.7C930041 來(lái)自 ntdll.7C930092
??0012FFCC? ?005F0778
??0012FFD0? ?7FFDD000
??0012FFD4? ?8054507D
??0012FFD8? ?0012FFC8
??0012FFDC? ?89357CB0
??0012FFE0? ?FFFFFFFF??SEH 鏈尾部
??0012FFE4? ?7C839AF0??SE 句柄
??0012FFE8? ?7C816FF0??kernel32.7C816FF0
??0012FFEC? ?00000000
??0012FFF0? ?00000000
??0012FFF4? ?00000000
??0012FFF8? ?0041A300??Sec_Add_.
??0012FFFC? ?00000000

轉(zhuǎn)載于:https://www.cnblogs.com/MaxWoods/archive/2010/04/21/1716866.html

總結(jié)

以上是生活随笔為你收集整理的脱壳 VMProtect 1.70.4的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò),歡迎將生活随笔推薦給好友。