VBox 4.1脱壳

核心提示： Press F12 a few times, until you come here in VBOXT402.DLL07006079: call [dword dialogparama]0700607f: mov esi,eax ;if you press 'try' ea

Press F12 a few times, until you come here in VBOXT402.DLL

07006079: call [dword dialogparama]
0700607f: mov esi,eax ;
if you press 'try' eax=0, 'quit' eax=1; so
change eax to 0 ... r eax 0.
There have some others check
07001c03: cmp [ebp-10],eax ; if eax=[ebp-10], error dialog will appear; so
change eax
07001c06: jne 07001c2c
07001c08: lea eax,[ebp+10]
07001c0b: lea ecx,[ebp-74]
07001c0e: push eax
07001c0f: mov [ebp-78],ebx
07001c12: call 0702e7d0
07001c17: lea eax,[ebp-7c]
07001c1a: push 07070568
07001c1f: push eax
07001c20: mov [dword ebp-7c],0706e004
07001c27: call 070570a0
07001c2c: lea ecx,[ebp-28]
07001c2f: mov [byte ebp-040,04
07001c2c: lea ecx,[ebp-28]
07001c2f: mov [byte ebp-04],04
07001c33: call 0702d440
07001c38: lea ecx,[ebp-18]
07001c3b: mov [byte ebp-04],02
07001c3f: call 0702d440
.......
07001c7c: call 07032570
07001c71: cmp [ebp-10],eax ; Another check.
07001c74: jne 07001f9b
; if eax=[ebp-10], error dialog will appear. So
change eax


Ok, now theoretically our patch is done ...

1. 07006079: call [dword dialogparama] patch to

07006079: xor eax,eax
0700607b: nop
0700607c: nop
0700607d: nop
0700607e: nop

2. 07001c06: jne 07001c2c patch to