WEB开发网
开发学院网络安全黑客技术 用ollydbg脱aspack2.12的壳 阅读

用ollydbg脱aspack2.12的壳

 2007-01-12 20:12:56 来源:WEB开发网   
核心提示: 010102B6 8B95 22040000 MOV EDX,DWORD PTR SS:[EBP+422] ; notepad.01000000010102BC 8B06 MOV EAX,DWORD PTR DS:[ESI]010102BE 85C0 TEST EAX,EAX010102C
010102B6 8B95 22040000 MOV EDX,DWORD PTR SS:[EBP+422] ; notepad.01000000
010102BC 8B06 MOV EAX,DWORD PTR DS:[ESI]
010102BE 85C0 TEST EAX,EAX
010102C0 75 03 JNZ SHORT notepad.010102C5
010102C2 8B46 10 MOV EAX,DWORD PTR DS:[ESI+10]
010102C5 03C2 ADD EAX,EDX ; notepad.01000000
010102C7 0385 49050000 ADD EAX,DWORD PTR SS:[EBP+549]
010102CD 8B18 MOV EBX,DWORD PTR DS:[EAX]
010102CF 8B7E 10 MOV EDI,DWORD PTR DS:[ESI+10]
010102D2 03FA ADD EDI,EDX
010102D4 03BD 49050000 ADD EDI,DWORD PTR SS:[EBP+549]
010102DA 85DB TEST EBX,EBX
010102DC 0F84 A2000000 JE notepad.01010384
010102E2 F7C3 00000080 TEST EBX,80000000
010102E8 75 04 JNZ SHORT notepad.010102EE
010102EA 03DA ADD EBX,EDX
010102EC 43 INC EBX
010102ED 43 INC EBX
010102EE 53 PUSH EBX
010102EF 81E3 FFFFFF7F AND EBX,7FFFFFFF
010102F5 53 PUSH EBX
010102F6 FFB5 45050000 PUSH DWORD PTR SS:[EBP+545]
010102FC FF95 490F0000 CALL DWORD PTR SS:[EBP+F49]
01010302 85C0 TEST EAX,EAX
01010304 5B POP EBX
01010305 75 6F JNZ SHORT notepad.01010376 //下去
01010307 F7C3 00000080 TEST EBX,80000000
0101030D 75 19 JNZ SHORT notepad.01010328
0101030F 57 PUSH EDI
01010376 8907 MOV DWORD PTR DS:[EDI],EAX ; msvcrt._wtol
01010378 8385 49050000 04 ADD DWORD PTR SS:[EBP+549],4
0101037F ^E9 32FFFFFF JMP notepad.010102B6 // 又回去了

看看这次是到什么地方? 可以走到01010384 :

Tags:ollydbg aspack

编辑录入:爽爽 [复制链接] [打 印]
赞助商链接