WEB开发网
开发学院网络安全黑客技术 FlashFXP v1.4.1 build 823 的脱壳与破解 阅读

FlashFXP v1.4.1 build 823 的脱壳与破解

 2007-01-12 20:13:16 来源:WEB开发网   
核心提示: 0167:00582078 7FE9 JG 005820630167:0058207A E800000000 CALL 0058207F0167:0058207F 5D POP EBP0167:00582080 8D4546 LEA EAX,[EBP+46]0167:00582083 50
0167:00582078 7FE9 JG 00582063
0167:0058207A E800000000 CALL 0058207F
0167:0058207F 5D POP EBP
0167:00582080 8D4546 LEA EAX,[EBP+46]
0167:00582083 50 PUSH EAX
0167:00582084 33C0 XOR EAX,EAX
0167:00582086 64FF30 PUSH DWORD [FS:EAX]
0167:00582089 648920 MOV [FS:EAX],ESP
0167:0058208C CC INT3
0167:0058208D 90 NOP
0167:0058208E 8BC0 MOV EAX,EAX
0167:00582090 F9 STC
0167:00582091 90 NOP
0167:00582092 8D045D34120000 LEA EAX,[EBX*2+1234]
0167:00582099 F8 CLC
0167:0058209A 90 NOP
0167:0058209B C1EB05 SHR EBX,05
0167:0058209E FC CLD
0167:0058209F 90 NOP
0167:005820A0 C1C007 ROL EAX,07
0167:005820A3 90 NOP
0167:005820A4 90 NOP
0167:005820A5 33DB XOR EBX,EBX
0167:005820A7 F7F3 DIV EBX
0167:005820A9 64678F060000 POP DWORD [WORD FS:00]
0167:005820AF 83C404 ADD ESP,BYTE +04
0167:005820B2 66BE4746 MOV SI,4647
0167:005820B6 66BF4D4A MOV DI,4A4D
0167:005820BA 8A8599000000 MOV AL,[EBP+99]
0167:005820C0 E99C000000 JMP 00582161
0167:005820C5 8B442404 MOV EAX,[ESP+04]
0167:005820C9 8B4C240C MOV ECX,[ESP+0C]
0167:005820CD FF81B8000000 INC DWORD [ECX+B8]
0167:005820D3 8B00 MOV EAX,[EAX]
0167:005820D5 3D940000C0 CMP EAX,C0000094
0167:005820DA 7524 JNZ 00582100
0167:005820DC FF81B8000000 INC DWORD [ECX+B8]
0167:005820E2 33C0 XOR EAX,EAX
0167:005820E4 214104 AND [ECX+04],EAX
0167:005820E7 214108 AND [ECX+08],EAX
0167:005820EA 21410C AND [ECX+0C],EAX
0167:005820ED 214110 AND [ECX+10],EAX
0167:005820F0 816114F00FFFFF AND DWORD [ECX+14],FFFF0FF0
0167:005820F7 81611800DC0000 AND DWORD [ECX+18],DC00
0167:005820FE EB60 JMP SHORT 00582160
0167:00582100 3D04000080 CMP EAX,80000004
0167:00582105 740C JZ 00582113
0167:00582107 3D03000080 CMP EAX,80000003
0167:0058210C 7412 JZ 00582120
0167:0058210E 6A01 PUSH BYTE +01
0167:00582110 58 POP EAX
0167:00582111 EB4D JMP SHORT 00582160
0167:00582113 E801000000 CALL 00582119
0167:00582118 0058FE ADD [EAX-02],BL
0167:0058211B 002B ADD [EBX],CH
0167:0058211D C0EB40 SHR BL,40
0167:00582120 8B81B4000000 MOV EAX,[ECX+B4]
0167:00582126 8D4024 LEA EAX,[EAX+24]
0167:00582129 894104 MOV [ECX+04],EAX
0167:0058212C 8B81B4000000 MOV EAX,[ECX+B4]
0167:00582132 8D401F LEA EAX,[EAX+1F]
0167:00582135 894108 MOV [ECX+08],EAX
0167:00582138 8B81B4000000 MOV EAX,[ECX+B4]
0167:0058213E 8D401A LEA EAX,[EAX+1A]
0167:00582141 89410C MOV [ECX+0C],EAX
0167:00582144 8B81B4000000 MOV EAX,[ECX+B4]
0167:0058214A 8D4011 LEA EAX,[EAX+11]
0167:0058214D 894110 MOV [ECX+10],EAX
0167:00582150 33C0 XOR EAX,EAX
0167:00582152 816114F00FFFFF AND DWORD [ECX+14],FFFF0FF0
0167:00582159 C7411855010000 MOV DWORD [ECX+18],0155
0167:00582160 C3 RET
0167:00582161 2C04 SUB AL,04
0167:00582163 888599000000 MOV [EBP+99],AL
0167:00582169 8B95CF1B0000 MOV EDX,[EBP+1BCF]
0167:0058216F 81E20000FFFF AND EDX,FFFF0000
0167:00582175 8BC4 MOV EAX,ESP
0167:00582177 33E4 XOR ESP,ESP
0167:00582179 8BE0 MOV ESP,EAX
0167:0058217B 66813A4D5A CMP WORD [EDX],5A4D
0167:00582180 7408 JZ 0058218A

如果觉得麻烦,可跳过58208c int3,然后在5820c5处下断。断下后一路F8到达582160时(不要再走了),停下,下中断bpx 5820ba.按一下F5,停在了5820ba处。走到582161时,快给al赋值4,好了,这一关算过去了。下面还有很多anti-debug,主要形式是 int1 、div ebx、inc [esi] 、pushf 等等,够烦的,只要小心一些,都会过去的。

上一页  1 2 3 4 5 6 7  下一页

Tags:FlashFXP 脱壳

编辑录入:爽爽 [复制链接] [打 印]
赞助商链接