WinKawaks 1.45脱壳笔记

　2007-01-12 20:11:42　来源：WEB开发网　　　

核心提示： 00732598 EB 19 JMP SHORT WinKawak.007325B3那部分解密很简单，就是高低位互换，WinKawaks 1.45脱壳笔记(3)，瞧下面的数据00731B6E 58 1C X00731B7E 33 00 66 1C 33 00 76 1C 33 00 00

00732598 EB 19 JMP SHORT WinKawak.007325B3

那部分解密很简单，就是高低位互换。瞧下面的数据

00731B6E 58 1C X
00731B7E 33 00 66 1C 33 00 76 1C 33 00 00 00 00 00 84 1C 3.f3.v3.....?0
00731B8E 33 00 00 00 00 00 9C 1C 33 00 00 00 00 00 AE 1C 3.....?3.....? 0
00731B9E 33 00 00 00 00 00 01 00 00 80 00 00 00 00 C2 1C 3.......€....?0
00731BAE 33 00 00 00 00 00 28 06 00 80 00 00 00 00 CC 1C 3.....(.€....?0
00731BBE 33 00 00 00 00 00 E4 1C 33 00 00 00 00 00 EA 1C 3.....?3.....? 0
00731BCE 33 00 00 00 00 00 FE 1C 33 00 00 00 00 00 4B 45 3.....?3.....KE0
00731BDE 52 4E 45 4C 33 32 2E 44 4C 4C 00 43 4F 4D 43 54 RNEL32.DLL.COMCT
00731BEE 4C 33 32 2E 64 6C 6C 00 44 44 52 41 57 2E 64 6C L32.dll.DDRAW.dl
00731BFE 6C 00 44 49 4E 50 55 54 2E 64 6C 6C 00 44 53 4F l.DINPUT.dll.DSO
00731C0E 55 4E 44 2E 64 6C 6C 00 74 44 94 33 23 E2 46 C6 UND.dll.tD?#釬
......
00731C4E 4C 6F 61 64 ad
00731C5E 4C 69 62 72 61 72 79 41 00 00 47 65 74 50 72 6F LibraryA..GetPro
00731C6E 63 41 64 64 72 65 73 73 00 00 45 78 69 74 50 72 cAddress..ExitPr
00731C7E 6F 63 65 73 73 00 00 00 49 6D 61 67 65 4C 69 73 ocess...ImageLis
00731C8E 74 5F 52 65 70 6C 61 63 65 49 63 6F 6E 00 00 00 t_ReplaceIcon...
00731C9E 44 69 72 65 63 74 44 72 61 77 43 72 65 61 74 65 DirectDrawCreate
00731CAE 00 00 44 69 72 65 63 74 49 6E 70 75 74 43 72 65 ..DirectInputCre
00731CBE 61 74 65 41 00 00 44 65 6C 65 74 65 44 43 00 00 ateA..DeleteDC..
00731CCE 3F 3F 30 5F 57 69 6E 69 74 40 73 74 64 40 40 51 ??0_Winit@std@@Q
00731CDE 41 45 40 58 5A 00 00 00 72 61 6E 64 00 00 53 48 AE@XZ...rand..SH
00731CEE 42 72 6F 77 73 65 46 6F 72 46 6F 6C 64 65 72 41 BrowseForFolderA
00731CFE 00 00 53 65 74 4D 65 6E 75 00 00 00 00 00 00 ..SetMenu......