声明:
只为纪录自己的脱壳历程,高手勿喷
1.进来就是一个pushad,下一行ESP定律一次
00453001 > 60 pushad ; //入口点 00453002 E8 03000000 call 吾爱破解.0045300A ; //ESP定律一次 00453007 - E9 EB045D45 jmp 45A234F7 0045300C 55 push ebp 0045300D C3 retn 0045300E E8 01000000 call 吾爱破解.00453014
2.ESP落脚后单步往下走,第二个return就跳向OEP了
00453416 /75 08 jnz short 吾爱破解.00453420 ; //ESP的落脚点 00453418 |B8 01000000 mov eax,0x1 0045341D |C2 0C00 retn 0xC 00453420 68 ACDD4100 push 吾爱破解.0041DDAC 00453425 C3 retn ; //这就跳向OEP了 00453426 8B85 8C040000 mov eax,dword ptr ss:[ebp+0x48C] 0045342C 8D8D A1040000 lea ecx,dword ptr ss:[ebp+0x4A1]
3.OEP位置
0041DDAC E8 EF4E0000 call 吾爱破解.00422CA0 ; //OEP位置 0041DDB1 ^ E9 79FEFFFF jmp 吾爱破解.0041DC2F 0041DDB6 3B0D B0074400 cmp ecx,dword ptr ds:[0x4407B0] 0041DDBC 75 02 jnz short 吾爱破解.0041DDC0 0041DDBE F3: prefix rep: 0041DDBF C3 retn
4.修复脱壳