Obsidium V1.3.0.0-V1.3.0.4脱壳+脚本 - 黑客之家-黑客软件|黑客动画|黑客教程|网站入侵|木马免杀|脱壳破解|远程控制|灰鸽子|无后门软件下载|黑软下载|免费下载

您当前的位置：黑客之家 → 文章中心 → 脱壳破解 → 软件脱壳 → 文章内容

退出登录

用户管理

本类热门文章

·Obsidium V1.3.0.0-V1.3.0.4脱壳+脚本

站内广告

Obsidium V1.3.0.0-V1.3.0.4脱壳+脚本

作者：FLY 来源：www.hackjia.com 发布时间：2007-12-25 0:05:10

减小字体增大字体

sp;               nop
00909191     83C3 0A            add ebx,0A
00909194     E9 49FFFFFF        jmp 009090E2
00909199     55                 push ebp
0090919A     8BEC               mov ebp,esp
0090919C     83EC 04            sub esp,4
0090919F     53                 push ebx
009091A0     56                 push esi
009091A1     57                 push edi
009091A2     EB 04              jmp short 009091A8
*/

SpecialImportingFunction:

log eip
cmp eip,EAX=0
je Luck
cmp eip,EAX=1
je Luck
cmp eip,EAX=2
je Luck
cmp eip,EAX=3
je Luck
cmp eip,SpecialFiXed
je SpecialFiXed
cmp eip,SpecialFiXedOver
je IsDebuggerPresent
cmp eip,IsDebuggerPresent
je IsDebuggerPresent
jmp GoOn1

Luck:
mov temp,eip
bc temp
add temp,3
eob temp
bphws temp, "x"

sti
find eip,#FF5354EB04????????85C0EB#
cmp $RESULT, 0
je NoFind
mov FixCode6,$RESULT
log FixCode6
add FixCode6,9
mov [FixCode6],#8907EB#
esto

temp:
cmp eip,temp
jne SpecialImportingFunction
bphwc temp
mov [FixCode6],#85C0EB#
jmp GoOn1

SpecialFiXed:
bc SpecialFiXed
sti
find eip,#33C0EB02#
cmp $RESULT, 0
je NoFind
mov SpecialFiXedOver,$RESULT
log SpecialFiXedOver
bp SpecialFiXedOver
jmp GoOn1

IsDebuggerPresent:
bc SpecialFiXedOver
bc IsDebuggerPresent
bc EAX=0
bc EAX=1
bc EAX=2
bc EAX=3

MSG "Fixed ImportTable.  There is some Special API need Handed Repaired.  "

//DecodeFinal————————————————————————————————
Final:

bc SpecialFiXedOver
log LastSectionVA
mov temp,LastSectionVA
add temp,2600

find temp,#83????0F85#
cmp $RESULT, 0
je NoFind

add $RESULT,9
mov DecodeFinal,$RESULT
log DecodeFinal
eob DecodeFinal
bp DecodeFinal
esto
GoOn2:
esto
DecodeFinal:
cmp eip,DecodeFinal
jne GoOn2
bc DecodeFinal
rtr
sti

//JmpEDI————————————————————————————————

mov temp,eip
and temp,0FFFF000
log temp
find temp,#FFE7EB#
cmp $RESULT, 0
je NoFind
log $RESULT
eob JmpEDI
bp $RESULT
esto
GoOn3:
esto
JmpEDI:
cmp eip,$RESULT
jne GoOn3
bc $RESULT
sti

//StolenOEPCode————————————————————————————————

find eip,#035610EB02#
cmp $RESULT, 0
je NoFind
/*
0090C237     0356 10            add edx,dword ptr ds:[esi+10]
0090C23A     EB 02              jmp short 0090C23E
*/
add $RESULT,3
eob CountOEP
bp $RESULT
esto
CountOEP:
bc $RESULT
mov StolenOEP,edx

find eip,#61EB#
cmp $RESULT, 0
je NoFind
/*
0090C25A     61                 popad
0090C25B     EB 04          &nbs

上一页 [1] [2] [3] [4] [5] [6] [7] [8] 下一页

[] [返回上一页] [打印]

上一篇文章：多进程的vbs脚本编写刷票机
下一篇文章：PEBundle 2.0x - 2.4x-> Jeremy Collake脱壳

关于本站 - 网站帮助 - 广告合作 - 下载声明 - 友情连接 - 网站地图 - 文章投稿 - 软件发布 -