AcProtect 1.41 外壳分析[22]

a id="2">edi jmp l061 l074: mov dx,word ptr ds:[eax+edi] add dx,28h mov ebx,eax inc ebx l078: inc ebx cmp word ptr ds:[ebx+edi],dx je l084 cmp ebx,8 jb l078 jmp l029 l084: cmp eax,0 jnz l099 lea eax,dword ptr ds:[ebx-2] add edi,2 xor ebp,ebp l089: mov dl,byte ptr ds:[edi+ebp] mov byte ptr ds:[esi+ebp],dl cmp ebp,4 je l153 inc ebp cmp eax,ebp jnz l089 add edi,2 xor eax,eax jmp l089 l099: sub ebx,eax xor ebp,ebp l101: mov dl,byte ptr ds:[edi+ebp] mov byte ptr ds:[esi+ebp],dl cmp ebp,4 je l153 inc ebp cmp eax,ebp jnz l101 add edi,2 xor eax,eax cmp ebx,2 jnz l101 add edi,2 jmp l101 l114: mov dx,word ptr ds:[eax+edi] mov ebx,eax inc ebx l117: inc ebx cmp word ptr ds:[ebx+edi],dx je l123 cmp ebx,8 jb l117 jmp l029 l123: cmp eax,0 jnz l138 lea eax,dword ptr ds:[ebx-2] add edi,2 xor ebp,ebp l128: mov dl,byte ptr ds:[edi+ebp] mov byte ptr ds:[esi+ebp],dl cmp ebp,4 je l153 inc ebp cmp eax,ebp jnz l128 add edi,2 xor eax,eax jmp l128 l138: sub ebx,eax xor ebp,ebp l140: mov dl,byte ptr ds:[edi+ebp] mov byte ptr ds:[esi+ebp],dl cmp ebp,4 je l153 inc ebp cmp eax,ebp jnz l140 add edi,2 xor eax,eax cmp ebx,2 jnz l140 add edi,2 jmp l140 l153: inc ecx jmp l009 end start 写好代码后，重新加载目标文件，忽略全部异常，直接在rdata处下断,运行中断后 005906b7 33c0 xor eax,eax ;直接运行到这里　 005906b9 b9 00010000 mov ecx,100 运行后断在5906b7处后，把eip改为sub_restore_replace_code(先选择57d02e,然后ctrl+*), 然后贴上修复代码,贴上后执行到结束处: 0057d02e > 60