ROOTME PE-SEHVEH
2018. 5. 21. 15:49ㆍ0x02 Reverse Engineer/0x03. Etc
728x90
자릿수 : 12
00B7149C . F3:AE repe scas byte ptr es:[edi] ; -> 0XF0
00B7149E . FC cld
00B7149F . 80C1 F0 add cl,0xF0
00B714A2 . 81F9 FF000000 cmp ecx,0xFF
00B71D64 8180 B0000000 2>add dword ptr [eax+0xB0],0x48335621
얘를 어디서 써야할까
1번째 루틴
00B714B0 . BA 5930645A mov edx,0x5A643059
00B714B5 . 31D0 xor eax,edx
00B714B7 . 3D 2E552836 cmp eax,0x3628552E
0x5A643059 ^ 0x3628552E
lLew
<handler 사용>
2번째 루틴
(0x495f4265 ^ 0xff2cf8e5 )- 0x48335621 = 0x6e40645f => n@d_
3번째 루틴
00B71948 . 81A8 B0000000>sub dword ptr [eax+0xB0],0x21486553
0x74406653 ^ 0x3c4c7440 + 0x21486553 - 0x48335621 (SEH한번더써야하구나..)
lLwe n@d_ !!!E
엔디언 변환
weLl_d@nE!!!
'0x02 Reverse Engineer > 0x03. Etc' 카테고리의 다른 글
| rootme elf nanometis (0) | 2018.05.22 |
|---|---|
| rootme elf-antidebug (0) | 2018.05.22 |
| ROOTME Macho keygen or not (0) | 2018.05.19 |
| ROOTME ARM (0) | 2018.05.19 |
| ROOTME NO SOFTWARE BREAKPOINTS (0) | 2018.05.19 |