你这是2.3x的脚本改的吧。要用2.4的。
/*****************************************/
/* safengine 2.3.7-2.4.0 */
/* */
/*****************************************/
var CodeBase
var CodeSize
var CodeEnd
var SE_Memcpy
var RandKey
var RandKeySize
var RSAPublicKey
var RSAPublicKeySize
var Crc
/////////////////////////////
mov RandKeySize,AA0
mov RSAPublicKeySize,104
/////////////////////////////
mov SE_Memcpy,0050EE5C //push esi 的地址8D4DD4E8
/////////////////////////////
start:
bphwcall
bc
GMEMI eip,MEMORYBASE
mov CodeBase,$RESULT
add CodeEnd,CodeBase
GMEMI eip,MEMORYSIZE
mov CodeSize,$RESULT
add CodeEnd,CodeSize
FIND CodeBase,#C1C00733C6413B4C240872F0#
add $RESULT,0D
mov Crc,$RESULT
bp Crc
RUN
RUN
RUN
RUN
RUN
RUN
RUN
RandKey:
bc
EVAL "edx > {CodeBase} && edx < {CodeEnd} && [esp+4] > 0A9F && [esp+4] < 0AA1"
BPCND SE_Memcpy,$RESULT
RUN
ITOA edx
WRTA "log.txt","RandKey: "+$RESULT
DM edx,RandKeySize,"RandKey.bin"
bc
RSAPublicKey:
find CodeBase,#61C3#
cmp $RESULT,0
je loop
add $RESULT,1
bp $RESULT
mov CodeBase,$RESULT
jmp RSAPublicKey
loop:
run
cmp eax,104
jne loop
cmp [esp+48],104
jne fail
mov RSAPublicKey,[esp+44]
ITOA RSAPublicKey
WRTA "log.txt","RSAPublicKey: "+$RESULT
DM RSAPublicKey,218,"RSAPublicKey.bin"
bc
msg "xxoo提取完毕!"
ret
fail:
msg "提取失败!"
ret
|