[收藏本方案]

AcProtect 1.41 外壳分析[15]

[入库:2005年8月19日] [更新:2007年3月24日]

本文简介:选择自 bmd2chen 的 blog
首页 上页 下页 尾页 [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] [23] [24] [25] [26] [27] [28] [29] [30] [31] [32] [33] [34] [35] [36] [37] [38] [39] [40] [41] [42] [43] [44] [45] [46] [47] [48] [49] [50] [51] [52] [53] [54] [55] [56] [57] [58] [59] [60] [61] [62] [63] [64] [65] [66] [67] [68] [69]

ef0 maincon always pushad 00459389 maincon always pushad 0045c95d maincon always pushad 0045fc38 maincon always pushad 00462ec8 maincon always pushad 0046618b maincon always pushad 004696ff maincon always pushad 0046c932 maincon always ins byte ptr es:[edi],dx ;clear it 004708d9 maincon always pushad 00474389 maincon always pushad 004775c3 maincon always or dh,byte ptr ds:[eax+6f] ;clear it 0047a80f maincon always mov al,byte ptr ds:[c095e1f] ;clear it 0047de02 maincon always pushad 00481126 maincon always pushad 00484396 maincon always int1 ;clear it 取消相关的断点后,f9运行后,中断下来: 0042089a 60 pushad ; 运行后中断在这里 0042089b f8 clc 0042089c 66:2bcd sub cx,bp 0042089f 87c1 xchg ecx,eax ...... 00420a62 0000 add byte ptr ds:[eax],al 00420a64 47 inc edi 00420a65 4f dec edi 00420a66 83e8 01 sub eax,1 00420a69 ^ 0f85 81ffffff jnz 004209f0 ; 循环解压代码后面有很多的东西 00420a6f 7a 03 jpe short 00420a74 ...... 00420d64 /e9 08000000 jmp 00420d71 00420d69 |79 03 jns short 00420d6e 00420d6b |c1ee 47 shr esi,47 ;解压了几个回合到一个远程jmp处,不要以为这里就差不多到头哦,后面还有很长的路, 00420d6e |66:8bce mov cx,si 00420d71 \e9 e91d0000 jmp 00422b5f ...... 00422b5f e8 8ffdffff call <sub_copy code> ; 这里进去复制代码 00422b64 33c2 xor eax,edx 00422b66 eb 01 jmp short 00422b69 00422b68 73 40 jnb short 00422baa ...... 00422c1f 03fd add edi,ebp 00422c21 e8 01000000 call 00422c27 00422c26 90 nop 00422c27 83c4 04 add esp,4 00422c2a e8 37e5ffff call <check debugger> 00422c2f 66:c1c6 b1 rol si,0b1 ; shift constant out of range 1..31 00422c33 46 inc esi 00422c34 c1cf 1e ror edi,1e 00422c37 7c 03 jl short 00422c3c 00422c39 7d 01 jge short 00422c3c 00422c3b ^ 73 e9 jnb short 00422c26 ...... 00422c6c e8 01000000 call 00422c72 00422c71 90 nop 00422c72 83c4 04 add esp,4 00422c75 e8 3ae8ffff call <crc file> 00422c7a 66:c1d6 21 rcl si,21 ; shift constant out of range 1..31 00422c7e 81c5 19aa764b add ebp,4b76aa19 ...... 00422e90 830424 06 add dword ptr ss:[esp],6 00422e94 c3 retn 00422e95 e8 8df1ffff call <sub_anti_fake_unpack> ; 检测是否被脱壳了, 00422e9a 8bd5 mov edx,ebp 00422e9c 81ef 6d259939 sub edi,3999256d 00422ea2 50 push eax 00422ea3 e8 01000000 call 00422ea9 00422ea8

首页 上页 下页 尾页 [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] [23] [24] [25] [26] [27] [28] [29] [30] [31] [32] [33] [34] [35] [36] [37] [38] [39] [40] [41] [42] [43] [44] [45] [46] [47] [48] [49] [50] [51] [52] [53] [54] [55] [56] [57] [58] [59] [60] [61] [62] [63] [64] [65] [66] [67] [68] [69]
本文关键:AcProtect 1.41 外壳分析
  相关方案
Google
 

本站最佳浏览方式为 分辨率 1024x768 IE 6.0(或更高版本的 IE浏览器)

go top