[收藏本方案]

AcProtect 1.41 外壳分析[38]

[入库:2005年8月19日] [更新:2007年3月24日]

本文简介:选择自 bmd2chen 的 blog
首页 上页 下页 尾页 [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] [23] [24] [25] [26] [27] [28] [29] [30] [31] [32] [33] [34] [35] [36] [37] [38] [39] [40] [41] [42] [43] [44] [45] [46] [47] [48] [49] [50] [51] [52] [53] [54] [55] [56] [57] [58] [59] [60] [61] [62] [63] [64] [65] [66] [67] [68] [69]

id="2">es:[edi] 0058e640 58 pop eax 0058e641 > 0bc0 or eax,eax 0058e643 75 3d jnz short <dll_isloaded> 0058e645 90 nop 0058e646 90 nop 0058e647 90 nop 0058e648 90 nop 0058e649 53 push ebx 0058e64a 50 push eax 0058e64b 8b85 24854100 mov eax,dword ptr ss:[ebp+418524] ; loadlibrarya 0058e651 0fb600 movzx eax,byte ptr ds:[eax] 0058e654 83e8 33 sub eax,33 0058e657 3d 99000000 cmp eax,99 0058e65c 74 10 je short <gameover> 0058e65e 90 nop 0058e65f 90 nop 0058e660 90 nop 0058e661 90 nop 0058e662 58 pop eax ; /hmodule='kernel32.dll' 0058e663 ff95 24854100 call dword ptr ss:[ebp+418524] ; \loadlibrarya 0058e669 eb 17 jmp short <dll_isloaded> 0058e66b 90 nop 0058e66c 90 nop 0058e66d 90 nop 0058e66e > b8 e8030000 mov eax,3e8 0058e673 e8 56d2ffff call <get_rnd_value> 0058e678 8dbd 615d4000 lea edi,dword ptr ss:[ebp+405d61] 0058e67e 03f8 add edi,eax 0058e680 ab stos dword ptr es:[edi] 0058e681 58 pop eax 0058e682 > 8bd8 mov ebx,eax ; dll_isloaded 0058e684 8985 12204000 mov dword ptr ss:[ebp+402012],eax 0058e68a b8 90fb4000 mov eax,0040fb90 0058e68f ba fffc4000 mov edx,0040fcff ; /globalalloc 0058e694 e8 91daffff call <sub_getprocaddress> ; \getprocaddressfun 0058e699 b8 9cfb4000 mov eax,0040fb9c 0058e69e ba 03fd4000 mov edx,0040fd03 ; /globalfree 0058e6a3 e8 82daffff call <sub_getprocaddress> ; \getprocaddressfun 0058e6a8 b8 a7fb4000 mov eax,0040fba7 0058e6ad ba 17fd4000 mov edx,0040fd17 ; /getcurrentprocessid 0058e6b2 e8 73daffff call <sub_getprocaddress> ; \getprocaddressfun 0058e6b7 b8 bbfb4000 mov eax,0040fbbb 0058e6bc ba 1bfd4000 mov edx,0040fd1b ; /createtoolhelp32snapshot 0058e6c1 e8 64daffff call <sub_getprocaddress> ; \getprocaddressfun 0058e6c6 b8 d4fb4000 mov eax,0040fbd4 0058e6cb ba 1ffd4000 mov edx,0040fd1f ; /process32first 0058e6d0 e8 55daffff call <sub_getprocaddress> ; \getprocaddressfun 0058e6d5 b8 e3fb4000 mov eax,0040fbe3 0058e6da ba 23fd4000 mov edx,0040fd23 ; /process32next 0058e6df e8 46daffff call <sub_getprocaddress> ; \getprocaddressfun 0058e6e4 b8 f1fb4000 mov eax,0040fbf1 0058e6e9 ba 27fd4000 mov edx,0040fd27 ; /closehandle 0058e6ee e8 37

首页 上页 下页 尾页 [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] [23] [24] [25] [26] [27] [28] [29] [30] [31] [32] [33] [34] [35] [36] [37] [38] [39] [40] [41] [42] [43] [44] [45] [46] [47] [48] [49] [50] [51] [52] [53] [54] [55] [56] [57] [58] [59] [60] [61] [62] [63] [64] [65] [66] [67] [68] [69]
本文关键:AcProtect 1.41 外壳分析
  相关方案
Google
 

本站最佳浏览方式为 分辨率 1024x768 IE 6.0(或更高版本的 IE浏览器)

go top