[收藏本方案]

AcProtect 1.41 外壳分析[6]

[入库:2005年8月19日] [更新:2007年3月24日]

本文简介:选择自 bmd2chen 的 blog
首页 上页 下页 尾页 [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] [23] [24] [25] [26] [27] [28] [29] [30] [31] [32] [33] [34] [35] [36] [37] [38] [39] [40] [41] [42] [43] [44] [45] [46] [47] [48] [49] [50] [51] [52] [53] [54] [55] [56] [57] [58] [59] [60] [61] [62] [63] [64] [65] [66] [67] [68] [69]

0591e5e 56 push esi 00591e5f 8f05 d9ca5700 pop dword ptr ds:[57cad9] 00591e65 ff35 d9ca5700 push dword ptr ds:[57cad9] 00591e6b 891c24 mov dword ptr ss:[esp],ebx 00591e6e 8f05 e5ca5700 pop dword ptr ds:[57cae5] 00591e74 90 nop 00591e75 90 nop 00591e76 60 pushad ...... 00591fbb 83ea fc sub edx,-4 00591fbe 2b02 sub eax,dword ptr ds:[edx] 00591fc0 83c2 fc add edx,-4 00591fc3 e8 01000000 call 00591fc9 ; 这里不能像前面那样找到jnz xxx然后就在下面一行下断 的方式,那样类似这样东西就会不放过了:-) 00591fc8 90 nop 00591fc9 83c4 04 add esp,4 00591fcc e8 7facffff call <sub_chekring0's debug> ; 检测系统级调试器 00591fd1 bf c64e0b93 mov edi,930b4ec6 00591fd6 66:8bfa mov di,dx 00591fd9 8902 mov dword ptr ds:[edx],eax 00591fdb e8 01000000 call 00591fe1 00591fe0 ^ 74 83 je short 00591f65 00591fe2 c4041b les eax,fword ptr ds:[ebx+ebx] ; modification of segment register 00591fe5 f785 fb81eda1 8>test dword ptr ss:[ebp+a1ed81fb],78bbfb8> 00591fef 0379 01 add edi,dword ptr ds:[ecx+1] 00591ff2 7a e9 jpe short 00591fdd 00591ff4 05 000000d3 add eax,d3000000 00591ff9 d3c1 rol ecx,cl 00591ffb c6 ??? ; unknown command 00591ffc ^ 73 81 jnb short 00591f7f 00591ffe c2 0400 retn 4 00592001 0000 add byte ptr ds:[eax],al 00592003 50 push eax 00592004 e8 01000000 call 0059200a 00592009 ^ 7e 83 jle short 00591f8e 0059200b c40458 les eax,fword ptr ds:[eax+ebx*2] ; modification of segment register 0059200e 43 inc ebx 0059200f 0f81 03000000 jno 00592018 00592015 66:8bf0 mov si,ax 00592018 83c1 ff add ecx,-1 0059201b ^ 0f85 70ffffff jnz 00591f91 ; 循环解压代码 00592021 e8 01000000 call 00592027 00592026 ^ eb 83 jmp short 00591fab 00592028 c404e8 les eax,fword ptr ds:[eax+ebp*8] ; modification of segment register 0059202b 0acd or cl,ch ...... 0059203e f7f3 div ebx 00592040 90 nop 00592041 64:8f05 0000000>pop dword ptr fs:[0] ; 好多个这个结构的 00592048 83c4 04 add esp,4 0059204b 61 popad 0059204c ff35 e5ca5700 push dword ptr ds:[57cae5] 00592052 8915 d1c95700 mov dword ptr ds:[57c9d1],edx 00592058 ff35 d1c95700 push dword ptr ds:[57c9d1] 0059205e 53 push ebx 0059205f bb b1c85700 mov ebx,0057c8b1 00592064 8bd3

首页 上页 下页 尾页 [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] [23] [24] [25] [26] [27] [28] [29] [30] [31] [32] [33] [34] [35] [36] [37] [38] [39] [40] [41] [42] [43] [44] [45] [46] [47] [48] [49] [50] [51] [52] [53] [54] [55] [56] [57] [58] [59] [60] [61] [62] [63] [64] [65] [66] [67] [68] [69]
本文关键:AcProtect 1.41 外壳分析
  相关方案
Google
 

本站最佳浏览方式为 分辨率 1024x768 IE 6.0(或更高版本的 IE浏览器)

go top