90 nop 0058ce90 90 nop 0058ce91 90 nop 0058ce92 > b8 e8030000 mov eax,3e8 0058ce97 . e8 32eaffff call <get_rnd_value> 0058ce9c . 8dbd 615d4000 lea edi,dword ptr ss:[ebp+405d61] 0058cea2 . 03f8 add edi,eax 0058cea4 . ab stos dword ptr es:[edi] 0058cea5 . 58 pop eax 0058cea6 > 46 inc esi 0058cea7 . 803e 00 cmp byte ptr ds:[esi],0 0058ceaa .^ 75 fa jnz short 0058cea6 0058ceac . 46 inc esi 0058cead . 803e 00 cmp byte ptr ds:[esi],0 0058ceb0 . 0f84 c6000000 je <not found way> 0058ceb6 .^ e9 5fffffff jmp <loop check debug> 0058cebb > > 61 popad ; found debug 0058cebc .^ e9 59ffffff jmp <loop check debug> 0058cec1 . 5c 5c 2e 5c 5>ascii "\\.\sice",0 0058ceca . 5c 5c 2e 5c 4>ascii "\\.\ntice",0 0058ced4 . 5c 5c 2e 5c 4>ascii "\\.\ntice7871",0 0058cee2 . 5c 5c 2e 5c 4>ascii "\\.\nticed052",0 0058cef0 . 5c 5c 2e 5c 5>ascii "\\.\trwdebug",0 0058cefd . 5c 5c 2e 5c 5>ascii "\\.\trw",0 0058cf05 . 5c 5c 2e 5c 5>ascii "\\.\trw2000",0 0058cf11 . 5c 5c 2e 5c 5>ascii "\\.\superbpm",0 0058cf1e . 5c 5c 2e 5c 4>ascii "\\.\icedump",0 0058cf2a . 5c 5c 2e 5c 5>ascii "\\.\regmon",0 0058cf35 . 5c 5c 2e 5c 4>ascii "\\.\filemon",0 0058cf41 . 5c 5c 2e 5c 5>ascii "\\.\regvxd",0 0058cf4c . 5c 5c 2e 5c 4>ascii "\\.\filevxd",0 0058cf58 . 5c 5c 2e 5c 5>ascii "\\.\vkeyprod",0 0058cf65 . 5c 5c 2e 5c 4>ascii "\\.\bw2k",0 0058cf6e . 5c 5c 2e 5c 5>ascii "\\.\siwdebug",0 0058cf7b 00 db 00 0058cf7c > > 60 pushad ; good 0058cf7d . e8 00000000 call 0058cf82 0058cf82 /$ 5e pop esi 0058cf83 |. 83ee 06 sub esi,6 0058cf86 |. b9 81010000 mov ecx,181 0058cf8b |. 29ce sub esi,ecx 0058cf8d |. ba ee0a7b2e mov edx,2e7b0aee 0058cf92 |. c1e9 02 shr ecx,2 0058cf95 |. 83e9 02 sub ecx,2 0058cf98 |> 83f9 00 cmp ecx,0 0058cf9b |. 7c 1a jl short 0058cfb7 0058cf9d |. 8b048e mov eax,dword ptr ds:[esi+ecx*4] 0058cfa0 |. 8b5c8e 04 mov ebx,dword ptr ds:[esi+ecx*4+4] 0058cfa4 |. 33c3 xor eax,ebx 0058cfa6 |. c1c8 03 ror eax,3 0058cfa9 |> 33c2 xor eax,edx 0058cfab |. 81f2 27abeb15 xor edx,15ebab27 0058cfb1 |. 89048e mov dword ptr ds:[esi+ecx*4],eax 0058cfb4 |. 49 dec ecx 0058cfb5 |.^ eb e1 jmp short 0058cf98 0058cfb7 |> 61 popad 0058cfb8 |. 61 popad 0058cfb9 \. c3 retn chek isdebuggerpresent: 0058dc38 > 60 pushad ; chek isdebuggerpresent 0058dc39 70 03
AcProtect 1.41 外壳分析[66]
[入库:2005年8月19日] [更新:2007年3月24日]
本文简介:选择自 bmd2chen 的 blog
首页
上页
下页
尾页
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
[17]
[18]
[19]
[20]
[21]
[22]
[23]
[24]
[25]
[26]
[27]
[28]
[29]
[30]
[31]
[32]
[33]
[34]
[35]
[36]
[37]
[38]
[39]
[40]
[41]
[42]
[43]
[44]
[45]
[46]
[47]
[48]
[49]
[50]
[51]
[52]
[53]
[54]
[55]
[56]
[57]
[58]
[59]
[60]
[61]
[62]
[63]
[64]
[65]
[66]
[67]
[68]
[69]
首页
上页
下页
尾页
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
[17]
[18]
[19]
[20]
[21]
[22]
[23]
[24]
[25]
[26]
[27]
[28]
[29]
[30]
[31]
[32]
[33]
[34]
[35]
[36]
[37]
[38]
[39]
[40]
[41]
[42]
[43]
[44]
[45]
[46]
[47]
[48]
[49]
[50]
[51]
[52]
[53]
[54]
[55]
[56]
[57]
[58]
[59]
[60]
[61]
[62]
[63]
[64]
[65]
[66]
[67]
[68]
[69]
本文关键:AcProtect 1.41 外壳分析
相关方案
- The Programming…
- diablo2002’s cr…
- Diablo 2oo2’s C…
- iczelion tut23…
- Window 中窗口的层次关系…
- Man 帮助文件转化成为win…
- iczelion tut24…
- C++ Builder 初学问…
- 《Undocumented W…
- 一个反汇编的例子…
- Enhanced Assert…
- Borland 免费编译器使用…
- 面试C++试题…
- 少走弯路:学习编译原理的…
- PHP 开发环境的选择、建立及…
- DIY一个简单共享儒虫…
- 三种排序算法及三种变量交换的宏…
- 各种专用iterator的用法…
- 对Gary Nebbet的经典…
- SYN_FLOOD 简单分析及…
本站最佳浏览方式为 分辨率 1024x768 IE 6.0(或更高版本的 IE浏览器)
