-
-
[求助]未知的殼
-
发表于:
2009-11-22 01:10
2207
-
區段
gluwutct
.rsrc
szrjekuo
vytpwhgt
kknouayu
入口點代碼
005A5000 > 83EC 04 sub esp, 4
005A5003 50 push eax
005A5004 53 push ebx
005A5005 E8 01000000 call 005A500B
005A500A CC int3
005A500B 58 pop eax
005A500C 8BD8 mov ebx, eax
005A500E 40 inc eax
005A500F 2D 00501400 sub eax, 145000
005A5014 2D 42E86000 sub eax, 60E842
005A5019 05 37E86000 add eax, 60E837
005A501E 803B CC cmp byte ptr [ebx], 0CC
005A5021 75 19 jnz short 005A503C
005A5023 C603 00 mov byte ptr [ebx], 0
005A5026 BB 00100000 mov ebx, 1000
005A502B 68 A8AB6156 push 5661ABA8
005A5030 68 2E976113 push 1361972E
005A5035 53 push ebx
005A5036 50 push eax
005A5037 E8 0A000000 call 005A5046
005A503C 83C0 14 add eax, 14
005A503F 894424 08 mov dword ptr [esp+8], eax
005A5043 5B pop ebx
005A5044 58 pop eax
005A5045 C3 retn
005A5046 55 push ebp
005A5047 8BEC mov ebp, esp
005A5049 60 pushad
005A504A 8B75 08 mov esi, dword ptr [ebp+8]
005A504D 8B4D 0C mov ecx, dword ptr [ebp+C]
005A5050 C1E9 02 shr ecx, 2
005A5053 8B45 10 mov eax, dword ptr [ebp+10]
005A5056 8B5D 14 mov ebx, dword ptr [ebp+14]
005A5059 EB 08 jmp short 005A5063
005A505B 3106 xor dword ptr [esi], eax
005A505D 011E add dword ptr [esi], ebx
005A505F 83C6 04 add esi, 4
005A5062 49 dec ecx
005A5063 0BC9 or ecx, ecx
005A5065 ^ 75 F4 jnz short 005A505B
005A5067 61 popad
005A5068 C9 leave
005A5069 C2 1000 retn 10
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课