开心词典XP v2.0
脱壳后反汇编如下:
::0049CCD2:: 8B00 MOV EAX,[EAX]
::0049CCD4:: 8945 EC MOV [EBP-14],EAX
::0049CCD7:: C645 F0 0B MOV BYTE PTR [EBP-10],B
::0049CCDB:: A1 DC224B00 MOV EAX,[4B22DC]
::0049CCE0:: 8B00 MOV EAX,[EAX]
::0049CCE2:: 8945 F4 MOV [EBP-C],EAX
::0049CCE5:: C645 F8 0B MOV BYTE PTR [EBP-8],B
::0049CCE9:: 8D55 EC LEA EDX,[EBP-14]
::0049CCEC:: B9 01000000 MOV ECX,1
::0049CCF1:: B8 50CE4900 MOV EAX,49CE50 \->: %s-%s
::0049CCF6:: E8 A1D1F6FF CALL 00409E9C \:JMPUP
::0049CCFB:: 8B55 FC MOV EDX,[EBP-4]
::0049CCFE:: A1 D4254B00 MOV EAX,[4B25D4]
::0049CD03:: 8B00 MOV EAX,[EAX]
::0049CD05:: E8 F6A7FCFF CALL 00467500 \:JMPUP
::0049CD0A:: B8 60CE4900 MOV EAX,49CE60 \->: 未注册
::0049CD0F:: 8B15 64274B00 MOV EDX,[4B2764]
::0049CD15:: 8B12 MOV EDX,[EDX]
::0049CD17:: E8 3C7AF6FF CALL 00404758 \:JMPUP
::0049CD1C:: 74 15 JE SHORT 0049CD33 \:JMPDOWN
::0049CD1E:: A1 2C274B00 MOV EAX,[4B272C]
::0049CD23:: 66:8338 00 CMP WORD PTR [EAX],0
::0049CD27:: 74 0A JE SHORT 0049CD33 \:JMPDOWN
::0049CD29:: A1 74254B00 MOV EAX,[4B2574]
::0049CD2E:: 8338 00 CMP DWORD PTR [EAX],0
::0049CD31:: 75 5B JNZ SHORT 0049CD8E \:JMPDOWN
::0049CD33:: A1 64274B00 MOV EAX,[4B2764] \:BYJMP JmpBy:0049CD1C,0049CD27,
::0049CD38:: BA 60CE4900 MOV EDX,49CE60 \->: 未注册
::0049CD3D:: E8 4E76F6FF CALL 00404390 \:JMPUP
::0049CD42:: 8D45 E8 LEA EAX,[EBP-18]
::0049CD45:: 50 PUSH EAX
大家看看有没有用,!
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课