能力值:
( LV2,RANK:10 )
|
-
-
6 楼
应该是vmp的壳,不过不知道是什么版本的。
00816425 <ModuleEntryPoint> /E9 6B1E0000 jmp 1_0_0_6.00818295
00818295 E8 7676DFFF call 1_0_0_6.0060F910
0060F910 C70424 8FA8E073 mov dword ptr ss:[esp],73E0A88F
0060F917 E8 AC2E0000 call 1_0_0_6.006127C8
006127C8 C70424 16321930 mov dword ptr ss:[esp],30193216
006127CF C60424 55 mov byte ptr ss:[esp],55
006127D3 C70424 E4468495 mov dword ptr ss:[esp],958446E4
006127DA 68 DAA9C57B push 7BC5A9DA
006127DF 66:891424 mov word ptr ss:[esp],dx
006127E3 8D6424 04 lea esp,dword ptr ss:[esp+4]
006127E7 E9 C3E62000 jmp 1_0_0_6.00820EAF
00820EAF 50 push eax
00820EB0 9C pushfd
00820EB1 9C pushfd
00820EB2 C64424 08 1B mov byte ptr ss:[esp+8],1B
00820EB7 895424 08 *mov dword ptr ss:[esp+8],edx
00820EBB 60 pushad
00820EBC 9C pushfd
00820EBD 9C pushfd
00820EBE 896C24 2C *mov dword ptr ss:[esp+2C],ebp
00820EC2 68 E7548EBD push BD8E54E7
00820EC7 884C24 08 mov byte ptr ss:[esp+8],cl
00820ECB 66:896C24 10 mov word ptr ss:[esp+10],bp
00820ED0 897C24 2C *mov dword ptr ss:[esp+2C],edi
00820ED4 E8 741E0000 call 1_0_0_6.00822D4D
00822D4D E8 49E1FFFF call 1_0_0_6.00820E9B
00820E9B /E9 551D0000 jmp 1_0_0_6.00822BF5
00822BF5 66:C74424 04 FD0B mov word ptr ss:[esp+4],0BFD
00822BFC 895C24 30 *mov dword ptr ss:[esp+30],ebx
00822C00 FF3424 push dword ptr ss:[esp]
00822C03 9C pushfd
00822C04 68 C3A68D96 push 968DA6C3
00822C09 C60424 25 mov byte ptr ss:[esp],25
00822C0D 8D6424 3C lea esp,dword ptr ss:[esp+3C]
00822C11 ^ E9 5CFFFFFF jmp 1_0_0_6.00822B72
00822B72 F6D3 not bl
00822B74 66:0FBEE9 movsx bp,cl
00822B78 51 push ecx
00822B79 66:F7D5 not bp
00822B7C ^ E9 6EDDFFFF jmp 1_0_0_6.008208EF
008208EF 60 pushad
008208F0 877C24 1C xchg dword ptr ss:[esp+1C],edi
008208F4 66:87DD xchg bp,bx
008208F7 5F pop edi
008208F8 0FBEDB movsx ebx,bl
008208FB 894424 14 *mov dword ptr ss:[esp+14],eax
008208FF E8 37080000 call 1_0_0_6.0082113B
0082113B 66:F7D5 not bp
0082113E 66:0FB6E9 movzx bp,cl
00821142 66:8B2C24 mov bp,word ptr ss:[esp]
00821146 877424 14 xchg dword ptr ss:[esp+14],esi
0082114A 66:0FB6EB movzx bp,bl
0082114E 0F94C7 sete bh
00821151 8D6424 14 lea esp,dword ptr ss:[esp+14]
00821155 0F8D F60A0000 jge 1_0_0_6.00821C51
00821C51 66:0FCE bswap si
00821C54 57 push edi
00821C55 F3: prefix rep: ; Superfluous prefix
00821C56 9C pushfd
00821C57 8F0424 pop dword ptr ss:[esp]
00821C5A E9 350A0000 jmp 1_0_0_6.00822694
00822694 FF35 88218200 push dword ptr ds:[822188]
0082269A 0F99C3 setns bl
0082269D 66:D3DE rcr si,cl
008226A0 66:0FBAFD 0F btc bp,0F
008226A5 68 00000000 push 0
008226AA 66:81CD BE79 or bp,79BE
008226AF 66:81E5 B3DA and bp,0DAB3
008226B4 8B7424 30 *mov esi,dword ptr ss:[esp+30] ;vm eip
008226B8 66:0FBCFD bsf di,bp
008226BC 66:0FC1DD xadd bp,bx
008226C0 80FA 4A cmp dl,4A
008226C3 81EE 6F3E5F73 sub esi,735F3E6F
008226C9 66:0FB3F2 btr dx,si
008226CD F5 cmc
008226CE F7DE neg esi
008226D0 86D8 xchg al,bl
008226D2 F6C5 16 test ch,16
008226D5 F7D6 not esi
008226D7 8D2CED 1C0BE225 lea ebp,dword ptr ds:[ebp*8+25E20B1C]
008226DE 89E5 *mov ebp,esp
008226E0 66:0FA3C2 bt dx,ax
008226E4 66:D3EF shr di,cl
008226E7 66:0FA4DA 01 shld dx,bx,1
008226EC 81EC C0000000 sub esp,0C0
008226F2 0FC1FA xadd edx,edi
008226F5 10E0 adc al,ah
008226F7 89E7 *mov edi,esp
008226F9 66:0FB3F3 btr bx,si
008226FD 89F3 *mov ebx,esi
008226FF 30F8 xor al,bh
00822701 D0E8 shr al,1
00822703 0375 00 add esi,dword ptr ss:[ebp]
00822706 D2E8 shr al,cl
00822708 66:0FBCD4 bsf dx,sp
0082270C 28C6 sub dh,al
0082270E 81F2 120D5A61 xor edx,615A0D12
00822714 8A46 FF mov al,byte ptr ds:[esi-1] ;读取pcode
00822717 F9 stc
00822718 66:89C2 mov dx,ax
0082271B 83C6 FF add esi,-1
0082271E C0EA 07 shr dl,7
00822721 08EE or dh,ch
00822723 00D8 add al,bl
00822725 60 pushad
00822726 F8 clc
00822727 D0C0 rol al,1
00822729 ^ E9 9AF8FFFF jmp 1_0_0_6.00821FC8
00821FC8 FEC0 inc al
00821FCA 66:0FA4CA 06 shld dx,cx,6
00821FCF F6D0 not al
00821FD1 42 inc edx
00821FD2 00C3 add bl,al
00821FD4 E8 770E0000 call 1_0_0_6.00822E50
00822E50 66:0FBED1 movsx dx,cl
00822E54 0FB6C0 movzx eax,al
00822E57 60 pushad
00822E58 66:F7D2 not dx
00822E5B 8B1485 49278200 mov edx,dword ptr ds:[eax*4+822749]
00822E62 E8 FEEEFFFF call 1_0_0_6.00821D65
00821D65 68 41B45087 push 8750B441
00821D6A 42 inc edx
00821D6B E8 2BEFFFFF call 1_0_0_6.00820C9B
00820C9B 39C4 cmp esp,eax
00820C9D 66:0FA3ED bt bp,bp
00820CA1 84D0 test al,dl
00820CA3 81C2 00000000 add edx,0
00820CA9 887C24 08 mov byte ptr ss:[esp+8],bh
00820CAD 894424 1C mov dword ptr ss:[esp+1C],eax
00820CB1 895424 4C mov dword ptr ss:[esp+4C],edx
00820CB5 882424 mov byte ptr ss:[esp],ah
00820CB8 882424 mov byte ptr ss:[esp],ah
00820CBB 887C24 08 mov byte ptr ss:[esp+8],bh
00820CBF FF7424 4C push dword ptr ss:[esp+4C]
00820CC3 C2 5000 retn 50
008207F0 /E9 8F070000 jmp 1_0_0_6.00820F84
00820F84 60 pushad
00820F85 FEC2 inc dl
00820F87 F6D2 not dl
00820F89 FEC8 dec al
00820F8B 66:0FBAFA 04 btc dx,4
00820F90 C0C8 04 ror al,4
00820F93 66:0FB6D0 movzx dx,al
00820F97 FEC8 dec al
00820F99 F8 clc
00820F9A 24 3C and al,3C
00820F9C F9 stc
00820F9D 66:0FBED3 movsx dx,bl
00820FA1 8B55 00 mov edx,dword ptr ss:[ebp]
00820FA4 83C4 20 add esp,20
00820FA7 ^ 0F83 4AFEFFFF jnb 1_0_0_6.00820DF7
00820DF7 84C2 test dl,al
00820DF9 83C5 04 add ebp,4
00820DFC 51 push ecx
00820DFD 68 E8BD1BCF push CF1BBDE8
00820E02 891438 mov dword ptr ds:[eax+edi],edx
00820E05 66:C70424 4549 mov word ptr ss:[esp],4945
00820E0B 885C24 04 mov byte ptr ss:[esp+4],bl
00820E0F 66:892C24 mov word ptr ss:[esp],bp
00820E13 8D6424 08 lea esp,dword ptr ss:[esp+8]
00820E17 E9 C5160000 jmp 1_0_0_6.008224E1
008224E1 FEC2 inc dl
008224E3 66:0FA4D2 0D shld dx,dx,0D
008224E8 D2CE ror dh,cl
008224EA 8A46 FF mov al,byte ptr ds:[esi-1]
008224ED E8 4AFDFFFF call 1_0_0_6.0082223C
0082223C 66:0FBED0 movsx dx,al
00822240 83C6 FF add esi,-1
00822243 D2CE ror dh,cl
00822245 60 pushad
00822246 00D8 add al,bl
00822248 8D91 6E03195D lea edx,dword ptr ds:[ecx+5D19036E]
0082224E F6D6 not dh
00822250 D0C0 rol al,1
00822252 F7D2 not edx
00822254 66:0FCA bswap dx
00822257 9C pushfd
00822258 FEC0 inc al
0082225A 5A pop edx
0082225B F6D0 not al
0082225D 80C2 AD add dl,0AD
00822260 C1D2 18 rcl edx,18
00822263 F5 cmc
00822264 F8 clc
00822265 00C3 add bl,al
00822267 9C pushfd
00822268 66:0FBED0 movsx dx,al
0082226C 0FB6C0 movzx eax,al
0082226F 66:F7D2 not dx
00822272 0F95C2 setne dl
00822275 8B1485 49278200 mov edx,dword ptr ds:[eax*4+822749]
0082227C 68 2F315971 push 7159312F
00822281 FF3424 push dword ptr ss:[esp]
00822284 E8 C6010000 call 1_0_0_6.0082244F
0082244F 42 inc edx
00822450 0FA3CB bt ebx,ecx
00822453 66:0FA3CE bt si,cx
00822457 0FA3CE bt esi,ecx
0082245A 81C2 00000000 add edx,0
00822460 E8 8EE5FFFF call 1_0_0_6.008209F3
008209F3 55 push ebp
008209F4 895424 38 mov dword ptr ss:[esp+38],edx
008209F8 68 E5A12EFA push FA2EA1E5
008209FD 9C pushfd
008209FE 68 B8A38EAD push AD8EA3B8
00820A03 53 push ebx
00820A04 FF7424 48 push dword ptr ss:[esp+48]
00820A08 C2 4C00 retn 4C
0082130B 66:1D 61DA sbb ax,0DA61
0082130F 88C0 mov al,al
00821311 66:0FBDC2 bsr ax,dx
00821315 0F85 C7190000 jnz 1_0_0_6.00822CE2
00822CE2 D3E8 shr eax,cl
00822CE4 F8 clc
00822CE5 ^ E9 0DE3FFFF jmp 1_0_0_6.00820FF7
00820FF7 8B46 FC mov eax,dword ptr ds:[esi-4]
00820FFA 9C pushfd
00820FFB F9 stc
00820FFC 60 pushad
00820FFD 66:F7C1 3C7E test cx,7E3C
00821002 0FC8 bswap eax
00821004 F5 cmc
00821005 01D8 add eax,ebx
00821007 39CF cmp edi,ecx
00821009 3C EB cmp al,0EB
0082100B F9 stc
0082100C F5 cmc
0082100D F7D8 neg eax
0082100F 9C pushfd
00821010 F5 cmc
00821011 F7D0 not eax
00821013 F7C4 261D626B test esp,6B621D26
00821019 F5 cmc
0082101A F7D8 neg eax
0082101C 66:890424 mov word ptr ss:[esp],ax
00821020 01C3 add ebx,eax
00821022 E8 51070000 call 1_0_0_6.00821778
00821778 83EE 04 sub esi,4
0082177B 66:85D4 test sp,dx
0082177E 880424 mov byte ptr ss:[esp],al
00821781 83ED 04 sub ebp,4
00821784 9C pushfd
00821785 E8 03F2FFFF call 1_0_0_6.0082098D
0082098D 8945 00 mov dword ptr ss:[ebp],eax
00820990 9C pushfd
00820991 68 602B4622 push 22462B60
00820996 9C pushfd
00820997 9C pushfd
00820998 8D6424 44 lea esp,dword ptr ss:[esp+44]
0082099C E9 51090000 jmp 1_0_0_6.008212F2
008212F2 D4 2D aam 2D
008212F4 FEC8 dec al
008212F6 D4 C3 aam 0C3
008212F8 C0E0 04 shl al,4
008212FB 8D47 50 lea eax,dword ptr ds:[edi+50]
008212FE 60 pushad
008212FF 39C5 cmp ebp,eax
00821301 68 ED9F8A71 push 718A9FED
00821306 E9 3E180000 jmp 1_0_0_6.00822B49
00822B49 9C pushfd
00822B4A E8 6DEBFFFF call 1_0_0_6.008216BC
008216BC 8D6424 2C lea esp,dword ptr ss:[esp+2C]
008216C0 0F87 1B0E0000 ja 1_0_0_6.008224E1
008224E1 FEC2 inc dl
008224E3 66:0FA4D2 0D shld dx,dx,0D
008224E8 D2CE ror dh,cl
008224EA 8A46 FF mov al,byte ptr ds:[esi-1]
008224ED E8 4AFDFFFF call 1_0_0_6.0082223C
0082223C 66:0FBED0 movsx dx,al
00822240 83C6 FF add esi,-1
00822243 D2CE ror dh,cl
00822245 60 pushad
00822246 00D8 add al,bl
00822248 8D91 6E03195D lea edx,dword ptr ds:[ecx+5D19036E]
0082224E F6D6 not dh
00822250 D0C0 rol al,1
00822252 F7D2 not edx
00822254 66:0FCA bswap dx
00822257 9C pushfd
00822258 FEC0 inc al
0082225A 5A pop edx
0082225B F6D0 not al
0082225D 80C2 AD add dl,0AD
00822260 C1D2 18 rcl edx,18
00822263 F5 cmc
00822264 F8 clc
00822265 00C3 add bl,al
00822267 9C pushfd
00822268 66:0FBED0 movsx dx,al
0082226C 0FB6C0 movzx eax,al
0082226F 66:F7D2 not dx
00822272 0F95C2 setne dl
00822275 8B1485 49278200 mov edx,dword ptr ds:[eax*4+822749]
0082227C 68 2F315971 push 7159312F
00822281 FF3424 push dword ptr ss:[esp]
00822284 E8 C6010000 call 1_0_0_6.0082244F
0082244F 42 inc edx
00822450 0FA3CB bt ebx,ecx
00822453 66:0FA3CE bt si,cx
00822457 0FA3CE bt esi,ecx
0082245A 81C2 00000000 add edx,0
00822460 E8 8EE5FFFF call 1_0_0_6.008209F3
008209F3 55 push ebp
008209F4 895424 38 mov dword ptr ss:[esp+38],edx
008209F8 68 E5A12EFA push FA2EA1E5
008209FD 9C pushfd
008209FE 68 B8A38EAD push AD8EA3B8
00820A03 53 push ebx
00820A04 FF7424 48 push dword ptr ss:[esp+48]
00820A08 C2 4C00 retn 4C
00820C14 9F lahf
00820C15 66:0FA4F8 07 shld ax,di,7
00820C1A 98 cwde
00820C1B C1D0 0A rcl eax,0A
00820C1E 8B45 00 mov eax,dword ptr ss:[ebp]
00820C21 9C pushfd
00820C22 0145 04 add dword ptr ss:[ebp+4],eax
00820C25 9C pushfd
00820C26 9C pushfd
00820C27 8F4424 04 pop dword ptr ss:[esp+4]
00820C2B E9 EC010000 jmp 1_0_0_6.00820E1C
00820E1C 68 FE483A2D push 2D3A48FE
00820E21 884424 04 mov byte ptr ss:[esp+4],al
00820E25 8D6424 08 lea esp,dword ptr ss:[esp+8]
00820E29 0F84 300B0000 je 1_0_0_6.0082195F
00820E2F 8F45 00 pop dword ptr ss:[ebp]
00820E32 9C pushfd
00820E33 9C pushfd
00820E34 54 push esp
00820E35 8D6424 0C lea esp,dword ptr ss:[esp+C]
00820E39 E9 A3160000 jmp 1_0_0_6.008224E1
008224E1 FEC2 inc dl
008224E3 66:0FA4D2 0D shld dx,dx,0D
008224E8 D2CE ror dh,cl
008224EA 8A46 FF mov al,byte ptr ds:[esi-1]
008224ED E8 4AFDFFFF call 1_0_0_6.0082223C
0082223C 66:0FBED0 movsx dx,al
00822240 83C6 FF add esi,-1
00822243 D2CE ror dh,cl
00822245 60 pushad
00822246 00D8 add al,bl
00822248 8D91 6E03195D lea edx,dword ptr ds:[ecx+5D19036E]
0082224E F6D6 not dh
00822250 D0C0 rol al,1
00822252 F7D2 not edx
00822254 66:0FCA bswap dx
00822257 9C pushfd
00822258 FEC0 inc al
0082225A 5A pop edx
0082225B F6D0 not al
0082225D 80C2 AD add dl,0AD
00822260 C1D2 18 rcl edx,18
00822263 F5 cmc
00822264 F8 clc
00822265 00C3 add bl,al
00822267 9C pushfd
00822268 66:0FBED0 movsx dx,al
0082226C 0FB6C0 movzx eax,al
0082226F 66:F7D2 not dx
00822272 0F95C2 setne dl
00822275 8B1485 49278200 mov edx,dword ptr ds:[eax*4+822749]
0082227C 68 2F315971 push 7159312F
00822281 FF3424 push dword ptr ss:[esp]
00822284 E8 C6010000 call 1_0_0_6.0082244F
0082244F 42 inc edx
00822450 0FA3CB bt ebx,ecx
00822453 66:0FA3CE bt si,cx
00822457 0FA3CE bt esi,ecx
0082245A 81C2 00000000 add edx,0
00822460 E8 8EE5FFFF call 1_0_0_6.008209F3
008209F3 55 push ebp
008209F4 895424 38 mov dword ptr ss:[esp+38],edx
008209F8 68 E5A12EFA push FA2EA1E5
008209FD 9C pushfd
008209FE 68 B8A38EAD push AD8EA3B8
00820A03 53 push ebx
00820A04 FF7424 48 push dword ptr ss:[esp+48]
00820A08 C2 4C00 retn 4C
|
