-
-
[旧帖] [求助][求助][求助]帮我看看这段代码有没有加壳 0.00雪花
-
发表于: 2011-10-26 15:37
-
各位巨侠,我想知道这是用什么软件加的壳,用PEID检测结果是:什么也没发现
这是一个程序的入口代码,用OD载入后显示如下:
00B1D000 > 83EC 04 sub esp,4
00B1D003 50 push eax
00B1D004 53 push ebx
00B1D005 E8 01000000 call SuperRec.00B1D00B
00B1D00A CC int3
00B1D00B 58 pop eax
00B1D00C 89C3 mov ebx,eax
00B1D00E 40 inc eax
00B1D00F 2D 00E02400 sub eax,24E000
00B1D014 2D 66810910 sub eax,10098166
00B1D019 05 5B810910 add eax,1009815B
00B1D01E 803B CC cmp byte ptr ds:[ebx],0CC
00B1D021 75 19 jnz short SuperRec.00B1D03C
00B1D023 C603 00 mov byte ptr ds:[ebx],0
00B1D026 BB 00100000 mov ebx,1000
00B1D02B 68 D95E7D0D push 0D7D5ED9
00B1D030 68 D1C53743 push 4337C5D1
00B1D035 53 push ebx
00B1D036 50 push eax
00B1D037 E8 0A000000 call SuperRec.00B1D046
00B1D03C 83C0 00 add eax,0
00B1D03F 894424 08 mov dword ptr ss:[esp+8],eax
00B1D043 5B pop ebx
00B1D044 58 pop eax
00B1D045 C3 retn
00B1D046 55 push ebp
00B1D047 89E5 mov ebp,esp
00B1D049 50 push eax
00B1D04A 53 push ebx
00B1D04B 51 push ecx
00B1D04C 56 push esi
00B1D04D 8B75 08 mov esi,dword ptr ss:[ebp+8]
00B1D050 8B4D 0C mov ecx,dword ptr ss:[ebp+C]
00B1D053 C1E9 02 shr ecx,2
00B1D056 8B45 10 mov eax,dword ptr ss:[ebp+10]
00B1D059 8B5D 14 mov ebx,dword ptr ss:[ebp+14]
00B1D05C 85C9 test ecx,ecx
00B1D05E 74 0A je short SuperRec.00B1D06A
00B1D060 3106 xor dword ptr ds:[esi],eax
00B1D062 011E add dword ptr ds:[esi],ebx
00B1D064 83C6 04 add esi,4
00B1D067 49 dec ecx
00B1D068 ^ EB F2 jmp short SuperRec.00B1D05C
00B1D06A 5E pop esi
00B1D06B 59 pop ecx
00B1D06C 5B pop ebx
00B1D06D 58 pop eax
00B1D06E C9 leave
00B1D06F C2 1000 retn 10
00B1D072 37 aaa
00B1D073 8487 1C6D00C2 test byte ptr ds:[edi+C2006D1C],al
00B1D079 40 inc eax
00B1D07A 6221 bound esp,qword ptr ds:[ecx]
00B1D07C 34 2F xor al,2F
00B1D07E 2F das
00B1D07F 4F dec edi
00B1D080 3D 3353E1F8 cmp eax,F8E15333
00B1D085 B1 EC mov cl,0EC
00B1D087 96 xchg eax,esi
00B1D088 51 push ecx
00B1D089 2130 and dword ptr ds:[eax],esi
00B1D08B AE scas byte ptr es:[edi]
00B1D08C 1310 adc edx,dword ptr ds:[eax]
00B1D08E 67:45 inc ebp
00B1D090 6B1F 0A imul ebx,dword ptr ds:[edi],0A
00B1D093 2942 C0 sub dword ptr ds:[edx-40],eax
00B1D096 6B67 1A 45 imul esp,dword ptr ds:[edi+1A],45
00B1D09A 123A adc bh,byte ptr ds:[edx]
00B1D09C 87AC17 5A6B7268 xchg dword ptr ds:[edi+edx+68726B5A],ebp
00B1D0A3 F0:43 lock inc ebx ; 不允许锁定前缀
00B1D0A5 54 push esp
00B1D0A6 188B 14245289 sbb byte ptr ds:[ebx+89522414],cl
00B1D0AC ^ E2 81 loopd short SuperRec.00B1D02F
00B1D0AE C2 0400 retn 4
00B1D0B1 0000 add byte ptr ds:[eax],al
00B1D0B3 BE CD7AC129 mov esi,29C17ACD
00B1D0B8 F7D6 not esi
00B1D0BA C1E6 05 shl esi,5
00B1D0BD BD EB245E0F mov ebp,0F5E24EB
00B1D0C2 C1ED 04 shr ebp,4
00B1D0C5 81ED 3F3FCA33 sub ebp,33CA3F3F
00B1D0CB C1E5 02 shl ebp,2
00B1D0CE 81ED 20262D26 sub ebp,262D2620
00B1D0D4 21EE and esi,ebp
00B1D0D6 81F6 04268006 xor esi,6802604
00B1D0DC 81EA 5D30016F sub edx,6F01305D
00B1D0E2 01F2 add edx,esi
00B1D0E4 81C2 5D30016F add edx,6F01305D
00B1D0EA 871424 xchg dword ptr ss:[esp],edx
00B1D0ED 8B2424 mov esp,dword ptr ss:[esp]
00B1D0F0 81E2 87178450 and edx,50841787
00B1D0F6 F7D2 not edx
00B1D0F8 81F2 D849F95A xor edx,5AF949D8
00B1D0FE 81C2 96FB43EE add edx,EE43FB96
00B1D104 52 push edx
00B1D105 58 pop eax
00B1D106 01DA add edx,ebx
00B1D108 31FA xor edx,edi
00B1D10A 81EA DC17130E sub edx,0E1317DC
00B1D110 81EA 100D236E sub edx,6E230D10
00B1D116 29FA sub edx,edi
00B1D118 81C2 100D236E add edx,6E230D10
00B1D11E 81C2 DC17130E add edx,0E1317DC
00B1D124 0000 add byte ptr ds:[eax],al
00B1D126 0000 add byte ptr ds:[eax],al
00B1D128 0000 add byte ptr ds:[eax],al
00B1D12A 0000 add byte ptr ds:[eax],al
00B1D12C 0000 add byte ptr ds:[eax],al
00B1D12E 0000 add byte ptr ds:[eax],al
00B1D130 0000 add byte ptr ds:[eax],al
00B1D132 0000 add byte ptr ds:[eax],al
00B1D134 0000 add byte ptr ds:[eax],al
00B1D136 0000 add byte ptr ds:[eax],al
00B1D138 0000 add byte ptr ds:[eax],al
00B1D13A 0000 add byte ptr ds:[eax],al
00B1D13C 0000 add byte ptr ds:[eax],al
00B1D13E 0000 add byte ptr ds:[eax],al
00B1D140 0000 add byte ptr ds:[eax],al
00B1D142 0000 add byte ptr ds:[eax],al
以下代码与上面一行相同
。。。。。。。。。。。。。。。。。
一直到程序的结束。
这是一个程序的入口代码,用OD载入后显示如下:
00B1D000 > 83EC 04 sub esp,4
00B1D003 50 push eax
00B1D004 53 push ebx
00B1D005 E8 01000000 call SuperRec.00B1D00B
00B1D00A CC int3
00B1D00B 58 pop eax
00B1D00C 89C3 mov ebx,eax
00B1D00E 40 inc eax
00B1D00F 2D 00E02400 sub eax,24E000
00B1D014 2D 66810910 sub eax,10098166
00B1D019 05 5B810910 add eax,1009815B
00B1D01E 803B CC cmp byte ptr ds:[ebx],0CC
00B1D021 75 19 jnz short SuperRec.00B1D03C
00B1D023 C603 00 mov byte ptr ds:[ebx],0
00B1D026 BB 00100000 mov ebx,1000
00B1D02B 68 D95E7D0D push 0D7D5ED9
00B1D030 68 D1C53743 push 4337C5D1
00B1D035 53 push ebx
00B1D036 50 push eax
00B1D037 E8 0A000000 call SuperRec.00B1D046
00B1D03C 83C0 00 add eax,0
00B1D03F 894424 08 mov dword ptr ss:[esp+8],eax
00B1D043 5B pop ebx
00B1D044 58 pop eax
00B1D045 C3 retn
00B1D046 55 push ebp
00B1D047 89E5 mov ebp,esp
00B1D049 50 push eax
00B1D04A 53 push ebx
00B1D04B 51 push ecx
00B1D04C 56 push esi
00B1D04D 8B75 08 mov esi,dword ptr ss:[ebp+8]
00B1D050 8B4D 0C mov ecx,dword ptr ss:[ebp+C]
00B1D053 C1E9 02 shr ecx,2
00B1D056 8B45 10 mov eax,dword ptr ss:[ebp+10]
00B1D059 8B5D 14 mov ebx,dword ptr ss:[ebp+14]
00B1D05C 85C9 test ecx,ecx
00B1D05E 74 0A je short SuperRec.00B1D06A
00B1D060 3106 xor dword ptr ds:[esi],eax
00B1D062 011E add dword ptr ds:[esi],ebx
00B1D064 83C6 04 add esi,4
00B1D067 49 dec ecx
00B1D068 ^ EB F2 jmp short SuperRec.00B1D05C
00B1D06A 5E pop esi
00B1D06B 59 pop ecx
00B1D06C 5B pop ebx
00B1D06D 58 pop eax
00B1D06E C9 leave
00B1D06F C2 1000 retn 10
00B1D072 37 aaa
00B1D073 8487 1C6D00C2 test byte ptr ds:[edi+C2006D1C],al
00B1D079 40 inc eax
00B1D07A 6221 bound esp,qword ptr ds:[ecx]
00B1D07C 34 2F xor al,2F
00B1D07E 2F das
00B1D07F 4F dec edi
00B1D080 3D 3353E1F8 cmp eax,F8E15333
00B1D085 B1 EC mov cl,0EC
00B1D087 96 xchg eax,esi
00B1D088 51 push ecx
00B1D089 2130 and dword ptr ds:[eax],esi
00B1D08B AE scas byte ptr es:[edi]
00B1D08C 1310 adc edx,dword ptr ds:[eax]
00B1D08E 67:45 inc ebp
00B1D090 6B1F 0A imul ebx,dword ptr ds:[edi],0A
00B1D093 2942 C0 sub dword ptr ds:[edx-40],eax
00B1D096 6B67 1A 45 imul esp,dword ptr ds:[edi+1A],45
00B1D09A 123A adc bh,byte ptr ds:[edx]
00B1D09C 87AC17 5A6B7268 xchg dword ptr ds:[edi+edx+68726B5A],ebp
00B1D0A3 F0:43 lock inc ebx ; 不允许锁定前缀
00B1D0A5 54 push esp
00B1D0A6 188B 14245289 sbb byte ptr ds:[ebx+89522414],cl
00B1D0AC ^ E2 81 loopd short SuperRec.00B1D02F
00B1D0AE C2 0400 retn 4
00B1D0B1 0000 add byte ptr ds:[eax],al
00B1D0B3 BE CD7AC129 mov esi,29C17ACD
00B1D0B8 F7D6 not esi
00B1D0BA C1E6 05 shl esi,5
00B1D0BD BD EB245E0F mov ebp,0F5E24EB
00B1D0C2 C1ED 04 shr ebp,4
00B1D0C5 81ED 3F3FCA33 sub ebp,33CA3F3F
00B1D0CB C1E5 02 shl ebp,2
00B1D0CE 81ED 20262D26 sub ebp,262D2620
00B1D0D4 21EE and esi,ebp
00B1D0D6 81F6 04268006 xor esi,6802604
00B1D0DC 81EA 5D30016F sub edx,6F01305D
00B1D0E2 01F2 add edx,esi
00B1D0E4 81C2 5D30016F add edx,6F01305D
00B1D0EA 871424 xchg dword ptr ss:[esp],edx
00B1D0ED 8B2424 mov esp,dword ptr ss:[esp]
00B1D0F0 81E2 87178450 and edx,50841787
00B1D0F6 F7D2 not edx
00B1D0F8 81F2 D849F95A xor edx,5AF949D8
00B1D0FE 81C2 96FB43EE add edx,EE43FB96
00B1D104 52 push edx
00B1D105 58 pop eax
00B1D106 01DA add edx,ebx
00B1D108 31FA xor edx,edi
00B1D10A 81EA DC17130E sub edx,0E1317DC
00B1D110 81EA 100D236E sub edx,6E230D10
00B1D116 29FA sub edx,edi
00B1D118 81C2 100D236E add edx,6E230D10
00B1D11E 81C2 DC17130E add edx,0E1317DC
00B1D124 0000 add byte ptr ds:[eax],al
00B1D126 0000 add byte ptr ds:[eax],al
00B1D128 0000 add byte ptr ds:[eax],al
00B1D12A 0000 add byte ptr ds:[eax],al
00B1D12C 0000 add byte ptr ds:[eax],al
00B1D12E 0000 add byte ptr ds:[eax],al
00B1D130 0000 add byte ptr ds:[eax],al
00B1D132 0000 add byte ptr ds:[eax],al
00B1D134 0000 add byte ptr ds:[eax],al
00B1D136 0000 add byte ptr ds:[eax],al
00B1D138 0000 add byte ptr ds:[eax],al
00B1D13A 0000 add byte ptr ds:[eax],al
00B1D13C 0000 add byte ptr ds:[eax],al
00B1D13E 0000 add byte ptr ds:[eax],al
00B1D140 0000 add byte ptr ds:[eax],al
00B1D142 0000 add byte ptr ds:[eax],al
以下代码与上面一行相同
。。。。。。。。。。。。。。。。。
一直到程序的结束。
|
|
|---|---|
|
|
|
|
|
|
|
|
|
