麻烦高手给看看这种加密过的函数有没有办法恢复啊?加密类型是什么啊,虚了还是乱序混淆一类的,有没有插件直接搞定?谢谢了
0044CBB0 55 PUSH EBP
0044CBB1 8BEC MOV EBP, ESP
0044CBB3 6A FF PUSH -1
0044CBB5 68 28E07400 PUSH Game.0074E028
0044CBBA 64:A1 00000000 MOV EAX, DWORD PTR FS:[0]
0044CBC0 50 PUSH EAX
0044CBC1 64:8925 00000000 MOV DWORD PTR FS:[0], ESP
0044CBC8 83EC 28 SUB ESP, 28
0044CBCB 53 PUSH EBX
0044CBCC 56 PUSH ESI
0044CBCD 57 PUSH EDI
0044CBCE 8BF1 MOV ESI, ECX
0044CBD0 68 68C27800 PUSH Game.0078C268
0044CBD5 8975 F0 MOV DWORD PTR SS:[EBP-10], ESI
0044CBD8 - E9 D7246D00 JMP Game.00B1F0B4 //从这一行开始调走,进入加密了
0044CBDD 8945 04 MOV DWORD PTR SS:[EBP+4], EAX
0044CBE0 895424 04 MOV DWORD PTR SS:[ESP+4], EDX
0044CBE4 885C24 0C MOV BYTE PTR SS:[ESP+C], BL
0044CBE8 9C PUSHFD
0044CBE9 8F4424 0C POP DWORD PTR SS:[ESP+C]
0044CBED 60 PUSHAD
0044CBEE FF7424 04 PUSH DWORD PTR SS:[ESP+4]
0044CBF2 ^ E9 E0FDFFFF JMP Game.0044C9D7
0044CBF7 F5 CMC
0044CBF8 9C PUSHFD
0044CBF9 66:31C3 XOR BX, AX
0044CBFC 66:C70424 76BD MOV WORD PTR SS:[ESP], 0BD76
0044CC02 66:0FBAE4 0F BT SP, 0F
0044CC07 E8 45721F00 CALL Game.00643E51
0044CC0C 66:2145 04 AND WORD PTR SS:[EBP+4], AX
0044CC10 E8 4FDB1100 CALL Game.0056A764
0044CC15 68 82854205 PUSH 5428582
0044CC1A E8 DEED0E00 CALL Game.0053B9FD
0044CC1F 60 PUSHAD
0044CC20 FF7424 2C PUSH DWORD PTR SS:[ESP+2C]
0044CC24 8F45 00 POP DWORD PTR SS:[EBP]
0044CC27 66:891C24 MOV WORD PTR SS:[ESP], BX
0044CC2B 8D6424 30 LEA ESP, DWORD PTR SS:[ESP+30]
0044CC2F E9 4B000000 JMP Game.0044CC7F
0044CC34 37 AAA
0044CC35 F7D0 NOT EAX
0044CC37 8B45 00 MOV EAX, DWORD PTR SS:[EBP]
0044CC3A C0C6 02 ROL DH, 2
0044CC3D 66:0FBCD0 BSF DX, AX
0044CC41 66:19FA SBB DX, DI
0044CC44 FEC6 INC DH
0044CC46 66:8B55 04 MOV DX, WORD PTR SS:[EBP+4]
0044CC4A F5 CMC
0044CC4B E9 309C0A00 JMP Game.004F6880
0044CC50 F6D8 NEG AL
0044CC52 52 PUSH EDX
0044CC53 D2F0 SAL AL, CL
0044CC55 8A45 00 MOV AL, BYTE PTR SS:[EBP]
0044CC58 E8 04F00E00 CALL Game.0053BC61
0044CC5D 8D7C24 04 LEA EDI, DWORD PTR SS:[ESP+4]
0044CC61 83C4 04 ADD ESP, 4
0044CC64 F6D1 NOT CL
0044CC66 8D9D 8BA17815 LEA EBX, DWORD PTR SS:[EBP+1578A18B]
0044CC6C 66:D3F9 SAR CX, CL
0044CC6F 89F3 MOV EBX, ESI
0044CC71 C0C0 06 ROL AL, 6
0044CC74 B0 73 MOV AL, 73
0044CC76 0F8C B7EE0E00 JL Game.0053BB33
0044CC7C 0375 00 ADD ESI, DWORD PTR SS:[EBP]
0044CC7F 66:FFC1 INC CX
0044CC82 0F81 0DEE0E00 JNO Game.0053BA95
0044CC88 8A46 FF MOV AL, BYTE PTR DS:[ESI-1]
0044CC8B 66:0FC9 BSWAP CX
0044CC8E 4E DEC ESI
0044CC8F 08F5 OR CH, DH
0044CC91 00D8 ADD AL, BL
0044CC93 D2CD ROR CH, CL
0044CC95 66:0FB6CA MOVZX CX, DL
0044CC99 66:81C9 8FAB OR CX, 0AB8F
0044CC9E 34 6C XOR AL, 6C
0044CCA0 66:F7D1 NOT CX
0044CCA3 66:81E1 B264 AND CX, 64B2
0044CCA8 2C AA SUB AL, 0AA
0044CCAA 0FACD1 19 SHRD ECX, EDX, 19
0044CCAE 80ED 0B SUB CH, 0B
0044CCB1 66:0FB3C1 BTR CX, AX
0044CCB5 66:0FABC9 BTS CX, CX
0044CCB9 34 16 XOR AL, 16
0044CCBB 66:0FBCCF BSF CX, DI
0044CCBF C0D9 07 RCR CL, 7
0044CCC2 00C3 ADD BL, AL
0044CCC4 80C9 74 OR CL, 74
0044CCC7 20C5 AND CH, AL
0044CCC9 80C9 2F OR CL, 2F
0044CCCC 0FB6C0 MOVZX EAX, AL
0044CCCF F5 CMC
0044CCD0 66:01E1 ADD CX, SP
0044CCD3 8B0C85 0071B100 MOV ECX, DWORD PTR DS:[EAX*4+B17100]
0044CCDA 84DA TEST DL, BL
0044CCDC 60 PUSHAD
0044CCDD F7D1 NOT ECX
0044CCDF F8 CLC
0044CCE0 9C PUSHFD
0044CCE1 38ED CMP CH, CH
0044CCE3 60 PUSHAD
0044CCE4 81C1 00000000 ADD ECX, 0
0044CCEA 9C PUSHFD
0044CCEB E9 EC9B0A00 JMP Game.004F68DC
0044CCF0 8D4D CC LEA ECX, DWORD PTR SS:[EBP-34] //到了这里回来了
0044CCF3 C745 FC FFFFFFFF MOV DWORD PTR SS:[EBP-4], -1
0044CCFA C745 CC 10C17800 MOV DWORD PTR SS:[EBP-34], Game.0078C110
0044CD01 E8 1A3A2600 CALL Game.006B0720
0044CD06 8B4D F4 MOV ECX, DWORD PTR SS:[EBP-C]
0044CD09 64:890D 00000000 MOV DWORD PTR FS:[0], ECX
0044CD10 8BE5 MOV ESP, EBP
0044CD12 5D POP EBP
0044CD13 C2 0400 RETN 4
00B1F0B4 /0F85 F9260000 JNZ Game.00B217B3
00B1F0BA |60 PUSHAD
00B1F0BB |C74424 1C FF7A4CD3 MOV DWORD PTR SS:[ESP+1C], D34C7AFF
00B1F0C3 |60 PUSHAD
00B1F0C4 |51 PUSH ECX
00B1F0C5 |55 PUSH EBP
00B1F0C6 |C74424 40 57DE9DA2 MOV DWORD PTR SS:[ESP+40], A29DDE57
00B1F0CE |52 PUSH EDX
00B1F0CF |8D6424 44 LEA ESP, DWORD PTR SS:[ESP+44]
00B1F0D3 -|E9 C74DB2FF JMP Game.00643E9F
00B1F0D8 |8A17 MOV DL, BYTE PTR DS:[EDI]
00B1F0DA |5E POP ESI
00B1F0DB |CD 0A INT 0A
00B1F0DD |05 05C5CF38 ADD EAX, 38CFC505
00B1F0E2 |C0A3 FA35C453 CE SHL BYTE PTR DS:[EBX+53C435FA], 0CE
00B1F0E9 |51 PUSH ECX
00B1F0EA |88DB MOV BL, BL
00B1F0EC |6E OUTS DX, BYTE PTR ES:[EDI]
00B217B3 E8 6C220000 CALL Game.00B23A24
00B217B8 60 PUSHAD
00B217B9 880C24 MOV BYTE PTR SS:[ESP], CL
00B217BC C74424 20 C8CF5A57 MOV DWORD PTR SS:[ESP+20], 575ACFC8
00B217C4 68 CAD1FC44 PUSH 44FCD1CA
00B217C9 9C PUSHFD
00B217CA 9C PUSHFD
00B217CB C60424 CE MOV BYTE PTR SS:[ESP], 0CE
00B217CF 8D6424 2C LEA ESP, DWORD PTR SS:[ESP+2C]
00B217D3 - E9 C726B2FF JMP Game.00643E9F
00B217D8 2C AE SUB AL, 0AE
00B217DA 35 A4DDF8A1 XOR EAX, A1F8DDA4
00B217DF D956 03 FST DWORD PTR DS:[ESI+3]
00B217E2 8B26 MOV ESP, DWORD PTR DS:[ESI]
00B217E4 B1 F4 MOV CL, 0F4
00B217E6 9B WAIT
00B217E7 D6 SALC
00B217E8 196CD7 66 SBB DWORD PTR DS:[EDI+EDX*8+66], EBP
00B217EC A1 2C5FC037 MOV EAX, DWORD PTR DS:[37C05F2C]
00B217F1 7F 0E JG SHORT Game.00B21801
00B217F3 E3 1D JECXZ SHORT Game.00B21812
00B217F5 C3 RETN
00B23A24 C70424 FF7A4CD3 MOV DWORD PTR SS:[ESP], D34C7AFF
00B23A2B 9C PUSHFD
00B23A2C C70424 D0AA47F1 MOV DWORD PTR SS:[ESP], F147AAD0
00B23A33 C70424 57DE9DA2 MOV DWORD PTR SS:[ESP], A29DDE57
00B23A3A 60 PUSHAD
00B23A3B 68 06048C26 PUSH 268C0406
00B23A40 FF3424 PUSH DWORD PTR SS:[ESP]
00B23A43 8D6424 28 LEA ESP, DWORD PTR SS:[ESP+28]
00B23A47 - E9 5304B2FF JMP Game.00643E9F
00B23A4C 52 PUSH EDX
00B23A4D E8 10290000 CALL Game.00B26362
00B23A52 FB STI
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
