-
-
[求助]请问这是什么壳啊yoda's Protector v1.02 (.dll,.ocx) --> Ashkbiz Danehkar [Overlay] *
-
发表于:
2013-3-24 16:34
6256
-
[求助]请问这是什么壳啊yoda's Protector v1.02 (.dll,.ocx) --> Ashkbiz Danehkar [Overlay] *
用PEID查出来是yoda's Protector v1.02 (.dll,.ocx) --> Ashkbiz Danehkar [Overlay] *
入口点是这样
00B99000 > 83EC 04 sub esp,4
00B99003 50 push eax
00B99004 53 push ebx
00B99005 E8 01000000 call SuperRec.00B9900B
00B9900A CC int3
00B9900B 58 pop eax
00B9900C 89C3 mov ebx,eax
00B9900E 40 inc eax
00B9900F 2D 00702800 sub eax,287000
00B99014 2D 2FD50910 sub eax,1009D52F
00B99019 05 24D50910 add eax,1009D524
00B9901E 803B CC cmp byte ptr ds:[ebx],0CC
00B99021 75 19 jnz short SuperRec.00B9903C
00B99023 C603 00 mov byte ptr ds:[ebx],0
00B99026 BB 00100000 mov ebx,1000
00B9902B 68 3705E230 push 30E20537
00B99030 68 21C90262 push 6202C921
00B99035 53 push ebx
00B99036 50 push eax
00B99037 E8 0A000000 call SuperRec.00B99046
00B9903C 83C0 00 add eax,0
00B9903F 894424 08 mov dword ptr ss:[esp+8],eax
00B99043 5B pop ebx
00B99044 58 pop eax
00B99045 C3 retn
软件地址:
http://www.skycn.com/soft/50576.html
百度了一下说是误报相当高,很多VM报成这个,调试了一个,里面好像有很多VM代码
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
