pe 查不到,fi 查出为 upx+cryptor
不知道此种壳如何下手,请高手指点下,有pe 插件可以自动脱掉,但没脱干净可以运行,
0040C000 > B8 FC774100 mov eax,破解补丁.004177FC
0040C005 50 push eax
0040C006 64:FF35 00000000 push dword ptr fs:[0]
0040C00D 64:8925 00000000 mov dword ptr fs:[0],esp
0040C014 33C0 xor eax,eax
0040C016 8908 mov dword ptr ds:[eax],ecx
0040C018 50 push eax
0040C019 45 inc ebp
0040C01A 43 inc ebx
0040C01B 6F outs dx,dword ptr es:[edi]
0040C01C 6D ins dword ptr es:[edi],dx
0040C01D 70 61 jo short 破解补丁.0040C080
0040C01F 637432 00 arpl word ptr ds:[edx+esi],si
0040C023 24 33 and al,33
0040C025 CC int3
0040C026 8661 06 xchg byte ptr ds:[ecx+6],ah
0040C029 B2 00 mov dl,0
0040C02B 0000 add byte ptr ds:[eax],al
0040C02D 1848 30 sbb byte ptr ds:[eax+30],cl
0040C030 49 dec ecx
0040C031 0048 64 add byte ptr ds:[eax+64],cl
0040C034 80A2 64880910 50 and byte ptr ds:[edx+10098864],50
0040C03B 690471 28711513 imul eax,dword ptr ds:[ecx+esi*2],13157128
0040C042 24 05 and al,5
0040C044 41 inc ecx
0040C045 0000 add byte ptr ds:[eax],al
0040C047 00C0 add al,al
里面居然有in3,想问下到底是那种壳,如何下手,感谢ing
[招生]系统0day安全班,企业级设备固件漏洞挖掘,Linux平台漏洞挖掘!