今天PJ一软件看到如下代码,还好我JMP掉了,要不就完了......
作者有点
00556D64 /. 55 push ebp
00556D65 |. 8BEC mov ebp, esp
00556D67 |. 81C4 2CFEFFFF add esp, -1D4
00556D6D |. 53 push ebx
00556D6E |. 33C9 xor ecx, ecx
00556D70 |. 898D 2CFEFFFF mov [ebp-1D4], ecx
00556D76 |. 894D FC mov [ebp-4], ecx
00556D79 |. 8BD8 mov ebx, eax
00556D7B |. 33C0 xor eax, eax
00556D7D |. 55 push ebp
00556D7E |. 68 406E5500 push 00556E40
00556D83 |. 64:FF30 push dword ptr fs:[eax]
00556D86 |. 64:8920 mov fs:[eax], esp
00556D89 |. 8D95 2CFEFFFF lea edx, [ebp-1D4]
00556D8F |. 8B83 08030000 mov eax, [ebx+308]
00556D95 |. E8 669EF1FF call 00470C00
00556D9A |. 8B85 2CFEFFFF mov eax, [ebp-1D4]
00556DA0 |. 8D55 FC lea edx, [ebp-4]
00556DA3 |. E8 9829EBFF call 00409740
00556DA8 |. 8B45 FC mov eax, [ebp-4]
00556DAB |. E8 5CE1EAFF call 00404F0C
00556DB0 |. 83F8 0C cmp eax, 0C
00556DB3 |. 75 60 jnz short 00556E15
00556DB5 |. 8B45 FC mov eax, [ebp-4]
00556DB8 |. 8078 02 6B cmp byte ptr [eax+2], 6B
00556DBC |. 75 57 jnz short 00556E15
00556DBE |. 8B45 FC mov eax, [ebp-4]
00556DC1 |. 8078 04 6F cmp byte ptr [eax+4], 6F
00556DC5 |. 75 4E jnz short 00556E15
00556DC7 |. 8B45 FC mov eax, [ebp-4]
00556DCA |. 8078 08 32 cmp byte ptr [eax+8], 32
00556DCE |. 75 45 jnz short 00556E15
00556DD0 |. 8B45 FC mov eax, [ebp-4]
00556DD3 |. 8078 06 39 cmp byte ptr [eax+6], 39
00556DD7 |. 75 3C jnz short 00556E15
00556DD9 |. B8 546E5500 mov eax, 00556E54 ; 不好意思,你正在进行非法破解,目前系统正在格式化硬盘,请重起机器,然后重装系统!
00556DDE |. E8 3112EEFF call 00438014
00556DE3 |. BA AC6E5500 mov edx, 00556EAC ; user.dll
00556DE8 |. 8D85 30FEFFFF lea eax, [ebp-1D0]
00556DEE |. E8 49C1EAFF call 00402F3C
00556DF3 |. 8D85 30FEFFFF lea eax, [ebp-1D0]
00556DF9 |. E8 CEBEEAFF call 00402CCC
00556DFE |. E8 4DBBEAFF call 00402950
00556E03 |. 8D85 30FEFFFF lea eax, [ebp-1D0]
00556E09 |. E8 F6C1EAFF call 00403004
00556E0E |. E8 3DBBEAFF call 00402950
00556E13 |. EB 0A jmp short 00556E1F
00556E15 |> B8 C06E5500 mov eax, 00556EC0 ; 注册码错误
00556E1A |. E8 F511EEFF call 00438014
00556E1F |> 33C0 xor eax, eax
00556E21 |. 5A pop edx
00556E22 |. 59 pop ecx
00556E23 |. 59 pop ecx
00556E24 |. 64:8910 mov fs:[eax], edx
00556E27 |. 68 476E5500 push 00556E47
00556E2C |> 8D85 2CFEFFFF lea eax, [ebp-1D4]
00556E32 |. E8 15DEEAFF call 00404C4C
00556E37 |. 8D45 FC lea eax, [ebp-4]
00556E3A |. E8 0DDEEAFF call 00404C4C
00556E3F \. C3 retn
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课