这个软件加了什么壳,用侦壳工具说是C++7.0[Overlay]-加壳脱壳-看雪-安全社区|安全招聘|kanxue.com

这个软件加了什么壳,用侦壳工具说是C++7.0[Overlay]

发表于: 2006-2-18 16:36 4708

这个软件加了什么壳,用侦壳工具说是C++7.0[Overlay]

kitty

2006-2-18 16:36

4708

这个软件加了什么壳,用侦壳工具说是C++7.0[Overlay] ,但我觉得不是,给点意见
代码如下:
100010DD non>  6A 60       push 60
100010DF    68 D8500010 push noname.100050D8
100010E4    E8 7F0D0000 call noname.10001E68
100010E9    BF 94000000 mov edi,94
100010EE    8BC7          mov eax,edi
100010F0    E8 CB0E0000 call noname.10001FC0
100010F5    8965 E8       mov dword ptr ss:[ebp-18],esp
100010F8    8BF4          mov esi,esp
100010FA    893E          mov dword ptr ds:[esi],edi
100010FC    56          push esi
100010FD    FF15 24500010  call dword ptr ds:[<&KERNEL32.>; kernel32.GetVersionExA
10001103    8B4E 10       mov ecx,dword ptr ds:[esi+10]
10001106    890D B8720010  mov dword ptr ds:[100072B8],ec>
1000110C    8B46 04       mov eax,dword ptr ds:[esi+4]
1000110F    A3 C4720010 mov dword ptr ds:[100072C4],ea>
10001114    8B56 08       mov edx,dword ptr ds:[esi+8]
10001117    8915 C8720010  mov dword ptr ds:[100072C8],ed>
1000111D    8B76 0C       mov esi,dword ptr ds:[esi+C]
10001120    81E6 FF7F0000  and esi,7FFF
10001126    8935 BC720010  mov dword ptr ds:[100072BC],es>
1000112C    83F9 02       cmp ecx,2
1000112F    74 0C       je short noname.1000113D
10001131    81CE 00800000  or esi,8000
10001137    8935 BC720010  mov dword ptr ds:[100072BC],es>
1000113D    C1E0 08       shl eax,8
10001140    03C2          add eax,edx
10001142    A3 C0720010 mov dword ptr ds:[100072C0],ea>
10001147    33F6          xor esi,esi
10001149    56          push esi
1000114A    8B3D 18500010  mov edi,dword ptr ds:[<&KERNEL>; kernel32.GetModuleHandleA
10001150    FFD7          call edi
10001152    66:8138 4D5A cmp word ptr ds:[eax],5A4D
10001157    75 1F       jnz short noname.10001178
10001159    8B48 3C       mov ecx,dword ptr ds:[eax+3C]
1000115C    03C8          add ecx,eax
1000115E    8139 50450000  cmp dword ptr ds:[ecx],4550
10001164    75 12       jnz short noname.10001178
10001166    0FB741 18    movzx eax,word ptr ds:[ecx+18]
1000116A    3D 0B010000 cmp eax,10B
1000116F    74 1F       je short noname.10001190
10001171    3D 0B020000 cmp eax,20B
10001176    74 05       je short noname.1000117D
10001178    8975 E4       mov dword ptr ss:[ebp-1C],esi
1000117B    EB 27       jmp short noname.100011A4
1000117D    83B9 84000000 >cmp dword ptr ds:[ecx+84],0E
10001184    ^ 76 F2       jbe short noname.10001178
10001186    33C0          xor eax,eax
10001188    39B1 F8000000  cmp dword ptr ds:[ecx+F8],esi
1000118E    EB 0E       jmp short noname.1000119E
10001190    8379 74 0E    cmp dword ptr ds:[ecx+74],0E
10001194    ^ 76 E2       jbe short noname.10001178
10001196    33C0          xor eax,eax
10001198    39B1 E8000000  cmp dword ptr ds:[ecx+E8],esi
1000119E    0F95C0       setne al
100011A1    8945 E4       mov dword ptr ss:[ebp-1C],eax
100011A4    56          push esi
100011A5    E8 6C0C0000 call noname.10001E16
100011AA    59          pop ecx
100011AB    85C0          test eax,eax
100011AD    75 21       jnz short noname.100011D0
100011AF    833D A8720010 >cmp dword ptr ds:[100072A8],1
100011B6    75 05       jnz short noname.100011BD
100011B8    E8 0E040000 call noname.100015CB
100011BD    6A 1C       push 1C
100011BF    E8 90020000 call noname.10001454
100011C4    68 FF000000 push 0FF
100011C9    E8 EB000000 call noname.100012B9
100011CE    59          pop ecx
100011CF    59          pop ecx
100011D0    E8 9F0B0000 call noname.10001D74
100011D5    8975 FC       mov dword ptr ss:[ebp-4],esi
100011D8    E8 EC090000 call noname.10001BC9
100011DD    85C0          test eax,eax
100011DF    7D 08       jge short noname.100011E9
100011E1    6A 1B       push 1B
100011E3    E8 D0FEFFFF call noname.100010B8
100011E8    59          pop ecx
100011E9    FF15 20500010  call dword ptr ds:[<&KERNEL32.>; kernel32.GetCommandLineA
100011EF    A3 34780010 mov dword ptr ds:[10007834],ea>
100011F4    E8 AE080000 call noname.10001AA7
100011F9    A3 A0720010 mov dword ptr ds:[100072A0],ea>
100011FE    E8 02080000 call noname.10001A05
10001203    85C0          test eax,eax
10001205    7D 08       jge short noname.1000120F
10001207    6A 08       push 8
10001209    E8 AAFEFFFF call noname.100010B8
1000120E    59          pop ecx
1000120F    E8 BE050000 call noname.100017D2
10001214    85C0          test eax,eax
10001216    7D 08       jge short noname.10001220
10001218    6A 09       push 9
1000121A    E8 99FEFFFF call noname.100010B8
1000121F    59          pop ecx
10001220    6A 01       push 1
10001222    E8 C2000000 call noname.100012E9
10001227    59          pop ecx
10001228    8945 D8       mov dword ptr ss:[ebp-28],eax
1000122B    3BC6          cmp eax,esi
1000122D    74 07       je short noname.10001236
1000122F    50          push eax
10001230    E8 83FEFFFF call noname.100010B8
10001235    59          pop ecx
10001236    8975 BC       mov dword ptr ss:[ebp-44],esi
10001239    8D45 90       lea eax,dword ptr ss:[ebp-70]
1000123C    50          push eax
1000123D    FF15 1C500010  call dword ptr ds:[<&KERNEL32.>; kernel32.GetStartupInfoA
10001243    E8 2D050000 call noname.10001775
10001248    8945 E0       mov dword ptr ss:[ebp-20],eax
1000124B    F645 BC 01    test byte ptr ss:[ebp-44],1
1000124F    74 06       je short noname.10001257
10001251    0FB745 C0    movzx eax,word ptr ss:[ebp-40]
10001255    EB 03       jmp short noname.1000125A
10001257    6A 0A       push 0A
10001259    58          pop eax
1000125A    50          push eax
1000125B    FF75 E0       push dword ptr ss:[ebp-20]
1000125E    56          push esi
1000125F    56          push esi
10001260    FFD7          call edi
10001262    50          push eax
10001263    E8 98FDFFFF call noname.10001000
10001268    8BF8          mov edi,eax
1000126A    897D D4       mov dword ptr ss:[ebp-2C],edi
1000126D    3975 E4       cmp dword ptr ss:[ebp-1C],esi
10001270    75 06       jnz short noname.10001278
10001272    57          push edi
10001273    E8 9C010000 call noname.10001414
10001278    E8 B9010000 call noname.10001436
1000127D    EB 2B       jmp short noname.100012AA
1000127F    8B45 EC       mov eax,dword ptr ss:[ebp-14]
10001282    8B08          mov ecx,dword ptr ds:[eax]
10001284    8B09          mov ecx,dword ptr ds:[ecx]
10001286    894D DC       mov dword ptr ss:[ebp-24],ecx
10001289    50          push eax
1000128A    51          push ecx
1000128B    E8 74030000 call noname.10001604
10001290    59          pop ecx
10001291    59          pop ecx
10001292    C3          retn
10001293    8B65 E8       mov esp,dword ptr ss:[ebp-18]
10001296    8B7D DC       mov edi,dword ptr ss:[ebp-24]
10001299    837D E4 00    cmp dword ptr ss:[ebp-1C],0
1000129D    75 06       jnz short noname.100012A5
1000129F    57          push edi
100012A0    E8 80010000 call noname.10001425
100012A5    E8 9B010000 call noname.10001445
100012AA    834D FC FF    or dword ptr ss:[ebp-4],FFFFFF>
100012AE    8BC7          mov eax,edi
100012B0    8D65 84       lea esp,dword ptr ss:[ebp-7C]
100012B3    E8 EB0B0000 call noname.10001EA3
100012B8    C3          retn
100012B9    68 F4500010 push noname.100050F4          ; ASCII "mscoree.dll"
100012BE    FF15 18500010  call dword ptr ds:[<&KERNEL32.>; kernel32.GetModuleHandleA
100012C4    85C0          test eax,eax
100012C6    74 16       je short noname.100012DE
100012C8    68 E4500010 push noname.100050E4          ; ASCII "CorExitProcess"
100012CD    50          push eax
100012CE    FF15 2C500010  call dword ptr ds:[<&KERNEL32.>; kernel32.GetProcAddress
100012D4    85C0          test eax,eax
100012D6    74 06       je short noname.100012DE
100012D8    FF7424 04    push dword ptr ss:[esp+4]
100012DC    FFD0          call eax
100012DE    FF7424 04    push dword ptr ss:[esp+4]
100012E2    FF15 28500010  call dword ptr ds:[<&KERNEL32.>; kernel32.ExitProcess
100012E8    CC          int3
100012E9    A1 30780010 mov eax,dword ptr ds:[10007830>
100012EE    85C0          test eax,eax
100012F0    74 07       je short noname.100012F9
100012F2    FF7424 04    push dword ptr ss:[esp+4]
100012F6    FFD0          call eax
100012F8    59          pop ecx
100012F9    56          push esi
100012FA    57          push edi
100012FB    B9 0C700010 mov ecx,noname.1000700C
10001300    BF 18700010 mov edi,noname.10007018
10001305    33C0          xor eax,eax
10001307    3BCF          cmp ecx,edi
10001309    8BF1          mov esi,ecx
1000130B    73 17       jnb short noname.10001324
1000130D    85C0          test eax,eax
1000130F    75 3F       jnz short noname.10001350
10001311    8B0E          mov ecx,dword ptr ds:[esi]
10001313    85C9          test ecx,ecx
10001315    74 02       je short noname.10001319
10001317    FFD1          call ecx
10001319    83C6 04       add esi,4
1000131C    3BF7          cmp esi,edi
1000131E    ^ 72 ED       jb short noname.1000130D
10001320    85C0          test eax,eax
10001322    75 2C       jnz short noname.10001350
10001324    68 B81D0010 push noname.10001DB8
10001329    E8 510D0000 call noname.1000207F
1000132E    BE 00700010 mov esi,noname.10007000
10001333    8BC6          mov eax,esi
10001335    BF 08700010 mov edi,noname.10007008
1000133A    3BC7          cmp eax,edi
1000133C    59          pop ecx
1000133D    73 0F       jnb short noname.1000134E
1000133F    8B06          mov eax,dword ptr ds:[esi]
10001341    85C0          test eax,eax
10001343    74 02       je short noname.10001347
10001345    FFD0          call eax
10001347    83C6 04       add esi,4
1000134A    3BF7          cmp esi,edi
1000134C    ^ 72 F1       jb short noname.1000133F
1000134E    33C0          xor eax,eax
10001350    5F          pop edi
10001351    5E          pop esi
10001352    C3          retn
10001353    55          push ebp
10001354    8BEC          mov ebp,esp
10001356    56          push esi
10001357    33F6          xor esi,esi
10001359    46          inc esi
1000135A    3935 F8720010  cmp dword ptr ds:[100072F8],es>
10001360    57          push edi
10001361    75 10       jnz short noname.10001373
10001363    FF75 08       push dword ptr ss:[ebp+8]
10001366    FF15 34500010  call dword ptr ds:[<&KERNEL32.>; kernel32.GetCurrentProcess
1000136C    50          push eax
1000136D    FF15 30500010  call dword ptr ds:[<&KERNEL32.>; kernel32.TerminateProcess
10001373    837D 0C 00    cmp dword ptr ss:[ebp+C],0
10001377    8A45 10       mov al,byte ptr ss:[ebp+10]
1000137A    8935 F4720010  mov dword ptr ds:[100072F4],es>
10001380    A2 F0720010 mov byte ptr ds:[100072F0],al
10001385    75 52       jnz short noname.100013D9
10001387    8B0D 28780010  mov ecx,dword ptr ds:[10007828>
1000138D    85C9          test ecx,ecx
1000138F    74 29       je short noname.100013BA
10001391    A1 24780010 mov eax,dword ptr ds:[10007824>
10001396    83E8 04       sub eax,4
10001399    3BC1          cmp eax,ecx
1000139B    EB 16       jmp short noname.100013B3
1000139D    8B00          mov eax,dword ptr ds:[eax]
1000139F    85C0          test eax,eax
100013A1    74 02       je short noname.100013A5
100013A3    FFD0          call eax
100013A5    A1 24780010 mov eax,dword ptr ds:[10007824>
100013AA    83E8 04       sub eax,4
100013AD    3B05 28780010  cmp eax,dword ptr ds:[10007828>
100013B3    A3 24780010 mov dword ptr ds:[10007824],ea>
100013B8    ^ 73 E3       jnb short noname.1000139D
100013BA    B8 1C700010 mov eax,noname.1000701C
100013BF    BE 20700010 mov esi,noname.10007020
100013C4    3BC6          cmp eax,esi
100013C6    8BF8          mov edi,eax
100013C8    73 0F       jnb short noname.100013D9
100013CA    8B07          mov eax,dword ptr ds:[edi]
100013CC    85C0          test eax,eax
100013CE    74 02       je short noname.100013D2
100013D0    FFD0          call eax
100013D2    83C7 04       add edi,4
100013D5    3BFE          cmp edi,esi
100013D7    ^ 72 F1       jb short noname.100013CA
100013D9    B8 24700010 mov eax,noname.10007024
100013DE    BE 28700010 mov esi,noname.10007028
100013E3    3BC6          cmp eax,esi
100013E5    8BF8          mov edi,eax
100013E7    73 0F       jnb short noname.100013F8
100013E9    8B07          mov eax,dword ptr ds:[edi]
100013EB    85C0          test eax,eax
100013ED    74 02       je short noname.100013F1
100013EF    FFD0          call eax
100013F1    83C7 04       add edi,4
100013F4    3BFE          cmp edi,esi
100013F6    ^ 72 F1       jb short noname.100013E9
100013F8    837D 10 00    cmp dword ptr ss:[ebp+10],0
100013FC    5F          pop edi
100013FD    5E          pop esi
100013FE    75 12       jnz short noname.10001412
10001400    FF75 08       push dword ptr ss:[ebp+8]
10001403    C705 F8720010 >mov dword ptr ds:[100072F8],1
1000140D    E8 A7FEFFFF call noname.100012B9
10001412    5D          pop ebp
10001413    C3          retn
10001414    6A 00       push 0
10001416    6A 00       push 0
10001418    FF7424 0C    push dword ptr ss:[esp+C]
1000141C    E8 32FFFFFF call noname.10001353
10001421    83C4 0C       add esp,0C
10001424    C3          retn
10001425    6A 00       push 0
10001427    6A 01       push 1
10001429    FF7424 0C    push dword ptr ss:[esp+C]
1000142D    E8 21FFFFFF call noname.10001353
10001432    83C4 0C       add esp,0C
10001435    C3          retn
10001436    6A 01       push 1
10001438    6A 00       push 0
1000143A    6A 00       push 0
1000143C    E8 12FFFFFF call noname.10001353
10001441    83C4 0C       add esp,0C
10001444    C3          retn
10001445    6A 01       push 1
10001447    6A 01       push 1
10001449    6A 00       push 0
1000144B    E8 03FFFFFF call noname.10001353
10001450    83C4 0C       add esp,0C
10001453    C3          retn

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

收藏・0

免费・1

支持

赞赏记录

参与人

雪币

留言

时间

嫉妒的死远点

为你点赞~

2024-5-31 01:13

最新回复 (3)
kitty 雪币： 93 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 13 回帖 93 粉丝 1 关注私信	kitty 2 楼发觉有对pbvm100.dll的调用,还有对很多pb开头的代码调用,我想它是pb程序,跟了一下,有下面代码,用pbkiller不能反编译,我现在要找找这里的pb教程,有好提议或教程,各位请指点一下. 11227600 PBV> 55 push ebp 11227601 8BEC mov ebp,esp 11227603 83EC 1C sub esp,1C 11227606 8B45 08 mov eax,dword ptr ss:[ebp+8] 11227609 50 push eax 1122760A E8 2170FCFF call PBVM100.FN_MinimumVersion 1122760F 85C0 test eax,eax 11227611 75 04 jnz short PBVM100.11227617 11227613 33C0 xor eax,eax 11227615 EB 43 jmp short PBVM100.1122765A 11227617 C745 FC 607>mov dword ptr ss:[ebp-4],PBVM100.FN_RunEx> 1122761E 8B4D 08 mov ecx,dword ptr ss:[ebp+8] 11227621 894D E4 mov dword ptr ss:[ebp-1C],ecx 11227624 8B55 0C mov edx,dword ptr ss:[ebp+C] 11227627 8955 E8 mov dword ptr ss:[ebp-18],edx 1122762A 8B45 10 mov eax,dword ptr ss:[ebp+10] 1122762D 8945 EC mov dword ptr ss:[ebp-14],eax 11227630 8B4D 14 mov ecx,dword ptr ss:[ebp+14] 11227633 894D F0 mov dword ptr ss:[ebp-10],ecx 11227636 8B55 18 mov edx,dword ptr ss:[ebp+18] 11227639 8955 F4 mov dword ptr ss:[ebp-C],edx 1122763C 8B45 1C mov eax,dword ptr ss:[ebp+1C] 1122763F 8945 F8 mov dword ptr ss:[ebp-8],eax 11227642 837D 1C 00 cmp dword ptr ss:[ebp+1C],0 11227646 74 0B je short PBVM100.11227653 11227648 8D4D E4 lea ecx,dword ptr ss:[ebp-1C] 1122764B 51 push ecx 1122764C E8 0F000000 call PBVM100.FN_RunExecutableEx 11227651 EB 07 jmp short PBVM100.1122765A 11227653 8D55 E4 lea edx,dword ptr ss:[ebp-1C] 11227656 52 push edx 11227657 FF55 FC call dword ptr ss:[ebp-4] 1122765A 8BE5 mov esp,ebp 1122765C 5D pop ebp 1122765D C2 1800 retn 18 11227660 PBV> 55 push ebp 11227661 8BEC mov ebp,esp 11227663 83EC 58 sub esp,58 11227666 56 push esi 11227667 57 push edi 11227668 8B45 08 mov eax,dword ptr ss:[ebp+8] 1122766B 8B08 mov ecx,dword ptr ds:[eax] 1122766D 894D E8 mov dword ptr ss:[ebp-18],ecx 11227670 8B55 08 mov edx,dword ptr ss:[ebp+8] 11227673 8B42 04 mov eax,dword ptr ds:[edx+4] 11227676 8945 DC mov dword ptr ss:[ebp-24],eax 11227679 8B4D 08 mov ecx,dword ptr ss:[ebp+8] 1122767C 8B51 08 mov edx,dword ptr ds:[ecx+8] 1122767F 8955 C0 mov dword ptr ss:[ebp-40],edx 11227682 8B45 08 mov eax,dword ptr ss:[ebp+8] 11227685 8B48 0C mov ecx,dword ptr ds:[eax+C] 11227688 894D EC mov dword ptr ss:[ebp-14],ecx 1122768B 8B55 08 mov edx,dword ptr ss:[ebp+8] 1122768E 8B42 10 mov eax,dword ptr ds:[edx+10] 11227691 8945 F4 mov dword ptr ss:[ebp-C],eax 11227694 8B4D 08 mov ecx,dword ptr ss:[ebp+8] 11227697 8B51 14 mov edx,dword ptr ds:[ecx+14] 1122769A 8955 CC mov dword ptr ss:[ebp-34],edx 1122769D C745 D0 600>mov dword ptr ss:[ebp-30],60 112276A4 6A 00 push 0 112276A6 E8 355B1A00 call <jmp.&PBSHR100.#3_pbstg_begin> 112276AB 8945 D4 mov dword ptr ss:[ebp-2C],eax 112276AE 837D D4 00 cmp dword ptr ss:[ebp-2C],0 112276B2 74 15 je short PBVM100.112276C9 112276B4 8B45 D4 mov eax,dword ptr ss:[ebp-2C] 112276B7 C740 0C 641>mov dword ptr ds:[eax+C],PBVM100.113F1E64 ; UNICODE "Executable RTE/RTF" 112276BE 8B4D D4 mov ecx,dword ptr ss:[ebp-2C] 112276C1 8B51 0C mov edx,dword ptr ds:[ecx+C] 112276C4 8955 A8 mov dword ptr ss:[ebp-58],edx 112276C7 EB 07 jmp short PBVM100.112276D0 112276C9 C745 A8 000>mov dword ptr ss:[ebp-58],0 112276D0 8B45 D4 mov eax,dword ptr ss:[ebp-2C] 112276D3 50 push eax 112276D4 E8 D75A1A00 call <jmp.&PBSHR100.#179_sh_dbg_init> 112276D9 8945 F8 mov dword ptr ss:[ebp-8],eax 112276DC 6A 00 push 0 112276DE 68 04010000 push 104 112276E3 8B4D D4 mov ecx,dword ptr ss:[ebp-2C] 112276E6 51 push ecx 112276E7 E8 30551A00 call <jmp.&PBSHR100.#5_pbstg_alc> 112276EC 8945 B4 mov dword ptr ss:[ebp-4C],eax 112276EF 68 04010000 push 104 112276F4 8B55 B4 mov edx,dword ptr ss:[ebp-4C] 112276F7 52 push edx 112276F8 8B45 E8 mov eax,dword ptr ss:[ebp-18] 112276FB 50 push eax 112276FC FF15 F4913E>call dword ptr ds:[<&KERNEL32.GetModuleFi>; kernel32.GetModuleFileNameW 11227702 6A 00 push 0 11227704 8B4D C0 mov ecx,dword ptr ss:[ebp-40] 11227707 51 push ecx 11227708 8B55 D4 mov edx,dword ptr ss:[ebp-2C] 1122770B 52 push edx 1122770C E8 8F551A00 call <jmp.&PBSHR100.#37_pbstg_strdup> 11227711 8945 F0 mov dword ptr ss:[ebp-10],eax 11227714 8B45 F0 mov eax,dword ptr ss:[ebp-10] 11227717 50 push eax 11227718 FF15 C4933E>call dword ptr ds:[<&MSVCR71._wcsupr>] ; MSVCR71._wcsupr 1122771E 83C4 04 add esp,4 11227721 C745 C8 000>mov dword ptr ss:[ebp-38],0 11227728 C745 BC 000>mov dword ptr ss:[ebp-44],0 1122772F 8B4D F0 mov ecx,dword ptr ss:[ebp-10] 11227732 894D B0 mov dword ptr ss:[ebp-50],ecx 11227735 EB 09 jmp short PBVM100.11227740 11227737 8B55 B0 mov edx,dword ptr ss:[ebp-50] 1122773A 83C2 02 add edx,2 1122773D 8955 B0 mov dword ptr ss:[ebp-50],edx 11227740 8B45 B0 mov eax,dword ptr ss:[ebp-50] 11227743 0FB708 movzx ecx,word ptr ds:[eax] 11227746 85C9 test ecx,ecx 11227748 0F84 DA0000>je PBVM100.11227828 1122774E B9 02000000 mov ecx,2 11227753 BF 8C1E3F11 mov edi,PBVM100.113F1E8C ; UNICODE "/PBDEBUG" 11227758 8B75 B0 mov esi,dword ptr ss:[ebp-50] 1122775B 33D2 xor edx,edx 1122775D F3:A7 repe cmps dword ptr es:[edi],dword ptr ds> 1122775F 74 13 je short PBVM100.11227774 11227761 B9 02000000 mov ecx,2 11227766 BF A01E3F11 mov edi,PBVM100.113F1EA0 ; UNICODE "-PBDEBUG" 1122776B 8B75 B0 mov esi,dword ptr ss:[ebp-50] 1122776E 33C0 xor eax,eax 11227770 F3:A7 repe cmps dword ptr es:[edi],dword ptr ds> 11227772 75 1F jnz short PBVM100.11227793 11227774 8B4D B0 mov ecx,dword ptr ss:[ebp-50] 11227777 8B15 B41E3F>mov edx,dword ptr ds:[113F1EB4] 1122777D 8911 mov dword ptr ds:[ecx],edx 1122777F A1 B81E3F11 mov eax,dword ptr ds:[113F1EB8] 11227784 8941 04 mov dword ptr ds:[ecx+4],eax 11227787 C745 C8 010>mov dword ptr ss:[ebp-38],1 1122778E E9 95000000 jmp PBVM100.11227828 11227793 B9 07000000 mov ecx,7 11227798 BF C81E3F11 mov edi,PBVM100.113F1EC8 ; UNICODE "/DEBUG=" 1122779D 8B75 B0 mov esi,dword ptr ss:[ebp-50] 112277A0 33D2 xor edx,edx 112277A2 F3:A6 repe cmps byte ptr es:[edi],byte ptr ds:[> 112277A4 74 13 je short PBVM100.112277B9 112277A6 B9 07000000 mov ecx,7 112277AB BF D81E3F11 mov edi,PBVM100.113F1ED8 ; UNICODE "-DEBUG=" 112277B0 8B75 B0 mov esi,dword ptr ss:[ebp-50] 112277B3 33C0 xor eax,eax 112277B5 F3:A6 repe cmps byte ptr es:[edi],byte ptr ds:[> 112277B7 75 6A jnz short PBVM100.11227823 112277B9 8B4D B0 mov ecx,dword ptr ss:[ebp-50] 112277BC 8B15 E81E3F>mov edx,dword ptr ds:[113F1EE8] 112277C2 8911 mov dword ptr ds:[ecx],edx 112277C4 66:A1 EC1E3>mov ax,word ptr ds:[113F1EEC] 112277CA 66:8941 04 mov word ptr ds:[ecx+4],ax 112277CE 8A15 EE1E3F>mov dl,byte ptr ds:[113F1EEE] 112277D4 8851 06 mov byte ptr ds:[ecx+6],dl 112277D7 8B45 B0 mov eax,dword ptr ss:[ebp-50] 112277DA 83C0 0E add eax,0E 112277DD 8945 B0 mov dword ptr ss:[ebp-50],eax 112277E0 C745 C8 010>mov dword ptr ss:[ebp-38],1 112277E7 8B4D B0 mov ecx,dword ptr ss:[ebp-50] 112277EA 0FB711 movzx edx,word ptr ds:[ecx] 112277ED 83FA 30 cmp edx,30 112277F0 7C 31 jl short PBVM100.11227823 112277F2 8B45 B0 mov eax,dword ptr ss:[ebp-50] 112277F5 0FB708 movzx ecx,word ptr ds:[eax] 112277F8 83F9 39 cmp ecx,39 112277FB 7F 26 jg short PBVM100.11227823 112277FD 8B55 BC mov edx,dword ptr ss:[ebp-44] 11227800 6BD2 0A imul edx,edx,0A 11227803 8B45 B0 mov eax,dword ptr ss:[ebp-50] 11227806 0FB708 movzx ecx,word ptr ds:[eax] 11227809 8D540A D0 lea edx,dword ptr ds:[edx+ecx-30] 1122780D 8955 BC mov dword ptr ss:[ebp-44],edx 11227810 8B45 B0 mov eax,dword ptr ss:[ebp-50] 11227813 66:C700 200>mov word ptr ds:[eax],20 11227818 8B4D B0 mov ecx,dword ptr ss:[ebp-50] 1122781B 83C1 02 add ecx,2 1122781E 894D B0 mov dword ptr ss:[ebp-50],ecx 11227821 ^ EB C4 jmp short PBVM100.112277E7 11227823 ^ E9 0FFFFFFF jmp PBVM100.11227737 11227828 837D C8 00 cmp dword ptr ss:[ebp-38],0 1122782C 74 66 je short PBVM100.11227894 1122782E 8B55 B4 mov edx,dword ptr ss:[ebp-4C] 11227831 52 push edx 11227832 6A 00 push 0 11227834 8B45 D4 mov eax,dword ptr ss:[ebp-2C] 11227837 50 push eax 11227838 E8 9D591A00 call <jmp.&PBSHR100.#120_osPathCreate> 1122783D 8945 E4 mov dword ptr ss:[ebp-1C],eax 11227840 68 F81E3F11 push PBVM100.113F1EF8 ; UNICODE "dbg" 2006-2-18 21:03 0
kitty 雪币： 93 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 13 回帖 93 粉丝 1 关注私信	kitty 3 楼有高手就给点意见 2006-2-21 19:34 0
aki 雪币： 223 活跃值： (70) 能力值： ( LV6，RANK：90 ) 在线值：发帖 17 回帖 592 粉丝 0 关注私信	aki 2 4 楼你从哪觉得不是vc7.0?俺怎么就没看出来 2006-2-21 21:23 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

kitty

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (3)
kitty 雪币： 93 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 13 回帖 93 粉丝 1 关注私信	kitty 2 楼发觉有对pbvm100.dll的调用,还有对很多pb开头的代码调用,我想它是pb程序,跟了一下,有下面代码,用pbkiller不能反编译,我现在要找找这里的pb教程,有好提议或教程,各位请指点一下. 11227600 PBV> 55 push ebp 11227601 8BEC mov ebp,esp 11227603 83EC 1C sub esp,1C 11227606 8B45 08 mov eax,dword ptr ss:[ebp+8] 11227609 50 push eax 1122760A E8 2170FCFF call PBVM100.FN_MinimumVersion 1122760F 85C0 test eax,eax 11227611 75 04 jnz short PBVM100.11227617 11227613 33C0 xor eax,eax 11227615 EB 43 jmp short PBVM100.1122765A 11227617 C745 FC 607>mov dword ptr ss:[ebp-4],PBVM100.FN_RunEx> 1122761E 8B4D 08 mov ecx,dword ptr ss:[ebp+8] 11227621 894D E4 mov dword ptr ss:[ebp-1C],ecx 11227624 8B55 0C mov edx,dword ptr ss:[ebp+C] 11227627 8955 E8 mov dword ptr ss:[ebp-18],edx 1122762A 8B45 10 mov eax,dword ptr ss:[ebp+10] 1122762D 8945 EC mov dword ptr ss:[ebp-14],eax 11227630 8B4D 14 mov ecx,dword ptr ss:[ebp+14] 11227633 894D F0 mov dword ptr ss:[ebp-10],ecx 11227636 8B55 18 mov edx,dword ptr ss:[ebp+18] 11227639 8955 F4 mov dword ptr ss:[ebp-C],edx 1122763C 8B45 1C mov eax,dword ptr ss:[ebp+1C] 1122763F 8945 F8 mov dword ptr ss:[ebp-8],eax 11227642 837D 1C 00 cmp dword ptr ss:[ebp+1C],0 11227646 74 0B je short PBVM100.11227653 11227648 8D4D E4 lea ecx,dword ptr ss:[ebp-1C] 1122764B 51 push ecx 1122764C E8 0F000000 call PBVM100.FN_RunExecutableEx 11227651 EB 07 jmp short PBVM100.1122765A 11227653 8D55 E4 lea edx,dword ptr ss:[ebp-1C] 11227656 52 push edx 11227657 FF55 FC call dword ptr ss:[ebp-4] 1122765A 8BE5 mov esp,ebp 1122765C 5D pop ebp 1122765D C2 1800 retn 18 11227660 PBV> 55 push ebp 11227661 8BEC mov ebp,esp 11227663 83EC 58 sub esp,58 11227666 56 push esi 11227667 57 push edi 11227668 8B45 08 mov eax,dword ptr ss:[ebp+8] 1122766B 8B08 mov ecx,dword ptr ds:[eax] 1122766D 894D E8 mov dword ptr ss:[ebp-18],ecx 11227670 8B55 08 mov edx,dword ptr ss:[ebp+8] 11227673 8B42 04 mov eax,dword ptr ds:[edx+4] 11227676 8945 DC mov dword ptr ss:[ebp-24],eax 11227679 8B4D 08 mov ecx,dword ptr ss:[ebp+8] 1122767C 8B51 08 mov edx,dword ptr ds:[ecx+8] 1122767F 8955 C0 mov dword ptr ss:[ebp-40],edx 11227682 8B45 08 mov eax,dword ptr ss:[ebp+8] 11227685 8B48 0C mov ecx,dword ptr ds:[eax+C] 11227688 894D EC mov dword ptr ss:[ebp-14],ecx 1122768B 8B55 08 mov edx,dword ptr ss:[ebp+8] 1122768E 8B42 10 mov eax,dword ptr ds:[edx+10] 11227691 8945 F4 mov dword ptr ss:[ebp-C],eax 11227694 8B4D 08 mov ecx,dword ptr ss:[ebp+8] 11227697 8B51 14 mov edx,dword ptr ds:[ecx+14] 1122769A 8955 CC mov dword ptr ss:[ebp-34],edx 1122769D C745 D0 600>mov dword ptr ss:[ebp-30],60 112276A4 6A 00 push 0 112276A6 E8 355B1A00 call <jmp.&PBSHR100.#3_pbstg_begin> 112276AB 8945 D4 mov dword ptr ss:[ebp-2C],eax 112276AE 837D D4 00 cmp dword ptr ss:[ebp-2C],0 112276B2 74 15 je short PBVM100.112276C9 112276B4 8B45 D4 mov eax,dword ptr ss:[ebp-2C] 112276B7 C740 0C 641>mov dword ptr ds:[eax+C],PBVM100.113F1E64 ; UNICODE "Executable RTE/RTF" 112276BE 8B4D D4 mov ecx,dword ptr ss:[ebp-2C] 112276C1 8B51 0C mov edx,dword ptr ds:[ecx+C] 112276C4 8955 A8 mov dword ptr ss:[ebp-58],edx 112276C7 EB 07 jmp short PBVM100.112276D0 112276C9 C745 A8 000>mov dword ptr ss:[ebp-58],0 112276D0 8B45 D4 mov eax,dword ptr ss:[ebp-2C] 112276D3 50 push eax 112276D4 E8 D75A1A00 call <jmp.&PBSHR100.#179_sh_dbg_init> 112276D9 8945 F8 mov dword ptr ss:[ebp-8],eax 112276DC 6A 00 push 0 112276DE 68 04010000 push 104 112276E3 8B4D D4 mov ecx,dword ptr ss:[ebp-2C] 112276E6 51 push ecx 112276E7 E8 30551A00 call <jmp.&PBSHR100.#5_pbstg_alc> 112276EC 8945 B4 mov dword ptr ss:[ebp-4C],eax 112276EF 68 04010000 push 104 112276F4 8B55 B4 mov edx,dword ptr ss:[ebp-4C] 112276F7 52 push edx 112276F8 8B45 E8 mov eax,dword ptr ss:[ebp-18] 112276FB 50 push eax 112276FC FF15 F4913E>call dword ptr ds:[<&KERNEL32.GetModuleFi>; kernel32.GetModuleFileNameW 11227702 6A 00 push 0 11227704 8B4D C0 mov ecx,dword ptr ss:[ebp-40] 11227707 51 push ecx 11227708 8B55 D4 mov edx,dword ptr ss:[ebp-2C] 1122770B 52 push edx 1122770C E8 8F551A00 call <jmp.&PBSHR100.#37_pbstg_strdup> 11227711 8945 F0 mov dword ptr ss:[ebp-10],eax 11227714 8B45 F0 mov eax,dword ptr ss:[ebp-10] 11227717 50 push eax 11227718 FF15 C4933E>call dword ptr ds:[<&MSVCR71._wcsupr>] ; MSVCR71._wcsupr 1122771E 83C4 04 add esp,4 11227721 C745 C8 000>mov dword ptr ss:[ebp-38],0 11227728 C745 BC 000>mov dword ptr ss:[ebp-44],0 1122772F 8B4D F0 mov ecx,dword ptr ss:[ebp-10] 11227732 894D B0 mov dword ptr ss:[ebp-50],ecx 11227735 EB 09 jmp short PBVM100.11227740 11227737 8B55 B0 mov edx,dword ptr ss:[ebp-50] 1122773A 83C2 02 add edx,2 1122773D 8955 B0 mov dword ptr ss:[ebp-50],edx 11227740 8B45 B0 mov eax,dword ptr ss:[ebp-50] 11227743 0FB708 movzx ecx,word ptr ds:[eax] 11227746 85C9 test ecx,ecx 11227748 0F84 DA0000>je PBVM100.11227828 1122774E B9 02000000 mov ecx,2 11227753 BF 8C1E3F11 mov edi,PBVM100.113F1E8C ; UNICODE "/PBDEBUG" 11227758 8B75 B0 mov esi,dword ptr ss:[ebp-50] 1122775B 33D2 xor edx,edx 1122775D F3:A7 repe cmps dword ptr es:[edi],dword ptr ds> 1122775F 74 13 je short PBVM100.11227774 11227761 B9 02000000 mov ecx,2 11227766 BF A01E3F11 mov edi,PBVM100.113F1EA0 ; UNICODE "-PBDEBUG" 1122776B 8B75 B0 mov esi,dword ptr ss:[ebp-50] 1122776E 33C0 xor eax,eax 11227770 F3:A7 repe cmps dword ptr es:[edi],dword ptr ds> 11227772 75 1F jnz short PBVM100.11227793 11227774 8B4D B0 mov ecx,dword ptr ss:[ebp-50] 11227777 8B15 B41E3F>mov edx,dword ptr ds:[113F1EB4] 1122777D 8911 mov dword ptr ds:[ecx],edx 1122777F A1 B81E3F11 mov eax,dword ptr ds:[113F1EB8] 11227784 8941 04 mov dword ptr ds:[ecx+4],eax 11227787 C745 C8 010>mov dword ptr ss:[ebp-38],1 1122778E E9 95000000 jmp PBVM100.11227828 11227793 B9 07000000 mov ecx,7 11227798 BF C81E3F11 mov edi,PBVM100.113F1EC8 ; UNICODE "/DEBUG=" 1122779D 8B75 B0 mov esi,dword ptr ss:[ebp-50] 112277A0 33D2 xor edx,edx 112277A2 F3:A6 repe cmps byte ptr es:[edi],byte ptr ds:[> 112277A4 74 13 je short PBVM100.112277B9 112277A6 B9 07000000 mov ecx,7 112277AB BF D81E3F11 mov edi,PBVM100.113F1ED8 ; UNICODE "-DEBUG=" 112277B0 8B75 B0 mov esi,dword ptr ss:[ebp-50] 112277B3 33C0 xor eax,eax 112277B5 F3:A6 repe cmps byte ptr es:[edi],byte ptr ds:[> 112277B7 75 6A jnz short PBVM100.11227823 112277B9 8B4D B0 mov ecx,dword ptr ss:[ebp-50] 112277BC 8B15 E81E3F>mov edx,dword ptr ds:[113F1EE8] 112277C2 8911 mov dword ptr ds:[ecx],edx 112277C4 66:A1 EC1E3>mov ax,word ptr ds:[113F1EEC] 112277CA 66:8941 04 mov word ptr ds:[ecx+4],ax 112277CE 8A15 EE1E3F>mov dl,byte ptr ds:[113F1EEE] 112277D4 8851 06 mov byte ptr ds:[ecx+6],dl 112277D7 8B45 B0 mov eax,dword ptr ss:[ebp-50] 112277DA 83C0 0E add eax,0E 112277DD 8945 B0 mov dword ptr ss:[ebp-50],eax 112277E0 C745 C8 010>mov dword ptr ss:[ebp-38],1 112277E7 8B4D B0 mov ecx,dword ptr ss:[ebp-50] 112277EA 0FB711 movzx edx,word ptr ds:[ecx] 112277ED 83FA 30 cmp edx,30 112277F0 7C 31 jl short PBVM100.11227823 112277F2 8B45 B0 mov eax,dword ptr ss:[ebp-50] 112277F5 0FB708 movzx ecx,word ptr ds:[eax] 112277F8 83F9 39 cmp ecx,39 112277FB 7F 26 jg short PBVM100.11227823 112277FD 8B55 BC mov edx,dword ptr ss:[ebp-44] 11227800 6BD2 0A imul edx,edx,0A 11227803 8B45 B0 mov eax,dword ptr ss:[ebp-50] 11227806 0FB708 movzx ecx,word ptr ds:[eax] 11227809 8D540A D0 lea edx,dword ptr ds:[edx+ecx-30] 1122780D 8955 BC mov dword ptr ss:[ebp-44],edx 11227810 8B45 B0 mov eax,dword ptr ss:[ebp-50] 11227813 66:C700 200>mov word ptr ds:[eax],20 11227818 8B4D B0 mov ecx,dword ptr ss:[ebp-50] 1122781B 83C1 02 add ecx,2 1122781E 894D B0 mov dword ptr ss:[ebp-50],ecx 11227821 ^ EB C4 jmp short PBVM100.112277E7 11227823 ^ E9 0FFFFFFF jmp PBVM100.11227737 11227828 837D C8 00 cmp dword ptr ss:[ebp-38],0 1122782C 74 66 je short PBVM100.11227894 1122782E 8B55 B4 mov edx,dword ptr ss:[ebp-4C] 11227831 52 push edx 11227832 6A 00 push 0 11227834 8B45 D4 mov eax,dword ptr ss:[ebp-2C] 11227837 50 push eax 11227838 E8 9D591A00 call <jmp.&PBSHR100.#120_osPathCreate> 1122783D 8945 E4 mov dword ptr ss:[ebp-1C],eax 11227840 68 F81E3F11 push PBVM100.113F1EF8 ; UNICODE "dbg" 2006-2-18 21:03 0
kitty 雪币： 93 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 13 回帖 93 粉丝 1 关注私信	kitty 3 楼有高手就给点意见 2006-2-21 19:34 0
aki 雪币： 223 活跃值： (70) 能力值： ( LV6，RANK：90 ) 在线值：发帖 17 回帖 592 粉丝 0 关注私信	aki 2 4 楼你从哪觉得不是vc7.0?俺怎么就没看出来 2006-2-21 21:23 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

这个软件加了什么壳,用侦壳工具说是C++7.0[Overlay]

账号登录 验证码登录

账号登录

验证码登录