一软件 第一个壳
ASProtect 2.11 SKE build 03.13 Release
已经按照 SYSCOM 老师的补区段的方法 脱去 正常运行
OD 载入脱壳后的文件提示
该软件被压缩
PEID 普通扫描 为 什么都没找到 *
深度扫描 为 UPolyX v0.5 *
核心扫描为 tElock 0.9 - 1.0 (private) -> tE!
求助各位老师 这下一层壳到底是什么?
付OD 载入的时的代码
00BF02FC > 55 push ebp
00BF02FD 26:EB 02 jmp short dumped_1.00BF0302
00BF0300 CD20 81DD7812 vxdjump 1278DD81
00BF0306 DAFB fidivr ebx ; 非法使用寄存器
00BF0308 8BEC mov ebp,esp
00BF030A 6A FF push -1
00BF030C FF7424 0C push dword ptr ss:[esp+C]
00BF0310 F3: prefix rep:
00BF0311 EB 02 jmp short dumped_1.00BF0315
00BF0313 CD20 669C578D vxdjump 8D579C66
00BF0319 7C 4B jl short dumped_1.00BF0366
00BF031B 52 push edx
00BF031C 8D7F AE lea edi,dword ptr ds:[edi-52]
00BF031F 2BF9 sub edi,ecx
00BF0321 8BFC mov edi,esp
00BF0323 EB 01 jmp short dumped_1.00BF0326
00BF0325 F0:8D7C07 06 lock lea edi,dword ptr ds:[edi+eax+6>; 不允许锁定前缀
00BF032A 2BF8 sub edi,eax
00BF032C 50 push eax
00BF032D 33C1 xor eax,ecx
00BF032F 034424 38 add eax,dword ptr ss:[esp+38]
00BF0333 36:EB 01 jmp short dumped_1.00BF0337
00BF0336 9A 83D05A36 EB0>call far 01EB:365AD083
00BF033D - 0F8D 84355036 jge 370F38C7
00BF0343 40 inc eax
00BF0344 002B add byte ptr ds:[ebx],ch
00BF0346 C6 ??? ; 未知命令
00BF0347 F3: prefix rep:
00BF0348 EB 02 jmp short dumped_1.00BF034C
00BF034A CD20 2BC52EEB vxdjump EB2EC52B
00BF0350 019A 8907585F add dword ptr ds:[edx+5F580789],ebx
00BF0356 66:9D popfw
00BF0358 E9 75000000 jmp dumped_1.00BF03D2
00BF035D 3C 22 cmp al,22
00BF035F 0F85 5D010000 jnz dumped_1.00BF04C2
00BF0365 E8 96FC0C00 call dumped_1.00CC0000
00BF036A 53 push ebx
00BF036B FF15 04304000 call dword ptr ds:[<&kernel32.GetMod>; kernel32.GetModuleHandleA
00BF0371 E9 6D010000 jmp dumped_1.00BF04E3
00BF0376 8975 8C mov dword ptr ss:[ebp-74],esi
00BF0379 E9 70010000 jmp dumped_1.00BF04EE
00BF037E 81C0 C093585B add eax,5B5893C0
00BF0384 F3: prefix rep:
00BF0385 EB 02 jmp short dumped_1.00BF0389
00BF0387 CD20 13C081D0 vxdjump D081C013
00BF038D 0E push cs
00BF038E 6E outs dx,byte ptr es:[edi]
00BF038F E5 46 in eax,46
00BF0391 EB 01 jmp short dumped_1.00BF0394
00BF0393 - 0F8D 840B9845 jge 46570F1D
00BF0399 40 inc eax
00BF039A 002B add byte ptr ds:[ebx],ch
00BF039C C12B C3 shr dword ptr ds:[ebx],0C3
00BF039F EB 01 jmp short dumped_1.00BF03A2
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课