请教：hasp 67h功能壳:Xtreme-Protector V1.08 XPROT不知为何壳-加壳脱壳-看雪-安全社区|安全招聘|kanxue.com

最新回复 (3)
kanxue 雪币： 47147 活跃值： (20380) 能力值： (RANK：350 ) 在线值：发帖 2374 回帖 17045 粉丝 538 关注私信	kanxue 8 2 楼 http://www.oreans.com/xprotector/ 最初由 ckearth* 发布* 壳:Xtreme-Protector V1.08 XPROT不知为何壳 2006-6-22 15:44 0
Pan88168 雪币： 463 活跃值： (111) 能力值： ( LV2，RANK：10 ) 在线值：发帖 14 回帖 1103 粉丝 8 关注私信	Pan88168 3 楼唉,为什么现在的软件都这么BT呢, 我记得有人说过,外面的壳再强,只要里面的一层好脱就容易了, 多层壳= 1层所以只要利用hasp壳的方法就可以脱了, 目前试过的有: themida + hasp (Cxxkad 8.X) Armadillo + hasp (PxM 9.x) 其他没试过,不清楚. 2006-6-23 02:20 0
ckearth 雪币： 192 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 24 回帖 64 粉丝 0 关注私信	ckearth 4 楼但文件的入口处的代码被加密了，不知如何恢复 CNCKAD老版本7。5（HASP壳时可以看到） 004FE8B4 6A 74 push 74 004FE8B6 68 30D75200 push gkadw.0052D730 004FE8BB E8 F4010000 call gkadw.004FEAB4 004FE8C0 33DB xor ebx,ebx 004FE8C2 895D E0 mov dword ptr ss:[ebp-20],ebx 004FE8C5 53 push ebx 004FE8C6 8B3D A0F85000 mov edi,dword ptr ds:[50F8A0] ; KERNEL32.GetModuleHandleA 004FE8CC FFD7 call edi 004FE8CE 66:8138 4D5A cmp word ptr ds:[eax],5A4D 004FE8D3 75 1F jnz short gkadw.004FE8F4 004FE8D5 8B48 3C mov ecx,dword ptr ds:[eax+3C] 004FE8D8 03C8 add ecx,eax 004FE8DA 8139 50450000 cmp dword ptr ds:[ecx],4550 004FE8E0 75 12 jnz short gkadw.004FE8F4 004FE8E2 0FB741 18 movzx eax,word ptr ds:[ecx+18] 004FE8E6 3D 0B010000 cmp eax,10B 004FE8EB 74 1F je short gkadw.004FE90C 004FE8ED 3D 0B020000 cmp eax,20B 004FE8F2 74 05 je short gkadw.004FE8F9 004FE8F4 895D E4 mov dword ptr ss:[ebp-1C],ebx 004FE8F7 EB 27 jmp short gkadw.004FE920 004FE8F9 83B9 84000000 0E cmp dword ptr ds:[ecx+84],0E 004FE900 ^ 76 F2 jbe short gkadw.004FE8F4 004FE902 33C0 xor eax,eax 004FE904 3999 F8000000 cmp dword ptr ds:[ecx+F8],ebx 004FE90A EB 0E jmp short gkadw.004FE91A 004FE90C 8379 74 0E cmp dword ptr ds:[ecx+74],0E 004FE910 ^ 76 E2 jbe short gkadw.004FE8F4 004FE912 33C0 xor eax,eax 004FE914 3999 E8000000 cmp dword ptr ds:[ecx+E8],ebx 004FE91A 0F95C0 setne al 004FE91D 8945 E4 mov dword ptr ss:[ebp-1C],eax 004FE920 895D FC mov dword ptr ss:[ebp-4],ebx 004FE923 6A 02 push 2 004FE925 FF15 D4075100 call dword ptr ds:[5107D4] ; MSVCR71.__set_app_type 004FE92B 59 pop ecx 004FE92C 830D 64965B00 FF or dword ptr ds:[5B9664],FFFFFFFF 004FE933 830D 68965B00 FF or dword ptr ds:[5B9668],FFFFFFFF 004FE93A FF15 D8075100 call dword ptr ds:[5107D8] ; MSVCR71.__p__fmode 004FE940 8B0D 907A5B00 mov ecx,dword ptr ds:[5B7A90] 004FE946 8908 mov dword ptr ds:[eax],ecx 004FE948 FF15 DC075100 call dword ptr ds:[5107DC] ; MSVCR71.__p__commode 004FE94E 8B0D 8C7A5B00 mov ecx,dword ptr ds:[5B7A8C] 004FE954 8908 mov dword ptr ds:[eax],ecx 004FE956 A1 E0075100 mov eax,dword ptr ds:[5107E0] 004FE95B 8B00 mov eax,dword ptr ds:[eax] 004FE95D A3 60965B00 mov dword ptr ds:[5B9660],eax 004FE962 E8 4B020000 call gkadw.004FEBB2 004FE967 E8 E6020000 call gkadw.004FEC52 004FE96C 391D 20215700 cmp dword ptr ds:[572120],ebx 004FE972 75 0C jnz short gkadw.004FE980 004FE974 68 52EC4F00 push gkadw.004FEC52 004FE979 FF15 E4075100 call dword ptr ds:[5107E4] ; MSVCR71.__setusermatherr 004FE97F 59 pop ecx 004FE980 E8 BB020000 call gkadw.004FEC40 004FE985 68 8C145600 push gkadw.0056148C 004FE98A 68 88145600 push gkadw.00561488 004FE98F E8 A6020000 call gkadw.004FEC3A ; jmp to MSVCR71._initterm 004FE994 68 F6EB4F00 push gkadw.004FEBF6 004FE999 E8 EDFBFFFF call gkadw.004FE58B 004FE99E A1 887A5B00 mov eax,dword ptr ds:[5B7A88] 004FE9A3 8945 D8 mov dword ptr ss:[ebp-28],eax 004FE9A6 8D45 D8 lea eax,dword ptr ss:[ebp-28] 004FE9A9 50 push eax 004FE9AA FF35 847A5B00 push dword ptr ds:[5B7A84] 004FE9B0 8D45 D0 lea eax,dword ptr ss:[ebp-30] 004FE9B3 50 push eax 004FE9B4 8D45 CC lea eax,dword ptr ss:[ebp-34] 004FE9B7 50 push eax 004FE9B8 8D45 C8 lea eax,dword ptr ss:[ebp-38] 004FE9BB 50 push eax 004FE9BC FF15 EC075100 call dword ptr ds:[5107EC] ; MSVCR71.__getmainargs 004FE9C2 83C4 20 add esp,20 004FE9C5 8945 C4 mov dword ptr ss:[ebp-3C],eax 004FE9C8 3BC3 cmp eax,ebx 004FE9CA 7D 08 jge short gkadw.004FE9D4 004FE9CC 6A 08 push 8 004FE9CE E8 D9010000 call gkadw.004FEBAC ; jmp to MSVCR71._amsg_exit 004FE9D3 59 pop ecx 004FE9D4 68 84145600 push gkadw.00561484 004FE9D9 68 00105600 push gkadw.00561000 004FE9DE E8 57020000 call gkadw.004FEC3A ; jmp to MSVCR71._initterm 004FE9E3 59 pop ecx 004FE9E4 59 pop ecx 004FE9E5 A1 F4075100 mov eax,dword ptr ds:[5107F4] 004FE9EA 8B30 mov esi,dword ptr ds:[eax] 004FE9EC 8975 DC mov dword ptr ss:[ebp-24],esi 004FE9EF 8A06 mov al,byte ptr ds:[esi] 004FE9F1 3C 20 cmp al,20 004FE9F3 77 5D ja short gkadw.004FEA52 004FE9F5 3AC3 cmp al,bl 004FE9F7 74 05 je short gkadw.004FE9FE 004FE9F9 395D E0 cmp dword ptr ss:[ebp-20],ebx 004FE9FC 75 54 jnz short gkadw.004FEA52 004FE9FE 8A06 mov al,byte ptr ds:[esi] 004FEA00 3AC3 cmp al,bl 004FEA02 74 0A je short gkadw.004FEA0E 004FEA04 3C 20 cmp al,20 004FEA06 77 06 ja short gkadw.004FEA0E 004FEA08 46 inc esi 004FEA09 8975 DC mov dword ptr ss:[ebp-24],esi 004FEA0C ^ EB F0 jmp short gkadw.004FE9FE 004FEA0E 895D A8 mov dword ptr ss:[ebp-58],ebx 004FEA11 8D85 7CFFFFFF lea eax,dword ptr ss:[ebp-84] 004FEA17 50 push eax 004FEA18 FF15 40F85000 call dword ptr ds:[50F840] ; KERNEL32.GetStartupInfoA 004FEA1E F645 A8 01 test byte ptr ss:[ebp-58],1 004FEA22 74 06 je short gkadw.004FEA2A 004FEA24 0FB745 AC movzx eax,word ptr ss:[ebp-54] 004FEA28 EB 03 jmp short gkadw.004FEA2D 004FEA2A 6A 0A push 0A 004FEA2C 58 pop eax 004FEA2D 50 push eax 004FEA2E 56 push esi 004FEA2F 53 push ebx 004FEA30 53 push ebx 004FEA31 FFD7 call edi 004FEA33 50 push eax 004FEA34 E8 09140000 call gkadw.004FFE42 004FEA39 8BF0 mov esi,eax 004FEA3B 8975 C0 mov dword ptr ss:[ebp-40],esi 004FEA3E 395D E4 cmp dword ptr ss:[ebp-1C],ebx 004FEA41 75 07 jnz short gkadw.004FEA4A 004FEA43 56 push esi 004FEA44 FF15 60085100 call dword ptr ds:[510860] ; MSVCR71.exit 004FEA4A FF15 F8075100 call dword ptr ds:[5107F8] ; MSVCR71._cexit 004FEA50 EB 55 jmp short gkadw.004FEAA7 004FEA52 3C 22 cmp al,22 004FEA54 75 0B jnz short gkadw.004FEA61 004FEA56 33C9 xor ecx,ecx 004FEA58 395D E0 cmp dword ptr ss:[ebp-20],ebx 004FEA5B 0F94C1 sete cl 004FEA5E 894D E0 mov dword ptr ss:[ebp-20],ecx 004FEA61 0FB6C0 movzx eax,al 004FEA64 50 push eax 004FEA65 FF15 FC075100 call dword ptr ds:[5107FC] ; MSVCR71._ismbblead 004FEA6B 59 pop ecx 004FEA6C 85C0 test eax,eax 004FEA6E 74 04 je short gkadw.004FEA74 004FEA70 46 inc esi 004FEA71 8975 DC mov dword ptr ss:[ebp-24],esi 004FEA74 46 inc esi 004FEA75 ^ E9 72FFFFFF jmp gkadw.004FE9EC 004FEA7A 8B45 EC mov eax,dword ptr ss:[ebp-14] 004FEA7D 8B08 mov ecx,dword ptr ds:[eax] 004FEA7F 8B09 mov ecx,dword ptr ds:[ecx] 004FEA81 894D D4 mov dword ptr ss:[ebp-2C],ecx 004FEA84 50 push eax 004FEA85 51 push ecx 004FEA86 E8 1B010000 call gkadw.004FEBA6 ; jmp to MSVCR71._XcptFilter 004FEA8B 59 pop ecx 004FEA8C 59 pop ecx 004FEA8D C3 retn 004FEA8E 8B65 E8 mov esp,dword ptr ss:[ebp-18] 004FEA91 8B75 D4 mov esi,dword ptr ss:[ebp-2C] 004FEA94 837D E4 00 cmp dword ptr ss:[ebp-1C],0 004FEA98 75 07 jnz short gkadw.004FEAA1 004FEA9A 56 push esi 004FEA9B FF15 04085100 call dword ptr ds:[510804] ; MSVCR71._exit 004FEAA1 FF15 08085100 call dword ptr ds:[510808] ; MSVCR71._c_exit 004FEAA7 834D FC FF or dword ptr ss:[ebp-4],FFFFFFFF 004FEAAB 8BC6 mov eax,esi 004FEAAD E8 3D000000 call gkadw.004FEAEF 004FEAB2 C3 retn CNCKAD8。0新版本（Xtreme-Protector V1.08 XPROT壳） 005439A4 14 42 adc al,42 005439A6 95 xchg eax,ebp 005439A7 D5 F7 aad 0F7 005439A9 0093 E3E7F481 add byte ptr ds:[ebx+81F4E7E3],dl 005439AF ^ 70 B6 jo short gkadw.00543967 005439B1 DC4F E0 fmul qword ptr ds:[edi-20] 005439B4 A1 98E6D91C mov eax,dword ptr ds:[1CD9E698] 005439B9 66:67:90 nop 005439BC 8886 D6D6E6FF mov byte ptr ds:[esi+FFE6D6D6],al 005439C2 96 xchg eax,esi 005439C3 E5 E0 in eax,0E0 005439C5 E7 6B out 6B,eax 005439C7 184E 7C sbb byte ptr ds:[esi+7C],cl 005439CA 08A3 ED8E16D0 or byte ptr ds:[ebx+D0168EED],ah 005439D0 E8 AD9DA9CE call CEFDD782 005439D5 F2: prefix repne: 005439D6 3D 0B010000 cmp eax,10B 005439DB 74 1F je short gkadw.005439FC 005439DD 3D 0B020000 cmp eax,20B 005439E2 74 05 je short gkadw.005439E9 005439E4 895D E4 mov dword ptr ss:[ebp-1C],ebx 005439E7 EB 27 jmp short gkadw.00543A10 005439E9 83B9 84000000 0E cmp dword ptr ds:[ecx+84],0E 005439F0 ^ 76 F2 jbe short gkadw.005439E4 005439F2 33C0 xor eax,eax 005439F4 3999 F8000000 cmp dword ptr ds:[ecx+F8],ebx 005439FA EB 0E jmp short gkadw.00543A0A 005439FC 8379 74 0E cmp dword ptr ds:[ecx+74],0E 00543A00 ^ 76 E2 jbe short gkadw.005439E4 00543A02 33C0 xor eax,eax 00543A04 3999 E8000000 cmp dword ptr ds:[ecx+E8],ebx 00543A0A 0F95C0 setne al 00543A0D 8945 E4 mov dword ptr ss:[ebp-1C],eax 00543A10 895D FC mov dword ptr ss:[ebp-4],ebx 00543A13 6A 02 push 2 00543A15 E8 514EE07B call MSVCR71.__set_app_type 00543A1A 90 nop 00543A1B 59 pop ecx 00543A1C 830D 68D07A00 FF or dword ptr ds:[7AD068],FFFFFFFF 00543A23 830D 6CD07A00 FF or dword ptr ds:[7AD06C],FFFFFFFF 00543A2A 90 nop 00543A2B E8 D355E07B call MSVCR71.__p__fmode 00543A30 8B0D 60F67900 mov ecx,dword ptr ds:[79F660] 00543A36 8908 mov dword ptr ds:[eax],ecx 00543A38 90 nop 00543A39 E8 A755E07B call MSVCR71.__p__commode 00543A3E 8B0D 5CF67900 mov ecx,dword ptr ds:[79F65C] 00543A44 8908 mov dword ptr ds:[eax],ecx 00543A46 A1 1C725500 mov eax,dword ptr ds:[55721C] 00543A4B 8B00 mov eax,dword ptr ds:[eax] 00543A4D A3 64D07A00 mov dword ptr ds:[7AD064],eax 00543A52 E8 CF020000 call gkadw.00543D26 00543A57 E8 6A030000 call gkadw.00543DC6 00543A5C 391D F0827500 cmp dword ptr ds:[7582F0],ebx 00543A62 75 0C jnz short gkadw.00543A70 00543A64 68 C63D5400 push gkadw.00543DC6 00543A69 E8 074EE07B call MSVCR71.__setusermatherr 00543A6E 90 nop 00543A6F 59 pop ecx 00543A70 E8 3F030000 call gkadw.00543DB4 00543A75 68 DC915B00 push gkadw.005B91DC 00543A7A 68 D8915B00 push gkadw.005B91D8 00543A7F E8 2A030000 call gkadw.00543DAE 00543A84 68 6A3D5400 push gkadw.00543D6A 00543A89 E8 F5FBFFFF call gkadw.00543683 00543A8E A1 58F67900 mov eax,dword ptr ds:[79F658] 00543A93 8945 D8 mov dword ptr ss:[ebp-28],eax 00543A96 8D45 D8 lea eax,dword ptr ss:[ebp-28] 00543A99 50 push eax 00543A9A FF35 54F67900 push dword ptr ds:[79F654] 00543AA0 8D45 D0 lea eax,dword ptr ss:[ebp-30] 00543AA3 50 push eax 00543AA4 8D45 CC lea eax,dword ptr ss:[ebp-34] 00543AA7 50 push eax 00543AA8 8D45 C8 lea eax,dword ptr ss:[ebp-38] 00543AAB 50 push eax 00543AAC 90 nop 00543AAD E8 9654E07B call MSVCR71.__getmainargs 00543AB2 83C4 20 add esp,20 00543AB5 8945 C4 mov dword ptr ss:[ebp-3C],eax 00543AB8 3BC3 cmp eax,ebx 00543ABA 7D 08 jge short gkadw.00543AC4 00543ABC 6A 08 push 8 00543ABE E8 5D020000 call gkadw.00543D20 00543AC3 59 pop ecx 00543AC4 68 D4915B00 push gkadw.005B91D4 00543AC9 68 00905B00 push gkadw.005B9000 00543ACE E8 DB020000 call gkadw.00543DAE 00543AD3 59 pop ecx 00543AD4 59 pop ecx 00543AD5 A1 30725500 mov eax,dword ptr ds:[557230] 00543ADA 8B30 mov esi,dword ptr ds:[eax] 00543ADC 8975 DC mov dword ptr ss:[ebp-24],esi 00543ADF 8A06 mov al,byte ptr ds:[esi] 00543AE1 3C 20 cmp al,20 00543AE3 77 5D ja short gkadw.00543B42 00543AE5 3AC3 cmp al,bl 00543AE7 74 05 je short gkadw.00543AEE 00543AE9 395D E0 cmp dword ptr ss:[ebp-20],ebx 00543AEC 75 54 jnz short gkadw.00543B42 00543AEE 8A06 mov al,byte ptr ds:[esi] 00543AF0 3AC3 cmp al,bl 00543AF2 74 0A je short gkadw.00543AFE 00543AF4 3C 20 cmp al,20 00543AF6 77 06 ja short gkadw.00543AFE 00543AF8 46 inc esi 00543AF9 8975 DC mov dword ptr ss:[ebp-24],esi 00543AFC ^ EB F0 jmp short gkadw.00543AEE 00543AFE 895D A8 mov dword ptr ss:[ebp-58],ebx 00543B01 8D85 7CFFFFFF lea eax,dword ptr ss:[ebp-84] 00543B07 50 push eax 00543B08 E8 F3C43D04 call 04920000 00543B0D 90 nop 00543B0E F645 A8 01 test byte ptr ss:[ebp-58],1 00543B12 74 06 je short gkadw.00543B1A 00543B14 0FB745 AC movzx eax,word ptr ss:[ebp-54] 00543B18 EB 03 jmp short gkadw.00543B1D 00543B1A 6A 0A push 0A 00543B1C 58 pop eax 00543B1D 50 push eax 00543B1E 56 push esi 00543B1F 53 push ebx 00543B20 53 push ebx 00543B21 FFD7 call edi 00543B23 50 push eax 00543B24 E8 CB140000 call gkadw.00544FF4 00543B29 8BF0 mov esi,eax 00543B2B 8975 C0 mov dword ptr ss:[ebp-40],esi 00543B2E 395D E4 cmp dword ptr ss:[ebp-1C],ebx 00543B31 75 07 jnz short gkadw.00543B3A 00543B33 56 push esi 00543B34 90 nop 00543B35 E8 CA51E07B call MSVCR71.exit 00543B3A 90 nop 00543B3B E8 AD3BE07B call MSVCR71._cexit 2006-6-23 09:20 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (3)
kanxue 雪币： 47147 活跃值： (20380) 能力值： (RANK：350 ) 在线值：发帖 2374 回帖 17045 粉丝 538 关注私信	kanxue 8 2 楼 http://www.oreans.com/xprotector/ 最初由 ckearth* 发布* 壳:Xtreme-Protector V1.08 XPROT不知为何壳 2006-6-22 15:44 0
Pan88168 雪币： 463 活跃值： (111) 能力值： ( LV2，RANK：10 ) 在线值：发帖 14 回帖 1103 粉丝 8 关注私信	Pan88168 3 楼唉,为什么现在的软件都这么BT呢, 我记得有人说过,外面的壳再强,只要里面的一层好脱就容易了, 多层壳= 1层所以只要利用hasp壳的方法就可以脱了, 目前试过的有: themida + hasp (Cxxkad 8.X) Armadillo + hasp (PxM 9.x) 其他没试过,不清楚. 2006-6-23 02:20 0
ckearth 雪币： 192 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 24 回帖 64 粉丝 0 关注私信	ckearth 4 楼但文件的入口处的代码被加密了，不知如何恢复 CNCKAD老版本7。5（HASP壳时可以看到） 004FE8B4 6A 74 push 74 004FE8B6 68 30D75200 push gkadw.0052D730 004FE8BB E8 F4010000 call gkadw.004FEAB4 004FE8C0 33DB xor ebx,ebx 004FE8C2 895D E0 mov dword ptr ss:[ebp-20],ebx 004FE8C5 53 push ebx 004FE8C6 8B3D A0F85000 mov edi,dword ptr ds:[50F8A0] ; KERNEL32.GetModuleHandleA 004FE8CC FFD7 call edi 004FE8CE 66:8138 4D5A cmp word ptr ds:[eax],5A4D 004FE8D3 75 1F jnz short gkadw.004FE8F4 004FE8D5 8B48 3C mov ecx,dword ptr ds:[eax+3C] 004FE8D8 03C8 add ecx,eax 004FE8DA 8139 50450000 cmp dword ptr ds:[ecx],4550 004FE8E0 75 12 jnz short gkadw.004FE8F4 004FE8E2 0FB741 18 movzx eax,word ptr ds:[ecx+18] 004FE8E6 3D 0B010000 cmp eax,10B 004FE8EB 74 1F je short gkadw.004FE90C 004FE8ED 3D 0B020000 cmp eax,20B 004FE8F2 74 05 je short gkadw.004FE8F9 004FE8F4 895D E4 mov dword ptr ss:[ebp-1C],ebx 004FE8F7 EB 27 jmp short gkadw.004FE920 004FE8F9 83B9 84000000 0E cmp dword ptr ds:[ecx+84],0E 004FE900 ^ 76 F2 jbe short gkadw.004FE8F4 004FE902 33C0 xor eax,eax 004FE904 3999 F8000000 cmp dword ptr ds:[ecx+F8],ebx 004FE90A EB 0E jmp short gkadw.004FE91A 004FE90C 8379 74 0E cmp dword ptr ds:[ecx+74],0E 004FE910 ^ 76 E2 jbe short gkadw.004FE8F4 004FE912 33C0 xor eax,eax 004FE914 3999 E8000000 cmp dword ptr ds:[ecx+E8],ebx 004FE91A 0F95C0 setne al 004FE91D 8945 E4 mov dword ptr ss:[ebp-1C],eax 004FE920 895D FC mov dword ptr ss:[ebp-4],ebx 004FE923 6A 02 push 2 004FE925 FF15 D4075100 call dword ptr ds:[5107D4] ; MSVCR71.__set_app_type 004FE92B 59 pop ecx 004FE92C 830D 64965B00 FF or dword ptr ds:[5B9664],FFFFFFFF 004FE933 830D 68965B00 FF or dword ptr ds:[5B9668],FFFFFFFF 004FE93A FF15 D8075100 call dword ptr ds:[5107D8] ; MSVCR71.__p__fmode 004FE940 8B0D 907A5B00 mov ecx,dword ptr ds:[5B7A90] 004FE946 8908 mov dword ptr ds:[eax],ecx 004FE948 FF15 DC075100 call dword ptr ds:[5107DC] ; MSVCR71.__p__commode 004FE94E 8B0D 8C7A5B00 mov ecx,dword ptr ds:[5B7A8C] 004FE954 8908 mov dword ptr ds:[eax],ecx 004FE956 A1 E0075100 mov eax,dword ptr ds:[5107E0] 004FE95B 8B00 mov eax,dword ptr ds:[eax] 004FE95D A3 60965B00 mov dword ptr ds:[5B9660],eax 004FE962 E8 4B020000 call gkadw.004FEBB2 004FE967 E8 E6020000 call gkadw.004FEC52 004FE96C 391D 20215700 cmp dword ptr ds:[572120],ebx 004FE972 75 0C jnz short gkadw.004FE980 004FE974 68 52EC4F00 push gkadw.004FEC52 004FE979 FF15 E4075100 call dword ptr ds:[5107E4] ; MSVCR71.__setusermatherr 004FE97F 59 pop ecx 004FE980 E8 BB020000 call gkadw.004FEC40 004FE985 68 8C145600 push gkadw.0056148C 004FE98A 68 88145600 push gkadw.00561488 004FE98F E8 A6020000 call gkadw.004FEC3A ; jmp to MSVCR71._initterm 004FE994 68 F6EB4F00 push gkadw.004FEBF6 004FE999 E8 EDFBFFFF call gkadw.004FE58B 004FE99E A1 887A5B00 mov eax,dword ptr ds:[5B7A88] 004FE9A3 8945 D8 mov dword ptr ss:[ebp-28],eax 004FE9A6 8D45 D8 lea eax,dword ptr ss:[ebp-28] 004FE9A9 50 push eax 004FE9AA FF35 847A5B00 push dword ptr ds:[5B7A84] 004FE9B0 8D45 D0 lea eax,dword ptr ss:[ebp-30] 004FE9B3 50 push eax 004FE9B4 8D45 CC lea eax,dword ptr ss:[ebp-34] 004FE9B7 50 push eax 004FE9B8 8D45 C8 lea eax,dword ptr ss:[ebp-38] 004FE9BB 50 push eax 004FE9BC FF15 EC075100 call dword ptr ds:[5107EC] ; MSVCR71.__getmainargs 004FE9C2 83C4 20 add esp,20 004FE9C5 8945 C4 mov dword ptr ss:[ebp-3C],eax 004FE9C8 3BC3 cmp eax,ebx 004FE9CA 7D 08 jge short gkadw.004FE9D4 004FE9CC 6A 08 push 8 004FE9CE E8 D9010000 call gkadw.004FEBAC ; jmp to MSVCR71._amsg_exit 004FE9D3 59 pop ecx 004FE9D4 68 84145600 push gkadw.00561484 004FE9D9 68 00105600 push gkadw.00561000 004FE9DE E8 57020000 call gkadw.004FEC3A ; jmp to MSVCR71._initterm 004FE9E3 59 pop ecx 004FE9E4 59 pop ecx 004FE9E5 A1 F4075100 mov eax,dword ptr ds:[5107F4] 004FE9EA 8B30 mov esi,dword ptr ds:[eax] 004FE9EC 8975 DC mov dword ptr ss:[ebp-24],esi 004FE9EF 8A06 mov al,byte ptr ds:[esi] 004FE9F1 3C 20 cmp al,20 004FE9F3 77 5D ja short gkadw.004FEA52 004FE9F5 3AC3 cmp al,bl 004FE9F7 74 05 je short gkadw.004FE9FE 004FE9F9 395D E0 cmp dword ptr ss:[ebp-20],ebx 004FE9FC 75 54 jnz short gkadw.004FEA52 004FE9FE 8A06 mov al,byte ptr ds:[esi] 004FEA00 3AC3 cmp al,bl 004FEA02 74 0A je short gkadw.004FEA0E 004FEA04 3C 20 cmp al,20 004FEA06 77 06 ja short gkadw.004FEA0E 004FEA08 46 inc esi 004FEA09 8975 DC mov dword ptr ss:[ebp-24],esi 004FEA0C ^ EB F0 jmp short gkadw.004FE9FE 004FEA0E 895D A8 mov dword ptr ss:[ebp-58],ebx 004FEA11 8D85 7CFFFFFF lea eax,dword ptr ss:[ebp-84] 004FEA17 50 push eax 004FEA18 FF15 40F85000 call dword ptr ds:[50F840] ; KERNEL32.GetStartupInfoA 004FEA1E F645 A8 01 test byte ptr ss:[ebp-58],1 004FEA22 74 06 je short gkadw.004FEA2A 004FEA24 0FB745 AC movzx eax,word ptr ss:[ebp-54] 004FEA28 EB 03 jmp short gkadw.004FEA2D 004FEA2A 6A 0A push 0A 004FEA2C 58 pop eax 004FEA2D 50 push eax 004FEA2E 56 push esi 004FEA2F 53 push ebx 004FEA30 53 push ebx 004FEA31 FFD7 call edi 004FEA33 50 push eax 004FEA34 E8 09140000 call gkadw.004FFE42 004FEA39 8BF0 mov esi,eax 004FEA3B 8975 C0 mov dword ptr ss:[ebp-40],esi 004FEA3E 395D E4 cmp dword ptr ss:[ebp-1C],ebx 004FEA41 75 07 jnz short gkadw.004FEA4A 004FEA43 56 push esi 004FEA44 FF15 60085100 call dword ptr ds:[510860] ; MSVCR71.exit 004FEA4A FF15 F8075100 call dword ptr ds:[5107F8] ; MSVCR71._cexit 004FEA50 EB 55 jmp short gkadw.004FEAA7 004FEA52 3C 22 cmp al,22 004FEA54 75 0B jnz short gkadw.004FEA61 004FEA56 33C9 xor ecx,ecx 004FEA58 395D E0 cmp dword ptr ss:[ebp-20],ebx 004FEA5B 0F94C1 sete cl 004FEA5E 894D E0 mov dword ptr ss:[ebp-20],ecx 004FEA61 0FB6C0 movzx eax,al 004FEA64 50 push eax 004FEA65 FF15 FC075100 call dword ptr ds:[5107FC] ; MSVCR71._ismbblead 004FEA6B 59 pop ecx 004FEA6C 85C0 test eax,eax 004FEA6E 74 04 je short gkadw.004FEA74 004FEA70 46 inc esi 004FEA71 8975 DC mov dword ptr ss:[ebp-24],esi 004FEA74 46 inc esi 004FEA75 ^ E9 72FFFFFF jmp gkadw.004FE9EC 004FEA7A 8B45 EC mov eax,dword ptr ss:[ebp-14] 004FEA7D 8B08 mov ecx,dword ptr ds:[eax] 004FEA7F 8B09 mov ecx,dword ptr ds:[ecx] 004FEA81 894D D4 mov dword ptr ss:[ebp-2C],ecx 004FEA84 50 push eax 004FEA85 51 push ecx 004FEA86 E8 1B010000 call gkadw.004FEBA6 ; jmp to MSVCR71._XcptFilter 004FEA8B 59 pop ecx 004FEA8C 59 pop ecx 004FEA8D C3 retn 004FEA8E 8B65 E8 mov esp,dword ptr ss:[ebp-18] 004FEA91 8B75 D4 mov esi,dword ptr ss:[ebp-2C] 004FEA94 837D E4 00 cmp dword ptr ss:[ebp-1C],0 004FEA98 75 07 jnz short gkadw.004FEAA1 004FEA9A 56 push esi 004FEA9B FF15 04085100 call dword ptr ds:[510804] ; MSVCR71._exit 004FEAA1 FF15 08085100 call dword ptr ds:[510808] ; MSVCR71._c_exit 004FEAA7 834D FC FF or dword ptr ss:[ebp-4],FFFFFFFF 004FEAAB 8BC6 mov eax,esi 004FEAAD E8 3D000000 call gkadw.004FEAEF 004FEAB2 C3 retn CNCKAD8。0新版本（Xtreme-Protector V1.08 XPROT壳） 005439A4 14 42 adc al,42 005439A6 95 xchg eax,ebp 005439A7 D5 F7 aad 0F7 005439A9 0093 E3E7F481 add byte ptr ds:[ebx+81F4E7E3],dl 005439AF ^ 70 B6 jo short gkadw.00543967 005439B1 DC4F E0 fmul qword ptr ds:[edi-20] 005439B4 A1 98E6D91C mov eax,dword ptr ds:[1CD9E698] 005439B9 66:67:90 nop 005439BC 8886 D6D6E6FF mov byte ptr ds:[esi+FFE6D6D6],al 005439C2 96 xchg eax,esi 005439C3 E5 E0 in eax,0E0 005439C5 E7 6B out 6B,eax 005439C7 184E 7C sbb byte ptr ds:[esi+7C],cl 005439CA 08A3 ED8E16D0 or byte ptr ds:[ebx+D0168EED],ah 005439D0 E8 AD9DA9CE call CEFDD782 005439D5 F2: prefix repne: 005439D6 3D 0B010000 cmp eax,10B 005439DB 74 1F je short gkadw.005439FC 005439DD 3D 0B020000 cmp eax,20B 005439E2 74 05 je short gkadw.005439E9 005439E4 895D E4 mov dword ptr ss:[ebp-1C],ebx 005439E7 EB 27 jmp short gkadw.00543A10 005439E9 83B9 84000000 0E cmp dword ptr ds:[ecx+84],0E 005439F0 ^ 76 F2 jbe short gkadw.005439E4 005439F2 33C0 xor eax,eax 005439F4 3999 F8000000 cmp dword ptr ds:[ecx+F8],ebx 005439FA EB 0E jmp short gkadw.00543A0A 005439FC 8379 74 0E cmp dword ptr ds:[ecx+74],0E 00543A00 ^ 76 E2 jbe short gkadw.005439E4 00543A02 33C0 xor eax,eax 00543A04 3999 E8000000 cmp dword ptr ds:[ecx+E8],ebx 00543A0A 0F95C0 setne al 00543A0D 8945 E4 mov dword ptr ss:[ebp-1C],eax 00543A10 895D FC mov dword ptr ss:[ebp-4],ebx 00543A13 6A 02 push 2 00543A15 E8 514EE07B call MSVCR71.__set_app_type 00543A1A 90 nop 00543A1B 59 pop ecx 00543A1C 830D 68D07A00 FF or dword ptr ds:[7AD068],FFFFFFFF 00543A23 830D 6CD07A00 FF or dword ptr ds:[7AD06C],FFFFFFFF 00543A2A 90 nop 00543A2B E8 D355E07B call MSVCR71.__p__fmode 00543A30 8B0D 60F67900 mov ecx,dword ptr ds:[79F660] 00543A36 8908 mov dword ptr ds:[eax],ecx 00543A38 90 nop 00543A39 E8 A755E07B call MSVCR71.__p__commode 00543A3E 8B0D 5CF67900 mov ecx,dword ptr ds:[79F65C] 00543A44 8908 mov dword ptr ds:[eax],ecx 00543A46 A1 1C725500 mov eax,dword ptr ds:[55721C] 00543A4B 8B00 mov eax,dword ptr ds:[eax] 00543A4D A3 64D07A00 mov dword ptr ds:[7AD064],eax 00543A52 E8 CF020000 call gkadw.00543D26 00543A57 E8 6A030000 call gkadw.00543DC6 00543A5C 391D F0827500 cmp dword ptr ds:[7582F0],ebx 00543A62 75 0C jnz short gkadw.00543A70 00543A64 68 C63D5400 push gkadw.00543DC6 00543A69 E8 074EE07B call MSVCR71.__setusermatherr 00543A6E 90 nop 00543A6F 59 pop ecx 00543A70 E8 3F030000 call gkadw.00543DB4 00543A75 68 DC915B00 push gkadw.005B91DC 00543A7A 68 D8915B00 push gkadw.005B91D8 00543A7F E8 2A030000 call gkadw.00543DAE 00543A84 68 6A3D5400 push gkadw.00543D6A 00543A89 E8 F5FBFFFF call gkadw.00543683 00543A8E A1 58F67900 mov eax,dword ptr ds:[79F658] 00543A93 8945 D8 mov dword ptr ss:[ebp-28],eax 00543A96 8D45 D8 lea eax,dword ptr ss:[ebp-28] 00543A99 50 push eax 00543A9A FF35 54F67900 push dword ptr ds:[79F654] 00543AA0 8D45 D0 lea eax,dword ptr ss:[ebp-30] 00543AA3 50 push eax 00543AA4 8D45 CC lea eax,dword ptr ss:[ebp-34] 00543AA7 50 push eax 00543AA8 8D45 C8 lea eax,dword ptr ss:[ebp-38] 00543AAB 50 push eax 00543AAC 90 nop 00543AAD E8 9654E07B call MSVCR71.__getmainargs 00543AB2 83C4 20 add esp,20 00543AB5 8945 C4 mov dword ptr ss:[ebp-3C],eax 00543AB8 3BC3 cmp eax,ebx 00543ABA 7D 08 jge short gkadw.00543AC4 00543ABC 6A 08 push 8 00543ABE E8 5D020000 call gkadw.00543D20 00543AC3 59 pop ecx 00543AC4 68 D4915B00 push gkadw.005B91D4 00543AC9 68 00905B00 push gkadw.005B9000 00543ACE E8 DB020000 call gkadw.00543DAE 00543AD3 59 pop ecx 00543AD4 59 pop ecx 00543AD5 A1 30725500 mov eax,dword ptr ds:[557230] 00543ADA 8B30 mov esi,dword ptr ds:[eax] 00543ADC 8975 DC mov dword ptr ss:[ebp-24],esi 00543ADF 8A06 mov al,byte ptr ds:[esi] 00543AE1 3C 20 cmp al,20 00543AE3 77 5D ja short gkadw.00543B42 00543AE5 3AC3 cmp al,bl 00543AE7 74 05 je short gkadw.00543AEE 00543AE9 395D E0 cmp dword ptr ss:[ebp-20],ebx 00543AEC 75 54 jnz short gkadw.00543B42 00543AEE 8A06 mov al,byte ptr ds:[esi] 00543AF0 3AC3 cmp al,bl 00543AF2 74 0A je short gkadw.00543AFE 00543AF4 3C 20 cmp al,20 00543AF6 77 06 ja short gkadw.00543AFE 00543AF8 46 inc esi 00543AF9 8975 DC mov dword ptr ss:[ebp-24],esi 00543AFC ^ EB F0 jmp short gkadw.00543AEE 00543AFE 895D A8 mov dword ptr ss:[ebp-58],ebx 00543B01 8D85 7CFFFFFF lea eax,dword ptr ss:[ebp-84] 00543B07 50 push eax 00543B08 E8 F3C43D04 call 04920000 00543B0D 90 nop 00543B0E F645 A8 01 test byte ptr ss:[ebp-58],1 00543B12 74 06 je short gkadw.00543B1A 00543B14 0FB745 AC movzx eax,word ptr ss:[ebp-54] 00543B18 EB 03 jmp short gkadw.00543B1D 00543B1A 6A 0A push 0A 00543B1C 58 pop eax 00543B1D 50 push eax 00543B1E 56 push esi 00543B1F 53 push ebx 00543B20 53 push ebx 00543B21 FFD7 call edi 00543B23 50 push eax 00543B24 E8 CB140000 call gkadw.00544FF4 00543B29 8BF0 mov esi,eax 00543B2B 8975 C0 mov dword ptr ss:[ebp-40],esi 00543B2E 395D E4 cmp dword ptr ss:[ebp-1C],ebx 00543B31 75 07 jnz short gkadw.00543B3A 00543B33 56 push esi 00543B34 90 nop 00543B35 E8 CA51E07B call MSVCR71.exit 00543B3A 90 nop 00543B3B E8 AD3BE07B call MSVCR71._cexit 2006-6-23 09:20 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复