[求助]遇到ANTI-DEDE-软件逆向-看雪-安全社区|安全招聘|kanxue.com

最新回复 (4)
cnbragon 雪币： 3686 活跃值： (1036) 能力值： (RANK：760 ) 在线值：发帖 48 回帖 802 粉丝 9 关注私信	cnbragon 18 2007-2-8 22:03 2 楼 0 你先用OD打开试一下，看看有没有anti-dede
feiproxy 雪币： 207 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 15 回帖 130 粉丝 0 关注私信	feiproxy 2007-2-9 01:32 3 楼 0 OD打开程序是正常的请问该怎么看有没有anti-dede呀
feiproxy 雪币： 207 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 15 回帖 130 粉丝 0 关注私信	feiproxy 2007-2-9 21:40 4 楼 0 004B724F \|. BA 54744B00 mov edx, 004B7454 ; ASCII "AUTOUP.exe" 004B7254 \|. E8 D3D6F4FF call 0040492C 004B7259 \|. 8B45 9C mov eax, [local.25] 004B725C \|. E8 4F1FF5FF call 004091B0 004B7261 \|> 68 60744B00 push 004B7460 ; /Arg3 = 004B7460 ASCII "TZtT" 004B7266 \|. 6A FF push -1 ; \|Arg2 = FFFFFFFF 004B7268 \|. 6A 00 push 0 ; \|Arg1 = 00000000 004B726A \|. E8 35F8F4FF call 00406AA4 ; \RunGame.00406AA4 004B726F \|. E8 40F9F4FF call <jmp.&kernel32.GetLastError> ; [GetLastError 004B7274 \|. 3D B7000000 cmp eax, 0B7 004B7279 \|. 75 18 jnz short 004B7293 004B727B \|. 6A 10 push 10 ; /Style = MB_OK\|MB_ICONHAND\|MB_APPLMODAL 004B727D \|. 68 68744B00 push 004B7468 ; \|Title = ""B4,"砦? 004B7282 \|. 68 70744B00 push 004B7470 ; \|Text = ""A1,"",B0,"挑?,BD,"天堂",A1,"币丫",AD,"运行,?,B4,"退出?,B0,"请",B2,"",BB,"要重",B8,"",B4,"运行!" 004B7287 \|. 6A 00 push 0 ; \|hOwner = NULL 004B7289 \|. E8 8E01F5FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA 004B728E \|. E8 3DD2F4FF call 004044D0 004B7293 \|> B8 8CAF4B00 mov eax, 004BAF8C 004B7298 \|. BA A8744B00 mov edx, 004B74A8 ; ASCII "DE" 004B729D \|. E8 16D4F4FF call 004046B8 004B72A2 \|. B8 8CAF4B00 mov eax, 004BAF8C 004B72A7 \|. 8B15 8CAF4B00 mov edx, dword ptr [4BAF8C] 004B72AD \|. E8 7AD6F4FF call 0040492C 004B72B2 \|. E8 A5F8F4FF call <jmp.&kernel32.GetCommandLineA> ; [GetCommandLineA 004B72B7 \|. 8BD0 mov edx, eax 004B72B9 \|. 8D45 90 lea eax, [local.28] 004B72BC \|. E8 9BD5F4FF call 0040485C 004B72C1 \|. 8B45 90 mov eax, [local.28] 004B72C4 \|. 8D55 94 lea edx, [local.27] 004B72C7 \|. E8 2816F5FF call 004088F4 004B72CC \|. 8B55 94 mov edx, [local.27] 004B72CF \|. A1 8CAF4B00 mov eax, dword ptr [4BAF8C] 004B72D4 \|. E8 8FD9F4FF call 00404C68 004B72D9 \|. 85C0 test eax, eax 004B72DB \|. 7E 0D jle short 004B72EA 004B72DD \|. 6A 00 push 0 ; /ExitCode = 0 004B72DF \|. E8 88F8F4FF call <jmp.&kernel32.GetCurrentProcess>; \|[GetCurrentProcess 004B72E4 \|. 50 push eax ; \|hProcess = NULL 004B72E5 \|. E8 3AFAF4FF call <jmp.&kernel32.TerminateProcess> ; \TerminateProcess OD打开程序发现了 004B74A8 ; ASCII "DE" 这里可疑不过不知道是不是的期待 cnbragon 给予解答
仙剑太郎雪币： 214 活跃值： (70) 能力值： ( LV6，RANK：90 ) 在线值：发帖 9 回帖 242 粉丝 0 关注私信	仙剑太郎 2 2007-2-13 01:25 5 楼 0 有可能的,跟进去看看
	游客登录 \| 注册方可回帖　回帖　表情雪币赚取及消费高级回复

最新回复 (4)
cnbragon 雪币： 3686 活跃值： (1036) 能力值： (RANK：760 ) 在线值：发帖 48 回帖 802 粉丝 9 关注私信	cnbragon 18 2007-2-8 22:03 2 楼 0 你先用OD打开试一下，看看有没有anti-dede
feiproxy 雪币： 207 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 15 回帖 130 粉丝 0 关注私信	feiproxy 2007-2-9 01:32 3 楼 0 OD打开程序是正常的请问该怎么看有没有anti-dede呀
feiproxy 雪币： 207 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 15 回帖 130 粉丝 0 关注私信	feiproxy 2007-2-9 21:40 4 楼 0 004B724F \|. BA 54744B00 mov edx, 004B7454 ; ASCII "AUTOUP.exe" 004B7254 \|. E8 D3D6F4FF call 0040492C 004B7259 \|. 8B45 9C mov eax, [local.25] 004B725C \|. E8 4F1FF5FF call 004091B0 004B7261 \|> 68 60744B00 push 004B7460 ; /Arg3 = 004B7460 ASCII "TZtT" 004B7266 \|. 6A FF push -1 ; \|Arg2 = FFFFFFFF 004B7268 \|. 6A 00 push 0 ; \|Arg1 = 00000000 004B726A \|. E8 35F8F4FF call 00406AA4 ; \RunGame.00406AA4 004B726F \|. E8 40F9F4FF call <jmp.&kernel32.GetLastError> ; [GetLastError 004B7274 \|. 3D B7000000 cmp eax, 0B7 004B7279 \|. 75 18 jnz short 004B7293 004B727B \|. 6A 10 push 10 ; /Style = MB_OK\|MB_ICONHAND\|MB_APPLMODAL 004B727D \|. 68 68744B00 push 004B7468 ; \|Title = ""B4,"砦? 004B7282 \|. 68 70744B00 push 004B7470 ; \|Text = ""A1,"",B0,"挑?,BD,"天堂",A1,"币丫",AD,"运行,?,B4,"退出?,B0,"请",B2,"",BB,"要重",B8,"",B4,"运行!" 004B7287 \|. 6A 00 push 0 ; \|hOwner = NULL 004B7289 \|. E8 8E01F5FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA 004B728E \|. E8 3DD2F4FF call 004044D0 004B7293 \|> B8 8CAF4B00 mov eax, 004BAF8C 004B7298 \|. BA A8744B00 mov edx, 004B74A8 ; ASCII "DE" 004B729D \|. E8 16D4F4FF call 004046B8 004B72A2 \|. B8 8CAF4B00 mov eax, 004BAF8C 004B72A7 \|. 8B15 8CAF4B00 mov edx, dword ptr [4BAF8C] 004B72AD \|. E8 7AD6F4FF call 0040492C 004B72B2 \|. E8 A5F8F4FF call <jmp.&kernel32.GetCommandLineA> ; [GetCommandLineA 004B72B7 \|. 8BD0 mov edx, eax 004B72B9 \|. 8D45 90 lea eax, [local.28] 004B72BC \|. E8 9BD5F4FF call 0040485C 004B72C1 \|. 8B45 90 mov eax, [local.28] 004B72C4 \|. 8D55 94 lea edx, [local.27] 004B72C7 \|. E8 2816F5FF call 004088F4 004B72CC \|. 8B55 94 mov edx, [local.27] 004B72CF \|. A1 8CAF4B00 mov eax, dword ptr [4BAF8C] 004B72D4 \|. E8 8FD9F4FF call 00404C68 004B72D9 \|. 85C0 test eax, eax 004B72DB \|. 7E 0D jle short 004B72EA 004B72DD \|. 6A 00 push 0 ; /ExitCode = 0 004B72DF \|. E8 88F8F4FF call <jmp.&kernel32.GetCurrentProcess>; \|[GetCurrentProcess 004B72E4 \|. 50 push eax ; \|hProcess = NULL 004B72E5 \|. E8 3AFAF4FF call <jmp.&kernel32.TerminateProcess> ; \TerminateProcess OD打开程序发现了 004B74A8 ; ASCII "DE" 这里可疑不过不知道是不是的期待 cnbragon 给予解答
仙剑太郎雪币： 214 活跃值： (70) 能力值： ( LV6，RANK：90 ) 在线值：发帖 9 回帖 242 粉丝 0 关注私信	仙剑太郎 2 2007-2-13 01:25 5 楼 0 有可能的,跟进去看看
	游客登录 \| 注册方可回帖　回帖　表情雪币赚取及消费高级回复