首先声明,我不是求破解狗的。只是这壳对我太难了!!!。那位老大帮我一下。谢谢。
此软件用PIED查看不到,深度查为:UPolyX v0.5。脱壳后软件能够运行,但是体积增加了一倍,在查还是有壳。程序是VC编的。先附原程序部分代码:
1:
:005AC000 55 push ebp
:005AC001 8BEC mov ebp, esp
:005AC003 83EC14 sub esp, 00000014
:005AC006 53 push ebx
:005AC007 56 push esi
:005AC008 57 push edi
:005AC009 8B450C mov eax, dword ptr [ebp+0C]
:005AC00C 034508 add eax, dword ptr [ebp+08]
:005AC00F 8945EC mov dword ptr [ebp-14], eax
:005AC012 8B4510 mov eax, dword ptr [ebp+10]
:005AC015 8945F0 mov dword ptr [ebp-10], eax
:005AC018 8B4508 mov eax, dword ptr [ebp+08]
:005AC01B 8945F8 mov dword ptr [ebp-08], eax
:005AC01E 8B45F8 mov eax, dword ptr [ebp-08]
:005AC021 33C9 xor ecx, ecx
:005AC023 8A08 mov cl, byte ptr [eax]
:005AC025 83F911 cmp ecx, 00000011
:005AC028 7E39 jle 005AC063
:005AC02A 8B45F8 mov eax, dword ptr [ebp-08]
:005AC02D 33C9 xor ecx, ecx
:005AC02F 8A08 mov cl, byte ptr [eax]
:005AC031 83E911 sub ecx, 00000011
:005AC034 894DFC mov dword ptr [ebp-04], ecx
:005AC037 FF45F8 inc [ebp-08]
:005AC03A 837DFC04 cmp dword ptr [ebp-04], 00000004
:005AC03E 7305 jnb 005AC045
:005AC040 E977030000 jmp 005AC3BC
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:005AC03E(C), :005AC05C(C)
|
:005AC045 8B45F8 mov eax, dword ptr [ebp-08]
:005AC048 8A00 mov al, byte ptr [eax]
:005AC04A 8B4DF0 mov ecx, dword ptr [ebp-10]
:005AC04D 8801 mov byte ptr [ecx], al
:005AC04F FF45F8 inc [ebp-08]
:005AC052 FF45F0 inc [ebp-10]
:005AC055 FF4DFC dec [ebp-04]
:005AC058 837DFC00 cmp dword ptr [ebp-04], 00000000
:005AC05C 77E7 ja 005AC045
:005AC05E E9BC000000 jmp 005AC11F
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:005AC028(C), :005AC3E7(U)
|
:005AC063 8B45F8 mov eax, dword ptr [ebp-08]
:005AC066 33C9 xor ecx, ecx
:005AC068 8A08 mov cl, byte ptr [eax]
:005AC06A 894DFC mov dword ptr [ebp-04], ecx
:005AC06D FF45F8 inc [ebp-08]
:005AC070 837DFC10 cmp dword ptr [ebp-04], 00000010
:005AC074 7205 jb 005AC07B
:005AC076 E91F010000 jmp 005AC19A
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005AC074(C)
|
:005AC07B 837DFC00 cmp dword ptr [ebp-04], 00000000
:005AC07F 7527 jne 005AC0A8
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005AC096(U)
|
:005AC081 8B45F8 mov eax, dword ptr [ebp-08]
:005AC084 33C9 xor ecx, ecx
:005AC086 8A08 mov cl, byte ptr [eax]
:005AC088 85C9 test ecx, ecx
:005AC08A 750C jne 005AC098
:005AC08C 8145FCFF000000 add dword ptr [ebp-04], 000000FF
:005AC093 FF45F8 inc [ebp-08]
:005AC096 EBE9 jmp 005AC081
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005AC08A(C)
|
:005AC098 8B45F8 mov eax, dword ptr [ebp-08]
:005AC09B 33C9 xor ecx, ecx
:005AC09D 8A08 mov cl, byte ptr [eax]
:005AC09F 83C10F add ecx, 0000000F
:005AC0A2 014DFC add dword ptr [ebp-04], ecx
:005AC0A5 FF45F8 inc [ebp-08]
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005AC07F(C)
|
:005AC0A8 8B45F8 mov eax, dword ptr [ebp-08]
:005AC0AB 8B00 mov eax, dword ptr [eax]
:005AC0AD 8B4DF0 mov ecx, dword ptr [ebp-10]
:005AC0B0 8901 mov dword ptr [ecx], eax
:005AC0B2 8345F004 add dword ptr [ebp-10], 00000004
:005AC0B6 8345F804 add dword ptr [ebp-08], 00000004
:005AC0BA FF4DFC dec [ebp-04]
:005AC0BD 837DFC00 cmp dword ptr [ebp-04], 00000000
:005AC0C1 765C jbe 005AC11F
:005AC0C3 837DFC04 cmp dword ptr [ebp-04], 00000004
:005AC0C7 723D jb 005AC106
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005AC0E3(C)
|
:005AC0C9 8B45F8 mov eax, dword ptr [ebp-08]
:005AC0CC 8B00 mov eax, dword ptr [eax]
:005AC0CE 8B4DF0 mov ecx, dword ptr [ebp-10]
:005AC0D1 8901 mov dword ptr [ecx], eax
:005AC0D3 8345F004 add dword ptr [ebp-10], 00000004
:005AC0D7 8345F804 add dword ptr [ebp-08], 00000004
:005AC0DB 836DFC04 sub dword ptr [ebp-04], 00000004
:005AC0DF 837DFC04 cmp dword ptr [ebp-04], 00000004
:005AC0E3 73E4 jnb 005AC0C9
:005AC0E5 837DFC00 cmp dword ptr [ebp-04], 00000000
:005AC0E9 7619 jbe 005AC104
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005AC102(C)
|
:005AC0EB 8B45F8 mov eax, dword ptr [ebp-08]
:005AC0EE 8A00 mov al, byte ptr [eax]
:005AC0F0 8B4DF0 mov ecx, dword ptr [ebp-10]
:005AC0F3 8801 mov byte ptr [ecx], al
:005AC0F5 FF45F8 inc [ebp-08]
:005AC0F8 FF45F0 inc [ebp-10]
:005AC0FB FF4DFC dec [ebp-04]
:005AC0FE 837DFC00 cmp dword ptr [ebp-04], 00000000
:005AC102 77E7 ja 005AC0EB
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
--------------------------------------------------------------------------
2:脱壳后代码:
:00401000 87FE xchg esi, edi
:00401002 F4 hlt
:00401003 DC8E4C9CF24C fmul qword ptr [esi+4CF29C4C]
:00401009 019C96ED51F81F add dword ptr [esi+4*edx+1FF851ED], ebx
:00401010 C8019C96 enter 9C01, 96
:00401014 ED in ax, dx
:00401015 50 push eax
:00401016 F6C205 test dl, 05
:00401019 7EA3 jle 00400FBE
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401088(C)
|
:0040101B 9B wait
:0040101C ED in ax, dx
:0040101D 82589264 sbb byte ptr [eax-6E], 64
:00401021 45 inc ebp
:00401022 B89668C15B mov eax, 5BC16896
:00401027 D2C9 ror cl, cl
:00401029 0D9C96ED01 or eax, 01ED969C
:0040102E E88066C974 call 750976B3
:00401033 CF iret
:00401034 EF out dx, ax
:00401035 019C1DA12598F2 add dword ptr [ebp+ebx-0D67DA5F], ebx
:0040103C 64 BYTE 064h
:0040103D 0C9C or al, 9C
:0040103F 96 xchg eax,esi
:00401040 ED in ax, dx
:00401041 011F add dword ptr [edi], ebx
:00401043 52 push edx
:00401044 FD std
:00401045 C217DA ret DA17
:00401048 C9 leave
:00401049 05AF568988 add eax, 888956AF
:0040104E 91 xchg eax,ecx
:0040104F 96 xchg eax,esi
:00401050 ED in ax, dx
:00401051 019C1529115F06 add dword ptr [ebp+edx+065F1129], ebx
:00401058 7D91 jge 00400FEB
:0040105A 0C06 or al, 06
:0040105C 7D91 jge 00400FEF
:0040105E 0C06 or al, 06
:00401060 4C dec esp
:00401061 A5 movsd
:00401062 05D8EDC20C add eax, 0CC2EDD8
:00401067 06 push es
:00401068 7D91 jge 00400FFB
:0040106A 0C06 or al, 06
:0040106C 7D91 jge 00400FFF
:0040106E 0C06 or al, 06
:00401070 55 push ebp
:00401071 E1CC loopz 0040103F
:00401073 C6EDC2 mov ch, C2
:00401076 0C06 or al, 06
:00401078 7D91 jge 0040100B
:0040107A 0C06 or al, 06
:0040107C 7D91 jge 0040100F
:0040107E 0C06 or al, 06
:00401080 040A add al, 0A
:00401082 9C pushfd
:00401083 96 xchg eax,esi
:00401084 ED in ax, dx
:00401085 91 xchg eax,ecx
:00401086 0C06 or al, 06
:00401088 7D91 jge 0040101B
:0040108A 0C06 or al, 06
:0040108C 7D91 jge 0040101F
:0040108E 0C06 or al, 06
:00401090 85E1 test ecx, esp
:00401092 CC int 03
:00401093 C6EDE9 mov ch, E9
:00401096 94 xchg eax,esp
:00401097 A9E0015F06 test eax, 065F01E0
:0040109C 7D91 jge 0040102F
:0040109E 0C06 or al, 06
:004010A0 BB8AE8B2E5 mov ebx, E5B2E88A
:004010A5 697CC6BD01175805 imul edi, dword ptr [esi+8*eax-43], 05581701
:004010AD F6A29BED8AD0 mul byte ptr [edx+D08AED9B]
:004010B3 B2E1 mov dl, E1
:004010B5 889D1D2B5F5E mov byte ptr [ebp+5E5F2B1D], bl
:004010BB 9E sahf
:004010BC ED in ax, dx
:004010BD 91 xchg eax,ecx
:004010BE 0C06 or al, 06
:004010C0 BE5717E2C9 mov esi, C9E21757
:004010C5 0DCB1D148A or eax, 8A141DCB
:004010CA DA821AD13497 fiadd dword ptr [edx+9734D11A]
:004010D0 E285 loop 00401057
:004010D2 4C dec esp
:004010D3 96 xchg eax,esi
:004010D4 ED in ax, dx
:004010D5 0117 add dword ptr [edi], edx
:004010D7 D8C9 fmul st(0), st(1)
:004010D9 8ADA mov bl, dl
:004010DB BE56059C96 mov esi, 969C0556
:004010E0 ED in ax, dx
:004010E1 54 push esp
:004010E2 17 pop ss
:004010E3 F9 stc
:004010E4 C502 lds eax, dword ptr [edx]
:004010E6 57 push edi
:004010E7 AD lodsd
:004010E8 25779B1D23 and eax, 231D9B77
:004010ED E952A8E001 jmp 0220B944
:004010F2 17 pop ss
:004010F3 C0C988 ror cl, 88
:004010F6 B61D mov dh, 1D
:004010F8 BB2517D8C5 mov ebx, C5D81725
:004010FD 024F1D add cl, byte ptr [edi+1D]
:00401100 2F das
:00401101 88CA mov dl, cl
:00401103 B266 mov dl, 66
:00401105 6E outsb
:00401106 B015 mov al, 15
:00401108 2D05A7579B sub eax, 9B57A705
:0040110D 06 push es
:0040110E 17 pop ss
:0040110F 58 pop eax
:00401110 05AAA29BED add eax, ED9BA2AA
:00401115 8ADA mov bl, dl
:00401117 B264 mov dl, 64
:00401119 2917 sub dword ptr [edi], edx
:0040111B C0C98A ror cl, 8A
:0040111E D2BEEED21754 sar byte ptr [esi+5417D2EE], cl
:00401124 64 BYTE 064h
:00401125 57 push edi
:00401126 B81D82311F mov eax, 1F31821D
:0040112B 56 push esi
:0040112C E93A5DE0EA jmp EB206E6B
:00401131 8A527E mov dl, byte ptr [edx+7E]
:00401134 65 BYTE 065h
:00401135 3F aas
:00401136 91 xchg eax,ecx
:00401137 96 xchg eax,esi
:00401138 664F dec di
:0040113A B81FC48ACA mov eax, CA8AC41F
:0040113F B266 mov dl, 66
:00401141 4F dec edi
:00401142 B495 mov ah, 95
:00401144 3E8A5E1F mov bl, byte ptr ds:[esi+1F]
:00401148 BB2517F9D9 mov ebx, D9F91725
:0040114D 825C92D6C0 sbb byte ptr [edx+4*edx-2A], C0
:00401152 EA9166CF74F3D3 jmp D3F3:74CF6691
:00401159 0C9C or al, 9C
:0040115B 1DBB2515BC sbb eax, BC1525BB
:00401160 6657 push di
:00401162 B81DA3299F mov eax, 9F29A31D
:00401167 45 inc ebp
:00401168 66C3 ret
:0040116A 15C0C98AF3 adc eax, F38AC9C0
:0040116F AE scasb
:00401170 6E outsb
:00401171 C198AD2C779B1D rcr dword ptr [eax+9B772CAD], 1D
:00401178 23E9 and ebp, ecx
:0040117A DEA8E00117D0 fisubr word ptr [eax+D01701E0]
:00401180 C9 leave
:00401181 8CD3 mov bx, ss
:00401183 C6BC5715BE666FB8 mov byte ptr [edi+2*edx+6F66BE15], B8
:0040118B 95 xchg eax,ebp
:0040118C 06 push es
:0040118D 88F2 mov dl, dh
:0040118F B205 mov dl, 05
:00401191 24A2 and al, A2
:00401193 9B wait
:00401194 ED in ax, dx
:00401195 8ADB mov bl, bl
:00401197 9E sahf
:00401198 60 pushad
:00401199 4E dec esi
:0040119A 94 xchg eax,esp
:0040119B CB retf
:0040119C BBFECC9EB2 mov ebx, B29ECCFE
:004011A1 5F pop edi
:004011A2 C754E90117D0C98A mov [ecx+8*ebp+01], 8AC9D017
:004011AA D2BE56059C96 sar byte ptr [esi+969C0556], cl
:004011B0 ED in ax, dx
:004011B1 8CCC mov sp, cs
:004011B3 92 xchg eax,edx
:004011B4 D6 BYTE 0d6h
:004011B5 D0EA shr dl, 1
:004011B7 9AC6C01758EEC2 call C2EE:5817C0C6
:004011BE CC int 03
:004011BF 7E1D jle 004011DE
:004011C1 3C91 cmp al, 91
:004011C3 96 xchg eax,esi
:004011C4 6647 inc di
:004011C6 B81DE588D3 mov eax, D388E51D
:004011CB BE6647B81D mov esi, 1DB84766
:004011D0 A3299F5564 mov dword ptr [64559F29], eax
:004011D5 47 inc edi
:004011D6 B81BBD05A7 mov eax, A705BD1B
:004011DB 47 inc edi
:004011DC 9B wait
:004011DD 0DB75766CF or eax, CF6657B7
:004011E2 9F lahf
:004011E3 55 push ebp
:004011E4 BDE956ABE0 mov ebp, E0AB56E9
:004011E9 0117 add dword ptr [edi], edx
:004011EB D0C9 ror cl, 1
:004011ED 8A941FA22D17D0 mov dl, byte ptr [edi+ebx-2FE8D25E]
:004011F4 C9 leave
:004011F5 8AD2 mov dl, dl
:004011F7 BEEEC215D0 mov esi, D015C2EE
:004011FC C9 leave
:004011FD 8CCC mov sp, cs
:004011FF 92 xchg eax,edx
:00401200 D6 BYTE 0d6h
:00401201 D0EA shr dl, 1
:00401203 9AC6C01758EEC2 call C2EE:5817C0C6
:0040120A CC int 03
:0040120B 7E49 jle 00401256
:0040120D 3C91 cmp al, 91
:0040120F 96 xchg eax,esi
:00401210 6647 inc di
:00401212 B81DE588D3 mov eax, D388E51D
:00401217 A6 cmpsb
:00401218 6647 inc di
:0040121A B81DA3299F mov eax, 9F29A31D
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
为什么啊???救救我吧!。
原程序下载:
http://www.ehere.com.cn/data/v6.exe
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
