PEQuake - 把hying老壳改成垃圾，哈-加壳脱壳-看雪-安全社区|安全招聘|kanxue.com

最新回复 (32) ◀ 1 2
cyclotron 雪币： 392 活跃值： (909) 能力值： ( LV9，RANK：690 ) 在线值：发帖 43 回帖 800 粉丝 8 关注私信	cyclotron 17 2004-10-8 13:08 26 楼 0 果然垃圾 00346712 60 PUSHAD 00346713 FFC3 INC EBX 00346715 FFC8 DEC EAX 00346717 F7D8 NEG EAX 00346719 F7C1 2DF16825 TEST ECX,2568F12D 0034671F 8BD9 MOV EBX,ECX 00346721 01CB ADD EBX,ECX 00346723 85CB TEST EBX,ECX 00346725 8BDA MOV EBX,EDX 00346727 C1CB F3 ROR EBX,0F3 ; Shift constant out of range 1..31 0034672A C7C3 BE948305 MOV EBX,58394BE 00346730 87D8 XCHG EAX,EBX 00346732 0FA5D3 SHLD EBX,EDX,CL 00346735 87C0 XCHG EAX,EAX 00346737 FFCB DEC EBX 00346739 3E:F7D3 NOT EBX ; Superfluous prefix 0034673C C7C3 A1BCAA42 MOV EBX,42AABCA1 00346742 36:C1F0 5B SAL EAX,5B ; Shift constant out of range 1..31 00346746 36:81E3 2659B82>AND EBX,25B85926 ; Superfluous prefix 0034674D 85DB TEST EBX,EBX 0034674F 8BC2 MOV EAX,EDX 00346751 0FADD3 SHRD EBX,EDX,CL 00346754 69DA 1A947526 IMUL EBX,EDX,2675941A 0034675A 0FABC8 BTS EAX,ECX 0034675D 0FBBC8 BTC EAX,ECX 00346760 B8 79EEA6D6 MOV EAX,D6A6EE79 00346765 C1E0 25 SHL EAX,25 ; Shift constant out of range 1..31 00346768 C7C3 75E077A5 MOV EBX,A577E075 0034676E FFC8 DEC EAX 00346770 F3: PREFIX REP: ; Superfluous prefix 00346771 F2: PREFIX REPNE: ; Superfluous prefix 00346772 C7C0 FA011F84 MOV EAX,841F01FA 00346778 87DB XCHG EBX,EBX 0034677A 0FBAE0 EF BT EAX,0EF 0034677E C7C3 2C23FDFB MOV EBX,FBFD232C 00346784 0FCB BSWAP EBX 00346786 FFC8 DEC EAX 00346788 2E:F7D3 NOT EBX ; Superfluous prefix 0034678B 8BC1 MOV EAX,ECX 0034678D 48 DEC EAX 0034678E FFC0 INC EAX 00346790 26:81DB 83531C3>SBB EBX,351C5383 ; Superfluous prefix 00346797 C7C3 B503CBFC MOV EBX,FCCB03B5 0034679D 0FBCD9 BSF EBX,ECX 003467A0 69DA CD861974 IMUL EBX,EDX,741986CD 003467A6 0FB7C1 MOVZX EAX,CX 003467A9 8BD9 MOV EBX,ECX 003467AB 0FBAF3 D4 BTR EBX,0D4 003467AF F2: PREFIX REPNE: ; Superfluous prefix 003467B0 1BDA SBB EBX,EDX 003467B2 26:19CB SBB EBX,ECX ; Superfluous prefix 003467B5 C7C3 1C7925F9 MOV EBX,F925791C 003467BB 0BC2 OR EAX,EDX 003467BD 0FA3D0 BT EAX,EDX 003467C0 BB 24A492F9 MOV EBX,F992A424 003467C5 87D8 XCHG EAX,EBX 003467C7 85D2 TEST EDX,EDX 003467C9 2D F23EEA7B SUB EAX,7BEA3EF2 003467CE FFC8 DEC EAX 003467D0 89D3 MOV EBX,EDX 003467D2 0FBFC2 MOVSX EAX,DX 003467D5 65:0FAFC2 IMUL EAX,EDX ; Superfluous prefix 003467D9 F7C0 4CE03034 TEST EAX,3430E04C 003467DF 8BD9 MOV EBX,ECX 003467E1 0FBCC1 BSF EAX,ECX 003467E4 64:0FADC8 SHRD EAX,ECX,CL ; Superfluous prefix 003467E8 85DA TEST EDX,EBX 003467EA 8D05 9F352D5C LEA EAX,DWORD PTR DS:[5C2D359F] 003467F0 0FCB BSWAP EBX 003467F2 0FB3CB BTR EBX,ECX 003467F5 D3DB RCR EBX,CL 003467F7 85D1 TEST ECX,EDX 003467F9 81D3 0D7EC633 ADC EBX,33C67E0D 003467FF F7C3 06A065AA TEST EBX,AA65A006 00346805 81FB 3151B956 CMP EBX,56B95131 0034680B B8 2D4573C0 MOV EAX,C073452D 00346810 0FB7D9 MOVZX EBX,CX 00346813 0FC1DB XADD EBX,EBX 00346816 09C8 OR EAX,ECX 00346818 0FACD0 01 SHRD EAX,EDX,1 0034681C F7DB NEG EBX 0034681E 0FC1DB XADD EBX,EBX 00346821 69DA FAD8F2ED IMUL EBX,EDX,EDF2D8FA 00346827 C1D0 B4 RCL EAX,0B4 ; Shift constant out of range 1..31 0034682A 0FACD3 CD SHRD EBX,EDX,0CD ; Shift constant out of range 1..31 0034682E 0FA4D3 5E SHLD EBX,EDX,5E ; Shift constant out of range 1..31 00346832 0FAFD9 IMUL EBX,ECX 00346835 B8 8F81965C MOV EAX,5C96818F 0034683A 0FBBC8 BTC EAX,ECX 0034683D F2:36: PREFIX REPNE: ; Superfluous prefix 0034683F 89D0 MOV EAX,EDX 00346841 0FC1C3 XADD EBX,EAX 00346844 2E: PREFIX CS: ; Superfluous prefix 00346845 65:0FACCB 9B SHRD EBX,ECX,9B ; Shift constant out of range 1..31 0034684A 89C8 MOV EAX,ECX 0034684C 0FAFC2 IMUL EAX,EDX 0034684F 48 DEC EAX 00346850 8BD9 MOV EBX,ECX 00346852 8BC1 MOV EAX,ECX 00346854 0FC1C3 XADD EBX,EAX 00346857 87C0 XCHG EAX,EAX 00346859 0FA4D0 3A SHLD EAX,EDX,3A ; Shift constant out of range 1..31 0034685D 0FB7DA MOVZX EBX,DX 00346860 8D1D 10258E47 LEA EBX,DWORD PTR DS:[478E2510] 00346866 0FA4CB 78 SHLD EBX,ECX,78 ; Shift constant out of range 1..31 0034686A 0FC8 BSWAP EAX 0034686C 3D B116900C CMP EAX,0C9016B1 00346871 2BC1 SUB EAX,ECX 00346873 F7C0 AEE4CD74 TEST EAX,74CDE4AE 00346879 F7DB NEG EBX 0034687B 0FC1C3 XADD EBX,EAX 0034687E 0FC8 BSWAP EAX 00346880 8D1D 51ED7795 LEA EBX,DWORD PTR DS:[9577ED51] 00346886 4B DEC EBX 00346887 F7C0 EF5C21C3 TEST EAX,C3215CEF 0034688D F7D3 NOT EBX 0034688F 85D0 TEST EAX,EDX 00346891 0FCB BSWAP EBX 00346893 FFCB DEC EBX 00346895 0FC1C3 XADD EBX,EAX 00346898 D1F0 SAL EAX,1 0034689A 8D1D A5E9059E LEA EBX,DWORD PTR DS:[9E05E9A5] 003468A0 2D E730BE2C SUB EAX,2CBE30E7 003468A5 29CB SUB EBX,ECX 003468A7 11D0 ADC EAX,EDX 003468A9 0FC8 BSWAP EAX 003468AB 69D9 57E92961 IMUL EBX,ECX,6129E957 003468B1 8BC1 MOV EAX,ECX 003468B3 0FAFC1 IMUL EAX,ECX 003468B6 0FBDD9 BSR EBX,ECX 003468B9 64:23DA AND EBX,EDX ; Superfluous prefix 003468BC 0FBCDA BSF EBX,EDX 003468BF 0FBAEB 11 BTS EBX,11 003468C3 64:8BDA MOV EBX,EDX ; Superfluous prefix 003468C6 FFC0 INC EAX 003468C8 89D3 MOV EBX,EDX 003468CA 03C2 ADD EAX,EDX 003468CC 0FB3D3 BTR EBX,EDX 003468CF 8BDA MOV EBX,EDX 003468D1 89CB MOV EBX,ECX 003468D3 F7D3 NOT EBX 003468D5 0FAFD9 IMUL EBX,ECX 003468D8 09CB OR EBX,ECX 003468DA 0FB7D9 MOVZX EBX,CX 003468DD F3: PREFIX REP: ; Superfluous prefix 003468DE F7D8 NEG EAX 003468E0 81EB 31F2CBC2 SUB EBX,C2CBF231 003468E6 0FA5C8 SHLD EAX,ECX,CL 003468E9 36:81FB E255BE4>CMP EBX,47BE55E2 ; Superfluous prefix 003468F0 FFC8 DEC EAX 003468F2 8BC1 MOV EAX,ECX 003468F4 8BDA MOV EBX,EDX 003468F6 C7C0 1D5F71F0 MOV EAX,F0715F1D 003468FC 85DB TEST EBX,EBX 003468FE 89C8 MOV EAX,ECX 00346900 F7C1 03B1C275 TEST ECX,75C2B103 00346906 F7D3 NOT EBX 00346908 BB E53D383B MOV EBX,3B383DE5 0034690D 85D0 TEST EAX,EDX 0034690F F7C3 D7C5BCC6 TEST EBX,C6BCC5D7 00346915 0FCB BSWAP EBX 00346917 0FB7DA MOVZX EBX,DX 0034691A 0FADD0 SHRD EAX,EDX,CL 0034691D FFC8 DEC EAX 0034691F D1EB SHR EBX,1 00346921 0FBAE0 F8 BT EAX,0F8 00346925 2D F6739D2E SUB EAX,2E9D73F6 0034692A F7C2 1AF016A2 TEST EDX,A216F01A 00346930 81C0 74A65D44 ADD EAX,445DA674 00346936 0FC8 BSWAP EAX 00346938 0D 42E50D6F OR EAX,6F0DE542 0034693D 85DA TEST EDX,EBX 0034693F C1EB DA SHR EBX,0DA ; Shift constant out of range 1..31 00346942 F2: PREFIX REPNE: ; Superfluous prefix 00346943 0FACC8 D6 SHRD EAX,ECX,0D6 ; Shift constant out of range 1..31 00346947 26:31CB XOR EBX,ECX ; Superfluous prefix 0034694A 0FA4D0 50 SHLD EAX,EDX,50 ; Shift constant out of range 1..31 0034694E 0FBBD3 BTC EBX,EDX 00346951 C7C0 77665073 MOV EAX,73506677 00346957 8D05 441F9163 LEA EAX,DWORD PTR DS:[63911F44] 0034695D F7C1 7288DE6F TEST ECX,6FDE8872 00346963 85DA TEST EDX,EBX 00346965 C7C0 74EC7C90 MOV EAX,907CEC74 0034696B 0FBAE0 02 BT EAX,2 0034696F F7C0 E7D51826 TEST EAX,2618D5E7 00346975 B8 D1A7A99E MOV EAX,9EA9A7D1 0034697A B8 F64714EC MOV EAX,EC1447F6 0034697F 0FBCC1 BSF EAX,ECX 00346982 0FB7C2 MOVZX EAX,DX 00346985 11CB ADC EBX,ECX 00346987 D3F0 SAL EAX,CL 00346989 F7D3 NOT EBX 0034698B C7C0 8FE36454 MOV EAX,5464E38F 00346991 25 DFB0CB18 AND EAX,18CBB0DF 00346996 81C3 F7AB9D5F ADD EBX,5F9DABF7 0034699C D1E0 SHL EAX,1 0034699E 81D8 99332BBD SBB EAX,BD2B3399 003469A4 0FBAFB A8 BTC EBX,0A8 003469A8 0FAFC1 IMUL EAX,ECX 003469AB 0FABCB BTS EBX,ECX 003469AE F7C2 FA23E943 TEST EDX,43E923FA 003469B4 21D0 AND EAX,EDX 003469B6 64:85D0 TEST EAX,EDX ; Superfluous prefix 003469B9 3BC1 CMP EAX,ECX 003469BB F3: PREFIX REP: ; Superfluous prefix 003469BC 0FBCC2 BSF EAX,EDX 003469BF 0FACD3 B4 SHRD EBX,EDX,0B4 ; Shift constant out of range 1..31 003469C3 C1FB 25 SAR EBX,25 ; Shift constant out of range 1..31 003469C6 8BC2 MOV EAX,EDX 003469C8 8D05 C1965846 LEA EAX,DWORD PTR DS:[465896C1] 003469CE 8BD9 MOV EBX,ECX 003469D0 89CB MOV EBX,ECX 003469D2 89C8 MOV EAX,ECX 003469D4 69D9 8F418B44 IMUL EBX,ECX,448B418F 003469DA 23C2 AND EAX,EDX 003469DC 21CB AND EBX,ECX 003469DE F7D0 NOT EAX 003469E0 3BC2 CMP EAX,EDX 003469E2 87C0 XCHG EAX,EAX 003469E4 23C2 AND EAX,EDX 003469E6 0FACD3 7E SHRD EBX,EDX,7E ; Shift constant out of range 1..31 003469EA 85CA TEST EDX,ECX 003469EC BB B4EB388B MOV EBX,8B38EBB4 003469F1 85C9 TEST ECX,ECX 003469F3 8D05 D7442F50 LEA EAX,DWORD PTR DS:[502F44D7] 003469F9 23C2 AND EAX,EDX 003469FB 0FB3D3 BTR EBX,EDX 003469FE 31C8 XOR EAX,ECX 00346A00 81F0 D6F802B4 XOR EAX,B402F8D6 00346A06 65:81EB 6443716>SUB EBX,69714364 ; Superfluous prefix 00346A0D 0FAFD9 IMUL EBX,ECX 00346A10 8BDA MOV EBX,EDX 00346A12 D3C0 ROL EAX,CL 00346A14 0FAFC1 IMUL EAX,ECX 00346A17 D1D3 RCL EBX,1 00346A19 85C2 TEST EDX,EAX 00346A1B 89D3 MOV EBX,EDX 00346A1D 0FC8 BSWAP EAX 00346A1F 09D3 OR EBX,EDX 00346A21 C7C0 4BB02488 MOV EAX,8824B04B 00346A27 87DB XCHG EBX,EBX 00346A29 0FACD0 1A SHRD EAX,EDX,1A 00346A2D 8D1D 1311D6E0 LEA EBX,DWORD PTR DS:[E0D61113] 00346A33 0FADD0 SHRD EAX,EDX,CL 00346A36 0FBCC1 BSF EAX,ECX 00346A39 0FA5C8 SHLD EAX,ECX,CL 00346A3C 3BC1 CMP EAX,ECX 00346A3E 01CB ADD EBX,ECX 00346A40 87C3 XCHG EBX,EAX 00346A42 26:48 DEC EAX ; Superfluous prefix 00346A44 3BC2 CMP EAX,EDX 00347E15 D1F8 SAR EAX,1 …… …… 00348710 90 NOP 00348711 90 NOP 00348712 90 NOP 00348713 61 POPAD
cyclotron 雪币： 392 活跃值： (909) 能力值： ( LV9，RANK：690 ) 在线值：发帖 43 回帖 800 粉丝 8 关注私信	cyclotron 17 2004-10-8 13:47 27 楼 0 第一组IAT B03C 第二组IAT B080 第三组IAT B0OO 第四组IAT B008 第五组IAT B010 第六组IAT B078 0034617E 25 FFFFFF7F AND EAX,7FFFFFFF 00346183 8BDE MOV EBX,ESI 00346185 2BD8 SUB EBX,EAX 00346187 8958 FC MOV DWORD PTR DS:[EAX-4],EBX ；在408D81构造一个call至00348B15（跳转表） 0034618A 83C7 08 ADD EDI,8 0034618D ^ E9 44FDFFFF JMP 00345ED6 原来是API入口跳转表
cyclotron 雪币： 392 活跃值： (909) 能力值： ( LV9，RANK：690 ) 在线值：发帖 43 回帖 800 粉丝 8 关注私信	cyclotron 17 2004-10-8 19:00 28 楼 0 终于剥下来了:D 附件:dPEQuake_.rar
forgot 雪币： 6073 活跃值： (2236) 能力值： (RANK：1060 ) 在线值：发帖 155 回帖 3744 粉丝 15 关注私信	forgot 26 2004-10-8 21:42 29 楼 0 猛将又见猛将，那段垃圾是用引擎自动生成的，莫怪莫怪。
fly 雪币： 896 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 295 回帖 7672 粉丝 32 关注私信	fly 85 2004-10-8 23:03 30 楼 0 最初由 cyclotron 发布终于剥下来了:D 附件:dPEQuake_.rar 写个教程吧我就不脱了 ;)
cyclotron 雪币： 392 活跃值： (909) 能力值： ( LV9，RANK：690 ) 在线值：发帖 43 回帖 800 粉丝 8 关注私信	cyclotron 17 2004-10-9 07:00 31 楼 0 最初由 fly 发布写个教程吧我就不脱了 ;) fly客气了，怕是早就搞定了吧:D 回头我整理一下
china 雪币： 3007 活跃值： (3552) 能力值： (RANK：215 ) 在线值：发帖 70 回帖 1975 粉丝 9 关注私信	china 5 2004-10-9 08:57 32 楼 0 一群变态！！
zch123 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 50 粉丝 1 关注私信	zch123 2004-10-9 23:28 33 楼 0 最初由 china 发布一群变态！！ :p :p
	游客登录 \| 注册方可回帖　回帖　表情雪币赚取及消费高级回复

cyclotron

雪币： 392

活跃值： (909)

能力值：

( LV9，RANK：690 )

在线值：

发帖

43

回帖

800

粉丝

8

关注

私信

cyclotron 17 2004-10-8 13:08: 26 楼
0

果然垃圾

00346712    60              PUSHAD
00346713    FFC3            INC EBX
00346715    FFC8            DEC EAX
00346717    F7D8            NEG EAX
00346719    F7C1 2DF16825   TEST ECX,2568F12D
0034671F    8BD9            MOV EBX,ECX
00346721    01CB            ADD EBX,ECX
00346723    85CB            TEST EBX,ECX
00346725    8BDA            MOV EBX,EDX
00346727    C1CB F3         ROR EBX,0F3                              ; Shift constant out of range 1..31
0034672A    C7C3 BE948305   MOV EBX,58394BE
00346730    87D8            XCHG EAX,EBX
00346732    0FA5D3          SHLD EBX,EDX,CL
00346735    87C0            XCHG EAX,EAX
00346737    FFCB            DEC EBX
00346739    3E:F7D3         NOT EBX                                  ; Superfluous prefix
0034673C    C7C3 A1BCAA42   MOV EBX,42AABCA1
00346742    36:C1F0 5B      SAL EAX,5B                               ; Shift constant out of range 1..31
00346746    36:81E3 2659B82>AND EBX,25B85926                         ; Superfluous prefix
0034674D    85DB            TEST EBX,EBX
0034674F    8BC2            MOV EAX,EDX
00346751    0FADD3          SHRD EBX,EDX,CL
00346754    69DA 1A947526   IMUL EBX,EDX,2675941A
0034675A    0FABC8          BTS EAX,ECX
0034675D    0FBBC8          BTC EAX,ECX
00346760    B8 79EEA6D6     MOV EAX,D6A6EE79
00346765    C1E0 25         SHL EAX,25                               ; Shift constant out of range 1..31
00346768    C7C3 75E077A5   MOV EBX,A577E075
0034676E    FFC8            DEC EAX
00346770    F3:             PREFIX REP:                              ; Superfluous prefix
00346771    F2:             PREFIX REPNE:                            ; Superfluous prefix
00346772    C7C0 FA011F84   MOV EAX,841F01FA
00346778    87DB            XCHG EBX,EBX
0034677A    0FBAE0 EF       BT EAX,0EF
0034677E    C7C3 2C23FDFB   MOV EBX,FBFD232C
00346784    0FCB            BSWAP EBX
00346786    FFC8            DEC EAX
00346788    2E:F7D3         NOT EBX                                  ; Superfluous prefix
0034678B    8BC1            MOV EAX,ECX
0034678D    48              DEC EAX
0034678E    FFC0            INC EAX
00346790    26:81DB 83531C3>SBB EBX,351C5383                         ; Superfluous prefix
00346797    C7C3 B503CBFC   MOV EBX,FCCB03B5
0034679D    0FBCD9          BSF EBX,ECX
003467A0    69DA CD861974   IMUL EBX,EDX,741986CD
003467A6    0FB7C1          MOVZX EAX,CX
003467A9    8BD9            MOV EBX,ECX
003467AB    0FBAF3 D4       BTR EBX,0D4
003467AF    F2:             PREFIX REPNE:                            ; Superfluous prefix
003467B0    1BDA            SBB EBX,EDX
003467B2    26:19CB         SBB EBX,ECX                              ; Superfluous prefix
003467B5    C7C3 1C7925F9   MOV EBX,F925791C
003467BB    0BC2            OR EAX,EDX
003467BD    0FA3D0          BT EAX,EDX
003467C0    BB 24A492F9     MOV EBX,F992A424
003467C5    87D8            XCHG EAX,EBX
003467C7    85D2            TEST EDX,EDX
003467C9    2D F23EEA7B     SUB EAX,7BEA3EF2
003467CE    FFC8            DEC EAX
003467D0    89D3            MOV EBX,EDX
003467D2    0FBFC2          MOVSX EAX,DX
003467D5    65:0FAFC2       IMUL EAX,EDX                             ; Superfluous prefix
003467D9    F7C0 4CE03034   TEST EAX,3430E04C
003467DF    8BD9            MOV EBX,ECX
003467E1    0FBCC1          BSF EAX,ECX
003467E4    64:0FADC8       SHRD EAX,ECX,CL                          ; Superfluous prefix
003467E8    85DA            TEST EDX,EBX
003467EA    8D05 9F352D5C   LEA EAX,DWORD PTR DS:[5C2D359F]
003467F0    0FCB            BSWAP EBX
003467F2    0FB3CB          BTR EBX,ECX
003467F5    D3DB            RCR EBX,CL
003467F7    85D1            TEST ECX,EDX
003467F9    81D3 0D7EC633   ADC EBX,33C67E0D
003467FF    F7C3 06A065AA   TEST EBX,AA65A006
00346805    81FB 3151B956   CMP EBX,56B95131
0034680B    B8 2D4573C0     MOV EAX,C073452D
00346810    0FB7D9          MOVZX EBX,CX
00346813    0FC1DB          XADD EBX,EBX
00346816    09C8            OR EAX,ECX
00346818    0FACD0 01       SHRD EAX,EDX,1
0034681C    F7DB            NEG EBX
0034681E    0FC1DB          XADD EBX,EBX
00346821    69DA FAD8F2ED   IMUL EBX,EDX,EDF2D8FA
00346827    C1D0 B4         RCL EAX,0B4                              ; Shift constant out of range 1..31
0034682A    0FACD3 CD       SHRD EBX,EDX,0CD                         ; Shift constant out of range 1..31
0034682E    0FA4D3 5E       SHLD EBX,EDX,5E                          ; Shift constant out of range 1..31
00346832    0FAFD9          IMUL EBX,ECX
00346835    B8 8F81965C     MOV EAX,5C96818F
0034683A    0FBBC8          BTC EAX,ECX
0034683D    F2:36:          PREFIX REPNE:                            ; Superfluous prefix
0034683F    89D0            MOV EAX,EDX
00346841    0FC1C3          XADD EBX,EAX
00346844    2E:             PREFIX CS:                               ; Superfluous prefix
00346845    65:0FACCB 9B    SHRD EBX,ECX,9B                          ; Shift constant out of range 1..31
0034684A    89C8            MOV EAX,ECX
0034684C    0FAFC2          IMUL EAX,EDX
0034684F    48              DEC EAX
00346850    8BD9            MOV EBX,ECX
00346852    8BC1            MOV EAX,ECX
00346854    0FC1C3          XADD EBX,EAX
00346857    87C0            XCHG EAX,EAX
00346859    0FA4D0 3A       SHLD EAX,EDX,3A                          ; Shift constant out of range 1..31
0034685D    0FB7DA          MOVZX EBX,DX
00346860    8D1D 10258E47   LEA EBX,DWORD PTR DS:[478E2510]
00346866    0FA4CB 78       SHLD EBX,ECX,78                          ; Shift constant out of range 1..31
0034686A    0FC8            BSWAP EAX
0034686C    3D B116900C     CMP EAX,0C9016B1
00346871    2BC1            SUB EAX,ECX
00346873    F7C0 AEE4CD74   TEST EAX,74CDE4AE
00346879    F7DB            NEG EBX
0034687B    0FC1C3          XADD EBX,EAX
0034687E    0FC8            BSWAP EAX
00346880    8D1D 51ED7795   LEA EBX,DWORD PTR DS:[9577ED51]
00346886    4B              DEC EBX
00346887    F7C0 EF5C21C3   TEST EAX,C3215CEF
0034688D    F7D3            NOT EBX
0034688F    85D0            TEST EAX,EDX
00346891    0FCB            BSWAP EBX
00346893    FFCB            DEC EBX
00346895    0FC1C3          XADD EBX,EAX
00346898    D1F0            SAL EAX,1
0034689A    8D1D A5E9059E   LEA EBX,DWORD PTR DS:[9E05E9A5]
003468A0    2D E730BE2C     SUB EAX,2CBE30E7
003468A5    29CB            SUB EBX,ECX
003468A7    11D0            ADC EAX,EDX
003468A9    0FC8            BSWAP EAX
003468AB    69D9 57E92961   IMUL EBX,ECX,6129E957
003468B1    8BC1            MOV EAX,ECX
003468B3    0FAFC1          IMUL EAX,ECX
003468B6    0FBDD9          BSR EBX,ECX
003468B9    64:23DA         AND EBX,EDX                              ; Superfluous prefix
003468BC    0FBCDA          BSF EBX,EDX
003468BF    0FBAEB 11       BTS EBX,11
003468C3    64:8BDA         MOV EBX,EDX                              ; Superfluous prefix
003468C6    FFC0            INC EAX
003468C8    89D3            MOV EBX,EDX
003468CA    03C2            ADD EAX,EDX
003468CC    0FB3D3          BTR EBX,EDX
003468CF    8BDA            MOV EBX,EDX
003468D1    89CB            MOV EBX,ECX
003468D3    F7D3            NOT EBX
003468D5    0FAFD9          IMUL EBX,ECX
003468D8    09CB            OR EBX,ECX
003468DA    0FB7D9          MOVZX EBX,CX
003468DD    F3:             PREFIX REP:                              ; Superfluous prefix
003468DE    F7D8            NEG EAX
003468E0    81EB 31F2CBC2   SUB EBX,C2CBF231
003468E6    0FA5C8          SHLD EAX,ECX,CL
003468E9    36:81FB E255BE4>CMP EBX,47BE55E2                         ; Superfluous prefix
003468F0    FFC8            DEC EAX
003468F2    8BC1            MOV EAX,ECX
003468F4    8BDA            MOV EBX,EDX
003468F6    C7C0 1D5F71F0   MOV EAX,F0715F1D
003468FC    85DB            TEST EBX,EBX
003468FE    89C8            MOV EAX,ECX
00346900    F7C1 03B1C275   TEST ECX,75C2B103
00346906    F7D3            NOT EBX
00346908    BB E53D383B     MOV EBX,3B383DE5
0034690D    85D0            TEST EAX,EDX
0034690F    F7C3 D7C5BCC6   TEST EBX,C6BCC5D7
00346915    0FCB            BSWAP EBX
00346917    0FB7DA          MOVZX EBX,DX
0034691A    0FADD0          SHRD EAX,EDX,CL
0034691D    FFC8            DEC EAX
0034691F    D1EB            SHR EBX,1
00346921    0FBAE0 F8       BT EAX,0F8
00346925    2D F6739D2E     SUB EAX,2E9D73F6
0034692A    F7C2 1AF016A2   TEST EDX,A216F01A
00346930    81C0 74A65D44   ADD EAX,445DA674
00346936    0FC8            BSWAP EAX
00346938    0D 42E50D6F     OR EAX,6F0DE542
0034693D    85DA            TEST EDX,EBX
0034693F    C1EB DA         SHR EBX,0DA                              ; Shift constant out of range 1..31
00346942    F2:             PREFIX REPNE:                            ; Superfluous prefix
00346943    0FACC8 D6       SHRD EAX,ECX,0D6                         ; Shift constant out of range 1..31
00346947    26:31CB         XOR EBX,ECX                              ; Superfluous prefix
0034694A    0FA4D0 50       SHLD EAX,EDX,50                          ; Shift constant out of range 1..31
0034694E    0FBBD3          BTC EBX,EDX
00346951    C7C0 77665073   MOV EAX,73506677
00346957    8D05 441F9163   LEA EAX,DWORD PTR DS:[63911F44]
0034695D    F7C1 7288DE6F   TEST ECX,6FDE8872
00346963    85DA            TEST EDX,EBX
00346965    C7C0 74EC7C90   MOV EAX,907CEC74
0034696B    0FBAE0 02       BT EAX,2
0034696F    F7C0 E7D51826   TEST EAX,2618D5E7
00346975    B8 D1A7A99E     MOV EAX,9EA9A7D1
0034697A    B8 F64714EC     MOV EAX,EC1447F6
0034697F    0FBCC1          BSF EAX,ECX
00346982    0FB7C2          MOVZX EAX,DX
00346985    11CB            ADC EBX,ECX
00346987    D3F0            SAL EAX,CL
00346989    F7D3            NOT EBX
0034698B    C7C0 8FE36454   MOV EAX,5464E38F
00346991    25 DFB0CB18     AND EAX,18CBB0DF
00346996    81C3 F7AB9D5F   ADD EBX,5F9DABF7
0034699C    D1E0            SHL EAX,1
0034699E    81D8 99332BBD   SBB EAX,BD2B3399
003469A4    0FBAFB A8       BTC EBX,0A8
003469A8    0FAFC1          IMUL EAX,ECX
003469AB    0FABCB          BTS EBX,ECX
003469AE    F7C2 FA23E943   TEST EDX,43E923FA
003469B4    21D0            AND EAX,EDX
003469B6    64:85D0         TEST EAX,EDX                             ; Superfluous prefix
003469B9    3BC1            CMP EAX,ECX
003469BB    F3:             PREFIX REP:                              ; Superfluous prefix
003469BC    0FBCC2          BSF EAX,EDX
003469BF    0FACD3 B4       SHRD EBX,EDX,0B4                         ; Shift constant out of range 1..31
003469C3    C1FB 25         SAR EBX,25                               ; Shift constant out of range 1..31
003469C6    8BC2            MOV EAX,EDX
003469C8    8D05 C1965846   LEA EAX,DWORD PTR DS:[465896C1]
003469CE    8BD9            MOV EBX,ECX
003469D0    89CB            MOV EBX,ECX
003469D2    89C8            MOV EAX,ECX
003469D4    69D9 8F418B44   IMUL EBX,ECX,448B418F
003469DA    23C2            AND EAX,EDX
003469DC    21CB            AND EBX,ECX
003469DE    F7D0            NOT EAX
003469E0    3BC2            CMP EAX,EDX
003469E2    87C0            XCHG EAX,EAX
003469E4    23C2            AND EAX,EDX
003469E6    0FACD3 7E       SHRD EBX,EDX,7E                          ; Shift constant out of range 1..31
003469EA    85CA            TEST EDX,ECX
003469EC    BB B4EB388B     MOV EBX,8B38EBB4
003469F1    85C9            TEST ECX,ECX
003469F3    8D05 D7442F50   LEA EAX,DWORD PTR DS:[502F44D7]
003469F9    23C2            AND EAX,EDX
003469FB    0FB3D3          BTR EBX,EDX
003469FE    31C8            XOR EAX,ECX
00346A00    81F0 D6F802B4   XOR EAX,B402F8D6
00346A06    65:81EB 6443716>SUB EBX,69714364                         ; Superfluous prefix
00346A0D    0FAFD9          IMUL EBX,ECX
00346A10    8BDA            MOV EBX,EDX
00346A12    D3C0            ROL EAX,CL
00346A14    0FAFC1          IMUL EAX,ECX
00346A17    D1D3            RCL EBX,1
00346A19    85C2            TEST EDX,EAX
00346A1B    89D3            MOV EBX,EDX
00346A1D    0FC8            BSWAP EAX
00346A1F    09D3            OR EBX,EDX
00346A21    C7C0 4BB02488   MOV EAX,8824B04B
00346A27    87DB            XCHG EBX,EBX
00346A29    0FACD0 1A       SHRD EAX,EDX,1A
00346A2D    8D1D 1311D6E0   LEA EBX,DWORD PTR DS:[E0D61113]
00346A33    0FADD0          SHRD EAX,EDX,CL
00346A36    0FBCC1          BSF EAX,ECX
00346A39    0FA5C8          SHLD EAX,ECX,CL
00346A3C    3BC1            CMP EAX,ECX
00346A3E    01CB            ADD EBX,ECX
00346A40    87C3            XCHG EBX,EAX
00346A42    26:48           DEC EAX                                  ; Superfluous prefix
00346A44    3BC2            CMP EAX,EDX
00347E15    D1F8            SAR EAX,1
……
……
00348710    90              NOP
00348711    90              NOP
00348712    90              NOP
00348713    61              POPAD

cyclotron

雪币： 392

活跃值： (909)

能力值：

( LV9，RANK：690 )

在线值：

发帖

43

回帖

800

粉丝

8

关注

私信

cyclotron 17 2004-10-8 13:47: 27 楼
0

第一组IAT B03C
第二组IAT B080
第三组IAT B0OO
第四组IAT B008
第五组IAT B010
第六组IAT B078

0034617E 25 FFFFFF7F    AND EAX,7FFFFFFF
00346183 8BDE          MOV EBX,ESI
00346185 2BD8          SUB EBX,EAX
00346187 8958 FC       MOV DWORD PTR DS:[EAX-4],EBX ；在408D81构造一个call至00348B15（跳转表）
0034618A 83C7 08       ADD EDI,8
0034618D  ^ E9 44FDFFFF    JMP 00345ED6

原来是API入口跳转表

cyclotron

雪币： 392

活跃值： (909)

能力值：

( LV9，RANK：690 )

在线值：

发帖

43

回帖

800

粉丝

8