-
-
[旧帖]
[讨论]好怪的壳,大家看看是什么文件
0.00雪花
-
发表于:
2008-11-11 11:17
2678
-
[旧帖] [讨论]好怪的壳,大家看看是什么文件
0.00雪花
PEID查是PECompact 2.x -> Jeremy Collake,OD载入又成了
00402AA0 > 90 nop
00402AA1 90 nop
00402AA2 90 nop
00402AA3 90 nop
00402AA4 90 nop
00402AA5 6A 01 push 1
00402AA7 FF15 94104000 call dword ptr ds:[<&KERNEL32.Ge>; kernel32.GetCommandLineA
00402AAD 50 push eax
00402AAE 6A 00 push 0
00402AB0 6A 00 push 0
00402AB2 FF15 10114000 call dword ptr ds:[<&KERNEL32.Ge>; kernel32.GetModuleHandleA
00402AB8 50 push eax
00402AB9 E8 C2FFFFFF call Abc.00402A80
00402ABE 50 push eax
00402ABF FF15 FC104000 call dword ptr ds:[<&KERNEL32.Ex>; kernel32.ExitProcess
00402AC5 90 nop
00402AC6 90 nop
00402AC7 90 nop
00402AC8 90 nop
00402AC9 90 nop
00402ACA 90 nop
00402ACB 90 nop
00402ACC 90 nop
00402ACD 90 nop
00402ACE 90 nop
00402ACF 90 nop
00402AD0 - FF25 F4104000 jmp dword ptr ds:[<&KERNEL32.Pro>; kernel32.Process32Next
00402AD6 - FF25 EC104000 jmp dword ptr ds:[<&KERNEL32.Pro>; kernel32.Process32First
00402ADC - FF25 E8104000 jmp dword ptr ds:[<&KERNEL32.Cre>; kernel32.CreateToolhelp32Snapshot
00402AE2 CC int3
00402AE3 CC int3
00402AE4 CC int3
00402AE5 CC int3
00402AE6 CC int3
00402AE7 CC int3
00402AE8 CC int3
00402AE9 CC int3
00402AEA CC int3
00402AEB CC int3
00402AEC CC int3
00402AED CC int3
00402AEE CC int3
00402AEF CC int3
00402AF0 - FF25 34114000 jmp dword ptr ds:[<&MSVCRT._exce>;
一动就终止,大伙看看啊
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
