能力值:
( LV9,RANK:3410 )
|
-
-
2 楼
PEiD -->
PESpin
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
|
能力值:
( LV9,RANK:3410 )
|
-
-
4 楼
0041BB6D 6A 60 push 60
0041BB6F 68 95524500 push QQTwin.00455295
0041BB74 E8 73110000 call QQTwin.0041CCEC
0041BB79 BF 94000000 mov edi,94
0041BB7E 8BC7 mov eax,edi
0041BB80 E8 1BF1FFFF call QQTwin.0041ACA0
0041BB85 8965 E8 mov dword ptr ss:[ebp-18],esp
0041BB88 8BF4 mov esi,esp
0041BB8A 893E mov dword ptr ds:[esi],edi
0041BB8C 56 push esi
0041BB8D FF15 2F674500 call dword ptr ds:[45672F] ; kernel32.GetVersionExA
0041BB93 8B4E 10 mov ecx,dword ptr ds:[esi+10]
0041BB96 890D E0CD4400 mov dword ptr ds:[44CDE0],ecx
0041BB9C 8B46 04 mov eax,dword ptr ds:[esi+4]
0041BB9F A3 ECCD4400 mov dword ptr ds:[44CDEC],eax
0041BBA4 8B56 08 mov edx,dword ptr ds:[esi+8]
0041BBA7 8915 F0CD4400 mov dword ptr ds:[44CDF0],edx
0041BBAD 8B76 0C mov esi,dword ptr ds:[esi+C]
0041BBB0 8935 E4CD4400 mov dword ptr ds:[44CDE4],esi
0041BBB6 8935 6CA74000 mov dword ptr ds:[40A76C],esi
//StolenCode
0041BBBC 83F9 02 cmp ecx,2
0041BBBF 74 0C je short QQTwin.0041BBCD
0041BBC1 81CE 00800000 or esi,8000
0041BBC7 8935 E4CD4400 mov dword ptr ds:[44CDE4],esi
0041BBCD C1E0 08 shl eax,8
0041BBD0 03C2 add eax,edx
0041BBD2 A3 E8CD4400 mov dword ptr ds:[44CDE8],eax
0041BBD7 33F6 xor esi,esi
0041BBD9 56 push esi
0041BBDA 8B3D 4D674500 mov edi,dword ptr ds:[45674D] ; kernel32.GetModuleHandleA
代码变形等自己修复
|
能力值:
( LV2,RANK:10 )
|
-
-
5 楼
确定是PESpin吗?
你给出的那段,我也跟过,不过我想你见多识广,因为知道这是个什么壳.
我也可以去网上找个教程跟着脱~~我实在是没有精力去研究~~
烦说明白点
3Q
|
能力值:
( LV9,RANK:3410 )
|
-
-
6 楼
PESpin
|
能力值:
( LV2,RANK:10 )
|
-
-
7 楼
OK,多谢
PESpin的壳有个自动脱的机器,可惜我试了不能用~估计是变种了
|
|
|