老大请问ZipGhost是个什么东东啊-加壳脱壳-看雪-安全社区|安全招聘|kanxue.com

最新回复 (4)
savage.k 雪币： 201 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 3 粉丝 0 关注私信	savage.k 2 楼 PEiD 查不出 Microsoft Visual C++ [Overlay] EP Section: ZipGhost upx? 文件在： http://soft.winzheng.com/SoftDown.asp?ID=54580&lbID=1 2004-11-30 10:46 0
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 3 楼国华软件的保护都不错如果初学就先看点其他的软件调试论坛有国华电子书相关软件的讨论你可以去搜索查看一下 2004-11-30 11:00 0
savage.k 雪币： 201 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 3 粉丝 0 关注私信	savage.k 4 楼看看先谢谢老大 2004-11-30 11:06 0
pendan2001 雪币： 61 活跃值： (160) 能力值： ( LV9，RANK：170 ) 在线值：发帖 25 回帖 1180 粉丝 0 关注私信	pendan2001 4 5 楼 OD载入 0054D000 u> 55 push ebp ///停在这里 0054D001 8BEC mov ebp,esp 0054D003 6A FF push -1 0054D005 68 2A2C0A00 push 0A2C2A 0054D00A 68 38900D00 push 0D9038 0054D00F 64:A1 00000000 mov eax,dword ptr fs:[0] 0054D015 50 push eax 0054D016 64:8925 00000000 mov dword ptr fs:[0],esp 0054D01D 58 pop eax 0054D01E 64:A3 00000000 mov dword ptr fs:[0],eax 0054D024 58 pop eax 0054D025 58 pop eax 0054D026 58 pop eax 0054D027 58 pop eax 0054D028 8BE8 mov ebp,eax 0054D02A B8 B0905400 mov eax,unEbookE.005490B0 0054D02F FFE0 jmp eax ///eax=005490B0 005490B0 60 pushad 005490B1 BE 00704D00 mov esi,unEbookE.004D7000 005490B6 8DBE 00A0F2FF lea edi,dword ptr ds:[esi+FFF2A00> 005490BC C787 0C770D00 FFA51>mov dword ptr ds:[edi+D770C],9019> 005490C6 57 push edi 005490C7 83CD FF or ebp,FFFFFFFF 005490CA EB 0E jmp short unEbookE.005490DA 005490CC 90 nop 005490CD 90 nop 005490CE 90 nop 005490CF 90 nop 005490D0 8A06 mov al,byte ptr ds:[esi] 005490D2 46 inc esi 005490D3 8807 mov byte ptr ds:[edi],al 005490D5 47 inc edi 005490D6 01DB add ebx,ebx 005490D8 75 07 jnz short unEbookE.005490E1 005490DA 8B1E mov ebx,dword ptr ds:[esi] 005490DC 83EE FC sub esi,-4 005490DF 11DB adc ebx,ebx 005490E1 ^ 72 ED jb short unEbookE.005490D0 005490E3 B8 01000000 mov eax,1 005490E8 01DB add ebx,ebx 005490EA 75 07 jnz short unEbookE.005490F3 005490EC 8B1E mov ebx,dword ptr ds:[esi] 005490EE 83EE FC sub esi,-4 005490F1 11DB adc ebx,ebx 005490F3 11C0 adc eax,eax 005490F5 01DB add ebx,ebx 005490F7 73 0B jnb short unEbookE.00549104 005490F9 75 19 jnz short unEbookE.00549114 005490FB 8B1E mov ebx,dword ptr ds:[esi] 005490FD 83EE FC sub esi,-4 00549100 11DB adc ebx,ebx 00549102 72 10 jb short unEbookE.00549114 00549104 48 dec eax 00549105 01DB add ebx,ebx 00549107 75 07 jnz short unEbookE.00549110 00549109 8B1E mov ebx,dword ptr ds:[esi] 0054910B 83EE FC sub esi,-4 0054910E 11DB adc ebx,ebx 00549110 11C0 adc eax,eax 00549112 ^ EB D4 jmp short unEbookE.005490E8 00549114 31C9 xor ecx,ecx 00549116 83E8 03 sub eax,3 00549119 72 11 jb short unEbookE.0054912C 0054911B C1E0 08 shl eax,8 0054911E 8A06 mov al,byte ptr ds:[esi] 00549120 46 inc esi 00549121 83F0 FF xor eax,FFFFFFFF 00549124 74 78 je short unEbookE.0054919E 00549126 D1F8 sar eax,1 00549128 89C5 mov ebp,eax 0054912A EB 0B jmp short unEbookE.00549137 0054912C 01DB add ebx,ebx 0054912E 75 07 jnz short unEbookE.00549137 00549130 8B1E mov ebx,dword ptr ds:[esi] 00549132 83EE FC sub esi,-4 00549135 11DB adc ebx,ebx 00549137 11C9 adc ecx,ecx 00549139 01DB add ebx,ebx 0054913B 75 07 jnz short unEbookE.00549144 0054913D 8B1E mov ebx,dword ptr ds:[esi] 0054913F 83EE FC sub esi,-4 00549142 11DB adc ebx,ebx 00549144 11C9 adc ecx,ecx 00549146 75 20 jnz short unEbookE.00549168 00549148 41 inc ecx 00549149 01DB add ebx,ebx 0054914B 75 07 jnz short unEbookE.00549154 0054914D 8B1E mov ebx,dword ptr ds:[esi] 0054914F 83EE FC sub esi,-4 00549152 11DB adc ebx,ebx 00549154 11C9 adc ecx,ecx 00549156 01DB add ebx,ebx 00549158 ^ 73 EF jnb short unEbookE.00549149 0054915A 75 09 jnz short unEbookE.00549165 0054915C 8B1E mov ebx,dword ptr ds:[esi] 0054915E 83EE FC sub esi,-4 00549161 11DB adc ebx,ebx 00549163 ^ 73 E4 jnb short unEbookE.00549149 00549165 83C1 02 add ecx,2 00549168 81FD 00FBFFFF cmp ebp,-500 0054916E 83D1 01 adc ecx,1 00549171 8D142F lea edx,dword ptr ds:[edi+ebp] 00549174 83FD FC cmp ebp,-4 00549177 76 0F jbe short unEbookE.00549188 00549179 8A02 mov al,byte ptr ds:[edx] 0054917B 42 inc edx 0054917C 8807 mov byte ptr ds:[edi],al 0054917E 47 inc edi 0054917F 49 dec ecx 00549180 ^ 75 F7 jnz short unEbookE.00549179 00549182 ^ E9 4FFFFFFF jmp unEbookE.005490D6 00549187 90 nop 00549188 8B02 mov eax,dword ptr ds:[edx] 0054918A 83C2 04 add edx,4 0054918D 8907 mov dword ptr ds:[edi],eax 0054918F 83C7 04 add edi,4 00549192 83E9 04 sub ecx,4 00549195 ^ 77 F1 ja short unEbookE.00549188 00549197 01CF add edi,ecx 00549199 ^ E9 38FFFFFF jmp unEbookE.005490D6 0054919E 5E pop esi 0054919F 89F7 mov edi,esi 005491A1 B9 97690000 mov ecx,6997 005491A6 8A07 mov al,byte ptr ds:[edi] 005491A8 47 inc edi 005491A9 2C E8 sub al,0E8 005491AB 3C 01 cmp al,1 005491AD ^ 77 F7 ja short unEbookE.005491A6 005491AF 803F 1D cmp byte ptr ds:[edi],1D 005491B2 ^ 75 F2 jnz short unEbookE.005491A6 005491B4 8B07 mov eax,dword ptr ds:[edi] 005491B6 8A5F 04 mov bl,byte ptr ds:[edi+4] 005491B9 66:C1E8 08 shr ax,8 005491BD C1C0 10 rol eax,10 005491C0 86C4 xchg ah,al 005491C2 29F8 sub eax,edi 005491C4 80EB E8 sub bl,0E8 005491C7 01F0 add eax,esi 005491C9 8907 mov dword ptr ds:[edi],eax 005491CB 83C7 05 add edi,5 005491CE 89D8 mov eax,ebx 005491D0 ^ E2 D9 loopd short unEbookE.005491AB 005491D2 8DBE 00501400 lea edi,dword ptr ds:[esi+145000] 005491D8 8B07 mov eax,dword ptr ds:[edi] 005491DA 09C0 or eax,eax 005491DC 74 3C je short unEbookE.0054921A 005491DE 8B5F 04 mov ebx,dword ptr ds:[edi+4] 005491E1 8D8430 48B71400 lea eax,dword ptr ds:[eax+esi+14B> 005491E8 01F3 add ebx,esi 005491EA 50 push eax 005491EB 83C7 08 add edi,8 005491EE FF96 38B81400 call dword ptr ds:[esi+14B838] 005491F4 95 xchg eax,ebp 005491F5 8A07 mov al,byte ptr ds:[edi] 005491F7 47 inc edi 005491F8 08C0 or al,al 005491FA ^ 74 DC je short unEbookE.005491D8 005491FC 89F9 mov ecx,edi 005491FE 57 push edi 005491FF 48 dec eax 00549200 F2:AE repne scas byte ptr es:[edi] 00549202 55 push ebp 00549203 FF96 3CB81400 call dword ptr ds:[esi+14B83C] 00549209 09C0 or eax,eax 0054920B 74 07 je short unEbookE.00549214 0054920D 8903 mov dword ptr ds:[ebx],eax 0054920F 83C3 04 add ebx,4 00549212 ^ EB E1 jmp short unEbookE.005491F5 00549214 FF96 40B81400 call dword ptr ds:[esi+14B840] 0054921A 61 popad 0054921B - E9 DCA7F8FF jmp unEbookE.004D39FC ///跳向入口点 004D39FC 55 push ebp// /// OEP,DUMP 004D39FD 8BEC mov ebp,esp 004D39FF 83C4 F0 add esp,-10 004D3A02 B8 74364D00 mov eax,unEbookE.004D3674 004D3A07 E8 2831F3FF call unEbookE.00406B34 004D3A0C A1 84714D00 mov eax,dword ptr ds:[4D7184] 004D3A11 8B00 mov eax,dword ptr ds:[eax] 004D3A13 E8 6C6AF9FF call unEbookE.0046A484 004D3A18 33C9 xor ecx,ecx 004D3A1A B2 01 mov dl,1 004D3A1C A1 08AE4C00 mov eax,dword ptr ds:[4CAE08] 004D3A21 E8 7675FFFF call unEbookE.004CAF9C 004D3A26 8B15 14704D00 mov edx,dword ptr ds:[4D7014] ; unEbookE.004D90F0 004D3A2C 8902 mov dword ptr ds:[edx],eax 004D3A2E A1 14704D00 mov eax,dword ptr ds:[4D7014] 004D3A33 8B00 mov eax,dword ptr ds:[eax] 004D3A35 E8 DE35F9FF call unEbookE.00467018 004D3A3A A1 14704D00 mov eax,dword ptr ds:[4D7014] 运行ImportREC，OEP改为D39FC，修复程序，正常运行，但有自校验。 2004-11-30 13:57 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (4)
savage.k 雪币： 201 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 3 粉丝 0 关注私信	savage.k 2 楼 PEiD 查不出 Microsoft Visual C++ [Overlay] EP Section: ZipGhost upx? 文件在： http://soft.winzheng.com/SoftDown.asp?ID=54580&lbID=1 2004-11-30 10:46 0
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 3 楼国华软件的保护都不错如果初学就先看点其他的软件调试论坛有国华电子书相关软件的讨论你可以去搜索查看一下 2004-11-30 11:00 0
savage.k 雪币： 201 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 3 粉丝 0 关注私信	savage.k 4 楼看看先谢谢老大 2004-11-30 11:06 0
pendan2001 雪币： 61 活跃值： (160) 能力值： ( LV9，RANK：170 ) 在线值：发帖 25 回帖 1180 粉丝 0 关注私信	pendan2001 4 5 楼 OD载入 0054D000 u> 55 push ebp ///停在这里 0054D001 8BEC mov ebp,esp 0054D003 6A FF push -1 0054D005 68 2A2C0A00 push 0A2C2A 0054D00A 68 38900D00 push 0D9038 0054D00F 64:A1 00000000 mov eax,dword ptr fs:[0] 0054D015 50 push eax 0054D016 64:8925 00000000 mov dword ptr fs:[0],esp 0054D01D 58 pop eax 0054D01E 64:A3 00000000 mov dword ptr fs:[0],eax 0054D024 58 pop eax 0054D025 58 pop eax 0054D026 58 pop eax 0054D027 58 pop eax 0054D028 8BE8 mov ebp,eax 0054D02A B8 B0905400 mov eax,unEbookE.005490B0 0054D02F FFE0 jmp eax ///eax=005490B0 005490B0 60 pushad 005490B1 BE 00704D00 mov esi,unEbookE.004D7000 005490B6 8DBE 00A0F2FF lea edi,dword ptr ds:[esi+FFF2A00> 005490BC C787 0C770D00 FFA51>mov dword ptr ds:[edi+D770C],9019> 005490C6 57 push edi 005490C7 83CD FF or ebp,FFFFFFFF 005490CA EB 0E jmp short unEbookE.005490DA 005490CC 90 nop 005490CD 90 nop 005490CE 90 nop 005490CF 90 nop 005490D0 8A06 mov al,byte ptr ds:[esi] 005490D2 46 inc esi 005490D3 8807 mov byte ptr ds:[edi],al 005490D5 47 inc edi 005490D6 01DB add ebx,ebx 005490D8 75 07 jnz short unEbookE.005490E1 005490DA 8B1E mov ebx,dword ptr ds:[esi] 005490DC 83EE FC sub esi,-4 005490DF 11DB adc ebx,ebx 005490E1 ^ 72 ED jb short unEbookE.005490D0 005490E3 B8 01000000 mov eax,1 005490E8 01DB add ebx,ebx 005490EA 75 07 jnz short unEbookE.005490F3 005490EC 8B1E mov ebx,dword ptr ds:[esi] 005490EE 83EE FC sub esi,-4 005490F1 11DB adc ebx,ebx 005490F3 11C0 adc eax,eax 005490F5 01DB add ebx,ebx 005490F7 73 0B jnb short unEbookE.00549104 005490F9 75 19 jnz short unEbookE.00549114 005490FB 8B1E mov ebx,dword ptr ds:[esi] 005490FD 83EE FC sub esi,-4 00549100 11DB adc ebx,ebx 00549102 72 10 jb short unEbookE.00549114 00549104 48 dec eax 00549105 01DB add ebx,ebx 00549107 75 07 jnz short unEbookE.00549110 00549109 8B1E mov ebx,dword ptr ds:[esi] 0054910B 83EE FC sub esi,-4 0054910E 11DB adc ebx,ebx 00549110 11C0 adc eax,eax 00549112 ^ EB D4 jmp short unEbookE.005490E8 00549114 31C9 xor ecx,ecx 00549116 83E8 03 sub eax,3 00549119 72 11 jb short unEbookE.0054912C 0054911B C1E0 08 shl eax,8 0054911E 8A06 mov al,byte ptr ds:[esi] 00549120 46 inc esi 00549121 83F0 FF xor eax,FFFFFFFF 00549124 74 78 je short unEbookE.0054919E 00549126 D1F8 sar eax,1 00549128 89C5 mov ebp,eax 0054912A EB 0B jmp short unEbookE.00549137 0054912C 01DB add ebx,ebx 0054912E 75 07 jnz short unEbookE.00549137 00549130 8B1E mov ebx,dword ptr ds:[esi] 00549132 83EE FC sub esi,-4 00549135 11DB adc ebx,ebx 00549137 11C9 adc ecx,ecx 00549139 01DB add ebx,ebx 0054913B 75 07 jnz short unEbookE.00549144 0054913D 8B1E mov ebx,dword ptr ds:[esi] 0054913F 83EE FC sub esi,-4 00549142 11DB adc ebx,ebx 00549144 11C9 adc ecx,ecx 00549146 75 20 jnz short unEbookE.00549168 00549148 41 inc ecx 00549149 01DB add ebx,ebx 0054914B 75 07 jnz short unEbookE.00549154 0054914D 8B1E mov ebx,dword ptr ds:[esi] 0054914F 83EE FC sub esi,-4 00549152 11DB adc ebx,ebx 00549154 11C9 adc ecx,ecx 00549156 01DB add ebx,ebx 00549158 ^ 73 EF jnb short unEbookE.00549149 0054915A 75 09 jnz short unEbookE.00549165 0054915C 8B1E mov ebx,dword ptr ds:[esi] 0054915E 83EE FC sub esi,-4 00549161 11DB adc ebx,ebx 00549163 ^ 73 E4 jnb short unEbookE.00549149 00549165 83C1 02 add ecx,2 00549168 81FD 00FBFFFF cmp ebp,-500 0054916E 83D1 01 adc ecx,1 00549171 8D142F lea edx,dword ptr ds:[edi+ebp] 00549174 83FD FC cmp ebp,-4 00549177 76 0F jbe short unEbookE.00549188 00549179 8A02 mov al,byte ptr ds:[edx] 0054917B 42 inc edx 0054917C 8807 mov byte ptr ds:[edi],al 0054917E 47 inc edi 0054917F 49 dec ecx 00549180 ^ 75 F7 jnz short unEbookE.00549179 00549182 ^ E9 4FFFFFFF jmp unEbookE.005490D6 00549187 90 nop 00549188 8B02 mov eax,dword ptr ds:[edx] 0054918A 83C2 04 add edx,4 0054918D 8907 mov dword ptr ds:[edi],eax 0054918F 83C7 04 add edi,4 00549192 83E9 04 sub ecx,4 00549195 ^ 77 F1 ja short unEbookE.00549188 00549197 01CF add edi,ecx 00549199 ^ E9 38FFFFFF jmp unEbookE.005490D6 0054919E 5E pop esi 0054919F 89F7 mov edi,esi 005491A1 B9 97690000 mov ecx,6997 005491A6 8A07 mov al,byte ptr ds:[edi] 005491A8 47 inc edi 005491A9 2C E8 sub al,0E8 005491AB 3C 01 cmp al,1 005491AD ^ 77 F7 ja short unEbookE.005491A6 005491AF 803F 1D cmp byte ptr ds:[edi],1D 005491B2 ^ 75 F2 jnz short unEbookE.005491A6 005491B4 8B07 mov eax,dword ptr ds:[edi] 005491B6 8A5F 04 mov bl,byte ptr ds:[edi+4] 005491B9 66:C1E8 08 shr ax,8 005491BD C1C0 10 rol eax,10 005491C0 86C4 xchg ah,al 005491C2 29F8 sub eax,edi 005491C4 80EB E8 sub bl,0E8 005491C7 01F0 add eax,esi 005491C9 8907 mov dword ptr ds:[edi],eax 005491CB 83C7 05 add edi,5 005491CE 89D8 mov eax,ebx 005491D0 ^ E2 D9 loopd short unEbookE.005491AB 005491D2 8DBE 00501400 lea edi,dword ptr ds:[esi+145000] 005491D8 8B07 mov eax,dword ptr ds:[edi] 005491DA 09C0 or eax,eax 005491DC 74 3C je short unEbookE.0054921A 005491DE 8B5F 04 mov ebx,dword ptr ds:[edi+4] 005491E1 8D8430 48B71400 lea eax,dword ptr ds:[eax+esi+14B> 005491E8 01F3 add ebx,esi 005491EA 50 push eax 005491EB 83C7 08 add edi,8 005491EE FF96 38B81400 call dword ptr ds:[esi+14B838] 005491F4 95 xchg eax,ebp 005491F5 8A07 mov al,byte ptr ds:[edi] 005491F7 47 inc edi 005491F8 08C0 or al,al 005491FA ^ 74 DC je short unEbookE.005491D8 005491FC 89F9 mov ecx,edi 005491FE 57 push edi 005491FF 48 dec eax 00549200 F2:AE repne scas byte ptr es:[edi] 00549202 55 push ebp 00549203 FF96 3CB81400 call dword ptr ds:[esi+14B83C] 00549209 09C0 or eax,eax 0054920B 74 07 je short unEbookE.00549214 0054920D 8903 mov dword ptr ds:[ebx],eax 0054920F 83C3 04 add ebx,4 00549212 ^ EB E1 jmp short unEbookE.005491F5 00549214 FF96 40B81400 call dword ptr ds:[esi+14B840] 0054921A 61 popad 0054921B - E9 DCA7F8FF jmp unEbookE.004D39FC ///跳向入口点 004D39FC 55 push ebp// /// OEP,DUMP 004D39FD 8BEC mov ebp,esp 004D39FF 83C4 F0 add esp,-10 004D3A02 B8 74364D00 mov eax,unEbookE.004D3674 004D3A07 E8 2831F3FF call unEbookE.00406B34 004D3A0C A1 84714D00 mov eax,dword ptr ds:[4D7184] 004D3A11 8B00 mov eax,dword ptr ds:[eax] 004D3A13 E8 6C6AF9FF call unEbookE.0046A484 004D3A18 33C9 xor ecx,ecx 004D3A1A B2 01 mov dl,1 004D3A1C A1 08AE4C00 mov eax,dword ptr ds:[4CAE08] 004D3A21 E8 7675FFFF call unEbookE.004CAF9C 004D3A26 8B15 14704D00 mov edx,dword ptr ds:[4D7014] ; unEbookE.004D90F0 004D3A2C 8902 mov dword ptr ds:[edx],eax 004D3A2E A1 14704D00 mov eax,dword ptr ds:[4D7014] 004D3A33 8B00 mov eax,dword ptr ds:[eax] 004D3A35 E8 DE35F9FF call unEbookE.00467018 004D3A3A A1 14704D00 mov eax,dword ptr ds:[4D7014] 运行ImportREC，OEP改为D39FC，修复程序，正常运行，但有自校验。 2004-11-30 13:57 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

老大 请问ZipGhost是个什么东东啊

老大请问ZipGhost是个什么东东啊