奇迹天下全能版1.93
http://www.xiwo.com/qiji/index.htm
保护方式:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo
OD载入
0089D800 M> 60 pushad
0089D801 BE 15B04000 mov esi,MUSkyQN.0040B015
0089D806 8DBE EB5FFFFF lea edi,dword ptr ds:[esi+FFFF5FE>
0089D80C 61 popad
0089D80D E9 F6000000 jmp MUSkyQN.0089D908
0089D908 ^\E9 C4E7FEFF jmp MUSkyQN.0088C0D1
0089D90D 0000 add byte ptr ds:[eax],al
0089D90F 0000 add byte ptr ds:[eax],al
0089D911 0000 add byte ptr ds:[eax],al
0089D913 0000 add byte ptr ds:[eax],al
0089D915 0000 add byte ptr ds:[eax],al
0089D917 0000 add byte ptr ds:[eax],al
0088C0D1 60 pushad
0088C0D2 E8 00000000 call MUSkyQN.0088C0D7 ////F7
0088C0D7 5D pop ebp
0088C0D8 81ED D7000000 sub ebp,0D7
0088C0DE 8DB5 EE000000 lea esi,dword ptr ss:[ebp+EE]
0088C0E4 55 push ebp
0088C0E5 56 push esi
0088C0E6 81C5 2F060000 add ebp,62F
0088C0EC 55 push ebp
0088C0ED C3 retn ; 返回到0088C62F
0088C62F 81EB 9E429467 sub ebx,6794429E
0088C635 8D9F 7F15C04B lea ebx,dword ptr ds:[edi+4BC0157>
0088C63B 81D1 E3125564 adc ecx,645512E3
0088C641 BA E1832866 mov edx,662883E1
0088C646 8D340A lea esi,dword ptr ds:[edx+ecx]
0088C649 BB F7587C0D mov ebx,0D7C58F7
0088C64E 8D340A lea esi,dword ptr ds:[edx+ecx]
0088C651 33C0 xor eax,eax
0088C653 030424 add eax,dword ptr ss:[esp]
0088C656 B9 E1AA285C mov ecx,5C28AAE1
0088C65B 8D9F 6008A104 lea ebx,dword ptr ds:[edi+4A10860>
0088C661 BD B20FB443 mov ebp,43B40FB2
0088C666 4F dec edi
0088C667 81EB 6C7C6860 sub ebx,60687C6C
0088C66D 8100 25AAB33C add dword ptr ds:[eax],3CB3AA25
0088C673 81CA F96DEC60 or edx,60EC6DF9
0088C679 51 push ecx
0088C67A 59 pop ecx
0088C67B BD F0689E2A mov ebp,2A9E68F0
0088C680 51 push ecx
0088C681 59 pop ecx
0088C682 81D1 30B3307A adc ecx,7A30B330
0088C688 81F7 81D7C561 xor edi,61C5D781
0088C68E 81D1 B265D316 adc ecx,16D365B2
0088C694 83E8 FC sub eax,-4
0088C697 81CE ECDC317D or esi,7D31DCEC
0088C69D F7C2 242A920F test edx,0F922A24
0088C6A3 F7C2 679D3810 test edx,10389D67
0088C6A9 8D3C4B lea edi,dword ptr ds:[ebx+ecx*2]
0088C6AC EB 03 jmp short MUSkyQN.0088C6B1
0088C6B1 51 push ecx
0088C6B2 59 pop ecx
0088C6B3 8130 E368B533 xor dword ptr ds:[eax],33B568E3
0088C6B9 8D340A lea esi,dword ptr ds:[edx+ecx]
0088C6BC EB 03 jmp short MUSkyQN.0088C6C1
0088C6C1 51 push ecx
0088C6C2 59 pop ecx
0088C6C3 81D1 3C186E45 adc ecx,456E183C
0088C6C9 BA D22A8C24 mov edx,248C2AD2
0088C6CE 40 inc eax
0088C6CF 40 inc eax
0088C6D0 40 inc eax
0088C6D1 40 inc eax
0088C6D2 8130 E06A3636 xor dword ptr ds:[eax],36366AE0
0088C6D8 BB 252C3F69 mov ebx,693F2C25
0088C6DD 50 push eax
0088C6DE 830424 04 add dword ptr ss:[esp],4
0088C6E2 58 pop eax
0088C6E3 F7C2 121D3F17 test edx,173F1D12
0088C6E9 8D8E 34E9E264 lea ecx,dword ptr ds:[esi+64E2E93>
0088C6EF EB 03 jmp short MUSkyQN.0088C6F4
0088C6F4 BB 6BD4247A mov ebx,7A24D46B
0088C6F9 81CA 02E55F72 or edx,725FE502
0088C6FF 8128 9EF65E31 sub dword ptr ds:[eax],315EF69E
0088C705 BF A0528A36 mov edi,368A52A0
0088C70A 8DA8 1A755322 lea ebp,dword ptr ds:[eax+2253751>
0088C710 50 push eax
0088C711 830424 04 add dword ptr ss:[esp],4
0088C715 58 pop eax
0088C716 81CA 9DDB246C or edx,6C24DB9D
0088C71C B9 7E70890C mov ecx,0C89707E
0088C721 8D3C4B lea edi,dword ptr ds:[ebx+ecx*2]
0088C724 8D92 679E6235 lea edx,dword ptr ds:[edx+35629E6>
0088C72A BA CB9BD65D mov edx,5DD69BCB
0088C72F 45 inc ebp
0088C730 8128 7844A329 sub dword ptr ds:[eax],29A34478
0088C736 BF CB1DE95F mov edi,5FE91DCB
0088C73B 50 push eax
0088C73C 830424 04 add dword ptr ss:[esp],4
0088C740 58 pop eax
0088C741 BE A0EE2012 mov esi,1220EEA0
0088C746 51 push ecx
0088C747 59 pop ecx
0088C748 8D8E 67AEA84B lea ecx,dword ptr ds:[esi+4BA8AE6>
0088C74E 81CA 9BDECA66 or edx,66CADE9B
0088C754 8DA8 54BB8362 lea ebp,dword ptr ds:[eax+6283BB5>
0088C75A 81CE 5D835F07 or esi,75F835D
0088C760 F710 not dword ptr ds:[eax]
0088C762 81CA 852A9C22 or edx,229C2A85
0088C768 81F7 09D9D51E xor edi,1ED5D909
0088C76E 8D92 98BE623D lea edx,dword ptr ds:[edx+3D62BE9>
0088C774 51 push ecx
0088C775 59 pop ecx
0088C776 81CA BF36274A or edx,4A2736BF
0088C77C 8D8E C83A6572 lea ecx,dword ptr ds:[esi+72653AC>
0088C782 50 push eax
0088C783 830424 04 add dword ptr ss:[esp],4
0088C787 58 pop eax
0088C788 8D92 CD035E1B lea edx,dword ptr ds:[edx+1B5E03C>
0088C78E 81EB 3672D224 sub ebx,24D27236
0088C794 8DA8 05B4A078 lea ebp,dword ptr ds:[eax+78A0B40>
0088C79A 81CA CE6C1F3A or edx,3A1F6CCE
0088C7A0 F7C2 3183451A test edx,1A458331
0088C7A6 8128 B9932041 sub dword ptr ds:[eax],412093B9
0088C7AC EB 03 jmp short MUSkyQN.0088C7B1
0088C7B1 81CA 7250B24A or edx,4AB25072
0088C7B7 EB 03 jmp short MUSkyQN.0088C7BC
0088C7BF B9 9E2A805D mov ecx,5D802A9E
0088C7C4 50 push eax
0088C7C5 830424 04 add dword ptr ss:[esp],4
0088C7C9 58 pop eax
0088C7CA E8 02000000 call MUSkyQN.0088C7D1
0088C7D1 5E pop esi ; MUSkyQN.0088C7CF
0088C7D2 4F dec edi
0088C7D3 81EB 8E519946 sub ebx,4699518E
0088C7D9 8D8E 4AD5CD37 lea ecx,dword ptr ds:[esi+37CDD54>
0088C7DF 8100 82386D6B add dword ptr ds:[eax],6B6D3882
0088C7E5 50 push eax
0088C7E6 830424 04 add dword ptr ss:[esp],4
0088C7EA 58 pop eax
0088C7EB BA B0361E1E mov edx,1E1E36B0
0088C7F0 8D9F 6781BA50 lea ebx,dword ptr ds:[edi+50BA816>
0088C7F6 F710 not dword ptr ds:[eax]
0088C7F8 81D1 A163A448 adc ecx,48A463A1
0088C7FE EB 03 jmp short MUSkyQN.0088C803
中断异常,跳过来到
00373F7B 8896 0985B6F4 mov byte ptr ds:[esi+F4B68509],dl
00373F81 35 A91A0F15 xor eax,150F1AA9
00373F86 EB 50 jmp short 00373FD8
00373F88 24 C4 and al,0C4
00373F8A AD lods dword ptr ds:[esi]
00373F8B 16 push ss
00373F8C 25 B1802695 and eax,952680B1
00373F91 2C 0B sub al,0B
00373F93 1D 9392FADD sbb eax,DDFA9293
00373F98 ^ E0 E1 loopdne short 00373F7B
看来里面是伪装的壳,请给位高手指教一下,里面是什么壳。
。。。。。。。。。。。。。。。。
谢谢
:D :D :D :D :D :D :D :D
[课程]FART 脱壳王!加量不加价!FART作者讲授!