-
-
[求助]帮忙看下到底是什么壳,万分感谢
-
发表于: 2009-6-6 15:31 3441
-
我现在在研究一个软件,用PE扫描后:什么也没什么都没找到 [Overlay],核心扫描显示:Microsoft Visual C++ 6.0 [Overlay],下面是OD载入程序的代码,麻烦大家指点下是什么壳
0060065F > 68 19AA54EA push EA54AA19 ; (initial cpu selection)
00600664 E8 1B9B0000 call 0060A184
00600669 E1 3C loopde short 006006A7
0060066B 7D 1B jge short 00600688
0060066D 4E dec esi
0060066E 15 62F93AE9 adc eax, E93AF962
00600673 CC int3
00600674 A2 BBA8F0C5 mov byte ptr [C5F0A8BB], al
00600679 FC cld
0060067A 48 dec eax
0060067B ^ 7C D2 jl short 0060064F
0060067D F1 int1
0060067E E6 C0 out 0C0, al
00600680 B4 83 mov ah, 83
00600682 4A dec edx
00600683 D5 37 aad 37
00600685 7A 10 jpe short 00600697
00600687 49 dec ecx
00600688 6D ins dword ptr es:[edi], dx
00600689 815C5A 6A 6F507>sbb dword ptr [edx+ebx*2+6A], 967A50>
00600691 49 dec ecx
00600692 8A4A C4 mov cl, byte ptr [edx-3C]
00600695 5A pop edx
00600696 0966 BC or dword ptr [esi-44], esp
00600699 F0:4B lock dec ebx ; 不允许锁定前缀
0060069B 46 inc esi
0060069C 5A pop edx
0060069D C3 retn
0060065F > 68 19AA54EA push EA54AA19 ; (initial cpu selection)
00600664 E8 1B9B0000 call 0060A184
00600669 E1 3C loopde short 006006A7
0060066B 7D 1B jge short 00600688
0060066D 4E dec esi
0060066E 15 62F93AE9 adc eax, E93AF962
00600673 CC int3
00600674 A2 BBA8F0C5 mov byte ptr [C5F0A8BB], al
00600679 FC cld
0060067A 48 dec eax
0060067B ^ 7C D2 jl short 0060064F
0060067D F1 int1
0060067E E6 C0 out 0C0, al
00600680 B4 83 mov ah, 83
00600682 4A dec edx
00600683 D5 37 aad 37
00600685 7A 10 jpe short 00600697
00600687 49 dec ecx
00600688 6D ins dword ptr es:[edi], dx
00600689 815C5A 6A 6F507>sbb dword ptr [edx+ebx*2+6A], 967A50>
00600691 49 dec ecx
00600692 8A4A C4 mov cl, byte ptr [edx-3C]
00600695 5A pop edx
00600696 0966 BC or dword ptr [esi-44], esp
00600699 F0:4B lock dec ebx ; 不允许锁定前缀
0060069B 46 inc esi
0060069C 5A pop edx
0060069D C3 retn
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
赞赏
他的文章
- [求助]帮忙看下到底是什么壳,万分感谢 3442
- [求助]晕了 7383
- [求助]大家帮我解答一下 4575
- [求助]EXE文件一闪就没了?? 8844
看原图
赞赏
雪币:
留言: