使用PEiD 0.92检测到的是: *PESHiELD 0.25 -> ANAKiN*
这个是里面的数据,大家帮忙看看是什么壳,怎么脱,谢谢了!
004CC082: 60 pushad
004CC083: E8 00 00 00 00 call 004CC088
004CC088: 5D pop ebp
004CC089: 81 ED B6 A4 45 00 sub ebp, 45A4B6
004CC08F: 8D BD B0 A4 45 00 lea edi, dword ptr ss:[ebp+45A4B0]
004CC095: 81 EF 82 00 00 00 sub edi, 82
004CC09B: 89 BD 18 A8 45 00 mov dword ptr ss:[ebp+45A818], edi
004CC0A1: 8B 4F 18 mov ecx, dword ptr ds:[edi+18]
004CC0A4: 89 FE mov esi, edi
004CC0A6: 03 77 14 add esi, dword ptr ds:[edi+14]
004CC0A9: 8B 47 10 mov eax, dword ptr ds:[edi+10]
004CC0AC: E8 2A 06 00 00 call 004CC6DB
004CC0B1: 8B 4F 24 mov ecx, dword ptr ds:[edi+24]
004CC0B4: 89 FE mov esi, edi
004CC0B6: 03 77 20 add esi, dword ptr ds:[edi+20]
004CC0B9: 8B 47 1C mov eax, dword ptr ds:[edi+1C]
004CC0BC: E8 1A 06 00 00 call 004CC6DB
004CC0C1: 6A 00 push 0
004CC0C3: FF 95 88 A8 45 00 call dword ptr ss:[ebp+45A888]
004CC0C9: 89 85 B8 A7 45 00 mov dword ptr ss:[ebp+45A7B8], eax
004CC0CF: E8 15 06 00 00 call 004CC6E9
004CC0D4: 0F 82 7F 02 00 00 jb 004CC359
004CC0DA: E8 13 07 00 00 call 004CC7F2
004CC0DF: 0F 82 F7 01 00 00 jb 004CC2DC
004CC0E5: 8B BD 18 A8 45 00 mov edi, dword ptr ss:[ebp+45A818]
004CC0EB: 68 00 04 00 00 push 400
004CC0F0: 6A 00 push 0
004CC0F2: FF 95 98 A8 45 00 call dword ptr ss:[ebp+45A898]
004CC0F8: 09 C0 or eax, eax
004CC0FA: 0F 84 DC 01 00 00 je 004CC2DC
004CC100: 89 85 C0 A7 45 00 mov dword ptr ss:[ebp+45A7C0], eax
004CC106: 68 00 04 00 00 push 400
004CC10B: 8B 9D C0 A7 45 00 mov ebx, dword ptr ss:[ebp+45A7C0]
004CC111: 53 push ebx
004CC112: 8B 9D B8 A7 45 00 mov ebx, dword ptr ss:[ebp+45A7B8]
004CC118: 53 push ebx
004CC119: FF 95 8C A8 45 00 call dword ptr ss:[ebp+45A88C]
004CC11F: 09 C0 or eax, eax
004CC121: 0F 84 B5 01 00 00 je 004CC2DC
004CC127: 8A 47 49 mov al, byte ptr ds:[edi+49]
004CC12A: 08 C0 or al, al
004CC12C: 74 0B je short 004CC139
004CC12E: E8 2D 07 00 00 call 004CC860
004CC133: 0F 82 A3 01 00 00 jb 004CC2DC
004CC139: 6A 00 push 0
004CC13B: 68 80 00 00 00 push 80
004CC140: 6A 03 push 3
004CC142: 6A 00 push 0
004CC144: 6A 01 push 1
004CC146: 68 00 00 00 80 push 80000000
004CC14B: 8B 85 C0 A7 45 00 mov eax, dword ptr ss:[ebp+45A7C0]
004CC151: 50 push eax
004CC152: FF 95 A0 A8 45 00 call dword ptr ss:[ebp+45A8A0]
004CC158: 83 F8 FF cmp eax, -1
004CC15B: 0F 84 7B 01 00 00 je 004CC2DC
004CC161: 89 85 DC A7 45 00 mov dword ptr ss:[ebp+45A7DC], eax
004CC167: 6A 00 push 0
004CC169: 6A 00 push 0
004CC16B: 6A 00 push 0
004CC16D: 6A 02 push 2
004CC16F: 6A 00 push 0
004CC171: 50 push eax
004CC172: FF 95 AC A8 45 00 call dword ptr ss:[ebp+45A8AC]
004CC178: 09 C0 or eax, eax
004CC17A: 0F 84 5C 01 00 00 je 004CC2DC
004CC180: 89 85 D8 A7 45 00 mov dword ptr ss:[ebp+45A7D8], eax
004CC186: 6A 00 push 0
004CC188: 6A 00 push 0
004CC18A: 6A 00 push 0
004CC18C: 6A 04 push 4
004CC18E: 50 push eax
004CC18F: FF 95 B0 A8 45 00 call dword ptr ss:[ebp+45A8B0]
004CC195: 09 C0 or eax, eax
004CC197: 0F 84 3F 01 00 00 je 004CC2DC
004CC19D: 89 85 EC A7 45 00 mov dword ptr ss:[ebp+45A7EC], eax
004CC1A3: 6A 02 push 2
004CC1A5: 6A 00 push 0
004CC1A7: 6A 00 push 0
004CC1A9: 8B 85 DC A7 45 00 mov eax, dword ptr ss:[ebp+45A7DC]
004CC1AF: 50 push eax
004CC1B0: FF 95 A4 A8 45 00 call dword ptr ss:[ebp+45A8A4]
004CC1B6: 83 F8 FF cmp eax, -1
004CC1B9: 0F 84 1D 01 00 00 je 004CC2DC
004CC1BF: 89 85 F4 A7 45 00 mov dword ptr ss:[ebp+45A7F4], eax
004CC1C5: 6A 00 push 0
004CC1C7: 6A 00 push 0
004CC1C9: 6A 00 push 0
004CC1CB: 8B 85 DC A7 45 00 mov eax, dword ptr ss:[ebp+45A7DC]
004CC1D1: 50 push eax
004CC1D2: FF 95 A4 A8 45 00 call dword ptr ss:[ebp+45A8A4]
004CC1D8: 8B 85 F4 A7 45 00 mov eax, dword ptr ss:[ebp+45A7F4]
004CC1DE: 3B 47 34 cmp eax, dword ptr ds:[edi+34]
004CC1E1: 75 47 jnz short 004CC22A
004CC1E3: 31 C0 xor eax, eax
004CC1E5: 8B 95 EC A7 45 00 mov edx, dword ptr ss:[ebp+45A7EC]
004CC1EB: 8B 4F 2C mov ecx, dword ptr ds:[edi+2C]
004CC1EE: E8 49 06 00 00 call 004CC83C
004CC1F3: 8B 95 EC A7 45 00 mov edx, dword ptr ss:[ebp+45A7EC]
004CC1F9: 03 57 2C add edx, dword ptr ds:[edi+2C]
004CC1FC: 83 C2 04 add edx, 4
004CC1FF: 8B 8D F4 A7 45 00 mov ecx, dword ptr ss:[ebp+45A7F4]
004CC205: 2B 4F 2C sub ecx, dword ptr ds:[edi+2C]
004CC208: 83 E9 04 sub ecx, 4
004CC20B: E8 2C 06 00 00 call 004CC83C
004CC210: 3B 47 30 cmp eax, dword ptr ds:[edi+30]
004CC213: 75 15 jnz short 004CC22A
004CC215: 8A 47 49 mov al, byte ptr ds:[edi+49]
004CC218: 08 C0 or al, al
004CC21A: 0F 84 BC 00 00 00 je 004CC2DC
004CC220: E8 F4 07 00 00 call 004CCA19
004CC225: E9 B2 00 00 00 jmp 004CC2DC
004CC22A: 8A 47 49 mov al, byte ptr ds:[edi+49]
004CC22D: 08 C0 or al, al
004CC22F: 74 69 je short 004CC29A
004CC231: E8 E6 08 00 00 call 004CCB1C
004CC236: 73 33 jnb short 004CC26B
004CC238: 8A 47 5B mov al, byte ptr ds:[edi+5B]
004CC23B: 80 F8 00 cmp al, 0
004CC23E: 74 22 je short 004CC262
004CC240: 8B 47 64 mov eax, dword ptr ds:[edi+64]
004CC243: 50 push eax
004CC244: 89 F8 mov eax, edi
004CC246: 03 47 60 add eax, dword ptr ds:[edi+60]
004CC249: 50 push eax
004CC24A: 89 F8 mov eax, edi
004CC24C: 03 47 5C add eax, dword ptr ds:[edi+5C]
004CC24F: 50 push eax
004CC250: 6A 00 push 0
004CC252: FF 95 E8 A8 45 00 call dword ptr ss:[ebp+45A8E8]
004CC258: 83 F8 02 cmp eax, 2
004CC25B: 74 6A je short 004CC2C7
004CC25D: 83 F8 07 cmp eax, 7
004CC260: 74 72 je short 004CC2D4
004CC262: E8 79 09 00 00 call 004CCBE0
004CC267: 72 73 jb short 004CC2DC
004CC269: EB 5C jmp short 004CC2C7
004CC26B: 8A 47 68 mov al, byte ptr ds:[edi+68]
004CC26E: 80 F8 00 cmp al, 0
004CC271: 74 54 je short 004CC2C7
004CC273: 8B 47 71 mov eax, dword ptr ds:[edi+71]
004CC276: 50 push eax
004CC277: 89 F8 mov eax, edi
004CC279: 03 47 6D add eax, dword ptr ds:[edi+6D]
004CC27C: 50 push eax
004CC27D: 89 F8 mov eax, edi
004CC27F: 03 47 69 add eax, dword ptr ds:[edi+69]
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
