能力值:
![]()
(RANK:410 )
|
-
-
2 楼
有时间学习一下。
不需要再费神还原了。
|
能力值:
( LV15,RANK:2473 )
|
-
-
3 楼
有牛人已经把第二段vm还原成下面这样了,说放src了 就没心情玩了 :(
BYTE data[]=
{
0x1A, 0x99, 0x61, 0xEB, 0xFC, 0x09, 0x00, 0x50, 0xF1, 0xD2, 0xFA, 0x9B, 0x5F, 0x27, 0x2C, 0x92,
0xD5, 0x1E, 0x59, 0x0D, 0x7A, 0x37, 0x57, 0x6E, 0xAE, 0xB8, 0x00, 0x00
};
int main(int argc, char* argv[])
{
/*
char name[]="shellwolf";
DWORD xorkey=0x7A08383E;
e=0;
for(i=0;i<strlen(name);i++)
{
e+=name[i];
e=d<<3|d>>29;
e^=xorkey;
}
*/
BYTE decode[0x18]={0};
DWORD a=0xFFFFFFFF,b=0x400;
DWORD c,d;
DWORD tmp;
BYTE flag0,flag1;
int datalen=0x1C;
BYTE* p=data;
data[0]^=data[datalen-1];
data[1]^=data[datalen-2];
data[2]^=data[datalen-3];
data[3]^=data[datalen-4];
data[4]^=data[datalen-5];
c=data[0]<<24|data[1]<<16|data[2]<<8|data[3];
datalen-=4;
p+=4;
int datalen1=0x18;
for(int j=0;j<datalen1;j++)
{
flag1=0;
for(int i=0;i<8;i++)
{
d=a>>0xB;
d=d*b;
if(c<d)
{
a=d;
tmp=0x800;
tmp-=b;
tmp>>=5;
b+=tmp;
flag0=0;
}
else
{
c-=d;
b=b-(b>>5);
a-=d;
flag0=1;
}
if(a<0x01000000)
{
datalen--;
c=c<<8;
c|=*p;
p++;
a<<=8;
}
flag1+=flag0<<i;
}
decode[j]=flag1;
}
return 0;
}
|
能力值:
![]()
(RANK:410 )
|
-
-
4 楼
太强大了。fg吗?Ryosuke?fengyue?
昨天逆了段这样的,可惜,对了源码它是不对的。
DWORD tmpval=0xffffffff;
DWORD tmpB=0x400;
DWORD tmpA=0xE56626BA;//tmpA=(*(DWORD *)(&snx[1]))^0xffffffff
int tmpi;
DWORD tmpsum=0x0;
for(tmpi=0;tmpi<8;tmpi++)
{
tmpval=(tmpval/0x800)*tmpB;
tmpsum=tmpval+tmpA;
if(tmpsum>tmpval)
{
tmpB=tmpB/0x20+tmpB;
tmpA=tmpsum;
}
else
tmpB=(0x800-tmpB)/0x20+tmpB;
printf("%08x %08x %08x\n",tmpB,tmpA,tmpval);
}
|
能力值:
( LV15,RANK:2473 )
|
-
-
6 楼
三个牛放在一起读作什么
|
能力值:
![]()
(RANK:410 )
|
-
-
7 楼
ben???
|
能力值:
( LV4,RANK:50 )
|
-
-
8 楼
估计源码都看不懂
|
能力值:
( LV2,RANK:10 )
|
-
-
9 楼
琢磨了半天没看懂XMM0_JUNK1(x)
 偶太菜
|
能力值:
( LV2,RANK:10 )
|
-
-
10 楼
犇 ben 
|
能力值:
![]()
(RANK:410 )
|
-
-
11 楼
还有人看吗?出差10天,扣了个静态解码。
vm_push_imm
vm_imul
vm_retn
vm_shr
vm_popb_DSA
vm_pushw_regb
vm_shl
vm_push_SSA
vm_shl4_add
vm_popw_regw
vm_popb_SSA
vm_pushw_DSAb
vm_push_DSA
vm_popb_SSA
vm_rdtsc
vm_shrd
vm_pushw_sp
vm_imul
vm_shl
vm_addb_Aw_Bw
vm_pushw_immb
vm_popw_regb
vm_shl4_add
vm_push_immb
vm_rdtsc
vm_push_DSA
vm_push_imm
vm_push_DSA
vm_divw
vm_mov_B_SSA
vm_shlb
vm_push_immw
vm_pop_reg
vm_shl4_add
vm_pop_reg
vm_nor
vm_pop_reg
vm_popw_regb
vm_pop_reg
vm_imul
vm_pop_reg
vm_pop_SSA
vm_pop_reg
vm_shld
vm_pop_reg
vm_norwb
vm_pop_reg
vm_norw
vm_pop_reg
vm_push_DSA
vm_pop_reg
vm_push_esp
vm_pop_reg
vm_pushw_sp
vm_pop_reg
vm_mul
vm_pop_reg
vm_pushw_regw
vm_pop_reg
vm_pushw_SSAb
vm_pop_reg
vm_shl
vm_pop_reg
vm_rdtsc
vm_push_reg
vm_shrd
vm_push_reg
vm_pushw_immb
vm_push_reg
vm_push_imm
vm_push_reg
vm_pushw_SSA
vm_push_reg
vm_push_immb
vm_push_reg
vm_popw_regb
vm_push_reg
vm_mulw
vm_push_reg
vm_popw_SSA
vm_push_reg
vm_shlw
vm_push_reg
vm_shrb
vm_push_reg
vm_push_imm
vm_push_reg
vm_pushw_immw
vm_push_reg
vm_pushw_immb
vm_push_reg
vm_addw_A_B
vm_push_reg
vm_shld
vm_push_reg
vm_shr
vm_shrw
vm_rdtsc
vm_mul
vm_shrb
vm_popb_DSA
vm_jmp
vm_popb_SSA
vm_shl
vm_shld
vm_shlb
vm_popw_regw
vm_imul
vm_shlb
vm_popb_SSA
vm_push_immw
vm_shrw
vm_imul
vm_add_A_B
vm_shlb
vm_shlb
vm_retn
vm_pushw_DSAb
vm_pushw_SSAb
vm_popw_regw
vm_shrd
vm_norwb
vm_addw_A_B
vm_norwb
vm_popb_SSA
vm_shrd
vm_norwb
vm_shrw
vm_add_A_B
vm_norwb
vm_shrd
vm_popw_DSA
vm_mulw
vm_shl4_add
vm_shl
vm_shrw
vm_shrw
vm_push_imm
vm_shl4_add
vm_pushw_SSA
vm_popw_DSA
vm_push_imm
vm_pushw_SSAb
vm_popw_SSA
vm_shld
vm_popw_SSA
vm_pushw_DSAb
vm_imul
vm_addw_A_B
vm_norwb
vm_pushw_DSA
vm_popw_sp
vm_addw_A_B
vm_shr
vm_pushw_SSA
vm_popb_DSA
vm_shrb
vm_mulw
vm_push_DSA
vm_nor
vm_add_A_B
vm_popw_sp
vm_shlb
vm_shlb
vm_shrb
vm_push_immw
vm_shrb
vm_shrw
vm_push_DSA
vm_pushw_regb
vm_addw_A_B
vm_pushw_sp
vm_push_immw
vm_addw_A_B
vm_pushw_DSA
vm_pushw_regw
vm_pushw_SSAb
vm_popb_DSA
vm_push_DSA
vm_addw_A_B
vm_jmp
vm_pushw_immw
vm_shl
vm_push_imm
vm_divw
vm_mul
vm_push_DSA
vm_shlb
vm_popw_SSA
vm_pop_SSA
vm_popw_regb
vm_retn
vm_popw_sp
vm_shr
vm_pushw_SSA
vm_pushw_immb
vm_pushw_regb
vm_shl4_add
vm_shl
vm_shld
vm_shl
vm_pushesp
vm_retn
vm_push_esp
vm_shl4_add
vm_push_esp
vm_pushw_regb
vm_pushw_DSA
vm_popw_SSA
vm_popw_regb
vm_pushw_DSAb
vm_popw_SSA
vm_shlb
vm_pushw_DSA
vm_shrb
vm_push_esp
vm_popw_DSA
vm_popw_DSA
vm_popb_SSA
vm_pop_SSA
vm_shlw
vm_add_A_B
vm_shrb
vm_pushw_SSAb
vm_imul
vm_pushw_SSAb
vm_popw_sp
vm_push_DSA
vm_divw
vm_divw
vm_pushw_SSA
vm_shl
vm_rdtsc
vm_pushw_SSA
vm_pop_SSA
vm_push_SSA
vm_popw_SSA
vm_pushw_immb
vm_popw_regw
vm_jmp
vm_norw
vm_addb_Aw_Bw
vm_mulw
vm_pushw_SSA
vm_push_immb
vm_popb_SSA
vm_jmp
vm_popw_regw
vm_shld
vm_pushw_DSAb
vm_shrd
vm_push_SSA
vm_popw_sp
vm_shl
vm_push_SSA
vm_norwb
|
能力值:
( LV3,RANK:30 )
|
-
-
12 楼
版主越来越强大了,完全不懂
|
能力值:
( LV12,RANK:200 )
|
-
-
13 楼
【三牛鼎立】
|
能力值:
( LV12,RANK:1000 )
|
-
-
14 楼
三个牛在一起就变“笨”了!比较委婉的说法。
|
能力值:
( LV4,RANK:50 )
|
-
-
15 楼
今天有些时间,认真的看了代码,真是大师
|
|
|
|
