两个比较难的CM,无壳
唉,反正我觉得挺难的,没搞定.....求大牛分析
第二个我怎么打不开?
00C93BFE 55 push ebp
00C93BFF 8BEC mov ebp,esp
00C93C01 81EC 18000000 sub esp,0x18
00C93C07 6A FF push -0x1
00C93C09 6A 08 push 0x8
00C93C0B 68 0B000116 push 0x1601000B
00C93C10 68 03000152 push 0x52010003
00C93C15 E8 8C160000 call 00C952A6
00C93C1A 83C4 10 add esp,0x10
00C93C1D 8945 FC mov dword ptr ss:,eax
00C93C20 68 04000080 push 0x80000004
00C93C25 6A 00 push 0x0
00C93C27 8B45 FC mov eax,dword ptr ss:
00C93C2A 85C0 test eax,eax
00C93C2C 75 05 jnz short 00C93C33
00C93C2E B8 D8AFD000 mov eax,0xD0AFD8
00C93C33 50 push eax
00C93C34 68 01000000 push 0x1
00C93C39 BB 805EC900 mov ebx,0xC95E80
00C93C3E E8 51160000 call 00C95294
00C93C43 83C4 10 add esp,0x10
00C93C46 8945 F8 mov dword ptr ss:,eax
00C93C49 8B5D FC mov ebx,dword ptr ss:
00C93C4C 85DB test ebx,ebx
00C93C4E 74 09 je short 00C93C59
00C93C50 53 push ebx
00C93C51 E8 38160000 call 00C9528E
00C93C56 83C4 04 add esp,0x4
00C93C59 68 05000080 push 0x80000005
00C93C5E 6A 00 push 0x0
00C93C60 8B45 F8 mov eax,dword ptr ss:
00C93C63 85C0 test eax,eax
00C93C65 75 05 jnz short 00C93C6C
00C93C67 B8 EEAFD000 mov eax,0xD0AFEE
00C93C6C 50 push eax
00C93C6D 68 01000000 push 0x1
00C93C72 B8 03000000 mov eax,0x3
00C93C77 BB 40DACD00 mov ebx,0xCDDA40
00C93C7C E8 1F160000 call 00C952A0
00C93C81 83C4 10 add esp,0x10
00C93C84 8945 F4 mov dword ptr ss:,eax
00C93C87 8B5D F8 mov ebx,dword ptr ss:
00C93C8A 85DB test ebx,ebx
00C93C8C 74 09 je short 00C93C97
00C93C8E 53 push ebx
00C93C8F E8 FA150000 call 00C9528E
00C93C94 83C4 04 add esp,0x4
00C93C97 8B45 F4 mov eax,dword ptr ss:
00C93C9A 50 push eax
00C93C9B 8B1D C0BDD200 mov ebx,dword ptr ds:
00C93CA1 85DB test ebx,ebx
00C93CA3 74 09 je short 00C93CAE
00C93CA5 53 push ebx
00C93CA6 E8 E3150000 call 00C9528E
00C93CAB 83C4 04 add esp,0x4
00C93CAE 58 pop eax ; USER32.77D191AE
00C93CAF A3 C0BDD200 mov dword ptr ds:,eax
00C93CB4 6A FF push -0x1
00C93CB6 6A 08 push 0x8
00C93CB8 68 0B000116 push 0x1601000B
00C93CBD 68 03000152 push 0x52010003
00C93CC2 E8 DF150000 call 00C952A6
00C93CC7 83C4 10 add esp,0x10
00C93CCA 8945 FC mov dword ptr ss:,eax
00C93CCD 68 D8AFD000 push 0xD0AFD8
00C93CD2 FF75 FC push dword ptr ss:
00C93CD5 E8 9EFBFFFF call 00C93878
00C93CDA 83C4 08 add esp,0x8
00C93CDD 83F8 00 cmp eax,0x0
00C93CE0 B8 00000000 mov eax,0x0
00C93CE5 0F95C0 setne al
00C93CE8 8945 F8 mov dword ptr ss:,eax
00C93CEB 8B5D FC mov ebx,dword ptr ss:
00C93CEE 85DB test ebx,ebx
00C93CF0 74 09 je short 00C93CFB
00C93CF2 53 push ebx
00C93CF3 E8 96150000 call 00C9528E
00C93CF8 83C4 04 add esp,0x4
00C93CFB 837D F8 00 cmp dword ptr ss:,0x0
00C93CFF 0F84 95010000 je 00C93E9A ; //NOP
00C93D05 6A FF push -0x1
00C93D07 6A 08 push 0x8
00C93D09 68 0B000116 push 0x1601000B
00C93D0E 68 03000152 push 0x52010003
00C93D13 E8 8E150000 call 00C952A6
00C93D18 83C4 10 add esp,0x10
00C93D1B 8945 FC mov dword ptr ss:,eax
00C93D1E 8B45 FC mov eax,dword ptr ss:
00C93D21 50 push eax
00C93D22 FF35 C0BDD200 push dword ptr ds:
00C93D28 E8 4BFBFFFF call 00C93878
00C93D2D 83C4 08 add esp,0x8
00C93D30 83F8 00 cmp eax,0x0
00C93D33 B8 00000000 mov eax,0x0
00C93D38 0F95C0 setne al
00C93D3B 8945 F8 mov dword ptr ss:,eax
00C93D3E 8B5D FC mov ebx,dword ptr ss:
00C93D41 85DB test ebx,ebx
00C93D43 74 09 je short 00C93D4E
00C93D45 53 push ebx
00C93D46 E8 43150000 call 00C9528E
00C93D4B 83C4 04 add esp,0x4
00C93D4E 837D F8 00 cmp dword ptr ss:,0x0
00C93D52 0F84 42010000 je 00C93E9A ; //NOP
00C93D58 68 00000000 push 0x0
00C93D5D BB 6064C900 mov ebx,0xC96460
00C93D62 E8 2D150000 call 00C95294
00C93D67 83C4 04 add esp,0x4
00C93D6A 68 01030080 push 0x80000301
00C93D6F 6A 00 push 0x0
00C93D71 50 push eax
00C93D72 68 01000000 push 0x1
00C93D77 BB 7060C900 mov ebx,0xC96070
00C93D7C E8 13150000 call 00C95294
00C93D81 83C4 10 add esp,0x10
00C93D84 8945 F8 mov dword ptr ss:,eax
00C93D87 68 34B0D000 push 0xD0B034
00C93D8C FF75 F8 push dword ptr ss:
00C93D8F B9 02000000 mov ecx,0x2
00C93D94 E8 7CFBFFFF call 00C93915
00C93D99 83C4 08 add esp,0x8
00C93D9C 8945 F4 mov dword ptr ss:,eax
00C93D9F 8B5D F8 mov ebx,dword ptr ss:
00C93DA2 85DB test ebx,ebx
00C93DA4 74 09 je short 00C93DAF
00C93DA6 53 push ebx
00C93DA7 E8 E2140000 call 00C9528E
00C93DAC 83C4 04 add esp,0x4
00C93DAF 68 04000080 push 0x80000004
00C93DB4 6A 00 push 0x0
00C93DB6 8B45 F4 mov eax,dword ptr ss:
00C93DB9 85C0 test eax,eax
00C93DBB 75 05 jnz short 00C93DC2
00C93DBD B8 D8AFD000 mov eax,0xD0AFD8
00C93DC2 50 push eax
00C93DC3 68 01000000 push 0x1
00C93DC8 BB 805EC900 mov ebx,0xC95E80
00C93DCD E8 C2140000 call 00C95294
00C93DD2 83C4 10 add esp,0x10
00C93DD5 8945 F0 mov dword ptr ss:,eax
00C93DD8 8B5D F4 mov ebx,dword ptr ss:
00C93DDB 85DB test ebx,ebx
00C93DDD 74 09 je short 00C93DE8
00C93DDF 53 push ebx
00C93DE0 E8 A9140000 call 00C9528E
00C93DE5 83C4 04 add esp,0x4
00C93DE8 68 05000080 push 0x80000005
00C93DED 6A 00 push 0x0
00C93DEF 8B45 F0 mov eax,dword ptr ss:
00C93DF2 85C0 test eax,eax
00C93DF4 75 05 jnz short 00C93DFB
00C93DF6 B8 EEAFD000 mov eax,0xD0AFEE
00C93DFB 50 push eax
00C93DFC 68 01000000 push 0x1
00C93E01 B8 03000000 mov eax,0x3
00C93E06 BB 40DACD00 mov ebx,0xCDDA40
00C93E0B E8 90140000 call 00C952A0
00C93E10 83C4 10 add esp,0x10
00C93E13 8945 EC mov dword ptr ss:,eax
00C93E16 8B5D F0 mov ebx,dword ptr ss:
00C93E19 85DB test ebx,ebx
00C93E1B 74 09 je short 00C93E26
00C93E1D 53 push ebx
00C93E1E E8 6B140000 call 00C9528E
00C93E23 83C4 04 add esp,0x4
00C93E26 8B45 EC mov eax,dword ptr ss:
00C93E29 50 push eax
00C93E2A FF35 C0BDD200 push dword ptr ds:
00C93E30 E8 43FAFFFF call 00C93878
00C93E35 83C4 08 add esp,0x8
00C93E38 83F8 00 cmp eax,0x0
00C93E3B B8 00000000 mov eax,0x0
00C93E40 0F94C0 sete al
00C93E43 8945 E8 mov dword ptr ss:,eax
00C93E46 8B5D EC mov ebx,dword ptr ss:
00C93E49 85DB test ebx,ebx
00C93E4B 74 09 je short 00C93E56
00C93E4D 53 push ebx
00C93E4E E8 3B140000 call 00C9528E
00C93E53 83C4 04 add esp,0x4
00C93E56 837D E8 00 cmp dword ptr ss:,0x0
00C93E5A 0F84 3A000000 je 00C93E9A ; //NOP
00C93E60 6A 00 push 0x0
00C93E62 6A 00 push 0x0
00C93E64 6A 00 push 0x0
00C93E66 68 01030080 push 0x80000301
00C93E6B 6A 00 push 0x0
00C93E6D 68 00000000 push 0x0
00C93E72 68 04000080 push 0x80000004
00C93E77 6A 00 push 0x0
00C93E79 A1 A0BDD200 mov eax,dword ptr ds:
00C93E7E 85C0 test eax,eax
00C93E80 75 05 jnz short 00C93E87
00C93E82 B8 D8AFD000 mov eax,0xD0AFD8
00C93E87 50 push eax
00C93E88 68 03000000 push 0x3
00C93E8D BB A061C900 mov ebx,0xC961A0
00C93E92 E8 FD130000 call 00C95294
00C93E97 83C4 28 add esp,0x28
00C93E9A 8BE5 mov esp,ebp
00C93E9C 5D pop ebp ; USER32.77D191AE
00C93E9D C3 retn
直接查找特征码,轻松和谐3句JE上面已经注明,三句大跳全NOP
83 C4 04 83 7D E8 00 0F 84 3A 00 00 00 6A 00 6A 00 6A 00 68 01 03 00 80 6A 00 68 00 00 00 00 68
04 00 00 80 6A 00
程序的强大不是在于你用了多少线程或者多少时钟,而是在于一个程序强大的算法
另外那个黑月的,压根就没法玩,直接报错
本帖最后由 xiaorong520 于 2011-8-9 08:57 编辑
真小生来了.... 膜拜两位小生大牛 强大
先下载分析看看 本帖最后由 小生我怕怕 于 2011-8-9 23:24 编辑
应吾怕怕大牛要求,我来做个秀
这一次膜拜吾怕怕牛
页:
[1]
2