可可V8特征码
查找第一次:55 8B EC 81 EC CC 00 00 00 C7 45 FC 00 00 00 00 68 0C 00 00 00
查找第二次:55 8B EC 81 EC 10 00 00 00 68 08 00 00 00
修改为 mov eax,0 ret eax值返回为零
可可V9特征码
第一次查找:55 8b EC 81 EC 10 00 00 0068 08 00 00 00 第二次查找:75 FB FF E6 55 8B EC 81 EC 88 00 00 00 修改为 mov eax,64 ret eax值返回为64
飘零蓝屏特征码 飘零金盾1.5 特征 55 8B EC BB 06 00 00 00 飘零金盾2.0 特征 55 8B EC EB 10 56 4D 50 72 6F 74 65 63 74 20 62 65 67 69 6E 00 BB 06 00 00 00 飘零3.5 特征 0F 84 ?? ?? ?? ?? E8 ?? ?? ?? ?? EB ?? //蓝屏特征不适合被VM 静态数据:83 F9 05 0F 8F ???????? 68 00 00 00 00
可可9.3特征码 0F 84 0F 00 00 00 B8 01 00 00 00 E9 0F 00 00 00 E9 0A 00 00 00 B8 00 00 00 00 E9 00 00 00 00 8B E5 5D 断首 mov eax,0 retn4
75 D2 33 C0 C3 1B C0 D1 E0 40 断尾下段 返回 retn CMP赋值1
83 C4 10 89 45 FC FF 75 0C FF 75 08 FF 75 FC E8 2C 00 00 00 89 45 F4 83 7D F4 00 0F 85 0F 00 00 00 B8 00 00 00 00 E9 0F 00 00 00 E9 0A 00 00 00 B8 01 00 00 00 E9 00 00 00 00 8B E5 5D 断手赋值eax为1 mov eax,1 retn 8
飘零4.0: 特征码:83 C4 04 8B 5D F4 53 8B 0B 83 C3 04 85 C9 74 11 8B 03 83 C3 04 49 74 05 0F AF 03 EB F5 8B C8 85 C9 0F 84 19 00 00 00 51 8B 03 85 C0 74 0B 53 50
修改:58 8B D8 83 C3 1C C7 03 01 00 00 00 8B E5 5D C3
CC 3.5通杀、 Patch点一 二进制死码 33 C9 41 51 50 3B C8 0F 8F 0E 00 00 00 B8 01 00 00 00 E9 11 00 00 00 58 59 EB E7 83 C4 08 B8 00 00 00 00 E9 00 00 00 00 8B E5 5D C2 08 00 EAX正确返回值为1 Patch点二 二进制死码 DF E0 F6 C4 01 0F 85 04 00 00 00 33 C0 EB 05 B8 01 00 00 00 85 C0 0F 84 0F 00 00 00 B8 01 00 00 00 E9 0F 00 00 00 E9 0A 00 00 00 B8 00 00 00 00 E9 00 00 00 00 8B E5 5D C2 08 00 EAX正确返回值为0 Patch点三
8B 54 24 04 8B 4C 24 08 85 D2 75 0D 33 C0 85 C9 74 06 80 39 00 74 01 48 C3 85 C9 75 09 33 C0 80 3A 00 74 01 40 C3
本内容转载自:http://hi.baidu.com/bambooqj/item/effc99f1380354e71a111f62
| 
[复制链接]
发表于 2014-6-20 10:30
