[問題] 這是什麼殼?
有熟悉加殼技術的大大在嘛?
請問一下這是哪一個殼
020EA49A: 60 PUSHAD
020EA49B: 9C PUSHFD
020EA49C: FC CLD
020EA49D: B801000000 MOV EAX, 00000001H
020EA4A2: B9FFFF0000 MOV ECX, 0000FFFFH
020EA4A7: E0FE LOOPNZ 20EA4A7H
020EA4A9: 48 DEC EAX
020EA4AA: 83F800 CMP EAX, 00000000H
020EA4AD: 75F3 JNZ 20EA4A2H
020EA4AF: 6843741207 PUSH 07127443H -> kernel32.dll
020EA4B4: FF15C0313F00 CALL [003F31C0H] ; LoadLibraryA
020EA4BA: 6850741207 PUSH 07127450H -> VirtualProtect
020EA4BF: 50 PUSH EAX
020EA4C0: FF1558313F00 CALL [003F3158H] ; GetProcAddress
020EA4C6: 8BD8 MOV EBX, EAX
020EA4C8: 50 PUSH EAX
020EA4C9: 8BCC MOV ECX, ESP
020EA4CB: 51 PUSH ECX
020EA4CC: 6A40 PUSH 00000040H
020EA4CE: 685B000000 PUSH 0000005BH
020EA4D3: 689AA40E02 PUSH 020EA49AH
020EA4D8: FFD0 CALL EAX
020EA4DA: 8BCC MOV ECX, ESP
020EA4DC: 51 PUSH ECX
020EA4DD: 6A40 PUSH 00000040H
020EA4DF: 6819000000 PUSH 00000019H
020EA4E4: 682A741207 PUSH 0712742AH
020EA4E9: 8BC3 MOV EAX, EBX
020EA4EB: FFD0 CALL EAX
020EA4ED: 83C404 ADD ESP, 00000004H
020EA4F0: E935CF0305 JMP 0712742AH
....
....
....
0712742A: 90 NOP
0712742B: BE5F741207 MOV ESI, 0712745FH
07127430: BF9AA40E02 MOV EDI, 020EA49AH
07127435: B95B000000 MOV ECX, 0000005BH
0712743A: F3A4 REP MOVSB
0712743C: 9D POPFD
0712743D: 61 POPAD
0712743E: E95730FCFA JMP 020EA49AH
基本上我關鍵程式碼已經找到, 但是不敢直接使用其他工具來解殼, 怕會有東西沒處理好
想使用專用脫殼機是最好的...
但用PEiD沒辦法查出來是哪種殼, 想請問一下是否有高手看一下就知道這是哪家的殼
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 123.195.0.144
推
02/19 10:02, , 1F
02/19 10:02, 1F
推
02/19 17:58, , 2F
02/19 17:58, 2F
→
02/19 17:58, , 3F
02/19 17:58, 3F
→
02/19 17:59, , 4F
02/19 17:59, 4F
→
02/19 21:32, , 5F
02/19 21:32, 5F
→
02/19 21:33, , 6F
02/19 21:33, 6F
→
02/19 21:40, , 7F
02/19 21:40, 7F
→
02/19 22:49, , 8F
02/19 22:49, 8F
推
02/21 01:42, , 9F
02/21 01:42, 9F
→
02/21 01:43, , 10F
02/21 01:43, 10F
推
02/21 02:00, , 11F
02/21 02:00, 11F
→
02/21 09:27, , 12F
02/21 09:27, 12F
討論串 (同標題文章)