0047E53F . 845D C4 test byte ptr ss:[ebp-0x3C],bl
0047E542 . 74 06 je short YYYYYY.0047E54A
0047E544 . 0FB74D C8 movzx ecx,word ptr ss:[ebp-0x38]
0047E548 . EB 03 jmp short YYYYYY.0047E54D
0047E54A > 6A 0A push 0xA
0047E54C . 59 pop ecx
0047E54D > 51 push ecx
0047E54E . 50 push eax
0047E54F . 56 push esi
0047E550 . 68 00004000 push YYYYYY.00400000
0047E555 . E8 8617F9FF call YYYYYY.0040FCE0
0047E55A . 8945 E0 mov dword ptr ss:[ebp-0x20],eax
0047E55D . 3975 E4 cmp dword ptr ss:[ebp-0x1C],esi
0047E560 . 75 06 jnz short YYYYYY.0047E568
0047E562 . 50 push eax
0047E563 . E8 8B810000 call YYYYYY.004866F3
0047E568 > E8 B2810000 call YYYYYY.0048671F
0047E56D . 897D FC mov dword ptr ss:[ebp-0x4],edi
0047E570 . EB 35 jmp short YYYYYY.0047E5A7
0047E572 . 8B45 EC mov eax,dword ptr ss:[ebp-0x14]
0047E575 . 8B08 mov ecx,dword ptr ds:[eax]
0047E577 . 8B09 mov ecx,dword ptr ds:[ecx]
0047E579 . 894D DC mov dword ptr ss:[ebp-0x24],ecx
0047E57C . 50 push eax
0047E57D . 51 push ecx
0047E57E . E8 AE060100 call YYYYYY.0048EC31
0047E583 . 59 pop ecx
0047E584 . 59 pop ecx
0047E585 . C3 retn
0047E586 . 8B65 E8 mov esp,dword ptr ss:[ebp-0x18]
0047E589 . 8B45 DC mov eax,dword ptr ss:[ebp-0x24]
0047E58C . 8945 E0 mov dword ptr ss:[ebp-0x20],eax
0047E58F . 837D E4 00 cmp dword ptr ss:[ebp-0x1C],0x0
0047E593 . 75 06 jnz short YYYYYY.0047E59B
0047E595 . 50 push eax
0047E596 . E8 6E810000 call YYYYYY.00486709
0047E59B > E8 8E810000 call YYYYYY.0048672E
0047E5A0 . C745 FC FEFFF>mov dword ptr ss:[ebp-0x4],-0x2
0047E5A7 > 8B45 E0 mov eax,dword ptr ss:[ebp-0x20]
0047E5AA . EB 13 jmp short YYYYYY.0047E5BF
0047E5AC . 33C0 xor eax,eax
0047E5AE . 40 inc eax
0047E5AF . C3 retn
0047E5B0 . 8B65 E8 mov esp,dword ptr ss:[ebp-0x18]
0047E5B3 . C745 FC FEFFF>mov dword ptr ss:[ebp-0x4],-0x2
0047E5BA . B8 FF000000 mov eax,0xFF
0047E5BF > E8 65060000 call YYYYYY.0047EC29
0047E5C4 . C3 retn
0047E5C5 > $ E8 930B0100 call YYYYYY.0048F15D
0047E5CA .^ E9 79FEFFFF jmp YYYYYY.0047E448
0047E5CF /$ 8BFF mov edi,edi
0047E5D1 |. 55 push ebp
0047E5D2 |. 8BEC mov ebp,esp
0047E5D4 |. 83EC 18 sub esp,0x18
0047E5D7 |. 53 push ebx
0047E5D8 |. FF75 0C push [arg.2]
0047E5DB |. 8D4D E8 lea ecx,[local.6]
0047E5DE |. E8 827DFFFF call YYYYYY.00476365
0047E5E3 |. 8B5D 08 mov ebx,[arg.1]
0047E5E6 |. 81FB 00010000 cmp ebx,0x100
0047E5EC |. 73 54 jnb short YYYYYY.0047E642
0047E5EE |. 8B4D E8 mov ecx,[local.6]
0047E5F1 |. 83B9 AC000000>cmp dword ptr ds:[ecx+0xAC],0x1
0047E5F8 |. 7E 14 jle short YYYYYY.0047E60E
0047E5FA |. 8D45 E8 lea eax,[local.6]
0047E5FD |. 50 push eax
0047E5FE |. 6A 02 push 0x2
0047E600 |. 53 push ebx
0047E601 |. E8 23050100 call YYYYYY.0048EB29
0047E606 |. 8B4D E8 mov ecx,[local.6]
0047E609 |. 83C4 0C add esp,0xC
0047E60C |. EB 0D jmp short YYYYYY.0047E61B
0047E60E |> 8B81 C8000000 mov eax,dword ptr ds:[ecx+0xC8]
0047E614 |. 0FB70458 movzx eax,word ptr ds:[eax+ebx*2]
0047E618 |. 83E0 02 and eax,0x2
0047E61B |> 85C0 test eax,eax
0047E61D |. 74 0F je short YYYYYY.0047E62E
0047E61F |. 8B81 D0000000 mov eax,dword ptr ds:[ecx+0xD0]
0047E625 |. 0FB60418 movzx eax,byte ptr ds:[eax+ebx]
0047E629 |. E9 A7000000 jmp YYYYYY.0047E6D5
0047E62E |> 807D F4 00 cmp byte ptr ss:[ebp-0xC],0x0
0047E632 |. 74 07 je short YYYYYY.0047E63B
0047E634 |. 8B45 F0 mov eax,[local.4]
0047E637 |. 8360 70 FD and dword ptr ds:[eax+0x70],-0x3
0047E63B |> 8BC3 mov eax,ebx
0047E63D |. E9 A0000000 jmp YYYYYY.0047E6E2
0047E642 |> 8B45 E8 mov eax,[local.6]
0047E645 |. 83B8 AC000000>cmp dword ptr ds:[eax+0xAC],0x1
0047E64C |. 7E 31 jle short YYYYYY.0047E67F
0047E64E |. 895D 08 mov [arg.1],ebx
0047E651 |. C17D 08 08 sar [arg.1],0x8
载入后OD 指向0047E563 . E8 8B810000 call YYYYYY.004866F3
本人初学脱壳,希望大家指教指教!谢谢各位!!
用OEID 测是 UPolyX v0.5 [Overlay] *
但是用AT4RE_FastScanner.exe 测是 ASProtect
大家指教一下,到底更可能是哪个壳啊!
希望斑竹也帮帮忙啊!
[培训]科锐逆向工程师培训第53期2025年7月8日开班!
