[求助]请高手帮忙看看-加壳脱壳-看雪-安全社区|安全招聘|kanxue.com

[求助]请高手帮忙看看

发表于: 2012-8-5 09:54 3155

[求助]请高手帮忙看看

平民

活跃值

2012-8-5 09:54

3155

00406AC4  |.  BB EC4A7000 mov ebx,_unpacke.00704AEC
00406AC9  |.  BF 50207000 mov edi,_unpacke.00702050
00406ACE  |.  833D 04606F00>cmp dword ptr ds:[0x6F6004],0x0
00406AD5  |.  74 11       je X_unpacke.00406AE8
00406AD7  |.  E8 C4FEFFFF call _unpacke.004069A0
00406ADC  |.  E8 4FFFFFFF call _unpacke.00406A30
00406AE1  |.  33C0       xor eax,eax
00406AE3  |.  A3 04606F00 mov dword ptr ds:[0x6F6004],eax
00406AE8  |>  833D 204B7000>cmp dword ptr ds:[0x704B20],0x0
00406AEF    74 21       je X_unpacke.00406B12
00406AF1  |.  E8 8ABBFFFF call <jmp.&KERNEL32.GetCurrentThreadId>  ; [GetCurrentThreadId
00406AF6  |.  3B05 484B7000 cmp eax,dword ptr ds:[0x704B48]
00406AFC  |.  75 14       jnz X_unpacke.00406B12
00406AFE  |.  B8 1C4B7000 mov eax,_unpacke.00704B1C
00406B03  |.  E8 34FCFFFF call _unpacke.0040673C
00406B08  |.  B8 1C4B7000 mov eax,_unpacke.00704B1C
00406B0D  |.  E8 F2FEFFFF call _unpacke.00406A04
00406B12  |>  807B 28 00 cmp byte ptr ds:[ebx+0x28],0x0
00406B16  |.  75 14       jnz X_unpacke.00406B2C
00406B18  |.  833F 00    cmp dword ptr ds:[edi],0x0
00406B1B    74 0F       je X_unpacke.00406B2C
00406B1D  |>  8B07       /mov eax,dword ptr ds:[edi]
00406B1F  |.  89C6       |mov esi,eax
00406B21  |.  33C0       |xor eax,eax
00406B23  |.  8907       |mov dword ptr ds:[edi],eax
00406B25  |.  FFD6       |call esi
00406B27  |.  833F 00    |cmp dword ptr ds:[edi],0x0
00406B2A  |.^ 75 F1       \jnz X_unpacke.00406B1D
00406B2C  |>  807B 28 02 /cmp byte ptr ds:[ebx+0x28],0x2
00406B30  |.  75 0E       |jnz X_unpacke.00406B40
00406B32  |.  833D 00606F00>|cmp dword ptr ds:[0x6F6000],0x0
00406B39  |.  75 05       |jnz X_unpacke.00406B40
00406B3B  |.  33C0       |xor eax,eax
00406B3D  |.  8943 0C    |mov dword ptr ds:[ebx+0xC],eax
00406B40  |>  E8 1FFCFFFF |call _unpacke.00406764
00406B45  |.  807B 28 01 |cmp byte ptr ds:[ebx+0x28],0x1
00406B49  |.  76 09       |jbe X_unpacke.00406B54
00406B4B  |.  833D 00606F00>|cmp dword ptr ds:[0x6F6000],0x0
00406B52  |.  74 23       |je X_unpacke.00406B77
00406B54  |>  8B7B 10    |mov edi,dword ptr ds:[ebx+0x10]
00406B57  |.  85FF       |test edi,edi
00406B59  |.  74 1C       |je X_unpacke.00406B77
00406B5B  |.  8BC7       |mov eax,edi
00406B5D  |.  E8 AE440000 |call _unpacke.0040B010
00406B62  |.  8B6B 10    |mov ebp,dword ptr ds:[ebx+0x10]
00406B65  |.  8B75 10    |mov esi,[arg.3]
00406B68  |.  3B75 04    |cmp esi,dword ptr ss:[ebp+0x4]
00406B6B    74 0A       je X_unpacke.00406B77
00406B6D  |.  85F6       |test esi,esi
00406B6F  |.  74 06       |je X_unpacke.00406B77
00406B71  |.  56          |push esi                               ; /hLibModule
00406B72  |.  E8 49BAFFFF |call <jmp.&KERNEL32.FreeLibrary>       ; \FreeLibrary
00406B77  |>  8BC3       |mov eax,ebx
00406B79  |.  E8 BEFBFFFF |call _unpacke.0040673C
00406B7E  |.  807B 28 01 |cmp byte ptr ds:[ebx+0x28],0x1
00406B82  |.  75 03       |jnz X_unpacke.00406B87
00406B84  |.  FF53 24    |call dword ptr ds:[ebx+0x24]
00406B87  |>  807B 28 00 |cmp byte ptr ds:[ebx+0x28],0x0
00406B8B  |.  74 07       |je X_unpacke.00406B94
00406B8D  |.  8BC3       |mov eax,ebx
00406B8F  |.  E8 70FEFFFF |call _unpacke.00406A04
00406B94    833B 00    cmp dword ptr ds:[ebx],0x0
00406B97    75 1A       jnz X_unpacke.00406BB3
00406B99  |.  833D 30207000>|cmp dword ptr ds:[0x702030],0x0
00406BA0    74 06       je X_unpacke.00406BA8
00406BA2  |.  FF15 30207000 |call dword ptr ds:[0x702030]
00406BA8  |>  A1 00606F00 |mov eax,dword ptr ds:[0x6F6000]
00406BAD  |.  50          |push eax                               ; /ExitCode => 0
00406BAE  |.  E8 EDB9FFFF |call <jmp.&KERNEL32.ExitProcess>       ; \退出

这到底在比较什么,请高手看看，谢谢。

[培训]科锐逆向工程师培训第53期2025年7月8日开班！

收藏・0

免费・0

支持

分享

最新回复 (0)
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

返回

平民

发帖

回帖

RANK

他的文章

[求助]请高手帮忙看看 3156
[求助]Delphi 3681

看雪公众号

专注于PC、移动、智能设备安全研究及逆向工程的开发者社区