ACProtect unpack record2
来源:互联网 发布:农业科技网络书屋 编辑:程序博客网 时间:2024/06/10 18:07
//2012-07-110044219E ^\0F85 C3FEFFFF jnz MyUnpack.004420670044238C ^\0F85 DEFEFFFF jnz MyUnpack.004422700043D15E 83C1 04 add ecx,0x40043D161 83C2 FF add edx,-0x10043D164 ^ 0F85 E2FFFFFF jnz MyUnpack.0043D14C0044219D 4E dec esi0044219E ^ 0F85 C3FEFFFF jnz MyUnpack.004420670044238B 4E dec esi0044238C ^ 0F85 DEFEFFFF jnz MyUnpack.0044227000442392 EB 0B jmp short MyUnpack.0044239F00442591 83C1 FF add ecx,-0x100442594 ^ 0F85 CCFEFFFF jnz MyUnpack.00442466004427A7 4D dec ebp004427A8 ^ 0F85 C1FEFFFF jnz MyUnpack.0044266F004427AE EB 0B jmp short MyUnpack.004427BB004429C9 83C3 FF add ebx,-0x1004429CC ^ 0F85 C6FEFFFF jnz MyUnpack.00442898004429D2 76 0E jbe short MyUnpack.004429E200440511 8B95 46F84000 mov edx,dword ptr ss:[ebp+0x40F846] ; MyUnpack.0040000000440517 8B06 mov eax,dword ptr ds:[esi]00440519 0BC0 or eax,eax0044051B 75 07 jnz short MyUnpack.004405240044051D 90 nop0044051E 90 nop0044051F 90 nop00440520 90 nop00440521 8B46 10 mov eax,dword ptr ds:[esi+0x10]00440524 03C2 add eax,edx00440526 0385 42F84000 add eax,dword ptr ss:[ebp+0x40F842]0044052C 8B18 mov ebx,dword ptr ds:[eax]0044052E 8B7E 10 mov edi,dword ptr ds:[esi+0x10]00440531 03FA add edi,edx00440533 03BD 42F84000 add edi,dword ptr ss:[ebp+0x40F842]00440539 85DB test ebx,ebx0044053B 0F84 62010000 je MyUnpack.004406A300440541 F7C3 00000080 test ebx,0x8000000000440547 75 1D jnz short MyUnpack.0044056600440549 90 nop0044054A 90 nop0044054B 90 nop0044054C 90 nop0044054D 03DA add ebx,edx0044054F 83C3 02 add ebx,0x200440552 56 push esi00440553 57 push edi00440554 50 push eax00440555 8BF3 mov esi,ebx00440557 8BFB mov edi,ebx00440559 AC lods byte ptr ds:[esi]0044055A C0C0 03 rol al,0x30044055D AA stos byte ptr es:[edi]0044055E 803F 00 cmp byte ptr ds:[edi],0x000440561 ^ 75 F6 jnz short MyUnpack.0044055900440563 58 pop eax00440564 5F pop edi00440565 5E pop esi00440566 3B9D 46F84000 cmp ebx,dword ptr ss:[ebp+0x40F846]0044056C 7C 11 jl short MyUnpack.0044057F0044056E 90 nop0044056F 90 nop00440570 90 nop00440571 90 nop00440572 83BD 1A204000 0>cmp dword ptr ss:[ebp+0x40201A],0x000440579 75 0A jnz short MyUnpack.004405850044057B 90 nop0044057C 90 nop0044057D 90 nop0044057E 90 nop0044057F 81E3 FFFFFF0F and ebx,0xFFFFFFF00440585 53 push ebx00440586 FFB5 3EF84000 push dword ptr ss:[ebp+0x40F83E]0044058C FF95 108B4100 call dword ptr ss:[ebp+0x418B10]00440592 3B9D 46F84000 cmp ebx,dword ptr ss:[ebp+0x40F846]00440598 7C 0F jl short MyUnpack.004405A90044059A 90 nop0044059B 90 nop0044059C 90 nop0044059D 90 nop0044059E 60 pushad0044059F 2BC0 sub eax,eax004405A1 8803 mov byte ptr ds:[ebx],al004405A3 43 inc ebx004405A4 3803 cmp byte ptr ds:[ebx],al004405A6 ^ 75 F9 jnz short MyUnpack.004405A1004405A8 61 popad004405A9 0BC0 or eax,eax004405AB ^ 0F84 15FFFFFF je MyUnpack.004404C6004405B1 3B85 208B4100 cmp eax,dword ptr ss:[ebp+0x418B20]004405B7 74 20 je short MyUnpack.004405D9004405B9 90 nop004405BA 90 nop004405BB 90 nop004405BC 90 nop004405BD 3B85 C4FD4000 cmp eax,dword ptr ss:[ebp+0x40FDC4]004405C3 74 09 je short MyUnpack.004405CE004405C5 90 nop004405C6 90 nop004405C7 90 nop004405C8 90 nop004405C9 EB 14 jmp short MyUnpack.004405DF004405CB 90 nop004405CC 90 nop004405CD 90 nop004405CE 8D85 31FE4000 lea eax,dword ptr ss:[ebp+0x40FE31]004405D4 EB 09 jmp short MyUnpack.004405DF004405D6 90 nop004405D7 90 nop004405D8 90 nop004405D9 8D85 4BFE4000 lea eax,dword ptr ss:[ebp+0x40FE4B]004405DF 56 push esi004405E0 FFB5 3EF84000 push dword ptr ss:[ebp+0x40F83E]004405E6 5E pop esi004405E7 39B5 12204000 cmp dword ptr ss:[ebp+0x402012],esi004405ED 74 15 je short MyUnpack.00440604004405EF 90 nop004405F0 90 nop004405F1 90 nop004405F2 90 nop004405F3 39B5 16204000 cmp dword ptr ss:[ebp+0x402016],esi004405F9 74 09 je short MyUnpack.00440604004405FB 90 nop004405FC 90 nop004405FD 90 nop004405FE 90 nop004405FF EB 63 jmp short MyUnpack.0044066400440601 90 nop00440602 90 nop00440603 90 nop00440604 80BD 16564100 0>cmp byte ptr ss:[ebp+0x415616],0x00044060B 74 57 je short MyUnpack.004406640044060D 90 nop0044060E 90 nop0044060F 90 nop00440610 90 nop00440611 EB 07 jmp short MyUnpack.0044061A00440613 90 nop00440614 90 nop00440615 90 nop00440616 0000 add byte ptr ds:[eax],al00440618 0000 add byte ptr ds:[eax],al0044061A 8BB5 0BF94000 mov esi,dword ptr ss:[ebp+0x40F90B]00440620 83C6 0D add esi,0xD00440623 81EE 02184000 sub esi,MyUnpack.0040180200440629 2BF5 sub esi,ebp0044062B 83FE 00 cmp esi,0x00044062E 7F 34 jg short MyUnpack.0044066400440630 90 nop00440631 90 nop00440632 90 nop00440633 90 nop00440634 8BB5 0BF94000 mov esi,dword ptr ss:[ebp+0x40F90B]0044063A 53 push ebx0044063B 50 push eax0044063C E8 8DB2FFFF call MyUnpack.0043B8CE00440641 8BD8 mov ebx,eax00440643 58 pop eax00440644 33C3 xor eax,ebx00440646 C606 68 mov byte ptr ds:[esi],0x6800440649 8946 01 mov dword ptr ds:[esi+0x1],eax0044064C C746 05 8134240>mov dword ptr ds:[esi+0x5],0x24348100440653 895E 08 mov dword ptr ds:[esi+0x8],ebx00440656 C646 0C C3 mov byte ptr ds:[esi+0xC],0xC30044065A 5B pop ebx0044065B 8BC6 mov eax,esi0044065D 8385 0BF94000 0>add dword ptr ss:[ebp+0x40F90B],0xD00440664 5E pop esi00440665 60 pushad00440666 8BD0 mov edx,eax00440668 2BBD 46F84000 sub edi,dword ptr ss:[ebp+0x40F846]0044066E 8BC7 mov eax,edi00440670 B9 01010000 mov ecx,0x10100440675 8DBD EBEC4000 lea edi,dword ptr ss:[ebp+0x40ECEB]0044067B F2:AF repne scas dword ptr es:[edi]0044067D 0BC9 or ecx,ecx0044067F 74 13 je short MyUnpack.0044069400440681 90 nop00440682 90 nop00440683 90 nop00440684 90 nop00440685 81E9 01010000 sub ecx,0x1010044068B F7D1 not ecx0044068D 89948D EBE84000 mov dword ptr ss:[ebp+ecx*4+0x40E8EB],ed>00440694 61 popad00440695 8907 mov dword ptr ds:[edi],eax00440697 8385 42F84000 0>add dword ptr ss:[ebp+0x40F842],0x40044069E ^ E9 6EFEFFFF jmp MyUnpack.00440511004406A3 83C6 14 add esi,0x14004406A6 8B95 46F84000 mov edx,dword ptr ss:[ebp+0x40F846]004406AC ^ E9 D0FDFFFF jmp MyUnpack.00440481004406B1 8DBD EBEC4000 lea edi,dword ptr ss:[ebp+0x40ECEB]004406B7 33C0 xor eax,eax004406B9 B9 00010000 mov ecx,0x100004406BE F3:AB rep stos dword ptr es:[edi]004406C0 60 pushad004406C1 E8 00000000 call MyUnpack.004406C6004406C6 5E pop esi004406C7 83EE 06 sub esi,0x6004406CA B9 70020000 mov ecx,0x270004406CF 29CE sub esi,ecx004406D1 BA 37F5381C mov edx,0x1C38F537004406D6 C1E9 02 shr ecx,0x2004406D9 83E9 02 sub ecx,0x2004406DC 83F9 00 cmp ecx,0x0004406DF 7C 1A jl short MyUnpack.004406FB004406E1 8B048E mov eax,dword ptr ds:[esi+ecx*4]004406E4 8B5C8E 04 mov ebx,dword ptr ds:[esi+ecx*4+0x4]004406E8 03C3 add eax,ebx004406EA C1C0 04 rol eax,0x4004406ED 03C2 add eax,edx004406EF 81C2 6E023BA5 add edx,0xA53B026E004406F5 89048E mov dword ptr ds:[esi+ecx*4],eax004406F8 49 dec ecx004406F9 ^ EB E1 jmp short MyUnpack.004406DC004406FB 61 popad004406FC 61 popad004406FD E8 D9D9FFFF call MyUnpack.0043E0DB00440702 C3 retn00440703 0000 add byte ptr ds:[eax],al00440705 0000 add byte ptr ds:[eax],al00440707 0000 add byte ptr ds:[eax],al00440709 0000 add byte ptr ds:[eax],al0044070B 64:0000 add byte ptr fs:[eax],al0044070E 0052 45 add byte ptr ds:[edx+0x45],dl00440711 4C dec esp00440712 4F dec edi00440713 43 inc ebx00440714 41 inc ecx00440715 43 inc ebx00440716 50 push eax00440717 0000 add byte ptr ds:[eax],al00440719 0000 add byte ptr ds:[eax],al0044071B 0000 add byte ptr ds:[eax],al0044071D 0000 add byte ptr ds:[eax],al
继续上次跟踪ACProtect ,好像感觉要进入OEP了,
- ACProtect unpack record2
- ACProtect unpack record1
- UNPACK
- UNPACK
- unpack
- AcProtect 1.41 外壳分析
- 笔记二ACProtect
- ACProtect's Anti-Cracking Features
- unpack错误信息
- Python unpack
- maven unpack
- Unpack函数
- Lua -- unpack
- ACProtect 一段代码自修改片段
- ACProtect 1.40 - 1.41 - RISCO Software Inc. 脱壳
- ACProtect壳2.0版本的分析
- windows 程序设计之「RECORD2.C」范例分析笔记
- 基于FFmpeg的开源项目small-video-record2
- MFC--使用DWM实现Aero Glass效果
- Cocos2D HTML5 tutorial 1: Getting set up and running
- OS X:用户第一次登录时,忽略iCloud配置弹出(bash)
- linux lcd驱动分析五
- 在 console mode 中使用 C/C++ 編譯器
- ACProtect unpack record2
- c# 不可见的字符,删除?
- 正则表达式(1)
- 使用BackgroundWorker组件进行异步操作编程
- C# 主线程 辅助线程
- Apple: Mac OS X美洲狮10.8的硬件兼容列表
- Linux 下搭建SVN 之安装
- linux2.6.12 下s3c2440 camera接口 源码分析和个人思考之 read方法篇
- 回调函数原理以及自定义回调函数