标题:求助。。急。。特征码 汇编问题。。
取消只看楼主
米花
Rank: 1
等 级:新手上路
帖 子:3
专家分:5
注 册:2010-3-31
 问题点数:0 回复次数:0 
求助。。急。。特征码 汇编问题。。
360定位 特征码。。。如下:

MOV EAX,DWORD PTR DS:[EDI+4]
MOV DWORD PTR DS:[4A6618],EAX

使用跳转,NOP移位,换位,都可以达到免杀。。。但鸽子不上线。。。!

求各位汇编大牛。。帮忙解决下。。。万分感谢。。。!!!!

下面是一个循环。。。我复制下来了。。


00401F84  /$  53            PUSH EBX
00401F85  |.  56            PUSH ESI
00401F86  |.  57            PUSH EDI
00401F87  |.  83C4 F0       ADD ESP,-10
00401F8A  |.  8BF0          MOV ESI,EAX
00401F8C  |.  8D3C24        LEA EDI,DWORD PTR SS:[ESP]
00401F8F  |.  A5            MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES>
00401F90  |.  A5            MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES>
00401F91  |.  8BFC          MOV EDI,ESP
00401F93  |.  E8 A0FFFFFF   CALL CServer.00401F38
00401F98  |.  8D4C24 08     LEA ECX,DWORD PTR SS:[ESP+8]
00401F9C  |.  8BD7          MOV EDX,EDI
00401F9E  |.  B8 24664A00   MOV EAX,CServer.004A6624
00401FA3  |.  E8 10F5FFFF   CALL CServer.004014B8
00401FA8  |.  8B5C24 08     MOV EBX,DWORD PTR SS:[ESP+8]
00401FAC  |.  85DB          TEST EBX,EBX
00401FAE  |.  75 04         JNZ SHORT CServer.00401FB4
00401FB0  |.  33C0          XOR EAX,EAX
00401FB2  |.  EB 52         JMP SHORT CServer.00402006
00401FB4  |>  8B07          MOV EAX,DWORD PTR DS:[EDI]
00401FB6  |.  3BD8          CMP EBX,EAX
00401FB8  |.  73 0A         JNB SHORT CServer.00401FC4
00401FBA  |.  E8 99FDFFFF   CALL CServer.00401D58
00401FBF  |.  2907          SUB DWORD PTR DS:[EDI],EAX
00401FC1  |.  0147 04       ADD DWORD PTR DS:[EDI+4],EAX
00401FC4  |>  8B07          MOV EAX,DWORD PTR DS:[EDI]
00401FC6  |.  0347 04       ADD EAX,DWORD PTR DS:[EDI+4]
00401FC9  |.  8BF3          MOV ESI,EBX
00401FCB  |.  037424 0C     ADD ESI,DWORD PTR SS:[ESP+C]
00401FCF  |.  3BC6          CMP EAX,ESI
00401FD1  |.  73 08         JNB SHORT CServer.00401FDB
00401FD3  |.  E8 F0FDFFFF   CALL CServer.00401DC8
00401FD8  |.  0147 04       ADD DWORD PTR DS:[EDI+4],EAX
00401FDB  |>  8B07          MOV EAX,DWORD PTR DS:[EDI]
00401FDD  |.  0347 04       ADD EAX,DWORD PTR DS:[EDI+4]
00401FE0  |.  3BF0          CMP ESI,EAX
00401FE2      75 11         JNZ SHORT CServer.00401FF5
00401FE4  |.  83E8 04       SUB EAX,4
00401FE7  |.  BA 04000000   MOV EDX,4
00401FEC  |.  E8 EBFCFFFF   CALL CServer.00401CDC
00401FF1  |.  836F 04 04    SUB DWORD PTR DS:[EDI+4],4
00401FF5      8B07          MOV EAX,DWORD PTR DS:[EDI]
00401FF7      A3 1C664A00   MOV DWORD PTR DS:[4A661C],EAX
00401FFC      8B47 04       MOV EAX,DWORD PTR DS:[EDI+4]
00401FFF      A3 18664A00   MOV DWORD PTR DS:[4A6618],EAX
00402004      B0 01         MOV AL,1
00402006      83C4 10       ADD ESP,10
00402009      5F            POP EDI
0040200A      5E            POP ESI
0040200B  |.  5B            POP EBX
0040200C  \.  C3            RETN
0040200D      8D40 00       LEA EAX,DWORD PTR DS:[EAX]


搜索更多相关主题的帖子: 汇编 特征 
2010-03-31 15:15



参与讨论请移步原网站贴子:https://bbs.bccn.net/thread-301171-1-1.html




关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.020041 second(s), 8 queries.
Copyright©2004-2024, BCCN.NET, All Rights Reserved