NsPack 1.4 脱壳去效验问题
7C9211AD C2 1000 retn 107C9211B0 90 nop
7C9211B1 90 nop
7C9211B2 90 nop
7C9211B3 90 nop
7C9211B4 90 nop
7C9211B5 >8BFF mov edi,edi
7C9211B7 55 push ebp
7C9211B8 8BEC mov ebp,esp
7C9211BA 56 push esi
7C9211BB 57 push edi
7C9211BC 64:A1 18000000 mov eax,dword ptr fs:
7C9211C2 8BB0 B0010000 mov esi,dword ptr ds:
7C9211C8 85F6 test esi,esi
7C9211CA 8B7D 0C mov edi,dword ptr ss:
7C9211CD 0F85 10F20000 jnz ntdll.7C9303E3
7C9211D3 85FF test edi,edi
7C9211D5 0F85 11F20000 jnz ntdll.7C9303EC
7C9211DB 803D 04C0997C 00cmp byte ptr ds:,0
7C9211E2 0F85 04F20000 jnz ntdll.7C9303EC
7C9211E8 8B45 08 mov eax,dword ptr ss:
7C9211EB 8348 10 10 or dword ptr ds:,10
7C9211EF 5F pop edi
7C9211F0 5E pop esi
7C9211F1 5D pop ebp
7C9211F2 C2 0800 retn 8
7C9211F5 90 nop
7C9211F6 90 nop
7C9211F7 90 nop
7C9211F8 90 nop
7C9211F9 90 nop
7C9211FA >8BFF mov edi,edi
7C9211FC 55 push ebp
7C9211FD 8BEC mov ebp,esp
7C9211FF 83EC 54 sub esp,54
7C921202 56 push esi
7C921203 64:A1 18000000 mov eax,dword ptr fs:
7C921209 803D 04C0997C 00cmp byte ptr ds:,0
7C921210 8B75 08 mov esi,dword ptr ss:
7C921213 8945 FC mov dword ptr ss:,eax
7C921216 0F85 EAF10000 jnz ntdll.7C930406
7C92121C F646 10 10 test byte ptr ds:,10
7C921220 0F84 E0F10000 je ntdll.7C930406
7C921226 5E pop esi
7C921227 C9 leave
7C921228 C2 0400 retn 4
7C92122B 90 nop
7C92122C 90 nop
7C92122D 90 nop
7C92122E 90 nop
7C92122F 90 nop
7C921230 >CC int3
7C921231 C3 retn
7C921232 8BFF mov edi,edi
7C921234 90 nop
7C921235 90 nop
7C921236 90 nop
7C921237 90 nop
7C921238 90 nop
7C921239 >CC int3
7C92123A C3 retn
7C92123B 90 nop
7C92123C 8BFF mov edi,edi
7C92123E 90 nop
7C92123F 90 nop
7C921240 90 nop
7C921241 90 nop
7C921242 90 nop
7C921243 8B4424 04 mov eax,dword ptr ss:
7C921247 CC int3
7C921248 C2 0400 retn 4
7C92124B 90 nop
7C92124C 90 nop
7C92124D 90 nop
7C92124E 90 nop
7C92124F 90 nop
7C921250 >64:A1 18000000 mov eax,dword ptr fs:
7C921256 C3 retn
7C921257 90 nop
7C921258 90 nop
7C921259 90 nop
7C92125A 90 nop
7C92125B 90 nop
7C92125C >57 push edi
7C92125D 8B7C24 0C mov edi,dword ptr ss:
7C921261 8B5424 08 mov edx,dword ptr ss:
7C921265 C702 00000000 mov dword ptr ds:,0
7C92126B 897A 04 mov dword ptr ds:,edi
7C92126E 0BFF or edi,edi
7C921270 74 1E je short ntdll.7C921290
7C921272 83C9 FF or ecx,FFFFFFFF
7C921275 33C0 xor eax,eax
7C921277 F2:AE repne scas byte ptr es:
7C921279 F7D1 not ecx
7C92127B 81F9 FFFF0000 cmp ecx,0FFFF
7C921281 76 05 jbe short ntdll.7C921288
7C921283 B9 FFFF0000 mov ecx,0FFFF
7C921288 66:894A 02 mov word ptr ds:,cx
7C92128C 49 dec ecx
7C92128D 66:890A mov word ptr ds:,cx
7C921290 5F pop edi
7C921291 C2 0800 retn 8
7C921294 90 nop
7C921295 90 nop
7C921296 90 nop
7C921297 90 nop
7C921298 90 nop
7C921299 >57 push edi
7C92129A 8B7C24 0C mov edi,dword ptr ss:
7C92129E 8B5424 08 mov edx,dword ptr ss:
7C9212A2 C702 00000000 mov dword ptr ds:,0
7C9212A8 897A 04 mov dword ptr ds:,edi
7C9212AB 0BFF or edi,edi
7C9212AD 74 1E je short ntdll.7C9212CD
7C9212AF 83C9 FF or ecx,FFFFFFFF
7C9212B2 33C0 xor eax,eax
7C9212B4 F2:AE repne scas byte ptr es:
7C9212B6 F7D1 not ecx
7C9212B8 81F9 FFFF0000 cmp ecx,0FFFF
7C9212BE 76 05 jbe short ntdll.7C9212C5
7C9212C0 B9 FFFF0000 mov ecx,0FFFF
7C9212C5 66:894A 02 mov word ptr ds:,cx
7C9212C9 49 dec ecx
7C9212CA 66:890A mov word ptr ds:,cx
7C9212CD 5F pop edi
7C9212CE C2 0800 retn 8
7C9212D1 90 nop
7C9212D2 90 nop
7C9212D3 90 nop
7C9212D4 90 nop
7C9212D5 90 nop
7C9212D6 >57 push edi
7C9212D7 8B7C24 0C mov edi,dword ptr ss:
7C9212DB 8B5424 08 mov edx,dword ptr ss:
7C9212DF C702 00000000 mov dword ptr ds:,0
7C9212E5 897A 04 mov dword ptr ds:,edi
7C9212E8 0BFF or edi,edi
7C9212EA 74 22 je short ntdll.7C92130E
7C9212EC 83C9 FF or ecx,FFFFFFFF
7C9212EF 33C0 xor eax,eax
7C9212F1 F2:66:AF repne scas word ptr es:
7C9212F4 F7D1 not ecx
7C9212F6 D1E1 shl ecx,1
7C9212F8 81F9 FEFF0000 cmp ecx,0FFFE
7C9212FE 76 05 jbe short ntdll.7C921305
7C921300 B9 FEFF0000 mov ecx,0FFFE
7C921305 66:894A 02 mov word ptr ds:,cx
7C921309 49 dec ecx
7C92130A 49 dec ecx
7C92130B 66:890A mov word ptr ds:,cx
7C92130E 5F pop edi
7C92130F C2 0800 retn 8
7C921312 90 nop
7C921313 90 nop
7C921314 90 nop
7C921315 90 nop
7C921316 90 nop
7C921317 >83EC 0C sub esp,0C
7C92131A DD1424 fst qword ptr ss:
7C92131D E8 238A0300 call ntdll.7C959D45
7C921322 E8 0D000000 call ntdll.7C921334
7C921327 83C4 0C add esp,0C
7C92132A C3 retn
7C92132B >8D5424 04 lea edx,dword ptr ss:
7C92132F E8 C9890300 call ntdll.7C959CFD
7C921334 52 push edx
7C921335 9B wait
7C921336 D93C24 fstcw word ptr ss:
7C921339 74 50 je short ntdll.7C92138B
7C92133B 66:813C24 7F02 cmp word ptr ss:,27F
7C921341 74 06 je short ntdll.7C921349
7C921343 D92D 4801977C fldcw word ptr ds:
7C921349 D9FF fcos
7C92134B 9B wait
7C92134C DFE0 fstsw ax
7C92134E 9E sahf
7C92134F 7A 1D jpe short ntdll.7C92136E
7C921351 833D 18F7997C 00cmp dword ptr ds:,0
7C921358 0F85 028A0300 jnz ntdll.7C959D60
7C92135E BA 12000000 mov edx,12
7C921363 8D0D 20EE997C lea ecx,dword ptr ds:
7C921369 E9 048A0300 jmp ntdll.7C959D72
7C92136E DB2D 4A01977C fld tbyte ptr ds:
7C921374 D9C9 fxch st(1)
7C921376 D9F5 fprem1
7C921378 9B wait
7C921379 DFE0 fstsw ax
7C92137B 9E sahf
7C92137C 7A F8 jpe short ntdll.7C921376
7C92137E DDD9 fstp st(1)
7C921380 D9FF fcos
7C921382^ EB CD jmp short ntdll.7C921351
7C921384 E8 56890300 call ntdll.7C959CDF
7C921389 EB 1B jmp short ntdll.7C9213A6
7C92138B A9 FFFF0F00 test eax,0FFFFF
7C921390^ 75 F2 jnz short ntdll.7C921384
7C921392 837C24 08 00 cmp dword ptr ss:,0
7C921397^ 75 EB jnz short ntdll.7C921384
7C921399 DDD8 fstp st
7C92139B DB2D 88EE997C fld tbyte ptr ds:
7C9213A1 B8 01000000 mov eax,1
7C9213A6 833D 18F7997C 00cmp dword ptr ds:,0
7C9213AD 0F85 AD890300 jnz ntdll.7C959D60
7C9213B3 BA 12000000 mov edx,12
7C9213B8 8D0D 20EE997C lea ecx,dword ptr ds:
7C9213BE E8 EE8A0300 call ntdll.7C959EB1
7C9213C3 5A pop edx
7C9213C4 C3 retn
7C9213C5 90 nop
7C9213C6 90 nop
7C9213C7 90 nop
7C9213C8 90 nop
7C9213C9 90 nop
7C9213CA >EB 1B jmp short ntdll.7C9213E7
7C9213CC 8BFF mov edi,edi
7C9213CE 90 nop
7C9213CF 90 nop
7C9213D0 90 nop
7C9213D1 90 nop
7C9213D2 90 nop
7C9213D3 >83EC 0C sub esp,0C
7C9213D6 DD1424 fst qword ptr ss:
7C9213D9 E8 67890300 call ntdll.7C959D45
7C9213DE E8 0D000000 call ntdll.7C9213F0
7C9213E3 83C4 0C add esp,0C
7C9213E6 C3 retn
7C9213E7 8D5424 04 lea edx,dword ptr ss:
7C9213EB E8 0D890300 call ntdll.7C959CFD
7C9213F0 52 push edx
7C9213F1 9B wait
7C9213F2 D93C24 fstcw word ptr ss:
7C9213F5 74 4C je short ntdll.7C921443
7C9213F7 8B4424 0C mov eax,dword ptr ss:
7C9213FB 66:813C24 7F02 cmp word ptr ss:,27F
7C921401 74 06 je short ntdll.7C921409
7C921403 D92D 4801977C fldcw word ptr ds:
7C921409 A9 0000F07F test eax,7FF00000
7C92140E 74 5E je short ntdll.7C92146E
7C921410 A9 00000080 test eax,80000000
7C921415 75 41 jnz short ntdll.7C921458
7C921417 D9ED fldln2
7C921419 D9C9 fxch st(1)
7C92141B D9F1 fyl2x
7C92141D 833D 18F7997C 00cmp dword ptr ds:,0
7C921424 0F85 36890300 jnz ntdll.7C959D60
7C92142A 8D0D 30EE997C lea ecx,dword ptr ds:
7C921430 BA 1A000000 mov edx,1A
7C921435 E9 38890300 jmp ntdll.7C959D72
7C92143A A9 00000080 test eax,80000000
7C92143F 75 17 jnz short ntdll.7C921458
7C921441^ EB D4 jmp short ntdll.7C921417
7C921443 A9 FFFF0F00 test eax,0FFFFF
7C921448 75 1D jnz short ntdll.7C921467
7C92144A 837C24 08 00 cmp dword ptr ss:,0
7C92144F 75 16 jnz short ntdll.7C921467
7C921451 25 00000080 and eax,80000000
7C921456^ 74 C5 je short ntdll.7C92141D
7C921458 DDD8 fstp st
7C92145A DB2D 88EE997C fld tbyte ptr ds:
7C921460 B8 01000000 mov eax,1
7C921465 EB 22 jmp short ntdll.7C921489
7C921467 E8 73880300 call ntdll.7C959CDF
7C92146C EB 1B jmp short ntdll.7C921489
7C92146E A9 FFFF0F00 test eax,0FFFFF
7C921473^ 75 C5 jnz short ntdll.7C92143A
7C921475 837C24 08 00 cmp dword ptr ss:,0
7C92147A^ 75 BE jnz short ntdll.7C92143A
7C92147C DDD8 fstp st
7C92147E DB2D C2EE997C fld tbyte ptr ds:
7C921484 B8 02000000 mov eax,2
7C921489 833D 18F7997C 00cmp dword ptr ds:,0
7C921490 0F85 CA880300 jnz ntdll.7C959D60
7C921496 8D0D 30EE997C lea ecx,dword ptr ds:
7C92149C BA 1A000000 mov edx,1A
7C9214A1 E8 0B8A0300 call ntdll.7C959EB1
7C9214A6 5A pop edx
7C9214A7 C3 retn
7C9214A8 90 nop
7C9214A9 90 nop
7C9214AA 90 nop
7C9214AB 90 nop
7C9214AC 90 nop
7C9214AD >EB 21 jmp short ntdll.7C9214D0
7C9214AF 90 nop
7C9214B0 8BFF mov edi,edi
7C9214B2 90 nop
7C9214B3 90 nop
7C9214B4 90 nop
7C9214B5 90 nop
7C9214B6 90 nop
7C9214B7 >83EC 14 sub esp,14
7C9214BA D9C9 fxch st(1)
7C9214BC DD1C24 fstp qword ptr ss:
7C9214BF DD5424 08 fst qword ptr ss:
7C9214C3 8B4424 0C mov eax,dword ptr ss:
7C9214C7 E8 0D000000 call ntdll.7C9214D9
7C9214CC 83C4 14 add esp,14
7C9214CF C3 retn
7C9214D0 8D5424 0C lea edx,dword ptr ss:
7C9214D4 E8 24880300 call ntdll.7C959CFD
上面的是程序进程终止退出时候的代码
请大虾给指点下怎么修复! 把软件传上来/:L /:L /:L 对哦,光看这个就可以的话,我就不是菜鸟了……
页:
[1]