这个DLL是什么壳啊?
本帖最后由 lty888 于 2014-7-22 13:05 编辑文件地址http://pan.baidu.com/s/1i37QU6h提取码mge8 怎么脱壳啊 ?绑定机器码的?
66DA5000>83EC 04 sub esp,0x4
66DA5003 50 push eax
66DA5004 53 push ebx
66DA5005 E8 01000000 call GGplayer.66DA500B
66DA500A 0058 89 add byte ptr ds:,bl
66DA500D C3 retn
66DA500E 40 inc eax
66DA500F 2D 00102600 sub eax,0x261000
66DA5014 2D 87BB9604 sub eax,0x496BB87
66DA5019 05 7CBB9604 add eax,0x496BB7C
66DA501E 803B CC cmp byte ptr ds:,0xCC
66DA5021 75 19 jnz XGGplayer.66DA503C
66DA5023 C603 00 mov byte ptr ds:,0x0
66DA5026 BB 00100000 mov ebx,0x1000
66DA502B 68 76197C0E push 0xE7C1976
66DA5030 68 F12ED756 push 0x56D72EF1
66DA5035 53 push ebx
66DA5036 50 push eax
66DA5037 E8 0A000000 call GGplayer.66DA5046
66DA503C 83C0 14 add eax,0x14
66DA503F 894424 08 mov dword ptr ss:,eax
66DA5043 5B pop ebx
66DA5044 58 pop eax
66DA5045 C3 retn
66DA5046 55 push ebp
66DA5047 89E5 mov ebp,esp
66DA5049 50 push eax
66DA504A 53 push ebx
66DA504B 51 push ecx
66DA504C 56 push esi
66DA504D 8B75 08 mov esi,dword ptr ss:
66DA5050 8B4D 0C mov ecx,dword ptr ss:
66DA5053 C1E9 02 shr ecx,0x2
66DA5056 8B45 10 mov eax,dword ptr ss:
66DA5059 8B5D 14 mov ebx,dword ptr ss:
66DA505C 85C9 test ecx,ecx
66DA505E 74 0A je XGGplayer.66DA506A
66DA5060 3106 xor dword ptr ds:,eax
66DA5062 011E add dword ptr ds:,ebx
66DA5064 83C6 04 add esi,0x4
66DA5067 49 dec ecx
66DA5068^ EB F2 jmp XGGplayer.66DA505C
66DA506A 5E pop esi
66DA506B 59 pop ecx
66DA506C 5B pop ebx
66DA506D 58 pop eax
66DA506E C9 leave
66DA506F C2 1000 retn 0x10
66DA5072 14 AB adc al,0xAB
66DA5074 05 00173F2D add eax,0x2D3F1700
66DA5079 D072 75 sal byte ptr ds:,1
66DA507C DFEC fucomip st,st(4)
66DA507E 1809 sbb byte ptr ds:,cl
66DA5080 865A EE xchg byte ptr ds:,bl
66DA5083 2BC1 sub eax,ecx
66DA5085 06 push es
66DA5086 8AD8 mov bl,al
66DA5088 03A7 5506B40B add esp,dword ptr ds:
66DA508E D4 27 aam 0x27
66DA5090 2F das
66DA5091 65:F2: prefix repne:
66DA5093 C1C6 2B rol esi,0x2B
66DA5096 C5F0 lds esi,eax ; 非法使用寄存器
66DA5098 4E dec esi
66DA5099 15 C14CF2E1 adc eax,0xE1F24CC1
66DA509E 1A6B 67 sbb ch,byte ptr ds:
66DA50A1 1A45 12 sbb al,byte ptr ss:
66DA50A4 3A87 AC175A6B cmp al,byte ptr ds:
66DA50AA^ 72 BF jb XGGplayer.66DA506B
66DA50AC 1D 7EAD2047 sbb eax,0x4720AD7E
66DA50B1 BE F0515839 mov esi,0x395851F0
66DA50B6 F7D6 not esi
66DA50B8 BD 812D445F mov ebp,0x5F442D81
66DA50BD 57 push edi
66DA50BE BF 1B09081C mov edi,0x1C08091B
66DA50C3 01FD add ebp,edi
66DA50C5 5F pop edi
66DA50C6 F7DD neg ebp
66DA50C8 D1E5 shl ebp,1
66DA50CA 45 inc ebp
66DA50CB 87CD xchg ebp,ecx
66DA50CD 91 xchg eax,ecx
66DA50CE F7D0 not eax
66DA50D0 91 xchg eax,ecx
66DA50D1 87CD xchg ebp,ecx
66DA50D3 81ED 1D256691 sub ebp,0x9166251D
66DA50D9 09EE or esi,ebp
66DA50DB 81ED EF6ABB0A sub ebp,0xABB6AEF
66DA50E1 29C5 sub ebp,eax
66DA50E3 BB 7F65362D mov ebx,0x2D36657F
66DA50E8 81F3 900F8D27 xor ebx,0x278D0F90
66DA50EE 01DD add ebp,ebx
66DA50F0 01CB add ebx,ecx
66DA50F2 F7DE neg esi
66DA50F4 81C6 3E21516A add esi,0x6A51213E
66DA50FA 01F7 add edi,esi
66DA50FC 31F6 xor esi,esi
66DA50FE 31C6 xor esi,eax
66DA5100 89F8 mov eax,edi
66DA5102 BD 6303A830 mov ebp,0x30A80363
66DA5107 81C5 3F6EDE1A add ebp,0x1ADE6E3F
66DA510D 4D dec ebp
66DA510E D1ED shr ebp,1
66DA5110 55 push ebp
66DA5111 F71424 not dword ptr ss:
66DA5114 5D pop ebp
66DA5115 F7DD neg ebp
66DA5117 81C5 48C8B2DE add ebp,0xDEB2C848
66DA511D 31EF xor edi,ebp
再给点分析。 WL baby520 发表于 2014-7-21 13:59
WL
能帮我脱下吗?真有点棘手
页:
[1]