标签:
004473E4 53 push ebx 004473E5 8BD8 mov ebx,eax 004473E7 81BB 04030000 3>cmp dword ptr ds:[ebx+0x304],0xC34 004473F1 0F84 88000000 je unpacked.0044747F 004473F7 81BB 08030000 0>cmp dword ptr ds:[ebx+0x308],0x230D 00447401 74 7C je short unpacked.0044747F 00447403 81BB 10030000 9>cmp dword ptr ds:[ebx+0x310],0xF94 0044740D 75 70 jnz short unpacked.0044747F 0044740F 8B83 18030000 mov eax,dword ptr ds:[ebx+0x318] 00447415 3B83 14030000 cmp eax,dword ptr ds:[ebx+0x314] 0044741B 75 62 jnz short unpacked.0044747F 0044741D 81BB 1C030000 E>cmp dword ptr ds:[ebx+0x31C],0x3E7 00447427 74 56 je short unpacked.0044747F 00447429 33D2 xor edx,edx 0044742B 8B83 D8020000 mov eax,dword ptr ds:[ebx+0x2D8] 00447431 8B08 mov ecx,dword ptr ds:[eax] 00447433 FF51 5C call dword ptr ds:[ecx+0x5C] 00447436 33D2 xor edx,edx 00447438 8B83 DC020000 mov eax,dword ptr ds:[ebx+0x2DC] 0044743E 8B08 mov ecx,dword ptr ds:[eax] 00447440 FF51 5C call dword ptr ds:[ecx+0x5C] 00447443 33D2 xor edx,edx 00447445 8B83 E0020000 mov eax,dword ptr ds:[ebx+0x2E0] 0044744B 8B08 mov ecx,dword ptr ds:[eax] 0044744D FF51 5C call dword ptr ds:[ecx+0x5C] 00447450 33D2 xor edx,edx 00447452 8B83 E4020000 mov eax,dword ptr ds:[ebx+0x2E4] 00447458 8B08 mov ecx,dword ptr ds:[eax] 0044745A FF51 5C call dword ptr ds:[ecx+0x5C] 0044745D A1 A8984400 mov eax,dword ptr ds:[0x4498A8] 00447462 83C0 70 add eax,0x70 00447465 BA 8C744400 mov edx,unpacked.0044748C ; 厉害厉害真厉害!佩服佩服真佩服!! 0044746A E8 EDC4FBFF call unpacked.0040395C 0044746F BA B8744400 mov edx,unpacked.004474B8 ; 注册了 00447474 8B83 EC020000 mov eax,dword ptr ds:[ebx+0x2EC] 0044747A E8 3DCCFDFF call unpacked.004240BC 0044747F 5B pop ebx 00447480 C3 retn
通过搜索字符串定位,作者所说的重重设防,就是上面一大堆判断了,一个不符合就跳了
标签:
原文地址:http://www.cnblogs.com/coffeesoft/p/5530644.html
