再谈pcshare过金山免杀 用的是X专版 免杀过的朋友进
我用金山定位pcshare的DLL特征码时 定位到0000DC1C 0000DC20 0000DC30 3处特征码 用反向定位的
然后就怎么也改不好 正向等位过 也是在这3处附近
特征码附上 懂得朋友帮忙指导一下 管理员帮忙看看啊 免杀高手帮忙
1000DC10: 0100 ADD [DWORD DS:EAX], EAX
1000DC12: 0000 ADD [BYTE DS:EAX], AL
1000DC14: 0300 ADD EAX, [DWORD DS:EAX]
1000DC16: 0000 ADD [BYTE DS:EAX], AL
1000DC18: 0300 ADD EAX, [DWORD DS:EAX]
1000DC1A: 0000 ADD [BYTE DS:EAX], AL
1000DC1C: 28EC SUB AH, CH 特征码1
1000DC1E: 0000 ADD [BYTE DS:EAX], AL
1000DC20: 34 EC XOR AL, EC 特征码2
1000DC22: 0000 ADD [BYTE DS:EAX], AL
1000DC24: 40 INC EAX
1000DC25: EC IN AL, DX
1000DC26: 0000 ADD [BYTE DS:EAX], AL
1000DC28: 70 BF JO SHORT 1000DBE9
1000DC2A: 0000 ADD [BYTE DS:EAX], AL
1000DC2C: 80BD 000090BD 00 CMP [BYTE SS:EBP+BD900000], 0 特征码3
1000DC33: 0051 EC ADD [BYTE DS:ECX-14], DL
1000DC36: 0000 ADD [BYTE DS:EAX], AL
1000DC38: 5C POP ESP
1000DC39: EC IN AL, DX
1000DC3A: 0000 ADD [BYTE DS:EAX], AL
1000DC3C: 69EC 00000200 IMUL EBP, ESP, 20000
1000DC42: 0100 ADD [DWORD DS:EAX], EAX
1000DC44: 0000 ADD [BYTE DS:EAX], AL
1000DC46: 48 DEC EAX
1000DC47: 58 POP EAX
1000DC48: 4D DEC EBP
1000DC49: 61 POPAD
1000DC4A: 696E 2E 646C6C00 IMUL EBP, [DWORD DS:ESI+2E], 6C6C64
1000DC51: 4D DEC EBP
1000DC52: 61 POPAD
1000DC53: 696E 57 6F726B30 IMUL EBP, [DWORD DS:ESI+57], 306B726F
1000DC5A: 3100 XOR [DWORD DS:EAX], EAX
1000DC5C: 53 PUSH EBX
1000DC5D: 65:72 76 JB SHORT 1000DCD6
1000DC60: 6963 65 30310030 IMUL ESP, [DWORD DS:EBX+65], 30003130
1000DC67: 3030 XOR [BYTE DS:EAX], DH
附件
-
PcMain2.rar
(29.67 KB)
-
2008-8-27 22:39, 下载次数: 16
