DNF通杀所有SF过硬断检测+智辅功能分析OD原数据
01143B33 90 nop01143B34 90 nop
01143B35 83C4 04 add esp,0x4
过那个硬件检测
动态发包位置
64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 24 53 55 56 8D 4C 24 20
00959371 8B0D 44FBA501 mov ecx,dword ptr ds:
00959377 6A 01 push 0x1
00959379 6A 01 push 0x1
0095937B 53 push ebx
0095937C 57 push edi
0095937D 6A 13 push 0x13
0095937F E8 DC52FAFF call 8584.008FE660 ; 喊话CALL
00182EEC|013CFB67返回到 3664.013CFB67 来自 3664.013CB930
008158CB FFD2 call edx
.版本 2
置汇编代码 ({})
Pushad ()
Push (0)
Mov_EAX_Ptr (27654944)
Mov_EDX_Ptr (34924440)
Push_EDX ()
Push (3)
Push (临时地址)
Push_EAX ()
Mov_EAX (9808992)
Call_EAX ()
Add_ESP (4)
Mov_ECX_EAX ()
Mov_EAX (9802400)
Call_EAX ()
Popad ()
ret ()
开始Virus (pid)
汇编远程执行 (取汇编代码 ())
结束Virus ()
卖物:
1b46898
技能无CD:
80 7D 0C 00 74 07 8B CE
00863582 - 75 33 - jne 008635B7
00863210 - 55 - push ebp
00833027 - E8 E4010300 - call 00863210
人物基址:1ab7cdc
秒杀与解密 关键位置:
00817699 6A 00 push 0x0
0081769B 57 push edi
0081769C 53 push ebx
0081769D 8BCE mov ecx,esi
0081769F FFD0 call eax
008176A1 5F pop edi
008176A2 5E pop esi
008176A3 8BC3 mov eax,ebx
008176A5 5B pop ebx
008176A6 8BE5 mov esp,ebp
页:
[1]