最近在研究vmp, 花了2天时间写了个vmp3.x Jcc爆破插件[Asm] 纯文本查看 复制代码
004010A9 /. 55 push ebp
004010AA |. 8BEC mov ebp,esp
004010AC |. 81EC 08000000 sub esp,0x8
004010B2 |. 6A FF push -0x1
004010B4 |. 6A 08 push 0x8
004010B6 |. 68 06000116 push 0x16010006
004010BB |. 68 01000152 push 0x52010001
004010C0 |. E8 CF000000 call 无壳.00401194
004010C5 |. 83C4 10 add esp,0x10
004010C8 |. 8945 FC mov [local.1],eax ; kernel32.BaseThreadInitThunk
004010CB |. 68 FC084800 push 无壳.004808FC ; ASCII "123"
004010D0 |. FF75 FC push [local.1]
004010D3 |. E8 2CFFFFFF call 无壳.00401004
004010D8 |. 83C4 08 add esp,0x8
004010DB |. 83F8 00 cmp eax,0x0
004010DE |. B8 00000000 mov eax,0x0
004010E3 |. 0f94c0 sete al
004010E6 |. 8945 F8 mov [local.2],eax ; kernel32.BaseThreadInitThunk
004010E9 |. 8B5D FC mov ebx,[local.1]
004010EC |. 85DB test ebx,ebx
004010EE |. 74 09 je short 无壳.004010F9
004010F0 |. 53 push ebx
004010F1 |. E8 98000000 call 无壳.0040118E
004010F6 |. 83C4 04 add esp,0x4
004010F9 |> 837D F8 00 cmp [local.2],
支付4UD,阅读全文
还有更多的精彩内容,作者设置为付费后可见
滇ICP备2022002049号-2 
滇公网安备 53032102000034号)
