UC知道汇编 OD 免杀 特征码
来源:百度知道 编辑:UC知道 时间:2024/09/23 22:34:58
有汇编高手吗?就一个问题~~求解谢谢
004A61B4 00 DB 00
004A61B5 0000 ADD BYTE PTR DS:[EAX],AL
004A61B7 0040 5D ADD BYTE PTR DS:[EAX+5D],AL
004A61BA 4A DEC EDX
004A61BB 0055 8B ADD BYTE PTR SS:[EBP-75],DL
004A61BE ? EC IN AL,DX ; I/O 命令
004A61BF . B9 04000000 MOV ECX,4
004A61C4 > 6A 00 PUSH 0
004A61C6 . 6A 00 PUSH 0
004A61C8 . 49 DEC ECX
004A61C9 .^ 75 F9 JNZ SHORT a9.004A61C4
004A61CB . 51 PUSH ECX
004A61CC . 53 PUSH EBX
004A61CD . 56 PUSH ESI
004A61CE . 57 PUSH EDI
004A61CF B8 745D4A00 MOV EAX,a9.004A5D74
004A61D4 E8 7B09F6FF CALL a9.00406B54
004A61D9 33C0 XOR EAX,EAX
004A61DB > 55 PUSH EBP
004A61DC . 68 79644A00 PUSH a9.004A6479
004A61B4 00 DB 00
004A61B5 0000 ADD BYTE PTR DS:[EAX],AL
004A61B7 0040 5D ADD BYTE PTR DS:[EAX+5D],AL
004A61BA 4A DEC EDX
004A61BB 0055 8B ADD BYTE PTR SS:[EBP-75],DL
004A61BE ? EC IN AL,DX ; I/O 命令
004A61BF . B9 04000000 MOV ECX,4
004A61C4 > 6A 00 PUSH 0
004A61C6 . 6A 00 PUSH 0
004A61C8 . 49 DEC ECX
004A61C9 .^ 75 F9 JNZ SHORT a9.004A61C4
004A61CB . 51 PUSH ECX
004A61CC . 53 PUSH EBX
004A61CD . 56 PUSH ESI
004A61CE . 57 PUSH EDI
004A61CF B8 745D4A00 MOV EAX,a9.004A5D74
004A61D4 E8 7B09F6FF CALL a9.00406B54
004A61D9 33C0 XOR EAX,EAX
004A61DB > 55 PUSH EBP
004A61DC . 68 79644A00 PUSH a9.004A6479
试着改前面的,不一定要改特征码这地方
比如说这几句
004A61CB . 51 PUSH ECX
004A61CC . 53 PUSH EBX
004A61CD . 56 PUSH ESI
004A61CE . 57 PUSH EDI
换一下位置
如果要改特征码那地方,把xor eax,eax
改成这样看可以不push eax,0