UC知道汇编 修改特征
来源:百度知道 编辑:UC知道 时间:2024/09/22 13:23:50
0047799F 8B85 5CFEFFFF MOV EAX,DWORD PTR SS:[EBP-1A4]
004779A5 BA AC264600 MOV EDX,4.004626AC
004779AA E8 B13AFAFF CALL 4.0041B460 特征码
004779AF 75 76 JNZ SHORT 4.00477A27
004779B1 A1 80BF4600 MOV EAX,DWORD PTR DS:[46BF80]
004779B6 8338 00 CMP DWORD PTR DS:[EAX],0
004779B9 74 0C JE SHORT 4.004779C7
004779BB A1 80BF4600 MOV EAX,DWORD PTR DS:[46BF80]
004779C0 8B00 MOV EAX,DWORD PTR DS:[EAX]
004779C2 E8 1181FBFF CALL 4.0042FAD8
004779C7 33C0 XOR EAX,EAX
004779C9 55 PUSH EBP
004779CA 68 6D134600 PUSH 4.0046136D
004779CF 64:FF30 PUSH DWORD PTR FS:[EAX]
004779D2 64:8920 MOV DWORD PTR FS:[EAX],ESP
004779D5 E8 AE2D0000 CALL 4.0047A788
004779DA 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
004779DD BA BC264600 MOV EDX,4.004626BC
004779E2 E8 F536FAFF CALL 4.0041B0DC
004779E7 33C0 XOR EAX,EAX
004779E9 5A POP EDX
004779EA 59 POP ECX
004779EB 59 POP ECX
004779EC 64:8910 M
004779A5 BA AC264600 MOV EDX,4.004626AC
004779AA E8 B13AFAFF CALL 4.0041B460 特征码
004779AF 75 76 JNZ SHORT 4.00477A27
004779B1 A1 80BF4600 MOV EAX,DWORD PTR DS:[46BF80]
004779B6 8338 00 CMP DWORD PTR DS:[EAX],0
004779B9 74 0C JE SHORT 4.004779C7
004779BB A1 80BF4600 MOV EAX,DWORD PTR DS:[46BF80]
004779C0 8B00 MOV EAX,DWORD PTR DS:[EAX]
004779C2 E8 1181FBFF CALL 4.0042FAD8
004779C7 33C0 XOR EAX,EAX
004779C9 55 PUSH EBP
004779CA 68 6D134600 PUSH 4.0046136D
004779CF 64:FF30 PUSH DWORD PTR FS:[EAX]
004779D2 64:8920 MOV DWORD PTR FS:[EAX],ESP
004779D5 E8 AE2D0000 CALL 4.0047A788
004779DA 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
004779DD BA BC264600 MOV EDX,4.004626BC
004779E2 E8 F536FAFF CALL 4.0041B0DC
004779E7 33C0 XOR EAX,EAX
004779E9 5A POP EDX
004779EA 59 POP ECX
004779EB 59 POP ECX
004779EC 64:8910 M
www.pediy.com上面有加壳工具,自己搞一下,加脱加脱的过程,特征码就变了。你这个call只能改动整体文件结构才行呢,4.0041B460这个位置要变的,所以简单调换位置会导致函数参数不正确,不能这样改的,反复加壳脱壳,可以改动文件结构4.0041B460这个地址就改了
把MOV那行NOP掉试试