我是一个小菜鸟,大神们帮我看看,这是什么验证
本帖最后由 A512444969 于 2016-4-13 17:36 编辑软件在下面,万分感谢!!!(已重新脱壳上传){:6_209:}
00401000 .33C0 xor eax,eax
00401002 .C3 retn
00401003 90 nop
00401004/.55 push ebp
00401005|.8BEC mov ebp,esp
00401007|.8BE5 mov esp,ebp
00401009|.5D pop ebp ;kernel32.7C816037
0040100A\.C3 retn
0040100B/.55 push ebp
0040100C|.8BEC mov ebp,esp
0040100E|.81EC 08000000 sub esp,0x8
00401014 B8 A4904A00 mov eax,七日杀辅.004A90A4 ;失败
00401019|.8945 FC mov ,eax
0040101C|.8D45 FC lea eax,
0040101F|.50 push eax
00401020|.B8 A9904A00 mov eax,七日杀辅.004A90A9 ;67207731
00401025|.8945 F8 mov ,eax
00401028|.8D45 F8 lea eax,
0040102B|.50 push eax
0040102C|.E8 94000000 call 七日杀辅.004010C5
00401031|.8B5D F8 mov ebx, ;kernel32.7C816040
00401034|.85DB test ebx,ebx
00401036|.74 09 je short 七日杀辅.00401041
00401038|.53 push ebx
00401039|.E8 87A30000 call 七日杀辅.0040B3C5
0040103E|.83C4 04 add esp,0x4
00401041|>8B5D FC mov ebx,
00401044|.85DB test ebx,ebx
00401046|.74 09 je short 七日杀辅.00401051
00401048|.53 push ebx
00401049|.E8 77A30000 call 七日杀辅.0040B3C5
0040104E|.83C4 04 add esp,0x4
00401051|>E8 F2060000 call 七日杀辅.00401748
00401056|.8BE5 mov esp,ebp
00401058|.5D pop ebp ;kernel32.7C816037
00401059 C3 retn
0040105A/$85DB test ebx,ebx
0040105C|.75 03 jnz short 七日杀辅.00401061
0040105E|.33C0 xor eax,eax
00401060|.C3 retn
00401061|>8BCB mov ecx,ebx
00401063|.F7C1 03000000 test ecx,0x3
00401069|.74 0F je short 七日杀辅.0040107A
0040106B|>8A01 /mov al,byte ptr ds:
0040106D|.41 |inc ecx
0040106E|.84C0 |test al,al
00401070|.74 3B |je short 七日杀辅.004010AD
00401072|.F7C1 03000000 |test ecx,0x3
00401078|.^ 75 F1 \jnz short 七日杀辅.0040106B
0040107A|>8B01 /mov eax,dword ptr ds: ;ntdll.7C92DCBA
0040107C|.BA FFFEFE7E |mov edx,0x7EFEFEFF
00401081|.03D0 |add edx,eax
00401083|.83F0 FF |xor eax,-0x1
00401086|.33C2 |xor eax,edx ;ntdll.KiFastSystemCallRet
00401088|.83C1 04 |add ecx,0x4
0040108B|.A9 00010181 |test eax,0x81010100
00401090|.^ 74 E8 |je short 七日杀辅.0040107A
00401092|.8B41 FC |mov eax,dword ptr ds:
00401095|.84C0 |test al,al
00401097|.74 26 |je short 七日杀辅.004010BF
00401099|.84E4 |test ah,ah
0040109B|.74 1C |je short 七日杀辅.004010B9
0040109D|.A9 0000FF00 |test eax,0xFF0000
004010A2|.74 0F |je short 七日杀辅.004010B3
004010A4|.A9 000000FF |test eax,0xFF000000
004010A9|.74 02 |je short 七日杀辅.004010AD
004010AB|.^ EB CD \jmp short 七日杀辅.0040107A
004010AD|>8D41 FF lea eax,dword ptr ds:
004010B0|.2BC3 sub eax,ebx
004010B2|.C3 retn
004010B3|>8D41 FE lea eax,dword ptr ds:
004010B6|.2BC3 sub eax,ebx
004010B8|.C3 retn
004010B9|>8D41 FD lea eax,dword ptr ds:
004010BC|.2BC3 sub eax,ebx
004010BE|.C3 retn
004010BF|>8D41 FC lea eax,dword ptr ds:
004010C2|.2BC3 sub eax,ebx
004010C4\.C3 retn
004010C5 $55 push ebp
004010C6 .8BEC mov ebp,esp
004010C8 .81EC 0C000000 sub esp,0xC
004010CE B8 B2904A00 mov eax,七日杀辅.004A90B2 ;QQ.exe
004010D3 .8945 FC mov dword ptr ss:,eax
004010D6 .8D45 FC lea eax,dword ptr ss:
004010D9 .50 push eax
004010DA .E8 EF010000 call 七日杀辅.004012CE
004010DF .8945 F8 mov dword ptr ss:,eax
004010E2 .8B5D FC mov ebx,dword ptr ss:
004010E5 .85DB test ebx,ebx
004010E7 74 09 je short 七日杀辅.004010F2
004010E9 .53 push ebx
004010EA .E8 D6A20000 call 七日杀辅.0040B3C5
004010EF .83C4 04 add esp,0x4
004010F2 >837D F8 00 cmp dword ptr ss:,0x0
004010F6 0F85 54000000 jnz 七日杀辅.00401150
004010FC .68 04000080 push 0x80000004
00401101 .6A 00 push 0x0
00401103 .68 B9904A00 push 七日杀辅.004A90B9 ;验证失败
00401108 .68 01030080 push 0x80000301
0040110D .6A 00 push 0x0
0040110F .68 00000000 push 0x0
00401114 .68 04000080 push 0x80000004
00401119 .6A 00 push 0x0
0040111B .8B5D 0C mov ebx,dword ptr ss:
0040111E .8B03 mov eax,dword ptr ds:
00401120 .85C0 test eax,eax
00401122 .75 05 jnz short 七日杀辅.00401129
00401124 .B8 C2904A00 mov eax,七日杀辅.004A90C2 ;ā
00401129 >50 push eax
0040112A .68 03000000 push 0x3
0040112F .BB 10CC4000 mov ebx,七日杀辅.0040CC10
00401134 .E8 80A20000 call 七日杀辅.0040B3B9
00401139 .83C4 28 add esp,0x28
0040113C .6A 00 push 0x0
0040113E .E8 94A20000 call 七日杀辅.0040B3D7
00401143 .83C4 04 add esp,0x4
00401146 .B8 00000000 mov eax,0x0
0040114B .E9 DB000000 jmp 七日杀辅.0040122B
00401150 >8B5D 08 mov ebx,dword ptr ss: ;七日杀辅.<ModuleEntryPoint>
00401153 .8B03 mov eax,dword ptr ds:
00401155 .85C0 test eax,eax
00401157 .74 15 je short 七日杀辅.0040116E
00401159 .50 push eax
0040115A .8BD8 mov ebx,eax
0040115C .E8 F9FEFFFF call 七日杀辅.0040105A
00401161 .40 inc eax
00401162 .50 push eax
00401163 .E8 57A20000 call 七日杀辅.0040B3BF
00401168 .59 pop ecx ;kernel32.7C816037
00401169 .5E pop esi ;kernel32.7C816037
0040116A .8BF8 mov edi,eax
0040116C .F3:A4 rep movs byte ptr es:,byte ptr ds:[>
0040116E >50 push eax
0040116F .8B1D 9075EC00 mov ebx,dword ptr ds:
00401175 .85DB test ebx,ebx
00401177 .74 09 je short 七日杀辅.00401182
00401179 .53 push ebx
0040117A .E8 46A20000 call 七日杀辅.0040B3C5
0040117F .83C4 04 add esp,0x4
00401182 >58 pop eax ;kernel32.7C816037
00401183 .A3 9075EC00 mov dword ptr ds:,eax
00401188 .68 02000080 push 0x80000002
0040118D .6A 00 push 0x0
0040118F .68 01000000 push 0x1
00401194 .6A 00 push 0x0
00401196 .6A 00 push 0x0
00401198 .6A 00 push 0x0
0040119A .68 01000100 push 0x10001
0040119F .68 63700106 push 0x6017063
004011A4 .68 EA6E0152 push 0x52016EEA
004011A9 .68 03000000 push 0x3
004011AE .BB 90B84000 mov ebx,七日杀辅.0040B890
004011B3 .E8 01A20000 call 七日杀辅.0040B3B9
004011B8 .83C4 28 add esp,0x28
004011BB .833D 9475EC00>cmp dword ptr ds:,0x1
004011C2 .0F85 0F000000 jnz 七日杀辅.004011D7
004011C8 .B8 01000000 mov eax,0x1
004011CD .E9 59000000 jmp 七日杀辅.0040122B
004011D2 .E9 54000000 jmp 七日杀辅.0040122B
004011D7 >68 04000080 push 0x80000004
004011DC .6A 00 push 0x0
004011DE .68 B9904A00 push 七日杀辅.004A90B9 ;验证失败
004011E3 .68 01030080 push 0x80000301
004011E8 .6A 00 push 0x0
004011EA .68 00000000 push 0x0
004011EF .68 04000080 push 0x80000004
004011F4 .6A 00 push 0x0
004011F6 .8B5D 0C mov ebx,dword ptr ss:
004011F9 .8B03 mov eax,dword ptr ds:
004011FB .85C0 test eax,eax
004011FD .75 05 jnz short 七日杀辅.00401204
004011FF .B8 C2904A00 mov eax,七日杀辅.004A90C2 ;ā
00401204 >50 push eax
00401205 .68 03000000 push 0x3
0040120A .BB 10CC4000 mov ebx,七日杀辅.0040CC10
0040120F .E8 A5A10000 call 七日杀辅.0040B3B9
00401214 .83C4 28 add esp,0x28
00401217 .6A 00 push 0x0
00401219 .E8 B9A10000 call 七日杀辅.0040B3D7
0040121E .83C4 04 add esp,0x4
00401221 .B8 01000000 mov eax,0x1
00401226 .E9 00000000 jmp 七日杀辅.0040122B
0040122B >8BE5 mov esp,ebp
0040122D .5D pop ebp ;kernel32.7C816037
0040122E .C2 0800 retn 0x8
查毒链接:
http://r.virscan.org/report/6f7c89d5a8ddb20fb508fd1a8be2f863
本帖最后由 酒醒黄昏 于 2016-4-13 18:24 编辑
004010F6 jmp
004011C2 nop
QQ验证有没有公共没有测试 就改两处就行了。
===============================================
我刚才有看了一下软件检测你有没有安装QQ没有安装QQ的则打开提示失败 安装QQ则不提示失败但是提示验证失败 所以总的来讲吧就Nop一个也是可以的哈哈哈简单吧
有时间的话晚上给你录个视频吧。。
两种方式。。虚拟机测试 bigharvest 发表于 2016-4-13 18:01
有时间的话晚上给你录个视频吧。。
两种方式。。虚拟机测试
十分感谢!正在慢慢学习{:6_224:} 酒醒黄昏 发表于 2016-4-13 18:20
004010F6 jmp
004011C2 nop
这个我会,但是没装qq的话依然打不开,我虚拟机上没qq,我想达到的效果是没装qq它能跳过失败,还是谢谢你呀 004010F6 jmp这个就是跳过没有装QQ的失败 提示
004011C2 nop这个就是跳过验证失败
就这把 酒醒黄昏 发表于 2016-4-13 18:35
004010F6 jmp这个就是跳过没有装QQ的失败 提示
004011C2 nop这个就是跳过验 ...
谢谢啊!我才刚学,有一点没想到{:6_209:}
页:
[1]