我是一个小菜鸟，大神们帮我看看，这是什么验证

A512444969 · 发表于 2016-4-13 17:13

本帖最后由 A512444969 于 2016-4-13 17:36 编辑

软件在下面，万分感谢！！！（已重新脱壳上传）

00401000 .  33C0       xor eax,eax
00401002 .  C3          retn
00401003    90          nop
00401004  /.  55          push ebp
00401005  |.  8BEC       mov ebp,esp
00401007  |.  8BE5       mov esp,ebp
00401009  |.  5D          pop ebp                               ;  kernel32.7C816037
0040100A  \.  C3          retn
0040100B  /.  55          push ebp
0040100C  |.  8BEC       mov ebp,esp
0040100E  |.  81EC 08000000 sub esp,0x8
00401014    B8 A4904A00 mov eax,七日杀辅.004A90A4                   ;  失败
00401019  |.  8945 FC    mov [local.1],eax
0040101C  |.  8D45 FC    lea eax,[local.1]
0040101F  |.  50          push eax
00401020  |.  B8 A9904A00 mov eax,七日杀辅.004A90A9                   ;  67207731
00401025  |.  8945 F8    mov [local.2],eax
00401028  |.  8D45 F8    lea eax,[local.2]
0040102B  |.  50          push eax
0040102C  |.  E8 94000000 call 七日杀辅.004010C5
00401031  |.  8B5D F8    mov ebx,[local.2]                      ;  kernel32.7C816040
00401034  |.  85DB       test ebx,ebx
00401036  |.  74 09       je short 七日杀辅.00401041
00401038  |.  53          push ebx
00401039  |.  E8 87A30000 call 七日杀辅.0040B3C5
0040103E  |.  83C4 04    add esp,0x4
00401041  |>  8B5D FC    mov ebx,[local.1]
00401044  |.  85DB       test ebx,ebx
00401046  |.  74 09       je short 七日杀辅.00401051
00401048  |.  53          push ebx
00401049  |.  E8 77A30000 call 七日杀辅.0040B3C5
0040104E  |.  83C4 04    add esp,0x4
00401051  |>  E8 F2060000 call 七日杀辅.00401748
00401056  |.  8BE5       mov esp,ebp
00401058  |.  5D          pop ebp                               ;  kernel32.7C816037
00401059    C3          retn
0040105A  /$  85DB       test ebx,ebx
0040105C  |.  75 03       jnz short 七日杀辅.00401061
0040105E  |.  33C0       xor eax,eax
00401060  |.  C3          retn
00401061  |>  8BCB       mov ecx,ebx
00401063  |.  F7C1 03000000 test ecx,0x3
00401069  |.  74 0F       je short 七日杀辅.0040107A
0040106B  |>  8A01       /mov al,byte ptr ds:[ecx]
0040106D  |.  41          |inc ecx
0040106E  |.  84C0       |test al,al
00401070  |.  74 3B       |je short 七日杀辅.004010AD
00401072  |.  F7C1 03000000 |test ecx,0x3
00401078  |.^ 75 F1       \jnz short 七日杀辅.0040106B
0040107A  |>  8B01       /mov eax,dword ptr ds:[ecx]             ;  ntdll.7C92DCBA
0040107C  |.  BA FFFEFE7E |mov edx,0x7EFEFEFF
00401081  |.  03D0       |add edx,eax
00401083  |.  83F0 FF    |xor eax,-0x1
00401086  |.  33C2       |xor eax,edx                            ;  ntdll.KiFastSystemCallRet
00401088  |.  83C1 04    |add ecx,0x4
0040108B  |.  A9 00010181 |test eax,0x81010100
00401090  |.^ 74 E8       |je short 七日杀辅.0040107A
00401092  |.  8B41 FC    |mov eax,dword ptr ds:[ecx-0x4]
00401095  |.  84C0       |test al,al
00401097  |.  74 26       |je short 七日杀辅.004010BF
00401099  |.  84E4       |test ah,ah
0040109B  |.  74 1C       |je short 七日杀辅.004010B9
0040109D  |.  A9 0000FF00 |test eax,0xFF0000
004010A2  |.  74 0F       |je short 七日杀辅.004010B3
004010A4  |.  A9 000000FF |test eax,0xFF000000
004010A9  |.  74 02       |je short 七日杀辅.004010AD
004010AB  |.^ EB CD       \jmp short 七日杀辅.0040107A
004010AD  |>  8D41 FF    lea eax,dword ptr ds:[ecx-0x1]
004010B0  |.  2BC3       sub eax,ebx
004010B2  |.  C3          retn
004010B3  |>  8D41 FE    lea eax,dword ptr ds:[ecx-0x2]
004010B6  |.  2BC3       sub eax,ebx
004010B8  |.  C3          retn
004010B9  |>  8D41 FD    lea eax,dword ptr ds:[ecx-0x3]
004010BC  |.  2BC3       sub eax,ebx
004010BE  |.  C3          retn
004010BF  |>  8D41 FC    lea eax,dword ptr ds:[ecx-0x4]
004010C2  |.  2BC3       sub eax,ebx
004010C4  \.  C3          retn
004010C5 $  55          push ebp
004010C6 .  8BEC       mov ebp,esp
004010C8 .  81EC 0C000000 sub esp,0xC
004010CE    B8 B2904A00 mov eax,七日杀辅.004A90B2                   ;  QQ.exe
004010D3 .  8945 FC    mov dword ptr ss:[ebp-0x4],eax
004010D6 .  8D45 FC    lea eax,dword ptr ss:[ebp-0x4]
004010D9 .  50          push eax
004010DA .  E8 EF010000 call 七日杀辅.004012CE
004010DF .  8945 F8    mov dword ptr ss:[ebp-0x8],eax
004010E2 .  8B5D FC    mov ebx,dword ptr ss:[ebp-0x4]
004010E5 .  85DB       test ebx,ebx
004010E7    74 09       je short 七日杀辅.004010F2
004010E9 .  53          push ebx
004010EA .  E8 D6A20000 call 七日杀辅.0040B3C5
004010EF .  83C4 04    add esp,0x4
004010F2 >  837D F8 00 cmp dword ptr ss:[ebp-0x8],0x0
004010F6    0F85 54000000 jnz 七日杀辅.00401150
004010FC .  68 04000080 push 0x80000004
00401101 .  6A 00       push 0x0
00401103 .  68 B9904A00 push 七日杀辅.004A90B9                      ;  验证失败
00401108 .  68 01030080 push 0x80000301
0040110D .  6A 00       push 0x0
0040110F .  68 00000000 push 0x0
00401114 .  68 04000080 push 0x80000004
00401119 .  6A 00       push 0x0
0040111B .  8B5D 0C    mov ebx,dword ptr ss:[ebp+0xC]
0040111E .  8B03       mov eax,dword ptr ds:[ebx]
00401120 .  85C0       test eax,eax
00401122 .  75 05       jnz short 七日杀辅.00401129
00401124 .  B8 C2904A00 mov eax,七日杀辅.004A90C2                   ;  ā
00401129 >  50          push eax
0040112A .  68 03000000 push 0x3
0040112F .  BB 10CC4000 mov ebx,七日杀辅.0040CC10
00401134 .  E8 80A20000 call 七日杀辅.0040B3B9
00401139 .  83C4 28    add esp,0x28
0040113C .  6A 00       push 0x0
0040113E .  E8 94A20000 call 七日杀辅.0040B3D7
00401143 .  83C4 04    add esp,0x4
00401146 .  B8 00000000 mov eax,0x0
0040114B .  E9 DB000000 jmp 七日杀辅.0040122B
00401150 >  8B5D 08    mov ebx,dword ptr ss:[ebp+0x8]          ;  七日杀辅.<ModuleEntryPoint>
00401153 .  8B03       mov eax,dword ptr ds:[ebx]
00401155 .  85C0       test eax,eax
00401157 .  74 15       je short 七日杀辅.0040116E
00401159 .  50          push eax
0040115A .  8BD8       mov ebx,eax
0040115C .  E8 F9FEFFFF call 七日杀辅.0040105A
00401161 .  40          inc eax
00401162 .  50          push eax
00401163 .  E8 57A20000 call 七日杀辅.0040B3BF
00401168 .  59          pop ecx                               ;  kernel32.7C816037
00401169 .  5E          pop esi                               ;  kernel32.7C816037
0040116A .  8BF8       mov edi,eax
0040116C .  F3:A4       rep movs byte ptr es:[edi],byte ptr ds:[>
0040116E >  50          push eax
0040116F .  8B1D 9075EC00 mov ebx,dword ptr ds:[0xEC7590]
00401175 .  85DB       test ebx,ebx
00401177 .  74 09       je short 七日杀辅.00401182
00401179 .  53          push ebx
0040117A .  E8 46A20000 call 七日杀辅.0040B3C5
0040117F .  83C4 04    add esp,0x4
00401182 >  58          pop eax                               ;  kernel32.7C816037
00401183 .  A3 9075EC00 mov dword ptr ds:[0xEC7590],eax
00401188 .  68 02000080 push 0x80000002
0040118D .  6A 00       push 0x0
0040118F .  68 01000000 push 0x1
00401194 .  6A 00       push 0x0
00401196 .  6A 00       push 0x0
00401198 .  6A 00       push 0x0
0040119A .  68 01000100 push 0x10001
0040119F .  68 63700106 push 0x6017063
004011A4 .  68 EA6E0152 push 0x52016EEA
004011A9 .  68 03000000 push 0x3
004011AE .  BB 90B84000 mov ebx,七日杀辅.0040B890
004011B3 .  E8 01A20000 call 七日杀辅.0040B3B9
004011B8 .  83C4 28    add esp,0x28
004011BB .  833D 9475EC00>cmp dword ptr ds:[0xEC7594],0x1
004011C2 .  0F85 0F000000 jnz 七日杀辅.004011D7
004011C8 .  B8 01000000 mov eax,0x1
004011CD .  E9 59000000 jmp 七日杀辅.0040122B
004011D2 .  E9 54000000 jmp 七日杀辅.0040122B
004011D7 >  68 04000080 push 0x80000004
004011DC .  6A 00       push 0x0
004011DE .  68 B9904A00 push 七日杀辅.004A90B9                      ;  验证失败
004011E3 .  68 01030080 push 0x80000301
004011E8 .  6A 00       push 0x0
004011EA .  68 00000000 push 0x0
004011EF .  68 04000080 push 0x80000004
004011F4 .  6A 00       push 0x0
004011F6 .  8B5D 0C    mov ebx,dword ptr ss:[ebp+0xC]
004011F9 .  8B03       mov eax,dword ptr ds:[ebx]
004011FB .  85C0       test eax,eax
004011FD .  75 05       jnz short 七日杀辅.00401204
004011FF .  B8 C2904A00 mov eax,七日杀辅.004A90C2                   ;  ā
00401204 >  50          push eax
00401205 .  68 03000000 push 0x3
0040120A .  BB 10CC4000 mov ebx,七日杀辅.0040CC10
0040120F .  E8 A5A10000 call 七日杀辅.0040B3B9
00401214 .  83C4 28    add esp,0x28
00401217 .  6A 00       push 0x0
00401219 .  E8 B9A10000 call 七日杀辅.0040B3D7
0040121E .  83C4 04    add esp,0x4
00401221 .  B8 01000000 mov eax,0x1
00401226 .  E9 00000000 jmp 七日杀辅.0040122B
0040122B >  8BE5       mov esp,ebp
0040122D .  5D          pop ebp                               ;  kernel32.7C816037
0040122E .  C2 0800    retn 0x8
查毒链接：
http://r.virscan.org/report/6f7c89d5a8ddb20fb508fd1a8be2f863

酒醒黄昏 · 发表于 2016-4-13 17:13

最佳答案本应属于楼主私有，因此限制查看

您还有0次查看次数，点此查看答案

点此购买查看次数
也可以兑换VIP特权或加入解密专家，每日可免费查看5次最佳答案！

bigharvest · 发表于 2016-4-13 18:01

有时间的话晚上给你录个视频吧。。
两种方式。。虚拟机测试

A512444969 · 发表于 2016-4-13 18:06

bigharvest 发表于 2016-4-13 18:01
有时间的话晚上给你录个视频吧。。
两种方式。。虚拟机测试

十分感谢！正在慢慢学习

A512444969 · 发表于 2016-4-13 18:33

酒醒黄昏发表于 2016-4-13 18:20
004010F6 jmp
004011C2 nop

这个我会，但是没装qq的话依然打不开，我虚拟机上没qq，我想达到的效果是没装qq它能跳过失败，还是谢谢你呀

酒醒黄昏 · 发表于 2016-4-13 18:35

004010F6 jmp 这个就是跳过没有装QQ的失败提示
004011C2 nop 这个就是跳过验证失败
就这把

A512444969 · 发表于 2016-4-13 18:43

酒醒黄昏发表于 2016-4-13 18:35
004010F6 jmp 这个就是跳过没有装QQ的失败提示
004011C2 nop 这个就是跳过验 ...

谢谢啊！我才刚学，有一点没想到

		自动登录	找回密码
密码			立即注册