vc6程序,默认保护。
ZProtect v1.3.0.0
0041EAFF > /78 16 JS SHORT 0041EB17
0041EB01 |79 14 JNS SHORT 0041EB17
0041EB17 E8 02000000 CALL 0041EB1E
0041EB1C ^ 73 C5 JNB SHORT 0041EAE3
0041EB1E 870424 XCHG DWORD PTR SS:[ESP],EAX
0041EB21 8D80 0DFBFFFF LEA EAX,DWORD PTR DS:[EAX-4F3]
0041EB27 870424 XCHG DWORD PTR SS:[ESP],EAX
0041EB2A ^ E9 FAFAFFFF JMP 0041E629
0041E629 60 PUSHAD
0041E62A E9 C7030000 JMP 0041E9F6
ZProtect v1.4.0.0 Professional
0041E50F > E8 02000000 CALL 0041E516
0041E514 6E OUTS DX,BYTE PTR ES:[EDI]
0041E515 2F DAS
0041E516 870C24 XCHG DWORD PTR SS:[ESP],ECX
0041E519 8D89 24060000 LEA ECX,DWORD PTR DS:[ECX+624]
0041E51F 870C24 XCHG DWORD PTR SS:[ESP],ECX
0041E522 E9 D0040000 JMP 0041E9F7
0041E9F7 83C4 04 ADD ESP,4
0041E9FA ^ E9 44FDFFFF JMP 0041E743
ZProtect v1.4.9.0
0041F2E3 > E8 02000000 CALL 0041F2EA
0041F2E8 3870 87 CMP BYTE PTR DS:[EAX-79],DH
0041F2EB 3C 24 CMP AL,24
0041F2ED 8DBF 11040000 LEA EDI,DWORD PTR DS:[EDI+411]
0041F2F3 873C24 XCHG DWORD PTR SS:[ESP],EDI
0041F2F6 E9 FE030000 JMP 0041F6F9
0041F6F9 60 PUSHAD
0041F6FA ^ E9 86FBFFFF JMP 0041F285
ZProtect v1.6.0.0
0041F307 > 68 14F34100 PUSH 0041F314
0041F30C 68 22F34100 PUSH 0041F322 ; ASCII "`h*驛"
0041F311 C3 RETN
0041F322 60 PUSHAD
0041F323 68 2AF34100 PUSH 0041F32A ; ASCII "Th2驛"
0041F328 C3 RETN
最方便的是直接用peid Zprotect 版本识别插件(frozenrain),下载地址:
已经有(0)位网友发表了评论,你也评一评吧!
原创文章如转载,请注明:转载自Eddy Blog
原文地址:http://www.rrgod.com/decryption/645.html 欢迎订阅Eddy Blog。