ZProtect不同版本的入口特征代码

Eddy 发布于2010-11-10 13:37:35 分类: 加密解密 已浏览loading 网友评论0条 我要评论

vc6程序,默认保护。

ZProtect v1.3.0.0
0041EAFF > /78 16           JS SHORT 0041EB17
0041EB01   |79 14           JNS SHORT 0041EB17

0041EB17    E8 02000000     CALL 0041EB1E
0041EB1C  ^ 73 C5           JNB SHORT 0041EAE3
0041EB1E    870424          XCHG DWORD PTR SS:[ESP],EAX
0041EB21    8D80 0DFBFFFF   LEA EAX,DWORD PTR DS:[EAX-4F3]
0041EB27    870424          XCHG DWORD PTR SS:[ESP],EAX
0041EB2A  ^ E9 FAFAFFFF     JMP 0041E629

0041E629    60              PUSHAD
0041E62A    E9 C7030000     JMP 0041E9F6

ZProtect v1.4.0.0 Professional
0041E50F >  E8 02000000     CALL 0041E516
0041E514    6E              OUTS DX,BYTE PTR ES:[EDI]
0041E515    2F              DAS
0041E516    870C24          XCHG DWORD PTR SS:[ESP],ECX
0041E519    8D89 24060000   LEA ECX,DWORD PTR DS:[ECX+624]
0041E51F    870C24          XCHG DWORD PTR SS:[ESP],ECX
0041E522    E9 D0040000     JMP 0041E9F7

0041E9F7    83C4 04         ADD ESP,4
0041E9FA  ^ E9 44FDFFFF     JMP 0041E743


ZProtect v1.4.9.0
0041F2E3 >  E8 02000000     CALL 0041F2EA
0041F2E8    3870 87         CMP BYTE PTR DS:[EAX-79],DH
0041F2EB    3C 24           CMP AL,24
0041F2ED    8DBF 11040000   LEA EDI,DWORD PTR DS:[EDI+411]
0041F2F3    873C24          XCHG DWORD PTR SS:[ESP],EDI
0041F2F6    E9 FE030000     JMP 0041F6F9

0041F6F9    60              PUSHAD
0041F6FA  ^ E9 86FBFFFF     JMP 0041F285

ZProtect v1.6.0.0
0041F307 >  68 14F34100     PUSH 0041F314
0041F30C    68 22F34100     PUSH 0041F322                            ; ASCII "`h*驛"
0041F311    C3              RETN

0041F322    60              PUSHAD
0041F323    68 2AF34100     PUSH 0041F32A                            ; ASCII "Th2驛"
0041F328    C3              RETN

最方便的是直接用peid Zprotect 版本识别插件(frozenrain),下载地址:

[peid Zprotect 版本识别插件]

已经有(0)位网友发表了评论,你也评一评吧!
原创文章如转载,请注明:转载自Eddy Blog
原文地址:http://www.rrgod.com/decryption/645.html     欢迎订阅Eddy Blog

记住我的信息,下次不用再输入 欢迎给Eddy Blog留言