汇编中的ARPL [EAX+EAX],ESI 10
在修改定位出来的特征码时遇到了00406502:63740000ARPL[EAX+EAX],ESI00406506:56PUSHESI00406507:697274756...
在修改定位出来的特征码时遇到了
00406502: 637400 00 ARPL [EAX+EAX],ESI
00406506: 56 PUSH ESI
00406507: 6972 74 75616C41 IMUL ESI,[EDX+74],416C6175
0040650E: 6C INS BYTE PTR ES:[EDI],DX
0040650F: 6C INS BYTE PTR ES:[EDI],DX
00406510: 6F OUTS DX,DWORD PTR ES:[EDI]
00406511: 6300 ARPL [EAX],EAX
00406513: 0056 69 ADD [ESI+69],DL
00406516: 72 74 JB SHORT 0040658C
00406518: 75 61 JNZ SHORT 0040657B
0040651A: 6C INS BYTE PTR ES:[EDI],DX
0040651B: 46 INC ESI
0040651C: 72 65 JB SHORT 00406583
0040651E: 65:0000 ADD GS:[EAX],AL
00406521: 0045 78 ADD [EBP+78],AL
00406524: 697450 72 6F636573 IMUL ESI,[EAX+EDX*2+72],7365636F
0040652C: 73 00 JNB SHORT 0040652E
0040652E: 0000 ADD [EAX],AL
00406530: 46 INC ESI
00406531: 72 65 JB SHORT 00406598
00406533: 65:53 PUSH EBX
00406535: 696400 00 00636170 IMUL ESP,[EAX+EAX],70616300
0040653D: 43 INC EBX
0040653E: 72 65 JB SHORT 004065A5
00406540: 61 POPAD
00406541: 74 65 JE SHORT 004065A8
00406543: 43 INC EBX
00406544: 61 POPAD
00406545: 70 74 JO SHORT 004065BB
00406547: 75 72 JNZ SHORT 004065BB
00406549: 65:57 PUSH EDI
0040654B: 696E 64 6F774100 IMUL EBP,[ESI+64],41776F
00406552: 0000 ADD [EAX],AL
00406554: 42 INC EDX
00406555: 697442 6C 74000057 IMUL ESI,[EDX+EAX*2+6C],57000074
0040655D: 4E DEC ESI
0040655E: 65:74 4F JE SHORT 004065B0
00406561: 70 65 JO SHORT 004065C8
00406563: 6E OUTS DX,BYTE PTR ES:[EDI] 展开
00406502: 637400 00 ARPL [EAX+EAX],ESI
00406506: 56 PUSH ESI
00406507: 6972 74 75616C41 IMUL ESI,[EDX+74],416C6175
0040650E: 6C INS BYTE PTR ES:[EDI],DX
0040650F: 6C INS BYTE PTR ES:[EDI],DX
00406510: 6F OUTS DX,DWORD PTR ES:[EDI]
00406511: 6300 ARPL [EAX],EAX
00406513: 0056 69 ADD [ESI+69],DL
00406516: 72 74 JB SHORT 0040658C
00406518: 75 61 JNZ SHORT 0040657B
0040651A: 6C INS BYTE PTR ES:[EDI],DX
0040651B: 46 INC ESI
0040651C: 72 65 JB SHORT 00406583
0040651E: 65:0000 ADD GS:[EAX],AL
00406521: 0045 78 ADD [EBP+78],AL
00406524: 697450 72 6F636573 IMUL ESI,[EAX+EDX*2+72],7365636F
0040652C: 73 00 JNB SHORT 0040652E
0040652E: 0000 ADD [EAX],AL
00406530: 46 INC ESI
00406531: 72 65 JB SHORT 00406598
00406533: 65:53 PUSH EBX
00406535: 696400 00 00636170 IMUL ESP,[EAX+EAX],70616300
0040653D: 43 INC EBX
0040653E: 72 65 JB SHORT 004065A5
00406540: 61 POPAD
00406541: 74 65 JE SHORT 004065A8
00406543: 43 INC EBX
00406544: 61 POPAD
00406545: 70 74 JO SHORT 004065BB
00406547: 75 72 JNZ SHORT 004065BB
00406549: 65:57 PUSH EDI
0040654B: 696E 64 6F774100 IMUL EBP,[ESI+64],41776F
00406552: 0000 ADD [EAX],AL
00406554: 42 INC EDX
00406555: 697442 6C 74000057 IMUL ESI,[EDX+EAX*2+6C],57000074
0040655D: 4E DEC ESI
0040655E: 65:74 4F JE SHORT 004065B0
00406561: 70 65 JO SHORT 004065C8
00406563: 6E OUTS DX,BYTE PTR ES:[EDI] 展开
1个回答
推荐律师服务:
若未解决您的问题,请您详细描述您的问题,通过百度律临进行免费专业咨询
