这个东西对资源处理太棒了.正在还原它的源代码...
请问IDA怎么自定义常量?还有assume什么的?
这里是部分源码,也许脱壳有用吧...
都弄好以后会发布带资源的Full Source包:D
代码:--------------------------------------------------------------------------------
; [COLLAPSED ENUM MACRO_WM. PRESS KEYPAD "+" TO EXPAND]
; [COLLAPSED ENUM MACRO_IMAGE_ORDINAL_FLAG. PRESS KEYPAD "+" TO EXPAND]
; [COLLAPSED ENUM MACRO_IMAGE_ORDINAL. PRESS KEYPAD "+" TO EXPAND]
; [COLLAPSED ENUM MACRO_WM. PRESS KEYPAD "+" TO EXPAND]
; [COLLAPSED ENUM MACRO_IMAGE_ORDINAL_FLAG. PRESS KEYPAD "+" TO EXPAND]
; [COLLAPSED ENUM MACRO_IMAGE_ORDINAL. PRESS KEYPAD "+" TO EXPAND]
;
; ※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※
; ※ This file is generated by The Interactive Disassembler (IDA) ※
; ※ Copyright (c) 2003 by DataRescue sa/nv, <ida@datarescue.com> ※
; ※ [iNTERNAL RELEASE] ※
; ※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※
;
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
; File Name : E:/Documents and Settings/Star/桌面/pcsnk071/PCSHRINK.EXE.unpacked_.exe
; Format : Portable executable for IBM PC (PE)
; Section 1. (virtual address 00001000)
; Virtual size : 00004000 ( 16384.)
; Section size in file : 00004000 ( 16384.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : 16 bytes ?
model flat
; 屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
pcs1 segment para public 'CODE' use32
assume cs:pcs1
;org 401000h
assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
call GetProcessHeap
mov ds:hHeap, eax
call GetCommandLineA
or eax, eax
jz short start
xchg eax, esi
loc_401014: ; CODE XREF: pcs1:00401035j
cmp byte ptr [esi], 0
jz short start
shl eax, 8
lodsb
cmp eax, 72696E6Bh
jnz short loc_401029
cmp byte ptr [esi], 2Eh
jnz short loc_401037
loc_401029: ; CODE XREF: pcs1:00401022j
cmp eax, 2E657865h
jz short loc_401037
cmp eax, 2E455845h
jnz short loc_401014
loc_401037: ; CODE XREF: pcs1:00401027j
; pcs1:0040102Ej ...
lodsb
cmp al, 20h
jz short loc_401037
cmp al, 22h
jz short loc_401037
dec esi
push esi
push offset szBuffer
call lstrcpy
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
public start
start proc near ; CODE XREF: pcs1:00401011j
; pcs1:004010
请问IDA怎么自定义常量?还有assume什么的?
这里是部分源码,也许脱壳有用吧...
都弄好以后会发布带资源的Full Source包:D
代码:--------------------------------------------------------------------------------
; [COLLAPSED ENUM MACRO_WM. PRESS KEYPAD "+" TO EXPAND]
; [COLLAPSED ENUM MACRO_IMAGE_ORDINAL_FLAG. PRESS KEYPAD "+" TO EXPAND]
; [COLLAPSED ENUM MACRO_IMAGE_ORDINAL. PRESS KEYPAD "+" TO EXPAND]
; [COLLAPSED ENUM MACRO_WM. PRESS KEYPAD "+" TO EXPAND]
; [COLLAPSED ENUM MACRO_IMAGE_ORDINAL_FLAG. PRESS KEYPAD "+" TO EXPAND]
; [COLLAPSED ENUM MACRO_IMAGE_ORDINAL. PRESS KEYPAD "+" TO EXPAND]
;
; ※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※
; ※ This file is generated by The Interactive Disassembler (IDA) ※
; ※ Copyright (c) 2003 by DataRescue sa/nv, <ida@datarescue.com> ※
; ※ [iNTERNAL RELEASE] ※
; ※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※
;
; ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
; File Name : E:/Documents and Settings/Star/桌面/pcsnk071/PCSHRINK.EXE.unpacked_.exe
; Format : Portable executable for IBM PC (PE)
; Section 1. (virtual address 00001000)
; Virtual size : 00004000 ( 16384.)
; Section size in file : 00004000 ( 16384.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : 16 bytes ?
model flat
; 屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
pcs1 segment para public 'CODE' use32
assume cs:pcs1
;org 401000h
assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
call GetProcessHeap
mov ds:hHeap, eax
call GetCommandLineA
or eax, eax
jz short start
xchg eax, esi
loc_401014: ; CODE XREF: pcs1:00401035j
cmp byte ptr [esi], 0
jz short start
shl eax, 8
lodsb
cmp eax, 72696E6Bh
jnz short loc_401029
cmp byte ptr [esi], 2Eh
jnz short loc_401037
loc_401029: ; CODE XREF: pcs1:00401022j
cmp eax, 2E657865h
jz short loc_401037
cmp eax, 2E455845h
jnz short loc_401014
loc_401037: ; CODE XREF: pcs1:00401027j
; pcs1:0040102Ej ...
lodsb
cmp al, 20h
jz short loc_401037
cmp al, 22h
jz short loc_401037
dec esi
push esi
push offset szBuffer
call lstrcpy
; 〓〓〓〓〓〓〓〓 S U B R O U T I N E 〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓〓
public start
start proc near ; CODE XREF: pcs1:00401011j
; pcs1:004010
最低0.47元/天 解锁文章
1665
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
