源码免杀只处理特征码还是不够的,必须要加入反调试代码,这样才能更持久更耐用。这里就发几个暗夜经常用的反调试代码给大家。
1.
HKEY ck;
char strreg[] = {'S','O','F','T','W','A','R','E','\\','O','D','B','C','\0'};
if(ERROR_SUCCESS!=RegOpenKeyEx(HKEY_LOCAL_MACHINE,(LPCTSTR)strreg,0,KEY_ALL_ACCESS,&ck))
{
}
===================================================
2.
bool IsVirtualPC()//反nod32查杀
{
__try
{
}
__except(1)
{
}
return TRUE;
}
===========================================================
3.
if(IsVirtualPC())
{
}
_asm push esi;
_asm mov esi,46;
_asm inc esi;
_asm mov eax,dword ptr fs:[esi+1];
_asm mov eax,dword ptr ds:[eax+24];
_asm mov eax,dword ptr ds:[eax+12];
_asm cmp eax,2;
_asm pop esi;
_asm je Begin;
_asm lock dec ebx;
Begin: