Free kill of some of the views-bug warning-the black bar safety net

ID MYHACK58:62200714289
Type myhack58
Reporter 佚名
Modified 2007-02-28T00:00:00


For flower instructions:a lot of friends in all over the world to find some of the so-calledfree killflower instruction. But you find online are some of to be disclosed. Have long been killed. Even temporarily not to kill. But hisfree killthe period is not up to you to control. Because you don't know which day will be soft kill to kill. Actually spend instruction in the Trojan horsefree killthe effect is to interfere with its normal killing order,for a Trojan to say if it is a single feature code,you added the flower instructions are also killed. I want to kill is also a spend instruction in a code. You can locate this Trojan. View is not a feature of the code to be in the flower instructions the top..(the General case is such)and if in words then it is too good to change. Because the flowers of the instruction itself is nonsense instruction. No external call is back and forth to jump. Back and forth pushed,the pop-up. Incidentally the micro to grasp the point of a compilation of knowledge you can get. For domestic soft kill much better is you put the Trojan file header transfer,it may befree to kill!!

For the packers. Because some of the housing plus a Trojan can not be used. Some of it..because we all use. It is also to be killed. But kill is also a kill of his shell.. For the card. NOD32. Norton, etc. than to teach a strong antivirus his strength is he has a strong shelling ability,is that he can first take your shell off in to killing Trojans. So if I give the Trojans the packers,it's looking for some new shells, then add a shell. In the loading freeRES in the release of resources. Then add together. No, just use the same method,in the calling together..but this also not necessarily can through the antivirus. Use of the housing of the compass. Hui PE encryption..

Change the feature code:I think doingfree killthe right way or change the feature codefree kill,and Trojan signatures are the finished after looking for two good shell plus. Then you look at thefree to killlong. In doing the locatingfree killcan not only change your positioning out of that feature code. You have to look at the program of the whole compilation of what is the meaning,

For example:you have positioned the signature in the Cards. [features] 0000B585_00000003 transfer memory address: 0040B585 OD loaded find the card. the signature of the position is 0040B57C |. E8 7F89FFFF CALL Trojan. 00403F00 0040B581 |. 8BD0 MOV EDX,EAX 0040B583 |. B9 08BC4000 MOV ECX,Trojans. 0040BC08 ; ASCII "KpopMon" 0040B588 |. B8 0 2 0 0 0 0 8 0 MOV EAX,8 0 0 0 0 0 0 2 That is 0040B585 is 0040B583 instructions in a portion of the parts. (This if you don't understand, I didn't say.) Then you see 0040B583 the instruction at the What is the meaning of.. Is the 0040BC08 at the ASCII "KpopMon"is transferred to the register ECX. That this if you change the words necessary to 0040BC08 at the address to adjust his position. Then in the back put 0040B583 the pointer adjustment.

You can also how to change. Looking at 0040B57C |. E8 7F89FFFF CALL Trojan. 00403F00 Actually now the anti-virus company positioning feature codes most of them are in the CALL and JMP..upper CALL is a procedure call instruction It just that the OD of the instruction you look further you can see 0040B57C |. E8 7F89FFFF CALL Trojan. 00403F00 This sentence is 0040B57C call 00403F00 in the instruction.

Wherein the CALL Trojans. 00403F00 the position of the view 00403F00 position is 00403EFF 9 0 NOP 00403F00 /$ 85C0 TEST EAX,EAX 00403F02 |. 7 4 0 2 JE SHORT kk_. 00403F06 00403F04 |. C3 RETN 00403F05 | 0 0 DB 0 0 00403F00 the above is a NOP. Then you can put 0040B57C |. E8 7F89FFFF CALL Trojan. 00403F00 the pointer is adjusted to 0040B57C |. E8 7F89FFFF CALL Trojan. 00403EFF This can also befree to kill. But also not to change the stack balance..other features are also absolutely will not have what change

So do thefree to killmust master is the Assembly instruction meaning. This is very simple does not want you to completely learn the compilation of