试一试ù‹NPÃzG´¿bbs.ikaka.comáæ&¢l²N

测试中~~~ù‹NPÃzG´¿bbs.ikaka.comáæ&¢l²N

  刚刚分析了rsupack.dll 发现里边有一堆的壳名，通过查毒时报的名字应该可以确定
这些就是这次瑞星引擎能处理的壳，也不是很多呀。
Mian007. ...........
AsPack1.x... ...0.......
AsPack2.0... ...........
AsPack2.1...
Morphine2.7.
Morphine1.3
NsPack.. ...........
PeTite2.x...
uPack0.32
uPack0.33...
uPack0.36
UPX.
tElock0.41..
MMX0.1..
uPack0.34
Mew1.1
PECompact1.x.
PECompact2.x 
!EPack
Aimm1.0
Aspack1.83
Aspack1.84
Aspack2.11c
Aspack2.11d
EXEStealth2.72
FSG1.0
FSG1.1
FSG1.2
FSG1.3
FSG1.31
FSG1.33
FSG2.0
HidePe1.1
HidePe1.2
JdPack1.0
JdPack1.01
JdPack1.02
Mew1.0
Mew1.1
Mew1.2
Mew1.3
MHLRS
MHLRS0.1X
MMX0.1
Packman
Packman0.1
PCShrinker0.71
PE Crypt
PECompact v1.68-v1.84
PECompact1.x
PECompact2.x
PEDiminisher0.1
PEncrypt3.0
PEncrypt4.0
PePack0.99
PePack1.0
PePack8.0
PeTite1.3
PeTite1.4
PeX v0.99
PE_PATCH(01)
PE_PATCH(02)
PE_PATCH(03)
PE_PATCH(04)
PE_PATCH(05)
PE_PATCH(06)
PE_PATCH(07)
PE_PATCH(08)
PE_PATCH(09)
PE_PATCH(........)
PKLite32v1.1
tElock0.41
TJPack
uPack0.34
UPX1.0
wwwPack32 1.
yoda's cryptor1.0
yoda's cryptor1.1
yoda's Protector 1.3

/////////////////////////////////////////////////////////////////
还是dwing 老大分析的利害!!~~

估计瑞星有牛人加入了,看似可脱这些壳了:
!EPack
Aimm1.0
Aspack1.83
Aspack1.84
Aspack2.11c
Aspack2.11d
EXEStealth2.72
FSG1.0
FSG1.1
FSG1.2
FSG1.3
FSG1.31
FSG1.33
FSG2.0
HidePe1.1
HidePe1.2
JdPack1.0
JdPack1.01
JdPack1.02
Mew1.0
FVI
Mew1.1
Mew1.2
Mew1.3
MHLRS
MHLRS0.1X
MMX0.1
Packman
Packman0.1
PCShrinker0.71
PE Crypt
PECompact v1.68-v1.84
PECompact1.x
PECompact2.x
PEDiminisher0.1
PEncrypt3.0
PEncrypt4.0
PePack0.99
PePack1.0
PePack8.0
PeTite1.3
PeTite1.4
PeX v0.99
PE_PATCH(01)
PE_PATCH(02)
PE_PATCH(03)
PE_PATCH(04)
PE_PATCH(05)
PE_PATCH(06)
PE_PATCH(07)
PE_PATCH(08)
PE_PATCH(09)
PE_PATCH(木马彩衣)
PKLite32v1.1
tElock0.41
TJPack
uPack0.34
UPX1.0
wwwPack32 1.x
yoda's cryptor1.0
yoda's cryptor1.1
yoda's Protector 1.3
AsPack1.x
AsPack2.0
AsPack2.1
Morphine2.7
Morphine1.3
NsPack
PeTite2.x
uPack0.32
uPack0.33
uPack0.36
UPX
tElock0.41
MMX0.1
uPack0.34
Mew1.1
PECompact1.x
PECompact2.x

这是另一份列表:
PECompact %s series.
v1.68-1.84
v1.67
v1.66
v1.60-1.65
unknown (<1.60)
v1.56
v1.55
v1.47-1.50
v1.46
v1.41-1.45
v1.40b5-b6, release
v1.40b2-b4
v1.34-1.40b1
v1.33
v1.30-1.32
v1.26
v1.25
v1.242-1.243
v1.23b2-1.241
v1.23b1
v1.22
unknown (<1.22)
v1.20
v1.10b8
v1.10b7
v1.10b5
v1.10b4
v1.10b3 unregistered
v1.10b3 registered
v1.10b2 unregistered
v1.10b2 registered
v1.10b1 unregistered
v1.10b1 registered
v1.00 unregistered
v1.00 registered
v0.99
v0.98
v0.9784
v0.9781
v0.978
v0.977
v0.9761
v0.9754
v0.9753
v0.975b
v0.971
v0.97b
v0.94
v0.93
v0.92
v0.91
tElock %s series.
v0.98
v0.96
v0.95
v0.92a
v0.90
v0.85f
v0.80
v0.71
v0.70
v0.60
v0.51
v0.42
ASProtect %s series.
v1.20
v1.23 RC4
Neolite %s series.
v2.0 Default
v2.0 Default (2)
v2.0 Max
v2.0 Max (2)
v2.0 Max (3)
v1.01
v1.01 DLL
v1.01 (2)
v1.01 DLL (2)
upx
ASPack 2.12
ASPack 2.11
ASPack 1.08.03
ASPack 1.08.02
ASPack 1.08.01
ASPack 1.08.00
ASPack 1.07b
ASPack 1.02b
WWPack32 1.20
PEPack 0.99
PcShrink 0.71
PE Diminisher

从调试信息发现的一些有趣的东西:
C:\TEMP\RisingAutoLink\Product2006\Engine\UnPacker\UPX\c_init.cpp
C:\TEMP\RisingAutoLink\Product2006\Engine\UnPacker\UPX\fcto_ml2.ch
C:\TEMP\RisingAutoLink\Product2006\Engine\UnPacker\UPX\linker.cpp
C:\TEMP\RisingAutoLink\Product2006\Engine\UnPacker\UPX\packer.cpp
C:\TEMP\RisingAutoLink\Product2006\Engine\UnPacker\UPX\util.cpp

Step_01.BPM @ Offset entry 0x%.8X (Reference EBP 2)
Step_02().VerifyASProtectData failed!
Step_02.GUIDBase = 0x%.8X
Step_02.ASPrData @ Offset entry 0x%.8X
Step_02.ASPrDLL RVA = 0x%.8X
Step_02().LocateData(GUID_BASE) failed!
Step_03.OEP = 0x%.8X
Step_03().GetOEPKey3() failed!
Step_03().LocateData(GUID_FINALCODE_KEYSIZE) failed!
Step_03().LocateData(GUID_FINALCODE) failed!
Step_03().TransformOEPkey_1 NOT present!
Step_03().LocateData(GUID_OEPKEY) failed!
Step_04.ImpKey @ Offset entry 0x%.8X
Step_04.ImpData @ Offset entry 0x%.8X
Step_04.ImpHook @ Offset entry 0x%.8X
Step_04().ImportData NOT present!
Step_04().pbyImpKey NOT present!
Step_04().APIHook NOT present!
Step_04().VerifyHookAPICode failed!
Mode 4 HookAPI is: %s
Step_03().VerifyASProtectData failed!
Step_03.ASPrData @ Offset entry 0x%.8X
Step_03.ASPrDLL RVA = 0x%.8X
OEP = 0x%.8X
Step_04().memcmp() failed!
Step_04().LocateData(GUID_BPE32) failed!
Step_04().LocateData(GUID_OEPKEY_2) failed!
Step_04().LocateData(GUID_OEPKEY) failed!
Step_05.ImpKey @ Offset entry 0x%.8X
Step_05.ImpData @ Offset entry 0x%.8X
Step_05.ImpHook @ Offset entry 0x%.8X
Step_05().ImportData NOT present!
Step_05().pbyImpKey NOT present!
Step_05().APIHook NOT present!
Step_05().VerifyHookAPICode failed! 

 
作者： dwing  2006-6-21 20:50 　 回复此发言   
ù‹NPÃzG´¿bbs.ikaka.comáæ&¢l²N

杀不出毒的肯定是因为没有病毒呗，真是笨呀你两个！！ù‹NPÃzG´¿bbs.ikaka.comáæ&¢l²N

ù‹NPÃzG´¿bbs.ikaka.comáæ&¢l²N

瑞星 今天的18.32.32才可以杀!!半年了晕 瑞星 和 江民 给了回复 卡巴和 金山 还没回复
ù‹NPÃzG´¿bbs.ikaka.comáæ&¢l²N

江民的脱壳能力有目共睹,毒霸也在不断进步,瑞星也要加油啊!!!ù‹NPÃzG´¿bbs.ikaka.comáæ&¢l²N

关注一下各大黑客网,很多加壳工具瑞星就是查不出!!ù‹NPÃzG´¿bbs.ikaka.comáæ&¢l²N

回33楼：杀不出毒就是没有病毒？
那句话可就不大对，总有杀软杀不出的毒，
不是么？ù‹NPÃzG´¿bbs.ikaka.comáæ&¢l²N

扫描速度大大加强ù‹NPÃzG´¿bbs.ikaka.comáæ&¢l²N