1.异或解密
Byte是以字节为单位进行解密,也可以有Dword,Word,在最后你可是使用MakeCode转化为代码,不过我这里是数据,就不用这句代码了。
def XorBytes(start,length):
for i in range(0,length):
byte_value = Byte(start+i)
byte_value = byte_value^0xFF
PatchByte(start,dword_value)
XorBytes(0x403010,49)
2.替换指令为Nop
def nopIt(start,length): for i in range(0,length); PathByte(start+i,0x90) MakeCode(start)
3、Xorddos—MD5:0B3456561B7942AA67403CDDC1FAD2BD
因为xorkey是Ascii,需要用ord转换为数字
xorkeys = 'BB2FA36AAA9541F0'
def XorBytes(start,length):
for i in range(0,length):
byte_value = Byte(start+i)
byte_value = byte_value^ord(xorkeys[i % 16])
PatchByte(start+i,byte_value)
XorBytes(0x080B0E60,0xC)
4、Nitol---MD5:412D5F1933BE177131B4AF6711305FBE
Base64+异或相加,python用a=int(encode_b[i])+0x38
import base64
encode = "1ObhHd/a4t3g4t3e3NYdy8rJCRUTExVD"
encode_b = base64.b64decode(encode)
for i in range(0,len(encode_b)):
a = ord(encode_b[i]) + 0x38
if a >256:
a = a - 256
a = a ^ 0x7B
PatchByte(0x004013D4+i,a)