|
[讨论]刚进门使用ida反汇编逆向调试的主要进程
自从有了模板,用ida逆就比较有难度了吧 |
|
[求助]弱弱的问下 WEB安全主管主要负责什么工作
鬼知道要求到什么程度 |
|
[原创]vc6.0的一个小BUG
看汇编 debug TITLE C:\VCPP32\d\d.cpp .386P include listing.inc if @Version gt 510 .model FLAT else _TEXT SEGMENT PARA USE32 PUBLIC 'CODE' _TEXT ENDS _DATA SEGMENT DWORD USE32 PUBLIC 'DATA' _DATA ENDS CONST SEGMENT DWORD USE32 PUBLIC 'CONST' CONST ENDS _BSS SEGMENT DWORD USE32 PUBLIC 'BSS' _BSS ENDS $$SYMBOLS SEGMENT BYTE USE32 'DEBSYM' $$SYMBOLS ENDS $$TYPES SEGMENT BYTE USE32 'DEBTYP' $$TYPES ENDS _TLS SEGMENT DWORD USE32 PUBLIC 'TLS' _TLS ENDS ; COMDAT ??_C@_0O@FEEI@Hello?5World?$CB?6?$AA@ CONST SEGMENT DWORD USE32 PUBLIC 'CONST' CONST ENDS ; COMDAT ?foo@@YAHXZ _TEXT SEGMENT PARA USE32 PUBLIC 'CODE' _TEXT ENDS ; COMDAT _main _TEXT SEGMENT PARA USE32 PUBLIC 'CODE' _TEXT ENDS FLAT GROUP _DATA, CONST, _BSS ASSUME CS: FLAT, DS: FLAT, SS: FLAT endif PUBLIC ?foo@@YAHXZ ; foo ; COMDAT ?foo@@YAHXZ _TEXT SEGMENT ?foo@@YAHXZ PROC NEAR ; foo, COMDAT ; File C:\VCPP32\d\d.cpp ; Line 7 push ebp mov ebp, esp sub esp, 64 ; 00000040H push ebx push esi push edi lea edi, DWORD PTR [ebp-64] mov ecx, 16 ; 00000010H mov eax, -858993460 ; ccccccccH rep stosd $NEXT$528: ; Line 12 jmp SHORT $NEXT$528 ?foo@@YAHXZ ENDP ; foo _TEXT ENDS PUBLIC _main PUBLIC ??_C@_0O@FEEI@Hello?5World?$CB?6?$AA@ ; `string' EXTRN _printf:NEAR EXTRN __chkesp:NEAR ; COMDAT ??_C@_0O@FEEI@Hello?5World?$CB?6?$AA@ ; File C:\VCPP32\d\d.cpp CONST SEGMENT ??_C@_0O@FEEI@Hello?5World?$CB?6?$AA@ DB 'Hello World!', 0aH, 00H ; `string' CONST ENDS ; COMDAT _main _TEXT SEGMENT _n$ = -4 _main PROC NEAR ; COMDAT ; File C:\VCPP32\d\d.cpp ; Line 14 push ebp mov ebp, esp sub esp, 68 ; 00000044H push ebx push esi push edi lea edi, DWORD PTR [ebp-68] mov ecx, 17 ; 00000011H mov eax, -858993460 ; ccccccccH rep stosd ; Line 15 mov DWORD PTR _n$[ebp], 0 ; Line 16 call ?foo@@YAHXZ ; foo ; Line 17 push OFFSET FLAT:??_C@_0O@FEEI@Hello?5World?$CB?6?$AA@ ; `string' call _printf add esp, 4 ; Line 18 xor eax, eax ; Line 19 pop edi pop esi pop ebx add esp, 68 ; 00000044H cmp ebp, esp call __chkesp mov esp, ebp pop ebp ret 0 _main ENDP _TEXT ENDS END release TITLE C:\VCPP32\d\d.cpp .386P include listing.inc if @Version gt 510 .model FLAT else _TEXT SEGMENT PARA USE32 PUBLIC 'CODE' _TEXT ENDS _DATA SEGMENT DWORD USE32 PUBLIC 'DATA' _DATA ENDS CONST SEGMENT DWORD USE32 PUBLIC 'CONST' CONST ENDS _BSS SEGMENT DWORD USE32 PUBLIC 'BSS' _BSS ENDS _TLS SEGMENT DWORD USE32 PUBLIC 'TLS' _TLS ENDS ; COMDAT ??_C@_0O@FEEI@Hello?5World?$CB?6?$AA@ _DATA SEGMENT DWORD USE32 PUBLIC 'DATA' _DATA ENDS ; COMDAT ?foo@@YAHXZ _TEXT SEGMENT PARA USE32 PUBLIC 'CODE' _TEXT ENDS ; COMDAT _main _TEXT SEGMENT PARA USE32 PUBLIC 'CODE' _TEXT ENDS FLAT GROUP _DATA, CONST, _BSS ASSUME CS: FLAT, DS: FLAT, SS: FLAT endif PUBLIC ?foo@@YAHXZ ; foo ; COMDAT ?foo@@YAHXZ _TEXT SEGMENT ?foo@@YAHXZ PROC NEAR ; foo, COMDAT ; File C:\VCPP32\d\d.cpp ; Line 7 $NEXT$528: ; Line 12 jmp SHORT $NEXT$528 ?foo@@YAHXZ ENDP ; foo _TEXT ENDS PUBLIC _main PUBLIC ??_C@_0O@FEEI@Hello?5World?$CB?6?$AA@ ; `string' EXTRN _printf:NEAR ; COMDAT ??_C@_0O@FEEI@Hello?5World?$CB?6?$AA@ ; File C:\VCPP32\d\d.cpp _DATA SEGMENT ??_C@_0O@FEEI@Hello?5World?$CB?6?$AA@ DB 'Hello World!', 0aH, 00H ; `string' _DATA ENDS ; COMDAT _main _TEXT SEGMENT _main PROC NEAR ; COMDAT ; File C:\VCPP32\d\d.cpp ; Line 16 call ?foo@@YAHXZ ; foo ; Line 17 push OFFSET FLAT:??_C@_0O@FEEI@Hello?5World?$CB?6?$AA@ ; `string' call _printf add esp, 4 ; Line 18 xor eax, eax ; Line 19 ret 0 _main ENDP _TEXT ENDS END |
|
[已解决!!]64位exe程序的upx壳怎样脱??用什么工具?
大概看了一下,可能是被处理过的UPX,用64位的调试器找OEP、DUMP、fix IAT可能就可以了。不过我不是64位的系统,自己试吧,05年注册的应该能处理这些事吧 |
|
[求助]C/C++运行时库是什么东西
个人意见,没有C/C++运行时库完全可以,不过你不能使用相关库函数吧?反汇编一下lordpe你就会明白一些了 |
|
[分享]EasyHook库VS2010静态编译工程
谢谢分享,能编程序令人羡慕。 |
|
[原创]x64枚举DPC定时器
搞技术就是好呀 |
|
[招聘]初级病毒分析师
业余爱好而已 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值