-
-
[求助]发现一个新壳,里面有超多花指令,请大家都来发表一个意见!
-
发表于:
2005-1-20 12:46
3812
-
[求助]发现一个新壳,里面有超多花指令,请大家都来发表一个意见!
下面是壳的入口代码:
004A50A0 > 55 PUSH EBP
004A50A1 E8 00000000 CALL ABC.004A50A6
004A50A6 5D POP EBP
004A50A7 81ED A6004300 SUB EBP,ABC.004300A6
004A50AD EB 05 JMP SHORT ABC.004A50B4
004A50AF E9 0B3D0000 JMP ABC.004A8DBF
004A50B4 EB 08 JMP SHORT ABC.004A50BE
004A50B6 D6 SALC
004A50B7 DCBB D4600485 FDIVR QWORD PTR DS:[EBX+850460D4]
004A50BD C3 RETN
004A50BE 8D85 60004300 LEA EAX,DWORD PTR SS:[EBP+430060]
004A50C4 8DBD A0004300 LEA EDI,DWORD PTR SS:[EBP+4300A0]
004A50CA EB 01 JMP SHORT ABC.004A50CD
004A50CC EA 8DB5B400 4300 JMP FAR 0043:00B4B58D ; Far jump
004A50D3 EB 01 JMP SHORT ABC.004A50D6
004A50D5 EA 8BCFEB01 EA2B JMP FAR 2BEA:01EBCF8B ; Far jump
004A50DC C8 4FFDEB ENTER 0FD4F,0EB
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!