-
-
[已解决]伪装壳无法调试
-
发表于:
2009-12-8 19:18
4146
-
OD载入程序入口
00401000 > $ 60 pushad
00401001 . BE 00908B00 mov esi, 8B9000
00401006 . 8DBE 0080B4FF lea edi, dword ptr [esi+FFB48000]
0040100C . 57 push edi
0040100D . 83CD FF or ebp, FFFFFFFF
00401010 . EB 3A jmp short 0040104C
00401012 90 nop
00401013 90 nop
00401014 90 nop
00401015 90 nop
00401016 90 nop
00401017 90 nop
00401018 > 8A06 mov al, byte ptr [esi]
0040101A . 46 inc esi
0040101B . 8807 mov byte ptr [edi], al
0040101D . 47 inc edi
0040101E . 01DB add ebx, ebx
00401020 . 75 07 jnz short 00401029
00401022 . 8B1E mov ebx, dword ptr [esi]
00401024 . 83EE FC sub esi, -4
00401027 . 11DB adc ebx, ebx
00401029 >^ 72 ED jb short 00401018
0040102B . B8 01000000 mov eax, 1
00401030 . 01DB add ebx, ebx
00401032 . 75 07 jnz short 0040103B
[课程]Linux pwn 探索篇!