00401010 >|> \55 push ebp
00401011 |. 8BEC mov ebp, esp
00401013 |. 83EC 40 sub esp, 40
00401016 |. 53 push ebx
00401017 |. 56 push esi
00401018 |. 57 push edi
00401019 |. 8D7D C0 lea edi, dword ptr [ebp-40]
0040101C |. B9 10000000 mov ecx, 10
00401021 |. B8 CCCCCCCC mov eax, CCCCCCCC
00401026 |. F3:AB rep stos dword ptr es:[edi
]--------在这里的时候会进入NTDLL.DLL,然后 选择 执行到用户代码时会出现“binshell遇到问题需要关闭”
00401028 |. 90 nop
00401029 |. 90 nop
0040102A |. 90 nop
0040102B |. 90 nop
0040102C |. 90 nop
0040102D |. 90 nop
0040102E |. 90 nop
0040102F |. 90 nop
00401030 |. 90 nop
00401031 |. 90 nop
00401032 |. 90 nop
00401033 |. 90 nop
00401034 |. 90 nop
00401035 |. 90 nop
00401036 |. 90 nop
00401037 |. 90 nop
00401038 |. 90 nop
00401039 |. 90 nop
0040103A |. 90 nop
0040103B |. 90 nop
0040103C |. 90 nop
0040103D |. 59 pop ecx ;
======如果在这里下断的话程序会断下来
0040103E |. 81C9 D3623020 or ecx, 203062D3
00401044 |. 41 inc ecx
00401045 |. 43 inc ebx
00401046 |. 4D dec ebp
00401047 |. 64:99 cdq ; _CODE START
00401049 |. 96 xchg eax, esi ; ESI=first foo hash
0040104A |. 8D7E E8 lea edi, dword ptr [esi-18] ;
0040104D |. 64:8B5A 30 mov ebx, dword ptr fs:[edx+30]
00401051 |. 8B4B 0C mov ecx, dword ptr [ebx+C
]======到这又出现“遇到问题需要关闭了”而且即使下面下断点的话也没法断下来了
00401054 |. 8B49 1C mov ecx, dword ptr [ecx+1C]
00401057 |. 8B09 mov ecx, dword ptr [ecx]
00401059 |. 8B69 08 mov ebp, dword ptr [ecx+8] ; EBP=get the base addr of KERNEL32.DLL
0040105C |. B6 03 mov dh, 3 ; ROOM for WSADATA
0040105E |. 2BE2 sub esp, edx ; ------
00401060 |. 66:BA 3332 mov dx, 3233
00401064 |. 52 push edx
00401065 |. 68 7773325F push 5F327377
0040106A |. 54 push esp ; push a pointer to "ws2_32" onto stack
0040106B |> AC /lods byte ptr [esi]
0040106C |. 3C D3 |cmp al, 0D3
0040106E |. 75 06 |jnz short 00401076
00401070 |. 95 |xchg eax, ebp
00401071 |. FF57 F4 |call dword ptr [edi-C]
出现问题的原因是什么啊
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
