-
-
[求助]奇怪的入口代码
-
发表于:
2011-10-26 14:29
20252
-
小弟不才,摸索一个壳,入口代码很奇怪
00406440 > 61 popad
00406441 BE 00604000 mov esi,18Loader.00406000
00406446 8DBE 00B0FFFF lea edi,dword ptr ds:[esi+FFFFB000]
0040644C 57 push edi ; 18Loader.00401000
0040644D 83CD FF or ebp,FFFFFFFF
00406450 EB 10 jmp short 18Loader.00406462
00406452 EB 00 jmp short 18Loader.00406454
00406454 ^ EB EA jmp short 18Loader.<模块入口点>
00406456 ^ EB E8 jmp short 18Loader.<模块入口点>
00406458 8A06 mov al,byte ptr ds:[esi]
0040645A 46 inc esi
0040645B 8807 mov byte ptr ds:[edi],al
0040645D 47 inc edi
0040645E 01DB add ebx,ebx
00406460 75 07 jnz short 18Loader.00406469
00406462 8B1E mov ebx,dword ptr ds:[esi]
00406464 83EE FC sub esi,-4
00406467 11DB adc ebx,ebx
00406469 ^ 72 ED jb short 18Loader.00406458
0040646B B8 01000000 mov eax,1
00406470 01DB add ebx,ebx
00406472 75 07 jnz short 18Loader.0040647B
PEID 显示是 UPX 0.89.6 - 1.02 / 1.05 - 2.90 -> Markus & Laszlo [Overlay]
判断不出来是什么壳,不知道怎么脱
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
