01E28366 8D6424 04 lea esp,dword ptr ss:[esp+4]
01E2836A 68 22FD23CB push CB23FD22
01E2836F 68 1502FFFF push FFFF0215
01E28374 68 FAFAFFFF push -506
01E28379 68 62D4FFFF push -2B9E
01E2837E 68 13A2FEFF push FFFEA213
01E28383 9C pushfd
01E28384 60 pushad
01E28385 E8 00000000 call RemoteAB.01E2838A
01E2838A 58 pop eax
01E2838B 014424 24 add dword ptr ss:[esp+24],eax
01E2838F 014424 28 add dword ptr ss:[esp+28],eax
01E28393 014424 2C add dword ptr ss:[esp+2C],eax
01E28397 014424 30 add dword ptr ss:[esp+30],eax
01E2839B 61 popad
01E2839C 9D popfd
01E2839D C3 retn
=======================================
求这段代码是什么意思,他的意图是什么
---------------------------------------------
补上retn之后的返回代码,求高手解释
01E1259D 9C pushfd
01E1259E F6D1 not cl
01E125A0 F6D6 not dh
01E125A2 66:8BC9 mov cx,cx
01E125A5 F6D6 not dh
01E125A7 F6D1 not cl
01E125A9 8AF6 mov dh,dh
01E125AB 8BC9 mov ecx,ecx
01E125AD 60 pushad
01E125AE 8D80 E3FFFFFF lea eax,dword ptr ds:[eax-1D]
01E125B4 F6D1 not cl
01E125B6 F6D1 not cl
01E125B8 8D80 1D000000 lea eax,dword ptr ds:[eax+1D]
01E125BE 8D5424 24 lea edx,dword ptr ss:[esp+24]
01E125C2 F7D0 not eax
01E125C4 F7D0 not eax
01E125C6 F7D7 not edi
01E125C8 86E7 xchg bh,ah
01E125CA 86E7 xchg bh,ah
01E125CC F7D7 not edi
01E125CE 9C pushfd
01E125CF 60 pushad
01E125D0 60 pushad
01E125D1 9C pushfd
01E125D2 8D92 FBFFFFFF lea edx,dword ptr ds:[edx-5]
01E125D8 F7D5 not ebp
01E125DA F7D5 not ebp
01E125DC 8D92 05000000 lea edx,dword ptr ds:[edx+5]
01E125E2 FC cld
01E125E3 8AE4 mov ah,ah
01E125E5 81EC F4000000 sub esp,0F4
01E125EB B9 F4000000 mov ecx,0F4
01E125F0 8772 08 xchg dword ptr ds:[edx+8],esi
01E125F3 66:F7D5 not bp
01E125F6 66:F7D5 not bp
01E125F9 8BFC mov edi,esp
01E125FB F3:A4 rep movs byte ptr es:[edi],byte ptr ds:[esi]
01E125FD 66:8BD2 mov dx,dx
01E12600 8BFC mov edi,esp
01E12602 8D6F 44 lea ebp,dword ptr ds:[edi+44]
01E12605 F7D2 not edx
01E12607 F7D2 not edx
01E12609 F6D1 not cl
01E1260B F6D1 not cl
01E1260D B9 18000000 mov ecx,18
01E12612 C1E1 02 shl ecx,2
01E12615 03E9 add ebp,ecx
01E12617 8D62 DC lea esp,dword ptr ds:[edx-24]
01E1261A 8967 28 mov dword ptr ds:[edi+28],esp
01E1261D 8732 xchg dword ptr ds:[edx],esi
01E1261F 8B5A 0C mov ebx,dword ptr ds:[edx+C]
01E12622 F7D3 not ebx
01E12624 8B4A 04 mov ecx,dword ptr ds:[edx+4]
01E12627 894F 34 mov dword ptr ds:[edi+34],ecx
01E1262A 8DA7 A4000000 lea esp,dword ptr ds:[edi+A4]
01E12630 8AE4 mov ah,ah
01E12632 B9 14000000 mov ecx,14
01E12637 C1E1 02 shl ecx,2
01E1263A 8D80 F8FFFFFF lea eax,dword ptr ds:[eax-8]
01E12640 8D80 08000000 lea eax,dword ptr ds:[eax+8]
01E12646 8AE4 mov ah,ah
01E12648 8DAD F3FFFFFF lea ebp,dword ptr ss:[ebp-D]
01E1264E 66:F7D2 not dx
01E12651 8BFF mov edi,edi
01E12653 66:F7D2 not dx
01E12656 8DAD 0D000000 lea ebp,dword ptr ss:[ebp+D]
01E1265C 03E1 add esp,ecx
01E1265E 66:8BFF mov di,di
01E12661 FC cld
01E12662 66:F7D7 not di
01E12665 66:F7D7 not di
01E12668 AC lods byte ptr ds:[esi]
01E12669 F6D0 not al
01E1266B 02C3 add al,bl
01E1266D 66:8BFF mov di,di
01E12670 32C3 xor al,bl
01E12672 C0C0 03 rol al,3
01E12675 F6D0 not al
01E12677 02C3 add al,bl
01E12679 F6D0 not al
01E1267B 8D80 E4FFFFFF lea eax,dword ptr ds:[eax-1C]
01E12681 8D80 1C000000 lea eax,dword ptr ds:[eax+1C]
01E12687 F6D0 not al
01E12689 02D8 add bl,al
01E1268B F6D3 not bl
01E1268D 8BD2 mov edx,edx
01E1268F C0CB 03 ror bl,3
01E12692 32D8 xor bl,al
01E12694 8DAD F0FFFFFF lea ebp,dword ptr ss:[ebp-10]
01E1269A 8DAD 10000000 lea ebp,dword ptr ss:[ebp+10]
01E126A0 66:F7D3 not bx
01E126A3 66:F7D3 not bx
01E126A6 8D80 F9FFFFFF lea eax,dword ptr ds:[eax-7]
01E126AC 8D80 07000000 lea eax,dword ptr ds:[eax+7]
01E126B2 53 push ebx
01E126B3 0FB6C8 movzx ecx,al
01E126B6 8B5F 34 mov ebx,dword ptr ds:[edi+34]
01E126B9 8B03 mov eax,dword ptr ds:[ebx]
01E126BB BA 7F000000 mov edx,7F
01E126C0 4A dec edx
01E126C1 8BFF mov edi,edi
01E126C3 8D1493 lea edx,dword ptr ds:[ebx+edx*4]
01E126C6 F6D4 not ah
01E126C8 F6D4 not ah
01E126CA 8B12 mov edx,dword ptr ds:[edx]
01E126CC 33C2 xor eax,edx
01E126CE 8D89 F4FFFFFF lea ecx,dword ptr ds:[ecx-C]
01E126D4 8D89 0C000000 lea ecx,dword ptr ds:[ecx+C]
01E126DA 66:8BC0 mov ax,ax
01E126DD 85C9 test ecx,ecx
01E126DF F6D3 not bl
01E126E1 8DAD F6FFFFFF lea ebp,dword ptr ss:[ebp-A]
01E126E7 8DBF F3FFFFFF lea edi,dword ptr ds:[edi-D]
01E126ED 8DBF 0D000000 lea edi,dword ptr ds:[edi+D]
01E126F3 8DAD 0A000000 lea ebp,dword ptr ss:[ebp+A]
01E126F9 F6D3 not bl
01E126FB 8D89 F9FFFFFF lea ecx,dword ptr ds:[ecx-7]
01E12701 8D89 07000000 lea ecx,dword ptr ds:[ecx+7]
01E12707 0F84 6A000000 je RemoteAB.01E12777
01E1270D 8DB6 F6FFFFFF lea esi,dword ptr ds:[esi-A]
01E12713 8DBF E5FFFFFF lea edi,dword ptr ds:[edi-1B]
01E12719 8DBF 1B000000 lea edi,dword ptr ds:[edi+1B]
01E1271F 8DB6 0A000000 lea esi,dword ptr ds:[esi+A]
01E12725 8DB6 F0FFFFFF lea esi,dword ptr ds:[esi-10]
01E1272B 8DB6 10000000 lea esi,dword ptr ds:[esi+10]
01E12731 66:8BC0 mov ax,ax
01E12734 83C3 04 add ebx,4
01E12737 8B13 mov edx,dword ptr ds:[ebx]
01E12739 33C2 xor eax,edx
01E1273B 66:87DA xchg dx,bx
01E1273E 8D9B F0FFFFFF lea ebx,dword ptr ds:[ebx-10]
01E12744 66:87EF xchg di,bp
01E12747 F6D5 not ch
01E12749 66:8BFF mov di,di
01E1274C F6D5 not ch
01E1274E 66:87EF xchg di,bp
01E12751 8D9B 10000000 lea ebx,dword ptr ds:[ebx+10]
01E12757 66:87DA xchg dx,bx
01E1275A 49 dec ecx
01E1275B 8BD2 mov edx,edx
01E1275D 8DBF F6FFFFFF lea edi,dword ptr ds:[edi-A]
01E12763 8DBF 0A000000 lea edi,dword ptr ds:[edi+A]
01E12769 ^ 0F85 6EFFFFFF jnz RemoteAB.01E126DD
01E1276F 8BC9 mov ecx,ecx
01E12771 ^ 0F84 66FFFFFF je RemoteAB.01E126DD
01E12777 0347 2C add eax,dword ptr ds:[edi+2C]
01E1277A 8DAD E1FFFFFF lea ebp,dword ptr ss:[ebp-1F]
01E12780 8D92 EDFFFFFF lea edx,dword ptr ds:[edx-13]
01E12786 F6D7 not bh
01E12788 66:F7D3 not bx
01E1278B 66:8BF6 mov si,si
01E1278E 66:F7D3 not bx
01E12791 F6D7 not bh
01E12793 8D92 13000000 lea edx,dword ptr ds:[edx+13]
01E12799 8DAD 1F000000 lea ebp,dword ptr ss:[ebp+1F]
01E1279F 8AC0 mov al,al
01E127A1 F7D0 not eax
01E127A3 F7D0 not eax
01E127A5 8BD0 mov edx,eax
01E127A7 5B pop ebx
01E127A8 8D89 FEFFFFFF lea ecx,dword ptr ds:[ecx-2]
01E127AE 8D89 02000000 lea ecx,dword ptr ds:[ecx+2]
01E127B4 FFD2 call edx
01E127B6 8D47 44 lea eax,dword ptr ds:[edi+44]
01E127B9 3BC5 cmp eax,ebp
01E127BB 8DAD E4FFFFFF lea ebp,dword ptr ss:[ebp-1C]
01E127C1 8DAD 1C000000 lea ebp,dword ptr ss:[ebp+1C]
01E127C7 0F82 1F000000 jb RemoteAB.01E127EC
01E127CD 8DAD F2FFFFFF lea ebp,dword ptr ss:[ebp-E]
01E127D3 8DAD 0E000000 lea ebp,dword ptr ss:[ebp+E]
01E127D9 CC int3
01E127DA 8DAD F5FFFFFF lea ebp,dword ptr ss:[ebp-B]
01E127E0 66:F7D3 not bx
01E127E3 66:F7D3 not bx
01E127E6 8DAD 0B000000 lea ebp,dword ptr ss:[ebp+B]
01E127EC B9 F4000000 mov ecx,0F4
01E127F1 8D440F 24 lea eax,dword ptr ds:[edi+ecx+24]
01E127F5 66:F7D3 not bx
01E127F8 66:F7D3 not bx
01E127FB 8DBF EBFFFFFF lea edi,dword ptr ds:[edi-15]
01E12801 F7D6 not esi
01E12803 F7D6 not esi
01E12805 8DBF 15000000 lea edi,dword ptr ds:[edi+15]
01E1280B F7D0 not eax
01E1280D F7D0 not eax
01E1280F 8B57 28 mov edx,dword ptr ds:[edi+28]
01E12812 3BC2 cmp eax,edx
01E12814 0F82 6C000000 jb RemoteAB.01E12886
01E1281A 8AE4 mov ah,ah
01E1281C 8D52 9C lea edx,dword ptr ds:[edx-64]
01E1281F 8BC7 mov eax,edi
01E12821 8D0408 lea eax,dword ptr ds:[eax+ecx]
01E12824 8D89 F5FFFFFF lea ecx,dword ptr ds:[ecx-B]
01E1282A 8DB6 F8FFFFFF lea esi,dword ptr ds:[esi-8]
01E12830 8DB6 08000000 lea esi,dword ptr ds:[esi+8]
01E12836 8D89 0B000000 lea ecx,dword ptr ds:[ecx+B]
01E1283C 2BC2 sub eax,edx
01E1283E 8BC0 mov eax,eax
01E12840 2BD1 sub edx,ecx
01E12842 66:87DF xchg di,bx
01E12845 66:8BF6 mov si,si
01E12848 66:87DF xchg di,bx
01E1284B 50 push eax
01E1284C 8D92 EFFFFFFF lea edx,dword ptr ds:[edx-11]
01E12852 8D92 11000000 lea edx,dword ptr ds:[edx+11]
01E12858 66:8BC9 mov cx,cx
01E1285B 8BC6 mov eax,esi
01E1285D 8BF7 mov esi,edi
01E1285F 8BFA mov edi,edx
01E12861 F3:A4 rep movs byte ptr es:[edi],byte ptr ds:[esi]
01E12863 8BF0 mov esi,eax
01E12865 8BFA mov edi,edx
01E12867 58 pop eax
01E12868 F7D4 not esp
01E1286A 8D2404 lea esp,dword ptr ss:[esp+eax]
01E1286D F7D4 not esp
01E1286F F7D2 not edx
01E12871 F7D2 not edx
01E12873 F7D2 not edx
01E12875 F7D2 not edx
01E12877 8BFF mov edi,edi
01E12879 F7D5 not ebp
01E1287B 8D2C28 lea ebp,dword ptr ds:[eax+ebp]
01E1287E 66:F7D3 not bx
01E12881 66:F7D3 not bx
01E12884 F7D5 not ebp
01E12886 ^ 0F84 D5FDFFFF je RemoteAB.01E12661
01E1288C 66:F7D3 not bx
01E1288F 8BFF mov edi,edi
01E12891 66:F7D3 not bx
01E12894 ^ 0F85 C7FDFFFF jnz RemoteAB.01E12661
01E1289A 8BD2 mov edx,edx
01E1289C C3 retn
------------------下面是老虎大牛指出的需要下断点的 call edx,里面的内容
00659BA6 AC lods byte ptr ds:[esi]
00659BA7 F6D0 not al
00659BA9 02C3 add al,bl
00659BAB 9C pushfd
00659BAC 8AC9 mov cl,cl
00659BAE 9D popfd
00659BAF 60 pushad
00659BB0 61 popad
00659BB1 8AFF mov bh,bh
00659BB3 32C3 xor al,bl
00659BB5 60 pushad
00659BB6 61 popad
00659BB7 55 push ebp
00659BB8 5D pop ebp
00659BB9 F6D4 not ah
00659BBB 8D92 F9FFFFFF lea edx,dword ptr ds:[edx-7]
00659BC1 52 push edx
00659BC2 66:F7D3 not bx
00659BC5 8BC9 mov ecx,ecx
00659BC7 66:F7D3 not bx
00659BCA 5A pop edx
00659BCB 8D92 07000000 lea edx,dword ptr ds:[edx+7]
00659BD1 F6D4 not ah
00659BD3 60 pushad
00659BD4 8AE4 mov ah,ah
00659BD6 61 popad
00659BD7 C0C0 03 rol al,3
00659BDA 57 push edi
00659BDB 8DAD E9FFFFFF lea ebp,dword ptr ss:[ebp-17]
00659BE1 8DAD 17000000 lea ebp,dword ptr ss:[ebp+17]
00659BE7 5F pop edi
00659BE8 F6D0 not al
00659BEA 02C3 add al,bl
00659BEC 02D8 add bl,al
00659BEE 66:F7D5 not bp
00659BF1 8DBF E6FFFFFF lea edi,dword ptr ds:[edi-1A]
00659BF7 66:F7D0 not ax
00659BFA 8D89 FCFFFFFF lea ecx,dword ptr ds:[ecx-4]
00659C00 8AFF mov bh,bh
00659C02 8D89 04000000 lea ecx,dword ptr ds:[ecx+4]
00659C08 66:F7D0 not ax
00659C0B 8DBF 1A000000 lea edi,dword ptr ds:[edi+1A]
00659C11 66:F7D5 not bp
00659C14 66:53 push bx
00659C16 66:5B pop bx
00659C18 F6D3 not bl
00659C1A 60 pushad
00659C1B 8BC9 mov ecx,ecx
00659C1D 61 popad
00659C1E 87D6 xchg esi,edx
00659C20 66:8BFF mov di,di
00659C23 87D6 xchg esi,edx
00659C25 C0CB 03 ror bl,3
00659C28 66:50 push ax
00659C2A 66:58 pop ax
00659C2C 8DB6 F5FFFFFF lea esi,dword ptr ds:[esi-B]
00659C32 8D80 E4FFFFFF lea eax,dword ptr ds:[eax-1C]
00659C38 66:F7D2 not dx
00659C3B 66:F7D6 not si
00659C3E 8BED mov ebp,ebp
00659C40 66:F7D6 not si
00659C43 66:F7D2 not dx
00659C46 8D80 1C000000 lea eax,dword ptr ds:[eax+1C]
00659C4C 8DB6 0B000000 lea esi,dword ptr ds:[esi+B]
00659C52 55 push ebp
00659C53 5D pop ebp
00659C54 32D8 xor bl,al
00659C56 0FB6C0 movzx eax,al
00659C59 8D0407 lea eax,dword ptr ds:[edi+eax]
00659C5C 8D9B E5FFFFFF lea ebx,dword ptr ds:[ebx-1B]
00659C62 66:56 push si
00659C64 8D92 F8FFFFFF lea edx,dword ptr ds:[edx-8]
00659C6A 8AE4 mov ah,ah
00659C6C 8D92 08000000 lea edx,dword ptr ds:[edx+8]
00659C72 66:5E pop si
00659C74 8D9B 1B000000 lea ebx,dword ptr ds:[ebx+1B]
00659C7A 8B57 28 mov edx,dword ptr ds:[edi+28]
00659C7D 8B12 mov edx,dword ptr ds:[edx]
00659C7F 8347 28 04 add dword ptr ds:[edi+28],4
00659C83 8D92 F6FFFFFF lea edx,dword ptr ds:[edx-A]
00659C89 8D92 0A000000 lea edx,dword ptr ds:[edx+A]
00659C8F 8D89 E8FFFFFF lea ecx,dword ptr ds:[ecx-18]
00659C95 66:F7D3 not bx
00659C98 87D1 xchg ecx,edx
00659C9A 66:87FA xchg dx,di
00659C9D 8ADB mov bl,bl
00659C9F 66:87FA xchg dx,di
00659CA2 87D1 xchg ecx,edx
00659CA4 66:F7D3 not bx
00659CA7 8D89 18000000 lea ecx,dword ptr ds:[ecx+18]
00659CAD 8BFF mov edi,edi
00659CAF 8910 mov dword ptr ds:[eax],edx
00659CB1 C3 retn
[课程]Linux pwn 探索篇!
这个壳我弄了一个星期了。是别人破解的一个vip软件,本来是绑定机器码需要算号。我脱完之后其他一切都正常。就是我需要把他的破解代码提取出来。现在来到关键地址,被破解的人加了vm,防止破解代码被提取
