请高手看看,新手不太懂请教下。
004045FE |. /74 11 je short 00404611
00404600 |. |E8 ABFEFFFF call 004044B0
00404605 |. |E8 32FFFFFF call 0040453C
0040460A |. |33C0 xor eax, eax
0040460C |. |A3 04809200 mov dword ptr [928004], eax
00404611 |> \807B 28 02 /cmp byte ptr [ebx+28], 2
00404615 |. 75 0A |jnz short 00404621
00404617 |. 833E 00 |cmp dword ptr [esi], 0
0040461A |. 75 05 |jnz short 00404621
0040461C |. 33C0 |xor eax, eax
0040461E |. 8943 0C |mov dword ptr [ebx+C], eax
00404621 |> E8 FEFCFFFF |call 00404324
00404626 |. 807B 28 01 |cmp byte ptr [ebx+28], 1
0040462A |. 76 05 |jbe short 00404631
0040462C |. 833E 00 |cmp dword ptr [esi], 0
0040462F |. 74 21 |je short 00404652
00404631 |> 8B43 10 |mov eax, dword ptr [ebx+10]
00404634 |. 85C0 |test eax, eax
00404636 |. 74 1A |je short 00404652
00404638 |. E8 53220000 |call 00406890
0040463D |. 8B53 10 |mov edx, dword ptr [ebx+10]
00404640 |. 8B42 10 |mov eax, dword ptr [edx+10]
00404643 |. 3B42 04 |cmp eax, dword ptr [edx+4]
00404646 |. 74 0A |je short 00404652
00404648 |. 85C0 |test eax, eax
0040464A |. 74 06 |je short 00404652
0040464C |. 50 |push eax ; /hLibModule
0040464D |. E8 52CFFFFF |call <jmp.&kernel32.FreeLibrary> ; \FreeLibrary
00404652 |> E8 A5FCFFFF |call 004042FC
00404657 |. 807B 28 01 |cmp byte ptr [ebx+28], 1
0040465B |. 75 03 |jnz short 00404660
0040465D |. FF53 24 |call dword ptr [ebx+24]
00404660 |> 807B 28 00 |cmp byte ptr [ebx+28], 0
00404664 |. 74 05 |je short 0040466B
00404666 |. E8 A1FEFFFF |call 0040450C
0040466B |> 833B 00 |cmp dword ptr [ebx], 0
0040466E |. 75 17 |jnz short 00404687
00404670 |. 833D 28E09400>|cmp dword ptr [94E028], 0
00404677 |. 74 06 |je short 0040467F
00404679 |. FF15 28E09400 |call dword ptr [94E028]
0040467F |> 8B06 |mov eax, dword ptr [esi]
00404681 |. 50 |push eax ; /ExitCode
00404682 |. E8 FDCEFFFF |call <jmp.&kernel32.ExitProcess> ; \ExitProcess 断点
00404687 |> 8B03 |mov eax, dword ptr [ebx]
00404689 |. 56 |push esi
0040468A |. 8BF0 |mov esi, eax
0040468C |. 8BFB |mov edi, ebx
0040468E |. B9 0B000000 |mov ecx, 0B
00404693 |. F3:A5 |rep movs dword ptr es:[edi], dword >
00404695 |. 5E |pop esi
00404696 \.^ E9 76FFFFFF \jmp 00404611
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法