这是die查的PE区段
名称 虚拟偏移 虚拟大小 原始偏移 原始大小 标志 扫描 压缩
.text 00001000 00037B89 00000000 00000000 60000020 none
.rdata 00039000 0000EA7A 00000000 00000000 40000040 none
.data 00048000 000065B4 00000000 00000000 C0000040 none
.vmp0 0004F000 00409B04 00000000 00000000 E0000060 none
.vmp1 00459000 00467CC0 00000400 00467E00 E0000060 imp
.reloc 008C1000 000000A8 00468200 00000200 40000040 breloc
.rsrc 008C2000 00000F3E 00468400 00001000 40000040 res
od载入的效果
0085AB7B > 9C pushfd
0085AB7C E9 F3750000 jmp 交友.00862174
0085AB81 1192 07E9525D adc dword ptr ds:[edx+0x5D52E907],edx
0085AB87 F4 hlt
0085AB88 B4 A3 mov ah,0xA3
0085AB8A E7 05 out 0x5,eax
0085AB8C 4A dec edx
0085AB8D A9 83207CB4 test eax,0xB47C2083
0085AB92 93 xchg eax,ebx
0085AB93 B6 D1 mov dh,0xD1
0085AB95 24 CD and al,0xCD
0085AB97 49 dec ecx
0085AB98 D061 61 shl byte ptr ds:[ecx+0x61],1
0085AB9B 0915 50C77B60 or dword ptr ds:[0x607BC750],edx
0085ABA1 C5D6 lds edx,esi ; 非法使用寄存器
0085ABA3 5E pop esi
0085ABA4 ^ 76 E5 jbe X交友.0085AB8B
0085ABA6 C586 A2698C9F lds eax,fword ptr ds:[esi+0x9F8C69A2]
0085ABAC 05 AB2C5D3F add eax,0x3F5D2CAB
0085ABB1 1D D498461E sbb eax,0x1E4698D4
0085ABB6 D6 salc
0085ABB7 BA 4599AF97 mov edx,0x97AF9945
0085ABBC 2BA48F D39CB4EC sub esp,dword ptr ds:[edi+ecx*4+0xECB49C>
0085ABC3 AF scas dword ptr es:[edi]
0085ABC4 F4 hlt
0085ABC5 37 aaa
0085ABC6 75 0E jnz X交友.0085ABD6
0085ABC8 43 inc ebx
0085ABC9 95 xchg eax,ebp
0085ABCA 40 inc eax
0085ABCB BC 08A7E774 mov esp,0x74E7A708
0085ABD0 8D5D 17 lea ebx,dword ptr ss:[ebp+0x17]
0085ABD3 D5 6F aad 0x6F
0085ABD5 FD std
0085ABD6 5C pop esp
0085ABD7 53 push ebx
0085ABD8 397A E9 cmp dword ptr ds:[edx-0x17],edi
0085ABDB 8E0A mov cs,word ptr ds:[edx] ; 不允许段 CS
0085ABDD 1B5E 38 sbb ebx,dword ptr ds:[esi+0x38]
0085ABE0 1D 4E0B9339 sbb eax,0x39930B4E
0085ABE5 90 nop
0085ABE6 D1DB rcr ebx,1
0085ABE8 DA2D 6AD04FEB fisubr dword ptr ds:[0xEB4FD06A]
0085ABEE 75 3C jnz X交友.0085AC2C
0085ABF0 B4 9B mov ah,0x9B
0085ABF2 CD 81 int 0x81
0085ABF4 FF36 push dword ptr ds:[esi]
0085ABF6 AD lods dword ptr ds:[esi]
0085ABF7 1234BD 87082462 adc dh,byte ptr ds:[edi*4+0x62240887]
0085ABFE - E9 525D85BA jmp BB0B0955
0085AC03 D8AD F537C37D fsubr dword ptr ss:[ebp+0x7DC337F5]
0085AC09 68 B7408758 push 0x588740B7
0085AC0E FC cld
0085AC0F 118F 63426288 adc dword ptr ds:[edi+0x88624263],ecx
0085AC15 0D E7F49887 or eax,0x8798F4E7
0085AC1A 4E dec esi
0085AC1B 4F dec edi
0085AC1C B8 A30ABE31 mov eax,0x31BE0AA3
0085AC21 54 push esp
0085AC22 8927 mov dword ptr ds:[edi],esp
0085AC24 06 push es
0085AC25 47 inc edi
0085AC26 4C dec esp
0085AC27 1988 B87B51A3 sbb dword ptr ds:[eax+0xA3517BB8],ecx
0085AC2D DC4F 00 fmul qword ptr ds:[edi]
0085AC30 F6E2 mul dl
0085AC32 2D 0FADB062 sub eax,0x62B0AD0F
0085AC37 B1 A2 mov cl,0xA2
0085AC39 5C pop esp
0085AC3A E4 40 in al,0x40
0085AC3C C461 D0 les esp,fword ptr ds:[ecx-0x30]
0085AC3F B6 4B mov dh,0x4B
0085AC41 C15D D6 15 rcr dword ptr ss:[ebp-0x2A],0x15
0085AC45 3F aas
0085AC46 082B or byte ptr ds:[ebx],ch
0085AC48 E8 70F6CE0E call 0F54A2BD
0085AC4D D4 E9 aam 0xE9
0085AC4F 20546C EA and byte ptr ss:[esp+ebp*2-0x16],dl
0085AC53 59 pop ecx
0085AC54 6B0E 48 imul ecx,dword ptr ds:[esi],0x48
0085AC57 CF iretd
0085AC58 0F9DD2 setge dl
0085AC5B ^ 74 E3 je X交友.0085AC40
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
