脱壳后一运行就自动退出了
应该是自效验吧,但是不大懂,希望有人给看下
00407450 s> 55 push ebp
00407451 8BEC mov ebp,esp
00407453 6A FF push -1
00407455 68 70BA4D00 push sdo.004DBA70
0040745A 68 F4634B00 push sdo.004B63F4
0040745F 64:A1 0000000>mov eax,dword ptr fs:[0]
00407465 50 push eax
00407466 64:8925 00000>mov dword ptr fs:[0],esp
0040746D 83EC 0C sub esp,0C
00407470 53 push ebx
00407471 56 push esi
00407472 57 push edi
00407473 8965 E8 mov dword ptr ss:[ebp-18],esp
00407476 33F6 xor esi,esi
00407478 8975 FC mov dword ptr ss:[ebp-4],esi
0040747B 51 push ecx
0040747C FF15 2CB14D00 call dword ptr ds:[<&KERNEL32.InitializeCriticalSection>>; kernel32.InitializeCriticalSection
00407482 EB 2C jmp short sdo.004074B0
00407484 8B45 EC mov eax,dword ptr ss:[ebp-14]
00407487 8B08 mov ecx,dword ptr ds:[eax]
00407489 8B11 mov edx,dword ptr ds:[ecx]
0040748B 8955 E4 mov dword ptr ss:[ebp-1C],edx
0040748E B8 01000000 mov eax,1
00407493 C3 retn
00407494 8B65 E8 mov esp,dword ptr ss:[ebp-18]
00407497 33C0 xor eax,eax
00407499 817D E4 17000>cmp dword ptr ss:[ebp-1C],C0000017
004074A0 0F95C0 setne al
004074A3 48 dec eax
004074A4 25 09C00600 and eax,6C009
004074A9 05 05400080 add eax,80004005
004074AE 8BF0 mov esi,eax
004074B0 C745 FC FFFFF>mov dword ptr ss:[ebp-4],-1
004074B7 8BC6 mov eax,esi
004074B9 8B4D F0 mov ecx,dword ptr ss:[ebp-10]
004074BC 64:890D 00000>mov dword ptr fs:[0],ecx
004074C3 5F pop edi
004074C4 5E pop esi
004074C5 5B pop ebx
004074C6 8BE5 mov esp,ebp
004074C8 5D pop ebp
004074C9 C3 retn
用OD调试会被跳到00000000去。
[课程]Linux pwn 探索篇!