77F45B95 6A 12 PUSH 12
77F45B97 E8 0FEDFFFF CALL 77F448AB
77F45B9C 85C0 TEST EAX,EAX
77F45B9E 0F84 A2000000 JE 77F45C46
77F45BA4 57 PUSH EDI
77F45BA5 68 F44FF477 PUSH 77F44FF4 ; ASCII "KERNEL32.DLL"
77F45BAA FF15 FC11F477 CALL DWORD PTR DS:[77F411FC] ; kernel32.GetModuleHandleA
77F45BB0 8BF8 MOV EDI,EAX ; ★返回到这里!★
77F45BB2 85FF TEST EDI,EDI
77F45BB4 0F84 8B000000 JE 77F45C45
77F45BBA 56 PUSH ESI
77F45BBB 8B35 B413F477 MOV ESI,DWORD PTR DS:[77F413B4] ; kernel32.GetProcAddress
77F45BC1 68 A45CF477 PUSH 77F45CA4 ; ASCII "CreateTimerQueue"
77F45BC6 57 PUSH EDI
77F45BC7 FFD6 CALL ESI
77F45BC9 85C0 TEST EAX,EAX
77F45BCB 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
77F45BCE 74 74 JE SHORT 77F45C44
77F45BD0 68 905CF477 PUSH 77F45C90 ; ASCII "DeleteTimerQueue"
77F45BD5 57 PUSH EDI
77F45BD6 FFD6 CALL ESI
77F45BD8 85C0 TEST EAX,EAX
77F45BDA 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
77F45BDD 74 65 JE SHORT 77F45C44
77F45BDF 68 785CF477 PUSH 77F45C78 ; ASCII "CreateTimerQueueTimer"
77F45BE4 57 PUSH EDI
77F45BE5 FFD6 CALL ESI
77F45BE7 85C0 TEST EAX,EAX
77F45BE9 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
77F45BEC 74 56 JE SHORT 77F45C44
77F45BEE 53 PUSH EBX
77F45BEF 68 605CF477 PUSH 77F45C60 ; ASCII "ChangeTimerQueueTimer"
77F45BF4 57 PUSH EDI
77F45BF5 FFD6 CALL ESI
77F45BF7 8BD8 MOV EBX,EAX
77F45BF9 85DB TEST EBX,EBX
77F45BFB 74 46 JE SHORT 77F45C43
77F45BFD 68 485CF477 PUSH 77F45C48 ; ASCII "DeleteTimerQueueTimer"
77F45C02 57 PUSH EDI
77F45C03 FFD6 CALL ESI
77F45C05 85C0 TEST EAX,EAX
77F45C07 74 3A JE SHORT 77F45C43
77F45C09 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4]
77F45C0C 890D 7CD6FA77 MOV DWORD PTR DS:[77FAD67C],ECX
77F45C12 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
77F45C15 890D 80D6FA77 MOV DWORD PTR DS:[77FAD680],ECX
77F45C1B 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C]
77F45C1E 891D 88D6FA77 MOV DWORD PTR DS:[77FAD688],EBX
77F45C24 C705 84D6FA77 E>MOV DWORD PTR DS:[77FAD684],77FA0DE5
77F45C2E C705 8CD6FA77 2>MOV DWORD PTR DS:[77FAD68C],77FA0E26
77F45C38 890D 94D6FA77 MOV DWORD PTR DS:[77FAD694],ECX
77F45C3E A3 98D6FA77 MOV DWORD PTR DS:[77FAD698],EAX
77F45C43 5B POP EBX
77F45C44 5E POP ESI
77F45C45 5F POP EDI
77F45C46 C9 LEAVE
77F45C47 C3 RETN
上面那个是MAGIC JUMP啊??
谢了!!
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法