0042B2BE |> E8 22DAFFFF /CALL Unpacked.00428CE5
0042B2C3 |. 85C0 |TEST EAX,EAX
0042B2C5 |. 74 65 |JE SHORT Unpacked.0042B32C
0042B2C7 |. 3BDF |CMP EBX,EDI
0042B2C9 |. 74 25 |JE SHORT Unpacked.0042B2F0
0042B2CB |. 8B4424 18 |MOV EAX,DWORD PTR SS:[ESP+18]
0042B2CF |. 8B40 04 |MOV EAX,DWORD PTR DS:[EAX+4]
0042B2D2 |. 3D 18010000 |CMP EAX,118
0042B2D7 |. 74 07 |JE SHORT Unpacked.0042B2E0
0042B2D9 |. 3D 04010000 |CMP EAX,104
0042B2DE |. 75 10 |JNZ SHORT Unpacked.0042B2F0
0042B2E0 |> 6A 01 |PUSH 1
0042B2E2 |. 8BCE |MOV ECX,ESI
0042B2E4 |. E8 10240000 |CALL Unpacked.0042D6F9
0042B2E9 |. FF76 1C |PUSH DWORD PTR DS:[ESI+1C]
0042B2EC |. FFD5 |CALL EBP
0042B2EE |. 33DB |XOR EBX,EBX
0042B2F0 |> 8B06 |MOV EAX,DWORD PTR DS:[ESI]
0042B2F2 |. 8BCE |MOV ECX,ESI
0042B2F4 |. FF90 80000000 |CALL DWORD PTR DS:[EAX+80]
0042B2FA |. 85C0 |TEST EAX,EAX
0042B2FC |. 74 39 |JE SHORT Unpacked.0042B337
0042B2FE |. FF7424 18 |PUSH DWORD PTR SS:[ESP+18]
0042B302 |. E8 05D9FFFF |CALL Unpacked.00428C0C
0042B307 |. 85C0 |TEST EAX,EAX
0042B309 |. 59 |POP ECX
0042B30A |. 74 0C |JE SHORT Unpacked.0042B318
0042B30C |. C74424 14 0100>|MOV DWORD PTR SS:[ESP+14],1
0042B314 |. 897C24 10 |MOV DWORD PTR SS:[ESP+10],EDI
0042B318 |> 57 |PUSH EDI ; /RemoveMsg
0042B319 |. 57 |PUSH EDI ; |MsgFilterMax
0042B31A |. 57 |PUSH EDI ; |MsgFilterMin
0042B31B |. 57 |PUSH EDI ; |hWnd
0042B31C |. FF7424 28 |PUSH DWORD PTR SS:[ESP+28] ; |pMsg
0042B320 |. FF15 00954300 |CALL DWORD PTR DS:[<&USER32.PeekMessage>; \PeekMessageA
0042B326 |. 85C0 |TEST EAX,EAX
0042B328 |.^75 94 \JNZ SHORT Unpacked.0042B2BE
我用OD调试F8跳不过去,但F9就能过,是怎么回事啊?
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
