一个软件,用PEID查好,如下信息:
入口点”00001018
EP区段:PS斋腌
文件偏移量:00000018
第一个字节:EB,B0,11,40
链接器信息:76:11
子系统:WIN32 GUI
最后需信息那里显视“什么都没有找到[覆盖]
OllyICE载入后
错误:
32位可执行文件C.EXE格式错误或未知
再确定后,提示
无法在内存中分配1766618072字节
00401018 > BE B0114000 mov esi, 004011B0
0040101D AD lods dword ptr [esi]
0040101E 50 push eax
0040101F FF76 34 push dword ptr [esi+34]
00401022 EB 7C jmp short 004010A0
00401024 48 dec eax
00401025 010E add [esi], ecx
00401027 010B add [ebx], ecx
00401029 014C6F 61 add [edi+ebp*2+61], ecx
0040102D 64:4C dec esp
0040102F 6962 72 6172794>imul esp, [edx+72], 41797261
00401036 0000 add [eax], al
00401038 1810 sbb [eax], dl
0040103A 0000 add [eax], al
0040103C 1000 adc [eax], al
0040103E 0000 add [eax], al
00401040 0040 00 add [eax], al
00401043 0000 add [eax], al
00401045 0040 00 add [eax], al
00401048 0010 add [eax], dl
0040104A 0000 add [eax], al
0040104C 0002 add [edx], al
0040104E 0000 add [eax], al
00401050 04 00 add al, 0
00401052 0000 add [eax], al
00401054 0000 add [eax], al
00401056 3A00 cmp al, [eax]
00401058 04 00 add al, 0
0040105A 0000 add [eax], al
0040105C 0000 add [eax], al
0040105E 0000 add [eax], al
00401060 00A0 01000002 add [eax+2000001], ah
00401066 0000 add [eax], al
00401068 0000 add [eax], al
0040106A 0000 add [eax], al
0040106C 0200 add al, [eax]
0040106E 0000 add [eax], al
00401070 0000 add [eax], al
00401072 1000 adc [eax], al
00401074 0010 add [eax], dl
00401076 0000 add [eax], al
00401078 0000 add [eax], al
0040107A 1000 adc [eax], al
0040107C 0010 add [eax], dl
0040107E 0000 add [eax], al
00401080 0000 add [eax], al
00401082 0000 add [eax], al
00401084 0A00 or al, [eax]
00401086 0000 add [eax], al
00401088 0000 add [eax], al
0040108A 0000 add [eax], al
0040108C 0000 add [eax], al
0040108E 0000 add [eax], al
00401090 EE out dx, al
00401091 91 xchg eax, ecx
00401092 0100 add [eax], eax
00401094 14 00 adc al, 0
00401096 0000 add [eax], al
00401098 00E0 add al, ah
0040109A 0000 add [eax], al
0040109C 48 dec eax
0040109D 0300 add eax, [eax]
0040109F 00FF add bh, bh
004010A1 76 38 jbe short 004010DB
004010A3 AD lods dword ptr [esi]
004010A4 50 push eax
004010A5 8B3E mov edi, [esi]
004010A7 BE F0904100 mov esi, 004190F0
004010AC 6A 27 push 27
004010AE 59 pop ecx
004010AF F3:A5 rep movs dword ptr es:[edi], dword p>
004010B1 FF76 04 push dword ptr [esi+4]
004010B4 83C8 FF or eax, FFFFFFFF
004010B7 8BDF mov ebx, edi
004010B9 AB stos dword ptr es:[edi]
004010BA EB 1C jmp short 004010D8
004010BC 0000 add [eax], al
004010BE 0000 add [eax], al
004010C0 47 inc edi
004010C1 65:74 50 je short 00401114
004010C4 72 6F jb short 00401135
004010C6 6341 64 arpl [ecx+64], ax
004010C9 64:72 65 jb short 00401131
004010CC 73 73 jnb short 00401141
004010CE 0000 add [eax], al
004010D0 0000 add [eax], al
004010D2 0000 add [eax], al
004010D4 0000 add [eax], al
004010D6 0000 add [eax], al
004010D8 40 inc eax
004010D9 AB stos dword ptr es:[edi]
004010DA 40 inc eax
004010DB B1 04 mov cl, 4
004010DD F3:AB rep stos dword ptr es:[edi]
004010DF C1E0 0A shl eax, 0A
004010E2 B5 1C mov ch, 1C
004010E4 F3:AB rep stos dword ptr es:[edi]
004010E6 8B7E 0C mov edi, [esi+C]
004010E9 57 push edi
004010EA 51 push ecx
004010EB E9 E3070100 jmp 004118D3
004010F0 56 push esi
004010F1 10E2 adc dl, ah
004010F3 ^ E3 B1 jecxz short 004010A6
004010F5 04 D3 add al, 0D3
004010F7 E0 03 loopdne short 004010FC
004010F9 E8 8D531833 call 3358648B
004010FE C055 40 51 rcl byte ptr [ebp+40], 51
00401102 D3E0 shl eax, cl
00401104 8BEA mov ebp, edx
00401106 91 xchg eax, ecx
00401107 FF56 4C call [esi+4C]
0040110A 99 cdq
0040110B 59 pop ecx
0040110C D1E8 shr eax, 1
0040110E 13D2 adc edx, edx
00401110 ^ E2 FA loopd short 0040110C
00401112 5D pop ebp
00401113 03EA add ebp, edx
00401115 45 inc ebp
00401116 59 pop ecx
00401117 896B 08 mov [ebx+8], ebp
0040111A 56 push esi
0040111B 8BF7 mov esi, edi
0040111D 2BF5 sub esi, ebp
0040111F F3:A4 rep movs byte ptr es:[edi], byte ptr>
00401121 AC lods byte ptr [esi]
00401122 5E pop esi
00401123 B1 80 mov cl, 80
00401125 AA stos byte ptr es:[edi]
00401126 3B7E 34 cmp edi, [esi+34]
00401129 ^ 0F82 ACFEFFFF jb 00400FDB
0040112F 58 pop eax
00401130 5F pop edi
00401131 59 pop ecx
00401132 E3 1B jecxz short 0040114F
00401134 8A07 mov al, [edi]
00401136 47 inc edi
00401137 04 18 add al, 18
00401139 3C 02 cmp al, 2
0040113B ^ 73 F7 jnb short 00401134
0040113D 8B07 mov eax, [edi]
0040113F 3C 00 cmp al, 0
00401141 ^ 75 F3 jnz short 00401136
00401143 B0 00 mov al, 0
00401145 0FC8 bswap eax
00401147 0346 38 add eax, [esi+38]
0040114A 2BC7 sub eax, edi
0040114C AB stos dword ptr es:[edi]
0040114D ^ E2 E5 loopd short 00401134
0040114F 5E pop esi
00401150 5D pop ebp
00401151 59 pop ecx
00401152 46 inc esi
00401153 AD lods dword ptr [esi]
00401154 85C0 test eax, eax
00401156 74 1F je short 00401177
00401158 51 push ecx
00401159 56 push esi
0040115A 97 xchg eax, edi
0040115B FFD1 call ecx
0040115D 93 xchg eax, ebx
0040115E AC lods byte ptr [esi]
0040115F 84C0 test al, al
00401161 ^ 75 FB jnz short 0040115E
00401163 3806 cmp [esi], al
00401165 ^ 74 EA je short 00401151
00401167 8BC6 mov eax, esi
00401169 79 05 jns short 00401170
0040116B 46 inc esi
0040116C 33C0 xor eax, eax
0040116E 66:AD lods word ptr [esi]
00401170 50 push eax
00401171 53 push ebx
00401172 FFD5 call ebp
00401174 AB stos dword ptr es:[edi]
00401175 ^ EB E7 jmp short 0040115E
00401177 C3 retn
00401178 00D0 add al, dl
0040117A 0000 add [eax], al
0040117C 0010 add [eax], dl
0040117E 0000 add [eax], al
00401180 F0:0100 lock add [eax], eax
00401183 0010 add [eax], dl
00401185 0000 add [eax], al
00401187 0048 E3 add [eax-1D], cl
0040118A 40 inc eax
0040118B 008B 1841005B add [ebx+5B004118], cl
00401191 0100 add [eax], eax
00401193 0060 00 add [eax], ah
00401196 00E0 add al, ah
00401198 0010 add [eax], dl
0040119A 40 inc eax
0040119B 00C0 add al, al
0040119D 1841 00 sbb [ecx], al
004011A0 00B0 000000E0 add [eax+E0000000], dh
004011A6 0000 add [eax], al
004011A8 E8 39000000 call 004011E6
004011AD 0200 add al, [eax]
004011AF 0019 add [ecx], bl
004011B1 1240 00 adc al, [eax]
004011B4 FFCF dec edi
004011B6 40 inc eax
004011B7 00E8 add al, ch
004011B9 1941 00 sbb [ecx], eax
004011BC 60 pushad
004011BD 0000 add [eax], al
004011BF ^ E0 F6 loopdne short 004011B7
004011C1 D340 00 rol dword ptr [eax], cl
004011C4 FC cld
004011C5 0F4000 cmovo eax, [eax]
004011C8 0010 add [eax], dl
004011CA 0000 add [eax], al
004011CC 0090 0100F001 add [eax+1F00001], dl
004011D2 0000 add [eax], al
004011D4 1000 adc [eax], al
004011D6 0000 add [eax], al
004011D8 58 pop eax
004011D9 1841 00 sbb [ecx], al
004011DC 5B pop ebx
004011DD 1841 00 sbb [ecx], al
004011E0 6A 18 push 18
004011E2 41 inc ecx
004011E3 0060 00 add [eax], ah
004011E6 00E0 add al, ah
004011E8 B5 5F mov ch, 5F
004011EA 91 xchg eax, ecx
004011EB ^ 7C F1 jl short 004011DE
004011ED 5F pop edi
004011EE 91 xchg eax, ecx
004011EF 7C 00 jl short 004011F1
004011F1 0000 add [eax], al
004011F3 0000 add [eax], al
004011F5 0000 add [eax], al
004011F7 0000 add [eax], al
004011F9 0002 add [edx], al
004011FB 0000 add [eax], al
004011FD 00E8 add al, ch
004011FF 1100 adc [eax], eax
00401201 0000 add [eax], al
00401203 0000 add [eax], al
00401205 0000 add [eax], al
……………… ; 命令置于内存块尾
怎么办??
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
