今天手痒,看到一软件很好玩,可dll文件加了aspack2.11的壳(PEID探测),想手脱之,一路下来,找到了 popad
jnz short
mov eax, 1
retn 0C
push 00b5bd18
retn
按理说, 00b5bd18就应该是入口地址了,可到
00b5bd18 一看,傻眼了:
00B5BD18 55 db 55 ; CHAR 'U'
00B5BD19 8B db 8B
00B5BD1A EC db EC
00B5BD1B 83 db 83
00B5BD1C C4C4B800 dd xxx.00B8C4C4
00B5BD20 B3 db B3
00B5BD21 B5 db B5
00B5BD22 00 db 00
00B5BD23 E8 db E8
00B5BD24 48 db 48 ; CHAR 'H'
00B5BD25 AF db AF
00B5BD26 D1 db D1
00B5BD27 FF db FF
00B5BD28 E8 db E8
00B5BD29 B7 db B7
00B5BD2A 86 db 86
00B5BD2B D1 db D1
00B5BD2C FF db FF
00B5BD2D 8D40 00 lea eax, dword ptr [eax]
00B5BD30 00 db 00
00B5BD31 00 db 00
00B5BD32 00 db 00
00B5BD33 00 db 00
00B5BD34 00 db 00
请问高手,怎么回事?假的?