.386
.model flat, stdcall
option casemap :none
include windows.inc
include kernel32.inc
includelib kernel32.lib
.code
code_start:
call @f
@@:
code_size equ ($-code_start)
sztmp dd 90909090h
start:
mov eax,code_size
invoke ExitProcess,code_size
invoke ExitProcess,addr sztmp
end start
;///////////////////////////////////////////////////////
00401000 E8 00000000 CALL 00401005
00401005 90 NOP
00401006 90 NOP
00401007 90 NOP
00401008 90 NOP
00401009 > B8 05000000 MOV EAX,5
0040100E 68 0A000000
PUSH 0A
00401013 E8 0A000000 CALL <JMP.&KERNEL32.ExitProcess>
00401018 68 05104000 PUSH 00401005
0040101D E8 00000000 CALL <JMP.&KERNEL32.ExitProcess>
00401022 - FF25 00204000 JMP [<&KERNEL32.ExitProcess>] ; kernel32.ExitProcess
谁可以解释下吗
不用call @f就正常
code_start:
nop
nop
nop
nop
nop
code_size equ ($-code_start)
sztmp dd 11111111h
start:
mov eax,code_size
invoke ExitProcess,code_size
invoke ExitProcess,addr sztmp
00401000 90 NOP
00401001 90 NOP
00401002 90 NOP
00401003 90 NOP
00401004 90 NOP
00401005 1111 ADC [ECX],EDX
00401007 1111 ADC [ECX],EDX
00401009 > B8 05000000 MOV EAX,5
0040100E 68 05000000 PUSH 5
00401013 E8 0A000000 CALL <JMP.&KERNEL32.ExitProcess>
00401018 68 05104000 PUSH 00401005
0040101D E8 00000000 CALL <JMP.&KERNEL32.ExitProcess>
00401022 - FF25 00204000 JMP [<&KERNEL32.ExitProcess>] ; kernel32.ExitProcess
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课