-
-
不理解。。
-
发表于: 2006-11-6 13:07
-
.386
.model flat, stdcall
option casemap :none
include windows.inc
include kernel32.inc
includelib kernel32.lib
.code
code_start:
call @f
@@:
code_size equ ($-code_start)
sztmp dd 90909090h
start:
mov eax,code_size
invoke ExitProcess,code_size
invoke ExitProcess,addr sztmp
end start
;///////////////////////////////////////////////////////
00401000 E8 00000000 CALL 00401005
00401005 90 NOP
00401006 90 NOP
00401007 90 NOP
00401008 90 NOP
00401009 > B8 05000000 MOV EAX,5
0040100E 68 0A000000 PUSH 0A
00401013 E8 0A000000 CALL <JMP.&KERNEL32.ExitProcess>
00401018 68 05104000 PUSH 00401005
0040101D E8 00000000 CALL <JMP.&KERNEL32.ExitProcess>
00401022 - FF25 00204000 JMP [<&KERNEL32.ExitProcess>] ; kernel32.ExitProcess
谁可以解释下吗
不用call @f就正常
code_start:
nop
nop
nop
nop
nop
code_size equ ($-code_start)
sztmp dd 11111111h
start:
mov eax,code_size
invoke ExitProcess,code_size
invoke ExitProcess,addr sztmp
00401000 90 NOP
00401001 90 NOP
00401002 90 NOP
00401003 90 NOP
00401004 90 NOP
00401005 1111 ADC [ECX],EDX
00401007 1111 ADC [ECX],EDX
00401009 > B8 05000000 MOV EAX,5
0040100E 68 05000000 PUSH 5
00401013 E8 0A000000 CALL <JMP.&KERNEL32.ExitProcess>
00401018 68 05104000 PUSH 00401005
0040101D E8 00000000 CALL <JMP.&KERNEL32.ExitProcess>
00401022 - FF25 00204000 JMP [<&KERNEL32.ExitProcess>] ; kernel32.ExitProcess
.model flat, stdcall
option casemap :none
include windows.inc
include kernel32.inc
includelib kernel32.lib
.code
code_start:
call @f
@@:
code_size equ ($-code_start)
sztmp dd 90909090h
start:
mov eax,code_size
invoke ExitProcess,code_size
invoke ExitProcess,addr sztmp
end start
;///////////////////////////////////////////////////////
00401000 E8 00000000 CALL 00401005
00401005 90 NOP
00401006 90 NOP
00401007 90 NOP
00401008 90 NOP
00401009 > B8 05000000 MOV EAX,5
0040100E 68 0A000000 PUSH 0A
00401013 E8 0A000000 CALL <JMP.&KERNEL32.ExitProcess>
00401018 68 05104000 PUSH 00401005
0040101D E8 00000000 CALL <JMP.&KERNEL32.ExitProcess>
00401022 - FF25 00204000 JMP [<&KERNEL32.ExitProcess>] ; kernel32.ExitProcess
谁可以解释下吗
不用call @f就正常
code_start:
nop
nop
nop
nop
nop
code_size equ ($-code_start)
sztmp dd 11111111h
start:
mov eax,code_size
invoke ExitProcess,code_size
invoke ExitProcess,addr sztmp
00401000 90 NOP
00401001 90 NOP
00401002 90 NOP
00401003 90 NOP
00401004 90 NOP
00401005 1111 ADC [ECX],EDX
00401007 1111 ADC [ECX],EDX
00401009 > B8 05000000 MOV EAX,5
0040100E 68 05000000 PUSH 5
00401013 E8 0A000000 CALL <JMP.&KERNEL32.ExitProcess>
00401018 68 05104000 PUSH 00401005
0040101D E8 00000000 CALL <JMP.&KERNEL32.ExitProcess>
00401022 - FF25 00204000 JMP [<&KERNEL32.ExitProcess>] ; kernel32.ExitProcess
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
