这个是刻录软件(UltraISO)我脱了一下壳,用pe查是Borland C++ 1999,但我不敢肯定下面是不是算脱了,还有请高手指教怎么下断,谢谢
004015A8 > $ /EB 10 JMP SHORT 15A8.004015BA
004015AA . |66:623A BOUND DI,DWORD PTR DS:[EDX]
004015AD . |43 INC EBX
004015AE . |2B2B SUB EBP,DWORD PTR DS:[EBX]
004015B0 . |48 DEC EAX
004015B1 . |4F DEC EDI
004015B2 . |4F DEC EDI
004015B3 . |4B DEC EBX
004015B4 . |90 NOP
004015B5 .-|E9 98105F00 JMP 15A8.009F2652
004015BA > \A1 8B105F00 MOV EAX,DWORD PTR DS:[5F108B]
004015BF . C1E0 02 SHL EAX,2
004015C2 . A3 8F105F00 MOV DWORD PTR DS:[5F108F],EAX
004015C7 . 52 PUSH EDX
004015C8 . 6A 00 PUSH 0 ; /pModule = NULL
004015CA . E8 97EC1E00 CALL <JMP.&kernel32.GetModuleHandleA> ; \GetModuleHandleA
004015CF . 8BD0 MOV EDX,EAX
004015D1 . E8 36D21D00 CALL 15A8.005DE80C
004015D6 . 5A POP EDX
004015D7 . E8 94D11D00 CALL 15A8.005DE770
004015DC . E8 6BD21D00 CALL 15A8.005DE84C
004015E1 . 6A 00 PUSH 0 ; /Arg1 = 00000000
004015E3 . E8 2CE91D00 CALL 15A8.005DFF14 ; \15A8.005DFF14
004015E8 . 59 POP ECX
004015E9 . 68 34105F00 PUSH 15A8.005F1034
004015EE . 6A 00 PUSH 0 ; /pModule = NULL
004015F0 . E8 71EC1E00 CALL <JMP.&kernel32.GetModuleHandleA> ; \GetModuleHandleA
004015F5 . A3 93105F00 MOV DWORD PTR DS:[5F1093],EAX
004015FA . 6A 00 PUSH 0
004015FC . E9 CB911E00 JMP 15A8.005EA7CC
00401601 > $ E9 5AE91D00 JMP 15A8.005DFF60
00401606 . 33C0 XOR EAX,EAX
00401608 . A0 7D105F00 MOV AL,BYTE PTR DS:[5F107D]
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!