目标文件是个DLL,用OD启动就不能正常运行
用OD看到的代码如下
1000225C . C3 retn
1000225D . 8B85 70FEFFFF mov eax, dword ptr [ebp-190]
10002263 . E9 81050000 jmp 100027E9
10002268 > C745 FC FFFFF>mov dword ptr [ebp-4], -1
1000226F > 68 9F220010 push 1000229F
10002274 . 64:FF35 00000>push dword ptr fs:[0]
1000227B . EB 10 jmp short 1000228D
1000227D - E9 64892500 jmp 1025ABE6
10002282 0000 add byte ptr [eax], al
10002284 00FF add bh, bh
10002286 FFE9 jmp far ecx ; 非法使用寄存器
10002288 68 020000E9 push E9000002
1000228D > B8 00000000 mov eax, 0
10002292 . 8D05 42250010 lea eax, dword ptr [10002542]
10002298 . 894424 04 mov dword ptr [esp+4], eax
1000229C .^ EB E0 jmp short 1000227E
1000229E E9 db E9
1000229F > 817D 0C 00010>cmp dword ptr [ebp+C], 100
100022A6 . 7D 0B jge short 100022B3
100022A8 . 8B45 0C mov eax, dword ptr [ebp+C]
但我用DASM看到的确是另一种代码:
:1000225C C3 ret
:1000225D 8B8570FEFFFF mov eax, dword ptr [ebp+FFFFFE70]
:10002263 E981050000 jmp 100027E9
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1000224B(U)
|
:10002268 C745FCFFFFFFFF mov [ebp-04], FFFFFFFF
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10002173(U)
|
:1000226F 689F220010 push 1000229F
:10002274 64FF3500000000 push dword ptr fs:[00000000]
:1000227B EB10 jmp 1000228D
:1000227D E964892500 jmp 1025ABE6
:10002282 000000 BYTE 3 DUP(0)
:10002285 FFFF BYTE 2 DUP(0ffh)
:10002287 E968020000 jmp 100024F4
:1000228C E9B8000000 jmp 10002349
:10002291 008D05422500 add byte ptr [ebp+00254205], cl
:10002297 1089442404EB adc byte ptr [ecx+EB042444], cl
:1000229D E0E9 loopnz 10002288
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:100024EF(U), :1000253D(U), :10002622(C), :100026B2(C)
|
:1000229F 817D0C00010000 cmp dword ptr [ebp+0C], 00000100
:100022A6 7D0B jge 100022B3
:100022A8 8B450C mov eax, dword ptr [ebp+0C]
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课