OD载入,忽略所有异常,隐藏OD
00401000 > 68 01B05700 push abslogde.0057B001 ;停在入口处
00401005 E8 01000000 call abslogde.0040100B
0040100A C3 retn
在命令行下:he GetModuleHandleA,Shift+F9运行两次后,清除硬件断点,Alt+F9返回到这里
00C094AC 85C0 test eax,eax ; kernel32.77E40000,返回这里
,F8单步,直到00C095D1
00C094AE 75 07 jnz short 00C094B7 ;
00C094B0 53 push ebx
00C094B1 FF95 F0314400 call dword ptr ss:[ebp+4431F0]
00C094B7 8985 4D294400 mov dword ptr ss:[ebp+44294D],eax
00C094BD C785 51294400 0>mov dword ptr ss:[ebp+442951],0
00C094C7 8B95 D8304400 mov edx,dword ptr ss:[ebp+4430D8]
00C094CD 8B06 mov eax,dword ptr ds:[esi]
00C094CF 85C0 test eax,eax
00C094D1 75 03 jnz short 00C094D6
00C094D3 8B46 10 mov eax,dword ptr ds:[esi+10]
00C094D6 03C2 add eax,edx
00C094D8 0385 51294400 add eax,dword ptr ss:[ebp+442951]
00C094DE 8B18 mov ebx,dword ptr ds:[eax]
00C094E0 8B7E 10 mov edi,dword ptr ds:[esi+10]
00C094E3 03FA add edi,edx
00C094E5 03BD 51294400 add edi,dword ptr ss:[ebp+442951]
00C094EB 85DB test ebx,ebx
00C094ED 0F84 A2000000 je 00C09595
00C094F3 F7C3 00000080 test ebx,80000000
00C094F9 75 04 jnz short 00C094FF
00C094FB 03DA add ebx,edx
00C094FD 43 inc ebx
00C094FE 43 inc ebx
00C094FF 53 push ebx
00C09500 81E3 FFFFFF7F and ebx,7FFFFFFF
00C09506 53 push ebx
00C09507 FFB5 4D294400 push dword ptr ss:[ebp+44294D]
00C0950D FF95 E8314400 call dword ptr ss:[ebp+4431E8]
00C09513 85C0 test eax,eax
00C09515 5B pop ebx
00C09516 75 6F jnz short 00C09587
00C09518 F7C3 00000080 test ebx,80000000
00C0951E 75 19 jnz short 00C09539
00C09520 57 push edi
00C09521 8B46 0C mov eax,dword ptr ds:[esi+C]
00C09524 0385 D8304400 add eax,dword ptr ss:[ebp+4430D8]
00C0952A 50 push eax
00C0952B 53 push ebx
00C0952C 8D85 53314400 lea eax,dword ptr ss:[ebp+443153]
00C09532 50 push eax
00C09533 57 push edi
00C09534 E9 99000000 jmp 00C095D2
00C09539 81E3 FFFFFF7F and ebx,7FFFFFFF
00C0953F 8B85 DC304400 mov eax,dword ptr ss:[ebp+4430DC]
00C09545 3985 4D294400 cmp dword ptr ss:[ebp+44294D],eax
00C0954B 75 24 jnz short 00C09571
00C0954D 57 push edi
00C0954E 8BD3 mov edx,ebx
00C09550 4A dec edx
00C09551 C1E2 02 shl edx,2
00C09554 8B9D 4D294400 mov ebx,dword ptr ss:[ebp+44294D]
00C0955A 8B7B 3C mov edi,dword ptr ds:[ebx+3C]
00C0955D 8B7C3B 78 mov edi,dword ptr ds:[ebx+edi+78]
00C09561 035C3B 1C add ebx,dword ptr ds:[ebx+edi+1C]
00C09565 8B0413 mov eax,dword ptr ds:[ebx+edx]
00C09568 0385 4D294400 add eax,dword ptr ss:[ebp+44294D]
00C0956E 5F pop edi
00C0956F EB 16 jmp short 00C09587
00C09571 57 push edi
00C09572 8B46 0C mov eax,dword ptr ds:[esi+C]
00C09575 0385 D8304400 add eax,dword ptr ss:[ebp+4430D8]
00C0957B 50 push eax
00C0957C 53 push ebx
00C0957D 8D85 A4314400 lea eax,dword ptr ss:[ebp+4431A4]
00C09583 50 push eax
00C09584 57 push edi
00C09585 EB 4B jmp short 00C095D2
00C09587 8907 mov dword ptr ds:[edi],eax
00C09589 8385 51294400 0>add dword ptr ss:[ebp+442951],4
00C09590 ^ E9 32FFFFFF jmp 00C094C7
00C09595 8906 mov dword ptr ds:[esi],eax
00C09597 8946 0C mov dword ptr ds:[esi+C],eax
00C0959A 8946 10 mov dword ptr ds:[esi+10],eax
00C0959D 83C6 14 add esi,14
00C095A0 8B95 D8304400 mov edx,dword ptr ss:[ebp+4430D8]
00C095A6 ^ E9 EBFEFFFF jmp 00C09496
00C095AB 8B85 652A4400 mov eax,dword ptr ss:[ebp+442A65]
00C095B1 50 push eax
00C095B2 0385 D8304400 add eax,dword ptr ss:[ebp+4430D8]
00C095B8 5B pop ebx
00C095B9 0BDB or ebx,ebx
00C095BB 8985 112F4400 mov dword ptr ss:[ebp+442F11],eax
00C095C1 61 popad
00C095C2 75 08 jnz short 00C095CC
00C095C4 B8 01000000 mov eax,1
00C095C9 C2 0C00 retn 0C
00C095CC 68 00000000 push 0
00C095D1 C3 retn ;执行到这里
---------------------------------------------------------------------------------
为什么我<F8单步,直到00C095D1 C3 retn >不到这个位置啊?????请在线的高手帮我一下!!
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
