可执行模块
基址 大小 ? 入口 名称 文件版本 路径
00400000 00C4B000 00A94FAC aa C:\aa\aa.exe
62C20000 00009000 62C22EAD LPK 5.1.2600.2180 (x C:\WINDOWS\system32\LPK.DLL
73FA0000 0006B000 73FDAEB6 USP10 1.0420.2600.2180 C:\WINDOWS\system32\USP10.dll
76300000 0001D000 763012C0 IMM32 5.1.2600.2180 (x C:\WINDOWS\system32\IMM32.DLL
77BE0000 00058000 77BEF2A1 msvcrt 7.0.2600.2180 (x C:\WINDOWS\system32\msvcrt.dll
77D10000 0008F000 77D1F538 USER32 5.1.2600.2622 (x C:\WINDOWS\system32\USER32.dll
77DA0000 000A9000 77DA70D4 ADVAPI32 5.1.2600.2180 (x C:\WINDOWS\system32\ADVAPI32.dll
77E50000 00091000 77E56284 RPCRT4 5.1.2600.2180 (x C:\WINDOWS\system32\RPCRT4.dll
77EF0000 00047000 77EF65BA GDI32 5.1.2600.2818 (x C:\WINDOWS\system32\GDI32.dll
7C800000 0011C000 7C80B5AE kernel32 5.1.2600.2945 (x C:\WINDOWS\system32\kernel32.dll
7C920000 00094000 7C933156 ntdll 5.1.2600.2180 (x C:\WINDOWS\system32\ntdll.dll
第一段汇编码
00A94FAC > $ 60 PUSHAD
00A94FAD $ 55 PUSH EBP
00A94FAE . 8BEC MOV EBP,ESP
00A94FB0 . 81EC 54030000 SUB ESP,354
00A94FB6 . 53 PUSH EBX
00A94FB7 . 56 PUSH ESI
00A94FB8 . 57 PUSH EDI
00A94FB9 . C685 F4FEFFFF>MOV BYTE PTR [EBP-10C],0
00A94FC0 . C685 F5FEFFFF>MOV BYTE PTR [EBP-10B],0
00A94FC7 . C685 F6FEFFFF>MOV BYTE PTR [EBP-10A],0
00A94FCE . C685 F7FEFFFF>MOV BYTE PTR [EBP-109],0
00A94FD5 . 8DBD F8FEFFFF LEA EDI,[EBP-108]
00A94FDB . 33C0 XOR EAX,EAX
00A94FDD . B9 3F000000 MOV ECX,3F
00A94FE2 . F3:AB REP STOS DWORD PTR ES:[EDI]
00A94FE4 . C685 A4FDFFFF>MOV BYTE PTR [EBP-25C],0
00A94FEB . C685 A5FDFFFF>MOV BYTE PTR [EBP-25B],0
00A94FF2 . C685 A6FDFFFF>MOV BYTE PTR [EBP-25A],0
00A94FF9 . C685 A7FDFFFF>MOV BYTE PTR [EBP-259],0
00A95000 . 8DBD A8FDFFFF LEA EDI,[EBP-258]
00A95006 . 33C0 XOR EAX,EAX
00A95008 . B9 3F000000 MOV ECX,3F
00A9500D . F3:AB REP STOS DWORD PTR ES:[EDI]
00A9500F . A1 1861A900 MOV EAX,[A96118]
00A95014 . 3305 2061A900 XOR EAX,[A96120]
00A9501A . 8985 A8FEFFFF MOV [EBP-158],EAX
00A95020 . 8B85 A8FEFFFF MOV EAX,[EBP-158]
00A95026 . 8945 F8 MOV [EBP-8],EAX
00A95029 . 8D85 A4FDFFFF LEA EAX,[EBP-25C]
00A9502F . 50 PUSH EAX
00A95030 . 8D85 F4FEFFFF LEA EAX,[EBP-10C]
00A95036 . 50 PUSH EAX
00A95037 . 8D45 F8 LEA EAX,[EBP-8]
00A9503A . 50 PUSH EAX
00A9503B . E8 BF030000 CALL aa.00A953FF
00A95040 . 83C4 0C ADD ESP,0C
00A95043 . C785 ECFEFFFF>MOV DWORD PTR [EBP-114],0
00A9504D . EB 06 JMP SHORT aa.00A95055
00A9504F > FF85 ECFEFFFF INC DWORD PTR [EBP-114]
00A95055 > 83BD ECFEFFFF>CMP DWORD PTR [EBP-114],20
00A9505C . 7D 7C JGE SHORT aa.00A950DA
00A9505E . 8B85 ECFEFFFF MOV EAX,[EBP-114]
00A95064 . 833C85 8860A9>CMP DWORD PTR [EAX*4+A96088],0
00A9506C . 74 65 JE SHORT aa.00A950D3
00A9506E . 8B85 ECFEFFFF MOV EAX,[EBP-114]
00A95074 . 8B0485 8860A9>MOV EAX,[EAX*4+A96088]
00A9507B . 50 PUSH EAX
00A9507C . A1 1061A900 MOV EAX,[A96110]
00A95081 . 50 PUSH EAX
00A95082 . 8D85 F4FEFFFF LEA EAX,[EBP-10C]
00A95088 . 50 PUSH EAX
00A95089 . E8 2D030000 CALL aa.00A953BB
00A9508E . 83C4 0C ADD ESP,0C
00A95091 . 8B85 ECFEFFFF MOV EAX,[EBP-114]
00A95097 . 8B0485 0860A9>MOV EAX,[EAX*4+A96008]
00A9509E . 0305 1461A900 ADD EAX,[A96114] ; aa.00400000
00A950A4 . 50 PUSH EAX
00A950A5 . 8B85 ECFEFFFF MOV EAX,[EBP-114]
00A950AB . 8B0485 8860A9>MOV EAX,[EAX*4+A96088]
00A950B2 . 50 PUSH EAX
00A950B3 . A1 1061A900 MOV EAX,[A96110]
00A950B8 . 50 PUSH EAX
00A950B9 . E8 42EFFFFF CALL aa.00A94000
00A950BE . 8B85 ECFEFFFF MOV EAX,[EBP-114]
00A950C4 . 8B0485 8860A9>MOV EAX,[EAX*4+A96088]
00A950CB . 0105 1061A900 ADD [A96110],EAX
00A950D1 . EB 02 JMP SHORT aa.00A950D5
00A950D3 > EB 05 JMP SHORT aa.00A950DA
00A950D5 >^ E9 75FFFFFF JMP aa.00A9504F
00A950DA > A1 5470A900 MOV EAX,[<&KERNEL32.LoadLibraryA>]
00A950DF . A3 2861A900 MOV [A96128],EAX
00A950E4 . A1 5070A900 MOV EAX,[<&KERNEL32.GetProcAddress>]
00A950E9 . A3 2C61A900 MOV [A9612C],EAX
00A950EE . 68 B061A900 PUSH aa.00A961B0 ; ASCII "kernel32.dll"
00A950F3 . FF15 2861A900 CALL [A96128]
00A950F9 . 8945 F4 MOV [EBP-C],EAX
00A950FC . 68 C061A900 PUSH aa.00A961C0 ; ASCII "GlobalAlloc"
00A95101 . 8B45 F4 MOV EAX,[EBP-C]
00A95104 . 50 PUSH EAX
00A95105 . FF15 2C61A900 CALL [A9612C]
00A9510B . A3 3061A900 MOV [A96130],EAX
00A95110 . 68 00100000 PUSH 1000
00A95115 . E8 F0F2FFFF CALL aa.00A9440A
00A9511A . 83C4 04 ADD ESP,4
00A9511D . 8945 FC MOV [EBP-4],EAX
00A95120 . 837D FC 00 CMP DWORD PTR [EBP-4],0
00A95124 . 75 05 JNZ SHORT aa.00A9512B
00A95126 . E9 15010000 JMP aa.00A95240
00A9512B > 68 00100000 PUSH 1000
00A95130 . A1 0C61A900 MOV EAX,[A9610C]
00A95135 . 50 PUSH EAX
00A95136 . 8B45 FC MOV EAX,[EBP-4]
00A95139 . 50 PUSH EAX
00A9513A . E8 41F3FFFF CALL aa.00A94480
00A9513F . 83C4 0C ADD ESP,0C
00A95142 . A1 1C61A900 MOV EAX,[A9611C]
00A95147 . 3305 2461A900 XOR EAX,[A96124]
00A9514D . 8985 A8FEFFFF MOV [EBP-158],EAX
00A95153 . 8B85 A8FEFFFF MOV EAX,[EBP-158]
00A95159 . 8945 F8 MOV [EBP-8],EAX
00A9515C . 8D85 A4FDFFFF LEA EAX,[EBP-25C]
00A95162 . 50 PUSH EAX
00A95163 . 8D85 F4FEFFFF LEA EAX,[EBP-10C]
00A95169 . 50 PUSH EAX
00A9516A . 8D45 F8 LEA EAX,[EBP-8]
00A9516D . 50 PUSH EAX
00A9516E . E8 8C020000 CALL aa.00A953FF
00A95173 . 83C4 0C ADD ESP,0C
00A95176 . 68 00100000 PUSH 1000
00A9517B . 8B45 FC MOV EAX,[EBP-4]
00A9517E . 50 PUSH EAX
00A9517F . 8D85 F4FEFFFF LEA EAX,[EBP-10C]
00A95185 . 50 PUSH EAX
00A95186 . E8 30020000 CALL aa.00A953BB
00A9518B . 83C4 0C ADD ESP,0C
00A9518E . 8D85 ACFCFFFF LEA EAX,[EBP-354]
00A95194 . 50 PUSH EAX
00A95195 . 8D85 ACFEFFFF LEA EAX,[EBP-154]
00A9519B . 50 PUSH EAX
00A9519C . 8B45 FC MOV EAX,[EBP-4]
00A9519F . 50 PUSH EAX
00A951A0 . E8 84F3FFFF CALL aa.00A94529
00A951A5 . 83C4 0C ADD ESP,0C
00A951A8 . 8985 A4FEFFFF MOV [EBP-15C],EAX
00A951AE . 83BD A4FEFFFF>CMP DWORD PTR [EBP-15C],0
00A951B5 . 74 05 JE SHORT aa.00A951BC
00A951B7 . E9 84000000 JMP aa.00A95240
00A951BC > 33C0 XOR EAX,EAX
00A951BE . 66:8B85 B2FCF>MOV AX,[EBP-34E]
00A951C5 . 8D0480 LEA EAX,[EAX+EAX*4]
00A951C8 . C1E0 03 SHL EAX,3
00A951CB . 50 PUSH EAX
00A951CC . E8 39F2FFFF CALL aa.00A9440A
00A951D1 . 83C4 04 ADD ESP,4
00A951D4 . 8985 F0FEFFFF MOV [EBP-110],EAX
00A951DA . 83BD F0FEFFFF>CMP DWORD PTR [EBP-110],0
00A951E1 . 75 02 JNZ SHORT aa.00A951E5
00A951E3 . EB 5B JMP SHORT aa.00A95240
00A951E5 > 8B85 F0FEFFFF MOV EAX,[EBP-110]
00A951EB . 50 PUSH EAX
00A951EC . 8D85 ACFCFFFF LEA EAX,[EBP-354]
00A951F2 . 50 PUSH EAX
00A951F3 . 8D85 ACFEFFFF LEA EAX,[EBP-154]
00A951F9 . 50 PUSH EAX
00A951FA . 8B45 FC MOV EAX,[EBP-4]
00A951FD . 50 PUSH EAX
00A951FE . E8 D8F3FFFF CALL aa.00A945DB
00A95203 . 83C4 10 ADD ESP,10
00A95206 . 8B85 F0FEFFFF MOV EAX,[EBP-110]
00A9520C . 50 PUSH EAX
00A9520D . 8D85 ACFCFFFF LEA EAX,[EBP-354]
00A95213 . 50 PUSH EAX
00A95214 . A1 1461A900 MOV EAX,[A96114]
00A95219 . 50 PUSH EAX
00A9521A . E8 3B000000 CALL aa.00A9525A
00A9521F . 83C4 0C ADD ESP,0C
00A95222 . 8B85 F0FEFFFF MOV EAX,[EBP-110]
00A95228 . 50 PUSH EAX
00A95229 . 8D85 ACFCFFFF LEA EAX,[EBP-354]
00A9522F . 50 PUSH EAX
00A95230 . A1 1461A900 MOV EAX,[A96114]
00A95235 . 50 PUSH EAX
00A95236 . E8 DDF3FFFF CALL aa.00A94618
00A9523B . 83C4 0C ADD ESP,0C
00A9523E . EB 00 JMP SHORT aa.00A95240
00A95240 > 5F POP EDI
00A95241 . 5E POP ESI
00A95242 . 5B POP EBX
00A95243 . C9 LEAVE
大家帮忙看看,是不是delphi的?什么版本的,谢谢。
[课程]FART 脱壳王!加量不加价!FART作者讲授!