【求助】OD提示“VB6CHS入口点超出代码范围,可能是个自修改或自解压文件”
用OD加载后运行至 0F34 SYSENTER 再按F7时出现这一提示,同时程序出现注册窗口
添加“注册”键的 WM_LBUTTONUP 消息断点之后按 F9 运行断至733B0801
当前模块是MSVBVM60
733B0801 > 55 PUSH EBP
733B0802 8BEC MOV EBP,ESP
733B0804 83EC 30 SUB ESP,30
733B0807 53 PUSH EBX
733B0808 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+8]
733B080B 56 PUSH ESI
733B080C 57 PUSH EDI
733B080D 53 PUSH EBX
733B080E E8 A157FFFF CALL MSVBVM60.733A5FB4
733B0813 8B7D 0C MOV EDI,DWORD PTR SS:[EBP+C]
733B0816 8BF0 MOV ESI,EAX
733B0818 85F6 TEST ESI,ESI
733B081A 0F84 B6000000 JE MSVBVM60.733B08D6
733B0820 8B46 30 MOV EAX,DWORD PTR DS:[ESI+30]
733B0823 F640 20 10 TEST BYTE PTR DS:[EAX+20],10
733B0827 0F85 F3000000 JNZ MSVBVM60.733B0920
733B082D 8BC7 MOV EAX,EDI
733B082F 48 DEC EAX
733B0830 48 DEC EAX
733B0831 0F84 4B010000 JE MSVBVM60.733B0982
733B0837 2D 80000000 SUB EAX,80
733B083C 0F84 40010000 JE MSVBVM60.733B0982
733B0842 8365 F0 00 AND DWORD PTR SS:[EBP-10],0
733B0846 8B46 28 MOV EAX,DWORD PTR DS:[ESI+28]
733B0849 8B00 MOV EAX,DWORD PTR DS:[EAX]
733B084B 8078 37 1D CMP BYTE PTR DS:[EAX+37],1D
733B084F 0F84 F6650100 JE MSVBVM60.733C6E4B
733B0855 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
733B0858 8365 F8 00 AND DWORD PTR SS:[EBP-8],0
733B085C 50 PUSH EAX
......
MSVBVM60后面跟的都只是地址,没有函数名,请大家指点一下怎么找到它的关键call
软件下载地址 http://www.onlinedown.net/soft/10954.htm
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课