-
-
[求助]哪位大侠能帮我看下这个壳
-
发表于:
2007-8-26 11:56
4063
-
OD载入后.
004B84BF > B8 00000000 mov eax,0 ; (初始 cpu 选择)
004B84C4 60 pushad
004B84C5 9C pushfd
004B84C6 E8 00000000 call exe.004B84CB
004B84CB 5D pop ebp
004B84CC 83ED 0C sub ebp,0C
004B84CF 8DB5 E9FDFFFF lea esi,dword ptr ss:[ebp-217]
004B84D5 8B06 mov eax,dword ptr ds:[esi]
004B84D7 85C0 test eax,eax
004B84D9 74 11 je short exe.004B84EC
004B84DB 8DB5 11FEFFFF lea esi,dword ptr ss:[ebp-1EF]
004B84E1 8B06 mov eax,dword ptr ds:[esi]
004B84E3 EB 00 jmp short exe.004B84E5
004B84E5 48 dec eax
004B84E6 0F84 4B020000 je exe.004B8737
004B84EC C706 01000000 mov dword ptr ds:[esi],1
004B84F2 8BD5 mov edx,ebp
004B84F4 8B85 A5FDFFFF mov eax,dword ptr ss:[ebp-25B]
004B84FA 2BD0 sub edx,eax
004B84FC 8995 A5FDFFFF mov dword ptr ss:[ebp-25B],edx
004B8502 0195 D5FDFFFF add dword ptr ss:[ebp-22B],edx
004B8508 8DB5 19FEFFFF lea esi,dword ptr ss:[ebp-1E7]
004B850E 0116 add dword ptr ds:[esi],edx
004B8510 8B36 mov esi,dword ptr ds:[esi]
004B8512 8BFD mov edi,ebp
004B8514 60 pushad
这是什么壳
EP区段只有两个
各位大侠谁能告诉我这是什么壳?
谢谢了..
[课程]Linux pwn 探索篇!
