[求助]帮看看下这段代码是哪种虚拟机的入口-¥付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [求助]帮看看下这段代码是哪种虚拟机的入口 0.00雪花

2007-12-24 18:00 2599

[旧帖] [求助]帮看看下这段代码是哪种虚拟机的入口 0.00雪花

maikkk

2007-12-24 18:00

2599

.text:0001B4E0 loc_1B4E0:                            ; CODE XREF: .text:00020458j
.text:0001B4E0                                        ; .text:00020462j ...
.text:0001B4E0                pusha
.text:0001B4E1                pushf
.text:0001B4E2                cld
.text:0001B4E3                call $+5
.text:0001B4E8
.text:0001B4E8 loc_1B4E8:                            ; DATA XREF: sub_14500+6FE9o
.text:0001B4E8                pop    edi
.text:0001B4E9                sub    edi, offset loc_1B4E8
.text:0001B4EF                mov    eax, edi
.text:0001B4F1                add    edi, offset dword_1B200
.text:0001B4F7                cmp    eax, [edi+2Ch]
.text:0001B4FA                jnz    short loc_1B4FE
.text:0001B4FC                jmp    short loc_1B534
.text:0001B4FE ; ---------------------------------------------------------------------------
.text:0001B4FE
.text:0001B4FE loc_1B4FE:                            ; CODE XREF: sub_14500+6FFAj
.text:0001B4FE                mov    [edi+2Ch], eax
.text:0001B501                mov    ecx, 0A7h
.text:0001B506                jmp    short loc_1B515
.text:0001B508 ; ---------------------------------------------------------------------------
.text:0001B508
.text:0001B508 loc_1B508:                            ; CODE XREF: sub_14500+7017j
.text:0001B508                jmp    short loc_1B510
.text:0001B508 ; END OF FUNCTION CHUNK FOR sub_14500
.text:0001B50A ; ---------------------------------------------------------------------------
.text:0001B50A                add    [edi+ecx*4+50h], eax
.text:0001B50E                jmp    short loc_1B514
.text:0001B510 ; ---------------------------------------------------------------------------
.text:0001B510 ; START OF FUNCTION CHUNK FOR sub_14500
.text:0001B510
.text:0001B510 loc_1B510:                            ; CODE XREF: sub_14500:loc_1B508j
.text:0001B510                add    [edi+ecx*4+40h], eax
.text:0001B514
.text:0001B514 loc_1B514:                            ; CODE XREF: .text:0001B50Ej
.text:0001B514                dec    ecx
.text:0001B515
.text:0001B515 loc_1B515:                            ; CODE XREF: sub_14500+7006j
.text:0001B515                or    ecx, ecx
.text:0001B517                jnz    short loc_1B508
.text:0001B519                cmp    dword ptr [edi+40h], 0
.text:0001B51D                jz    short loc_1B534
.text:0001B51F                mov    esi, [edi+40h]
.text:0001B522                add    esi, eax
.text:0001B524                jmp    short loc_1B52F
.text:0001B526 ; ---------------------------------------------------------------------------
.text:0001B526
.text:0001B526 loc_1B526:                            ; CODE XREF: sub_14500+7032j
.text:0001B526                mov    ebx, [esi]
.text:0001B528                add    ebx, eax
.text:0001B52A                add    [ebx], eax
.text:0001B52C                add    esi, 4
.text:0001B52F
.text:0001B52F loc_1B52F:                            ; CODE XREF: sub_14500+7024j
.text:0001B52F                cmp    dword ptr [esi], 0
.text:0001B532                jnz    short loc_1B526
.text:0001B534
.text:0001B534 loc_1B534:                            ; CODE XREF: sub_14500+6FFCj
.text:0001B534                                        ; sub_14500+701Dj
.text:0001B534                mov    esi, [esp+3Ch+var_18]
.text:0001B538                mov    ebx, esi
.text:0001B53A                add    esi, eax
.text:0001B53C                mov    ecx, 1
.text:0001B541
.text:0001B541 loc_1B541:                            ; CODE XREF: sub_14500+7048j
.text:0001B541                xor    eax, eax
.text:0001B543                lock cmpxchg [edi+30h], ecx
.text:0001B548                jnz    short loc_1B541
text:0001B548 ; END OF FUNCTION CHUNK FOR sub_14500
.text:0001B54A ; START OF FUNCTION CHUNK FOR sub_1C4B1
.text:0001B54A
.text:0001B54A loc_1B54A:                            ; CODE XREF: sub_1D745-215Fj
.text:0001B54A                                        ; sub_1DC5E:loc_1B62Fj ...
.text:0001B54A                lodsb
.text:0001B54B                push dx
.text:0001B54D                mov    dl, 0E9h
.text:0001B54F                jmp    loc_1E90D

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法

收藏・0

点赞・0

打赏