00401A80 /EB 10 jmp short Promanua.00401A92
00401A82 |66:623A bound di,dword ptr ds:[edx]
00401A85 |43 inc ebx
00401A86 |2B2B sub ebp,dword ptr ds:[ebx]
00401A88 |48 dec eax
00401A89 |4F dec edi
00401A8A |4F dec edi
00401A8B |4B dec ebx
00401A8C |90 nop
00401A8D -|E9 98A06200 jmp 00A2BB2A
00401A92 \A1 8BA06200 mov eax,dword ptr ds:[62A08B]
00401A97 C1E0 02 shl eax,2
00401A9A A3 8FA06200 mov dword ptr ds:[62A08F],eax
00401A9F 52 push edx
00401AA0 6A 00 push 0
00401AA2 E8 4D722200 call Promanua.00628CF4
00401AA7 8BD0 mov edx,eax
00401AA9 E8 32452000 call Promanua.00605FE0
00401AAE 5A pop edx
00401AAF E8 90442000 call Promanua.00605F44
00401AB4 E8 67452000 call Promanua.00606020
00401AB9 6A 00 push 0
00401ABB E8 6C5A2000 call Promanua.0060752C
00401AC0 59 pop ecx
00401AC1 68 34A06200 push Promanua.0062A034
00401AC6 6A 00 push 0
00401AC8 E8 27722200 call Promanua.00628CF4
00401ACD A3 93A06200 mov dword ptr ds:[62A093],eax
00401AD2 6A 00 push 0
00401AD4 E9 27EA2000 jmp Promanua.00610500
00401AD9 > E9 9A5A2000 jmp Promanua.00607578
然后在00401AD4跳到
00610500 55 push ebp
00610501 8BEC mov ebp,esp
00610503 83C4 F4 add esp,-0C
00610506 53 push ebx
00610507 56 push esi
00610508 57 push edi
00610509 8B75 08 mov esi,dword ptr ss:[ebp+8]
0061050C 8B46 10 mov eax,dword ptr ds:[esi+10]
0061050F 83E0 01 and eax,1
00610512 A3 68346400 mov dword ptr ds:[643468],eax
00610517 E8 44D1FFFF call Promanua.0060D660
0061051C 8B56 20 mov edx,dword ptr ds:[esi+20]
0061051F 52 push edx
00610520 8B4E 1C mov ecx,dword ptr ds:[esi+1C]
00610523 51 push ecx
00610524 E8 13D5FFFF call Promanua.0060DA3C
以上是否是OEP呢?
[培训]二进制漏洞攻防(第3期);满10人开班;模糊测试与工具使用二次开发;网络协议漏洞挖掘;Linux内核漏洞挖掘与利用;AOSP漏洞挖掘与利用;代码审计。