我是一个刚学脱壳没多久的菜鸟 想多了解一些壳的入口代码 才没了解多少 就出现问题了 很多PEID是查不出来 都不知道是什么壳 请各位大侠帮帮忙分析一下 谢谢 下面是一段OD载入后的代码 :
0051948B > 50 push eax
0051948C E8 0C000000 call 0051949D
00519491 238B 4424FC81 and ecx, dword ptr [ebx+81FC2444]
00519497 70 0B jo short 005194A4
00519499 14 05 adc al, 5
0051949B CC int3
0051949C 9B wait
0051949D FF0424 inc dword ptr [esp]
005194A0 C3 retn
005194A1 E8 03000000 call 005194A9
005194A6 - E9 EB1D8B04 jmp 04DCB296
005194AB 24 C6 and al, 0C6
005194AD 00EA add dl, ch
005194AF 2D E3394600 sub eax, 004639E3
005194B4 05 6A3A4600 add eax, 00463A6A
005194B9 C600 9B mov byte ptr [eax], 9B
005194BC FF0424 inc dword ptr [esp]
005194BF E8 07000000 call 005194CB
005194C4 75 25 jnz short 005194EB
005194C6 74 20 je short 005194E8
005194C8 E8 30328030 call 30D1C6FD
005194CD ^ 73 8B jnb short 0051945A
005194CF 04 24 add al, 24
005194D1 89C6 mov esi, eax
005194D3 66:AD lods word ptr [esi]
005194D5 89F2 mov edx, esi
005194D7 58 pop eax
005194D8 FF70 FB push dword ptr [eax-5]
005194DB 8F02 pop dword ptr [edx]
005194DD B9 A83A4600 mov ecx, 00463AA8
005194E2 81E9 013A4600 sub ecx, 00463A01
005194E8 8D3408 lea esi, dword ptr [eax+ecx]
005194EB B9 10584600 mov ecx, 00465810
005194F0 83EA FF sub edx, -1
005194F3 C702 A83A4600 mov dword ptr [edx], 00463AA8
005194F9 812A 083A4600 sub dword ptr [edx], 00463A08
005194FF 81E9 A83A4600 sub ecx, 00463AA8
00519505 BA F5000000 mov edx, 0F5
0051950A 50 push eax
0051950B E8 0C000000 call 0051951C
00519510 878B 4424FC81 xchg dword ptr [ebx+81FC2444], ecx
00519516 70 0B jo short 00519523
00519518 14 05 adc al, 5
0051951A CC int3
0051951B 9B wait
0051951C FF0424 inc dword ptr [esp]
0051951F C3 retn
00519520 75 01 jnz short 00519523
00519522 - E9 001646E2 jmp E297AB27
00519527 FB sti
00519528 EB 03 jmp short 0051952D
0051952A FF25 C3E8FAFF jmp dword ptr [FFFAE8C3]
00519530 FFFF ??? ; 未知命令
00519532 C3 retn
00519533 E8 01000000 call 00519539
00519538 EA 5883E805 C39>jmp far 90C3:05E88358
0051953F 55 push ebp
00519540 8BEC mov ebp, esp
00519542 51 push ecx
00519543 8D55 FC lea edx, dword ptr [ebp-4]
00519546 8902 mov dword ptr [edx], eax
00519548 EB 15 jmp short 0051955F
0051954A 8B02 mov eax, dword ptr [edx]
0051954C 8A00 mov al, byte ptr [eax]
0051954E 3C 61 cmp al, 61
00519550 72 06 jb short 00519558
00519552 3C 7A cmp al, 7A
00519554 77 02 ja short 00519558
00519556 2C 20 sub al, 20
00519558 8B0A mov ecx, dword ptr [edx]
0051955A 8801 mov byte ptr [ecx], al
0051955C FF45 FC inc dword ptr [ebp-4]
0051955F 8B02 mov eax, dword ptr [edx]
00519561 8038 00 cmp byte ptr [eax], 0
00519564 ^ 75 E4 jnz short 0051954A
00519566 59 pop ecx
00519567 5D pop ebp
00519568 C3 retn
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法