00401000 > $ EB 10 JMP SHORT 录像.00401012
00401002 66 DB 66 ; CHAR 'f'
00401003 62 DB 62 ; CHAR 'b'
00401004 3A DB 3A ; CHAR ':'
00401005 43 DB 43 ; CHAR 'C'
00401006 2B DB 2B ; CHAR '+'
00401007 2B DB 2B ; CHAR '+'
00401008 48 DB 48 ; CHAR 'H'
00401009 4F DB 4F ; CHAR 'O'
0040100A 4F DB 4F ; CHAR 'O'
0040100B 4B DB 4B ; CHAR 'K'
0040100C 90 NOP
0040100D E9 DB E9
0040100E . 18C44A00 DD OFFSET 录像.___CPPdebugHook
00401012 > A1 0BC44A00 MOV EAX,DWORD PTR DS:[4AC40B]
00401017 . C1E0 02 SHL EAX,2
0040101A . A3 0FC44A00 MOV DWORD PTR DS:[4AC40F],EAX
0040101F . 52 PUSH EDX
00401020 . 6A 00 PUSH 0 ; /pModule = NULL
00401022 . E8 039A0A00 CALL <JMP.&KERNEL32.GetModuleHandleA> ; \GetModuleHandleA
00401027 . 8BD0 MOV EDX,EAX
00401029 . E8 7E6E0800 CALL 录像.00487EAC
0040102E . 5A POP EDX
用peid查是Borland C++ 1999 [Overlay]请高手指点一下谢谢.
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)