-
-
[原创]压缩壳之dePACK壳分析
-
发表于: 2009-3-10 23:17
-
前面已经有过几篇压缩壳的文章,接下来还是对于压缩壳的一点个人分析,
壳开始代码的其中一部分
loc_46B003: [color=#008000]; CODE XREF: startj[/color] .depack:0046B003 [color=#0000FF]pusha[/color] .depack:0046B004 [color=#0000FF]push[/color] [color=#FF0000]offset[/color] dword_401000 [color=#008000]; .text[/color] .depack:0046B009 [color=#0000FF]push[/color] 0A181h .depack:0046B00E [color=#0000FF]call[/color] DePack .depack:0046B013 [color=#0000FF]push[/color] [color=#FF0000]offset[/color] unk_44B000 [color=#008000]; .rdata[/color] .depack:0046B018 [color=#0000FF]push[/color] 0C81h .depack:0046B01D [color=#0000FF]call[/color] DePack .depack:0046B022 [color=#0000FF]push[/color] [color=#FF0000]offset[/color] unk_457000 [color=#008000]; .data[/color] .depack:0046B027 [color=#0000FF]push[/color] 581h .depack:0046B02C [color=#0000FF]call[/color] DePack .depack:0046B031 [color=#0000FF]nop[/color] .depack:0046B032 [color=#0000FF]jmp[/color] [color=#FF0000]short[/color] loc_46B035
[color=#0000FF]push[/color] [color=#808000]ebp[/color] [color=#0000FF]mov[/color] [color=#808000]ebp[/color], [color=#808000]esp[/color] [color=#0000FF]pusha[/color] [color=#0000FF]push[/color] [color=#808000]ebp[/color] [color=#0000FF]mov[/color] [color=#808000]esi[/color], [[color=#808000]ebp[/color]+arg_0] [color=#0000FF]mov[/color] [color=#808000]edi[/color], [[color=#808000]ebp[/color]+arg_4] [color=#008000]; 401000[/color] [color=#0000FF]call[/color] sub_46B04F [color=#0000FF]jmp[/color] [color=#FF0000]short[/color] loc_46B053 DePack [color=#FF0000]endp[/color]
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
