00465470 55 push ebp
00465471 8BEC mov ebp, esp
00465473 6A FF push -0x1
00465475 68 60B25900 push 0059B260
0046547A 68 48245200 push 00522448
0046547F 64:A1 00000000 mov eax, dword ptr fs:[0]
00465485 50 push eax
00465486 64:8925 00000000 mov dword ptr fs:[0], esp
0046548D 81EC B8030000 sub esp, 0x3B8
00465493 A1 A0745E00 mov eax, dword ptr [0x5E74A0]
00465498 33C5 xor eax, ebp
0046549A 8945 E4 mov dword ptr [ebp-0x1C], eax
0046549D 53 push ebx
0046549E 56 push esi
0046549F 57 push edi
004654A0 8965 E8 mov dword ptr [ebp-0x18], esp
004654A3 8B55 08 mov edx, dword ptr [ebp+0x8]
004654A6 8995 60FCFFFF mov dword ptr [ebp-0x3A0], edx
004654AC A0 E0D46300 mov al, byte ptr [0x63D4E0]
004654B1 84C0 test al, al
004654B3 74 0A je short 004654BF
004654B5 B8 01000000 mov eax, 0x1
004654BA E9 2C020000 jmp 004656EB
004654BF C605 E0D46300 01 mov byte ptr [0x63D4E0], 0x1
004654C6 B9 20000000 mov ecx, 0x20
004654CB 33C0 xor eax, eax
004654CD 8DBD 64FFFFFF lea edi, dword ptr [ebp-0x9C]
004654D3 F3:AB rep stos dword ptr es:[edi]
004654D5 B9 20000000 mov ecx, 0x20
004654DA 8DBD E4FEFFFF lea edi, dword ptr [ebp-0x11C]
004654E0 F3:AB rep stos dword ptr es:[edi]
004654E2 8945 FC mov dword ptr [ebp-0x4], eax
004654E5 8985 54FCFFFF mov dword ptr [ebp-0x3AC], eax
004654EB 3D 80000000 cmp eax, 0x80
004654F0 7D 15 jge short 00465507
004654F2 80BC05 64FFFFFF 2F cmp byte ptr [ebp+eax-0x9C], 0x2F
004654FA 75 08 jnz short 00465504
004654FC C68405 64FFFFFF 2D mov byte ptr [ebp+eax-0x9C], 0x2D
00465504 40 inc eax
00465505 ^ EB DE jmp short 004654E5
00465507 8B02 mov eax, dword ptr [edx]
00465509 8B48 0C mov ecx, dword ptr [eax+0xC]
0046550C 51 push ecx
0046550D 8D95 64FFFFFF lea edx, dword ptr [ebp-0x9C]
00465513 52 push edx
00465514 68 44B25900 push 0059B244 ; ASCII "crash %s(0x%x).dmp"
00465519 8D85 E4FEFFFF lea eax, dword ptr [ebp-0x11C]
0046551F 50 push eax
00465520 E8 E0C10B00 call 00521705
00465525 83C4 10 add esp, 0x10
00465528 33DB xor ebx, ebx
0046552A 899D 5CFCFFFF mov dword ptr [ebp-0x3A4], ebx
00465530 68 34B25900 push 0059B234 ; ASCII "DBGHELP.DLL"
00465535 - E9 DDC89400 jmp 00DB1E17
0046553A 90 nop
0046553B 07 pop es
0046553C 96 xchg eax, esi
0046553D BD B1C93E85 mov ebp, 0x853EC9B1
00465542 C0741C 68 1C sal byte ptr [esp+ebx+0x68], 0x1C
00465547 B2 59 mov dl, 0x59
00465549 0050 FF add byte ptr [eax-0x1], dl
0046554C 15 6C00E802 adc eax, 0x2E8006C
00465551 8BD8 mov ebx, eax
00465553 899D 5CFCFFFF mov dword ptr [ebp-0x3A4], ebx
00465559 8B35 E002E802 mov esi, dword ptr [0x2E802E0] ; user32.MessageBoxA
0046555F EB 16 jmp short 00465577
00465561 6A 00 push 0x0
00465563 68 F08B5900 push 00598BF0
00465568 68 00B25900 push 0059B200
0046556D 6A 00 push 0x0
0046556F 8B35 E002E802 mov esi, dword ptr [0x2E802E0] ; user32.MessageBoxA
00465575 FFD6 call esi
00465577 85DB test ebx, ebx
00465579 75 0E jnz short 00465589
0046557B 53 push ebx
0046557C 68 F08B5900 push 00598BF0
00465581 68 E4B15900 push 0059B1E4
00465586 53 push ebx
00465587 FFD6 call esi
00465589 6A 00 push 0x0
0046558B 68 80000010 push 0x10000080
00465590 6A 02 push 0x2
00465592 6A 00 push 0x0
00465594 6A 00 push 0x0
00465596 68 00000040 push 0x40000000
0046559B 8D8D E4FEFFFF lea ecx, dword ptr [ebp-0x11C]
004655A1 51 push ecx
004655A2 FF15 6000E802 call dword ptr [0x2E80060] ; kernel32.CreateFileA
004655A8 8BF8 mov edi, eax
004655AA 89BD 40FCFFFF mov dword ptr [ebp-0x3C0], edi
004655B0 83FF FF cmp edi, -0x1
004655B3 75 33 jnz short 004655E8
004655B5 FF15 0800E802 call dword ptr [0x2E80008] ; ntdll.RtlGetLastWin32Error
004655BB 8985 44FCFFFF mov dword ptr [ebp-0x3BC], eax
004655C1 50 push eax
004655C2 68 C0B15900 push 0059B1C0
004655C7 8D95 64FEFFFF lea edx, dword ptr [ebp-0x19C]
004655CD 52 push edx
004655CE E8 32C10B00 call 00521705
004655D3 83C4 0C add esp, 0xC
004655D6 6A 00 push 0x0
004655D8 68 F08B5900 push 00598BF0
004655DD 8D85 64FEFFFF lea eax, dword ptr [ebp-0x19C]
004655E3 50 push eax
004655E4 6A 00 push 0x0
004655E6 FFD6 call esi
004655E8 C785 58FCFFFF 00000>mov dword ptr [ebp-0x3A8], 0x0
004655F2 FF15 5800E802 call dword ptr [0x2E80058] ; kernel32.GetCurrentThreadId
004655F8 8985 48FCFFFF mov dword ptr [ebp-0x3B8], eax
004655FE 8B8D 60FCFFFF mov ecx, dword ptr [ebp-0x3A0]
00465604 898D 4CFCFFFF mov dword ptr [ebp-0x3B4], ecx
0046560A C785 50FCFFFF 01000>mov dword ptr [ebp-0x3B0], 0x1
00465614 8D95 48FCFFFF lea edx, dword ptr [ebp-0x3B8]
0046561A 8995 58FCFFFF mov dword ptr [ebp-0x3A8], edx
00465620 83FF FF cmp edi, -0x1
00465623 74 3F je short 00465664
00465625 85DB test ebx, ebx
00465627 74 3B je short 00465664
00465629 6A 00 push 0x0
0046562B 6A 00 push 0x0
0046562D 8BC2 mov eax, edx
0046562F 50 push eax
00465630 6A 00 push 0x0
00465632 57 push edi
00465633 FF15 7000E802 call dword ptr [0x2E80070] ; kernel32.GetCurrentProcessId
00465639 50 push eax
0046563A FF15 7400E802 call dword ptr [0x2E80074] ; kernel32.GetCurrentProcess
00465640 50 push eax
00465641 FFD3 call ebx
00465643 8985 3CFCFFFF mov dword ptr [ebp-0x3C4], eax
00465649 6A 00 push 0x0
0046564B 68 F08B5900 push 00598BF0
00465650 85C0 test eax, eax
00465652 74 07 je short 0046565B
00465654 68 A4B15900 push 0059B1A4
00465659 EB 05 jmp short 00465660
0046565B 68 88B15900 push 0059B188
00465660 6A 00 push 0x0
00465662 FFD6 call esi
00465664 57 push edi
00465665 FF15 3800E802 call dword ptr [0x2E80038] ; kernel32.CloseHandle
0046566B C745 FC FFFFFFFF mov dword ptr [ebp-0x4], -0x1
00465672 8B8D 60FCFFFF mov ecx, dword ptr [ebp-0x3A0]
00465678 8B01 mov eax, dword ptr [ecx]
0046567A 68 7CB15900 push 0059B17C ; ASCII "16:07:46"
0046567F 68 6CB15900 push 0059B16C ; ASCII "May 19 2009"
00465684 8B50 0C mov edx, dword ptr [eax+0xC]
00465687 52 push edx
00465688 8B00 mov eax, dword ptr [eax]
0046568A 50 push eax
0046568B 68 80B05900 push 0059B080
00465690 8D8D E4FEFFFF lea ecx, dword ptr [ebp-0x11C]
00465696 51 push ecx
00465697 68 20B05900 push 0059B020
0046569C 68 DCAF5900 push 0059AFDC ; ASCII "%s%s%s",LF,"Exception Code: %X, at address: %08X ",LF,"Date: %s %s"
004656A1 8D95 64FCFFFF lea edx, dword ptr [ebp-0x39C]
004656A7 52 push edx
004656A8 FF15 DC02E802 call dword ptr [0x2E802DC] ; user32.wsprintfA
004656AE 83C4 24 add esp, 0x24
004656B1 6A 00 push 0x0
004656B3 68 D0AF5900 push 0059AFD0
004656B8 8D85 64FCFFFF lea eax, dword ptr [ebp-0x39C]
004656BE 50 push eax
004656BF 6A 00 push 0x0
004656C1 FFD6 call esi
004656C3 EB 24 jmp short 004656E9
004656C5 B8 01000000 mov eax, 0x1
004656CA C3 retn
在网上看到另人说VC7的入口,和我这个入口不一样,连接器版本7.10
应该是VC.net 2003
请问这OEP是不是正确的,有没有偷取
[课程]Android-CTF解题方法汇总!