载入OD
00802498 > E8 02000000 call Custom.0080249F
0080249D 24 C7 and al,0C7
0080249F 871C24 xchg dword ptr ss:[esp],ebx
008024A2 8D9B 72090000 lea ebx,dword ptr ds:[ebx+972]
008024A8 871C24 xchg dword ptr ss:[esp],ebx
008024AB E9 5F090000 jmp Custom.00802E0F
008024B0 DCC9 fmul st(1),st
008024B2 0F83 32050000 jnb Custom.008029EA
008024B8 E9 A8020000 jmp Custom.00802765
008024BD E8 02000000 call Custom.008024C4
008024C2 ^ 76 DD jbe short Custom.008024A1
008024C4 870424 xchg dword ptr ss:[esp],eax
008024C7 8D80 98060000 lea eax,dword ptr ds:[eax+698]
008024CD 870424 xchg dword ptr ss:[esp],eax
008024D0 E9 77070000 jmp Custom.00802C4C
008024D5 92 xchg eax,edx
008024D6 F4 hlt
008024D7 C745 E0 4C6F616>mov dword ptr ss:[ebp-20],64616F4C
008024DE E9 F0050000 jmp Custom.00802AD3
008024E3 59 pop ecx
008024E4 B3 02 mov bl,2
008024E6 E9 D3050000 jmp Custom.00802ABE
008024EB 8AFF mov bh,bh
单步跟踪后到
00802E0F 60 pushad
00802E10 E9 DD000000 jmp Custom.00802EF2
00802E15 43 inc ebx
00802E16 8580 FA117065 test dword ptr ds:[eax+657011FA],eax
00802E1C 71 63 jno short Custom.00802E81
00802E1E 26:27 daa
00802E20 15 FF75F0E9 adc eax,E9F075FF
00802E25 52 push edx
00802E26 FFFF ??? ; 未知命令
00802E28 FF29 jmp far fword ptr ds:[ecx]
00802E2A 27 daa
00802E2B 1C 3B sbb al,3B
然后用ESP定律后到这
005BB568 . 55 push ebp
005BB569 . 8BEC mov ebp,esp
005BB56B . 83C4 E4 add esp,-1C
005BB56E . 53 push ebx
005BB56F . B8 E0AF5B00 mov eax,Custom.005BAFE0
005BB574 . E8 1FBEE4FF call Custom.00407398
005BB579 . 8B1D 443A5C00 mov ebx,dword ptr ds:[5C3A44] ; Custom.005C4BF0
005BB57F . 8B03 mov eax,dword ptr ds:[ebx]
005BB581 . E8 8AB6ECFF call Custom.00486C10
005BB586 . 8B0B mov ecx,dword ptr ds:[ebx]
005BB588 . B2 01 mov dl,1
005BB58A . A1 D0955600 mov eax,dword ptr ds:[5695D0]
005BB58F . E8 0C3DECFF call Custom.0047F2A0
这是否是入口点?能脱么?
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
