00426001 60 PUSHAD
00426002 E8 03000000 CALL tylqz8.0042600A
00426007 - E9 EB045D45 JMP 459F64F7
0042600C 55 PUSH EBP
0042600D C3 RETN
0042600E E8 01000000 CALL tylqz8.00426014
00426013 EB 5D JMP SHORT tylqz8.00426072
00426015 BB EDFFFFFF MOV EBX,-13
0042601A 03DD ADD EBX,EBP
0042601C 81EB 00600200 SUB EBX,26000
00426022 83BD 22040000 0>CMP DWORD PTR SS:[EBP+422],0
00426029 899D 22040000 MOV DWORD PTR SS:[EBP+422],EBX
0042602F 0F85 65030000 JNZ tylqz8.0042639A
00426035 8D85 2E040000 LEA EAX,DWORD PTR SS:[EBP+42E]
0042603B 50 PUSH EAX
0042603C FF95 4D0F0000 CALL DWORD PTR SS:[EBP+F4D] ; GetModuleHandle("kernel32.dll")
00426042 8985 26040000 MOV DWORD PTR SS:[EBP+426],EAX
00426048 8BF8 MOV EDI,EAX
0042604A 8D5D 5E LEA EBX,DWORD PTR SS:[EBP+5E]
0042604D 53 PUSH EBX
0042604E 50 PUSH EAX
0042604F FF95 490F0000 CALL DWORD PTR SS:[EBP+F49] ; GetProcAddres(eax,"virtualalloc")
00426055 8985 4D050000 MOV DWORD PTR SS:[EBP+54D],EAX ; SS:[00426560]=7C809AF1 (kernel32.VirtualAlloc)
0042605B 8D5D 6B LEA EBX,DWORD PTR SS:[EBP+6B] ; 地址=0042607E, (ASCII "VirtualFree")
0042605E 53 PUSH EBX
0042605F 57 PUSH EDI
00426060 FF95 493C0000 CALL DWORD PTR SS:[EBP+3C49] ;CALL 0DAD803A
od中出现
CALL 0DAD803A
0DAD803A 是虚拟内存地址吧??? 但F7却跟不进,跟进去就什么也没了,如果F8,就显示"不知如何单步,因为内存地址0DAD803A不可读,尝试更改EIP或
[课程]FART 脱壳王!加量不加价!FART作者讲授!