TA的每日心情 | 奋斗
2020-6-5 22:18 |
|---|
签到天数: 22 天 [LV.4]偶尔看看III
|
|
欢迎您注册加入!这里有您将更精采!
您需要 登录 才可以下载或查看,没有账号?注册
x
Borland Delphi 6.0 - 7.0
- 00509CB0 > $ 55 PUSH EBP
- 00509CB1 . 8BEC MOV EBP,ESP
- 00509CB3 . 83C4 EC ADD ESP,-14
- 00509CB6 . 53 PUSH EBX
- 00509CB7 . 56 PUSH ESI
- 00509CB8 . 57 PUSH EDI
- 00509CB9 . 33C0 XOR EAX,EAX
- 00509CBB . 8945 EC MOV DWORD PTR SS:[EBP-14],EAX
- 00509CBE . B8 20975000 MOV EAX,unpack.00509720
- 00509CC3 . E8 84CCEFFF CALL unpack.0040694C
Microsoft Visual C++ 6.0
- 00496EB8 >/$ 55 PUSH EBP ; (初始 cpu 选择)
- 00496EB9 |. 8BEC MOV EBP,ESP
- 00496EBB |. 6A FF PUSH -1
- 00496EBD |. 68 40375600 PUSH Screensh.00563740
- 00496EC2 |. 68 8CC74900 PUSH Screensh.0049C78C ; SE 处理程序安装
- 00496EC7 |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
- 00496ECD |. 50 PUSH EAX
- 00496ECE |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP
- 00496ED5 |. 83EC 58 SUB ESP,58
Microsoft Visual C++ 6.0 [Overlay] E语言
- 00403831 >/$ 55 PUSH EBP
- 00403832 |. 8BEC MOV EBP,ESP
- 00403834 |. 6A FF PUSH -1
- 00403836 |. 68 F0624000 PUSH Nisy521.004062F0
- 0040383B |. 68 A44C4000 PUSH Nisy521.00404CA4 ; SE 处理程序安装
- 00403840 |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
- 00403846 |. 50 PUSH EAX
- 00403847 |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP
Microsoft Visual Basic 5.0 / 6.0
- 00401166 - FF25 6C104000 JMP DWORD PTR DS:[<&MSVBVM60.#100>] ; MSVBVM60.ThunRTMain
- 0040116C > 68 147C4000 PUSH PACKME.00407C14
- 00401171 E8 F0FFFFFF CALL <JMP.&MSVBVM60.#100>
- 00401176 0000 ADD BYTE PTR DS:[EAX],AL
- 00401178 0000 ADD BYTE PTR DS:[EAX],AL
- 0040117A 0000 ADD BYTE PTR DS:[EAX],AL
- 0040117C 3000 XOR BYTE PTR DS:[EAX],AL
- //或省略第一行的JMP
- 00401FBC > 68 D0D44000 push dumped_.0040D4D0
- 00401FC1 E8 EEFFFFFF call <jmp.&msvbvm60.ThunRTMain>
- 00401FC6 0000 add byte ptr ds:[eax],al
- 00401FC8 0000 add byte ptr ds:[eax],al
- 00401FCA 0000 add byte ptr ds:[eax],al
- 00401FCC 3000 xor byte ptr ds:[eax],al
- 00401FCE 0000 add byte ptr ds:[eax],al
BC++
- 0040163C > $ /EB 10 JMP SHORT BCLOCK.0040164E
- 0040163E |66 DB 66 ; CHAR 'f'
- 0040163F |62 DB 62 ; CHAR 'b'
- 00401640 |3A DB 3A ; CHAR ':'
- 00401641 |43 DB 43 ; CHAR 'C'
- 00401642 |2B DB 2B ; CHAR '+'
- 00401643 |2B DB 2B ; CHAR '+'
- 00401644 |48 DB 48 ; CHAR 'H'
- 00401645 |4F DB 4F ; CHAR 'O'
- 00401646 |4F DB 4F ; CHAR 'O'
- 00401647 |4B DB 4B ; CHAR 'K'
- 00401648 |90 NOP
- 00401649 |E9 DB E9
- 0040164A . |98E04E00 DD OFFSET BCLOCK.___CPPdebugHook
- 0040164E > \A1 8BE04E00 MOV EAX,DWORD PTR DS:[4EE08B]
- 00401653 . C1E0 02 SHL EAX,2
- 00401656 . A3 8FE04E00 MOV DWORD PTR DS:[4EE08F],EAX
- 0040165B . 52 PUSH EDX
- 0040165C . 6A 00 PUSH 0 ; /pModule = NULL
- 0040165E . E8 DFBC0E00 CALL <JMP.&KERNEL32.GetModuleHandleA> ; \GetModuleHandleA
- 00401663 . 8BD0 MOV EDX,EAX
Dasm:
- 00401000 >/$ 6A 00 PUSH 0 ; /pModule = NULL
- 00401002 |. E8 C50A0000 CALL <JMP.&KERNEL32.GetModuleHandleA> ; \GetModuleHandleA
- 00401007 |. A3 0C354000 MOV DWORD PTR DS:[40350C],EAX
- 0040100C |. E8 B50A0000 CALL <JMP.&KERNEL32.GetCommandLineA> ; [GetCommandLineA
- 00401011 |. A3 10354000 MOV DWORD PTR DS:[403510],EAX
- 00401016 |. 6A 0A PUSH 0A ; /Arg4 = 0000000A
- 00401018 |. FF35 10354000 PUSH DWORD PTR DS:[403510] ; |Arg3 = 00000000
- 0040101E |. 6A 00 PUSH 0 ; |Arg2 = 00000000
- 00401020 |. FF35 0C354000 PUSH DWORD PTR DS:[40350C] ; |Arg1 = 00000000
|
|
|Archiver|手机版|小黑屋|联系我们|宝峰科技
( 
滇公网安备 53050202000040号 | 滇ICP备09007156号-2 )
IP卡
狗仔卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡