上次发了个帖子。关于某壳代码膨胀的,自己手撸的,这次用了点黑科技,获取到了更多代码。各位大大闲暇之余,希望也来参与清理。不是什么技术贴,希望大家讨论讨论。retaddr就是ret指令,只不过已经有了返回地址,也就是下一句代码。
cmp eax, eax
push fbb5f5
add esp, 04h
push 40b
pushfd
push 103bcd4
add esp, 04h
push 103bcde
add esp, 04h
lea esp, dword ptr [esp-04h]
xchg dword ptr [esp], eax
not eax
and eax, eax
cmp eax, eax
push 103bd12
add esp, 04h
push 103bd1c
add esp, 04h
lea esp, dword ptr [esp-04h]
xchg dword ptr [esp], eax
test eax, eax
xchg dword ptr [esp], eax
push 103bd56
add esp, 04h
lea esp, dword ptr [esp+04h]
push 103bd7c
push 103bd81
add esp, 04h
add dword ptr [esp], 49h
push 103bda7
add esp, 04h
retaddr: 103bdc5
xchg dword ptr [esp], eax
push 103bdd7
add esp, 04h
lea esp, dword ptr [esp+04h]
push 103bdfd
add dword ptr [esp], 29h
push 103be06
add esp, 04h
retaddr: 103be26
popfd
pushad
pushfd
push 103be2e
add esp, 04h
push 103be38
add esp, 04h
lea esp, dword ptr [esp-04h]
xchg dword ptr [esp], eax
not eax
and eax, eax
cmp eax, eax
push 103be6c
add esp, 04h
push 103be76
add esp, 04h
lea esp, dword ptr [esp-04h]
xchg dword ptr [esp], eax
test eax, eax
xchg dword ptr [esp], eax
push 103beb0
add esp, 04h
lea esp, dword ptr [esp+04h]
push 103bed6
push 103bedb
add esp, 04h
add dword ptr [esp], 49h
push 103bf01
add esp, 04h
retaddr: 103bf1f
xchg dword ptr [esp], eax
push 103bf31
add esp, 04h
lea esp, dword ptr [esp+04h]
push 103bf57
add dword ptr [esp], 29h
push 103bf60
add esp, 04h
retaddr: 103bf80
push 103bf85
push 103bb63
xchg dword ptr [esp], eax
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
