[求助]调试DLL发现开头有很多无效指令！-软件逆向-看雪-安全社区|安全招聘|kanxue.com

[求助]调试DLL发现开头有很多无效指令！

发表于: 2007-8-15 15:34 5101

[求助]调试DLL发现开头有很多无效指令！

zfkyo

2007-8-15 15:34

5101

15001000  /.  55          PUSH EBP
15001001  |.  8BEC       MOV    EBP, ESP
15001003  |.  83EC 34    SUB    ESP, 34
15001006  |.  53          PUSH EBX
15001007  |.  56          PUSH ESI
15001008  |.  57          PUSH EDI                            ;  ntdll.7C930738
15001009  |.  8BF6       MOV    ESI, ESI
1500100B  |.  90          NOP
1500100C  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
1500100E  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
15001010  |.  90          NOP
15001011  |.  90          NOP
15001012  |.  8BC0       MOV    EAX, EAX
15001014  |.  8BDB       MOV    EBX, EBX
15001016  |.  90          NOP
15001017  |.  90          NOP
15001018  |.  90          NOP
15001019  |.  8BC0       MOV    EAX, EAX
1500101B  |.  8BDB       MOV    EBX, EBX
1500101D  |.  90          NOP
1500101E  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
15001020  |.  90          NOP
15001021  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
15001023  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
15001025  |.  90          NOP
15001026  |.  90          NOP
15001027  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
15001029  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
1500102B  |.  90          NOP
1500102C  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
1500102E  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
15001030  |.  90          NOP
15001031  |.  90          NOP
15001032  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
15001034  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
15001036  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
15001038  |.  8BC0       MOV    EAX, EAX
1500103A  |.  8BDB       MOV    EBX, EBX
1500103C  |.  8BC9       MOV    ECX, ECX
1500103E  |.  8BF6       MOV    ESI, ESI
15001040  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
15001042  |.  8BED       MOV    EBP, EBP
15001044  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
15001046  |.  90          NOP
15001047  |.  90          NOP
15001048  |.  90          NOP
15001049  |.  8BC0       MOV    EAX, EAX
1500104B  |.  8BDB       MOV    EBX, EBX
1500104D  |.  8BC9       MOV    ECX, ECX
1500104F  |.  8BF6       MOV    ESI, ESI
15001051  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
15001053  |.  8BED       MOV    EBP, EBP
15001055  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
15001057  |.  8BC0       MOV    EAX, EAX
15001059  |.  8BDB       MOV    EBX, EBX
1500105B  |.  8BC9       MOV    ECX, ECX
1500105D  |.  8BF6       MOV    ESI, ESI
1500105F  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
15001061  |.  8BED       MOV    EBP, EBP
15001063  |.  90          NOP
15001064  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
15001066  |.  8BC0       MOV    EAX, EAX
15001068  |.  8BDB       MOV    EBX, EBX
1500106A  |.  8BC9       MOV    ECX, ECX
1500106C  |.  8BF6       MOV    ESI, ESI
1500106E  |.  83C0 01    ADD    EAX, 1
15001071  |.  83E8 01    SUB    EAX, 1
15001074  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
15001076  |.  8BED       MOV    EBP, EBP
15001078  |.  90          NOP
15001079  |.  90          NOP
1500107A  |.  90          NOP
1500107B  |.  90          NOP
1500107C  |.  90          NOP
1500107D  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
1500107F  |.  8BC0       MOV    EAX, EAX
15001081  |.  8BDB       MOV    EBX, EBX
15001083  |.  8BC9       MOV    ECX, ECX
15001085  |.  8BF6       MOV    ESI, ESI
15001087  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
15001089  |.  8BED       MOV    EBP, EBP
1500108B  |.  90          NOP
1500108C  |.  90          NOP
1500108D  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
1500108F  |.  8BC0       MOV    EAX, EAX
15001091  |.  8BDB       MOV    EBX, EBX
15001093  |.  8BC9       MOV    ECX, ECX
15001095  |.  8BF6       MOV    ESI, ESI
15001097  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
15001099  |.  8BED       MOV    EBP, EBP
1500109B  |.  90          NOP
1500109C  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
1500109E  |.  8BC0       MOV    EAX, EAX
150010A0  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
150010A2  |.  90          NOP
150010A3  |.  8BC0       MOV    EAX, EAX
150010A5  |.  8BDB       MOV    EBX, EBX
150010A7  |.  8BC9       MOV    ECX, ECX
150010A9  |.  90          NOP
150010AA  |.  8BF6       MOV    ESI, ESI
150010AC  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
150010AE  |.  8BED       MOV    EBP, EBP
150010B0  |.  90          NOP
150010B1  |.  90          NOP
150010B2  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
150010B4  |.  8BC0       MOV    EAX, EAX
150010B6  |.  8BDB       MOV    EBX, EBX
150010B8  |.  90          NOP
150010B9  |.  8BC9       MOV    ECX, ECX
150010BB  |.  8BF6       MOV    ESI, ESI
150010BD  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
150010BF  |.  8BED       MOV    EBP, EBP
150010C1  |.  90          NOP
150010C2  |.  90          NOP
150010C3  |.  90          NOP
150010C4  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
150010C6  |.  8BC0       MOV    EAX, EAX
150010C8  |.  8BDB       MOV    EBX, EBX
150010CA  |.  8BC9       MOV    ECX, ECX
150010CC  |.  8BF6       MOV    ESI, ESI
150010CE  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
150010D0  |.  8BED       MOV    EBP, EBP
150010D2  |.  90          NOP
150010D3  |.  90          NOP
150010D4  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
150010D6  |.  8BC0       MOV    EAX, EAX
150010D8  |.  8BDB       MOV    EBX, EBX
150010DA  |.  90          NOP
150010DB  |.  8BC9       MOV    ECX, ECX
150010DD  |.  8BF6       MOV    ESI, ESI
150010DF  |.  90          NOP
150010E0  |.  90          NOP
150010E1  |.  90          NOP
150010E2  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
150010E4  |.  8BED       MOV    EBP, EBP
150010E6  |.  90          NOP
150010E7  |.  90          NOP
150010E8  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
150010EA  |.  8BC0       MOV    EAX, EAX
150010EC  |.  8BDB       MOV    EBX, EBX
150010EE  |.  8BC9       MOV    ECX, ECX
150010F0  |.  8BF6       MOV    ESI, ESI
150010F2  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
150010F4  |.  8BED       MOV    EBP, EBP
150010F6  |.  8BF6       MOV    ESI, ESI
150010F8  |.  90          NOP
150010F9  |.  90          NOP
150010FA  |.  90          NOP
150010FB  |.  90          NOP
150010FC  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
150010FE  |.  8BC0       MOV    EAX, EAX
15001100  |.  8BDB       MOV    EBX, EBX
15001102  |.  8BC9       MOV    ECX, ECX
15001104  |.  8BF6       MOV    ESI, ESI
15001106  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
15001108  |.  8BED       MOV    EBP, EBP
1500110A  |.  90          NOP
1500110B  |.  90          NOP
1500110C  |.  90          NOP
1500110D  |.  90          NOP
1500110E  |.  90          NOP
1500110F  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
15001111  |.  8BC0       MOV    EAX, EAX
15001113  |.  8BDB       MOV    EBX, EBX
15001115  |.  8BC9       MOV    ECX, ECX
15001117  |.  8BF6       MOV    ESI, ESI
15001119  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
1500111B  |.  8BED       MOV    EBP, EBP
1500111D  |.  8BF6       MOV    ESI, ESI
1500111F  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
15001121  |.  8BED       MOV    EBP, EBP
15001123  |.  8BF6       MOV    ESI, ESI
15001125  |.  90          NOP
15001126  |.  90          NOP
15001127  |.  90          NOP
15001128  |.  90          NOP
15001129  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
1500112B  |.  8BC0       MOV    EAX, EAX
1500112D  |.  8BDB       MOV    EBX, EBX
1500112F  |.  8BC9       MOV    ECX, ECX
15001131  |.  8BF6       MOV    ESI, ESI
15001133  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
15001135  |.  8BED       MOV    EBP, EBP
15001137  |.  90          NOP
15001138  |.  90          NOP
15001139  |.  90          NOP
1500113A  |.  90          NOP
1500113B  |.  90          NOP
1500113C  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
1500113E  |.  8BC0       MOV    EAX, EAX
15001140  |.  8BDB       MOV    EBX, EBX
15001142  |.  8BC9       MOV    ECX, ECX
15001144  |.  8BF6       MOV    ESI, ESI
15001146  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
15001148  |.  8BED       MOV    EBP, EBP
1500114A  |.  8BC9       MOV    ECX, ECX
1500114C  |.  8BF6       MOV    ESI, ESI
1500114E  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
15001150  |.  8BED       MOV    EBP, EBP
15001152  |.  90          NOP
15001153  |.  90          NOP
15001154  |.  90          NOP
15001155  |.  90          NOP
15001156  |.  90          NOP
15001157  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
15001159  |.  8BC0       MOV    EAX, EAX
1500115B  |.  8BDB       MOV    EBX, EBX
1500115D  |.  8BC9       MOV    ECX, ECX
1500115F  |.  8BF6       MOV    ESI, ESI
15001161  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
15001163  |.  8BED       MOV    EBP, EBP
15001165  |.  90          NOP
15001166  |.  90          NOP
15001167  |.  90          NOP
15001168  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
1500116A  |.  8BC0       MOV    EAX, EAX
1500116C  |.  8BDB       MOV    EBX, EBX
1500116E  |.  8BC9       MOV    ECX, ECX
15001170  |.  8BF6       MOV    ESI, ESI
15001172  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
15001174  |.  8BED       MOV    EBP, EBP
15001176  |.  8BDB       MOV    EBX, EBX
15001178  |.  8BC9       MOV    ECX, ECX
1500117A  |.  8BF6       MOV    ESI, ESI
1500117C  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
1500117E  |.  8BED       MOV    EBP, EBP
15001180  |.  90          NOP
15001181  |.  90          NOP
15001182  |.  90          NOP
15001183  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
15001185  |.  8BC0       MOV    EAX, EAX
15001187  |.  8BDB       MOV    EBX, EBX
15001189  |.  8BC9       MOV    ECX, ECX
1500118B  |.  8BF6       MOV    ESI, ESI
1500118D  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
1500118F  |.  8BED       MOV    EBP, EBP
15001191  |.  8BF6       MOV    ESI, ESI
15001193  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
15001195  |.  8BED       MOV    EBP, EBP
15001197  |.  90          NOP
15001198  |.  90          NOP
15001199  |.  90          NOP
1500119A  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
1500119C  |.  8BC0       MOV    EAX, EAX
1500119E  |.  8BDB       MOV    EBX, EBX
150011A0  |.  8BC9       MOV    ECX, ECX
150011A2  |.  8BF6       MOV    ESI, ESI
150011A4  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
150011A6  |.  8BED       MOV    EBP, EBP
150011A8  |.  90          NOP
150011A9  |.  8BD2       MOV    EDX, EDX                      ;  ntdll.KiFastSystemCallRet
150011AB  |.  8BC0       MOV    EAX, EAX
150011AD  |.  8BDB       MOV    EBX, EBX
150011AF  |.  8BC9       MOV    ECX, ECX
150011B1  |.  8BF6       MOV    ESI, ESI
150011B3  |.  8BFF       MOV    EDI, EDI                      ;  ntdll.7C930738
150011B5  |.  8BED       MOV    EBP, EBP

这个是花指令吗？如果是的话该怎么解决？

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

收藏・1

免费・0

支持

最新回复 (2)
冲天剑雪币： 433 活跃值： (176) 能力值： ( LV13，RANK：1250 ) 在线值：发帖 49 回帖 230 粉丝 4 关注私信	冲天剑 31 2 楼这些只是无用指令，还算不上花指令。建议你用IDA加载这个文件，将反汇编文本导出为.asm文件，在那个文件里就可以把无用的指令都删了。 2007-8-15 18:31 0
WiNrOOt 雪币： 255 活跃值： (266) 能力值： ( LV12，RANK：220 ) 在线值：发帖 20 回帖 624 粉丝 1 关注私信	WiNrOOt 5 3 楼这些代码跟你调试有关系吗？看他干嘛 2007-8-16 11:53 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

zfkyo

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (2)
冲天剑雪币： 433 活跃值： (176) 能力值： ( LV13，RANK：1250 ) 在线值：发帖 49 回帖 230 粉丝 4 关注私信	冲天剑 31 2 楼这些只是无用指令，还算不上花指令。建议你用IDA加载这个文件，将反汇编文本导出为.asm文件，在那个文件里就可以把无用的指令都删了。 2007-8-15 18:31 0
WiNrOOt 雪币： 255 活跃值： (266) 能力值： ( LV12，RANK：220 ) 在线值：发帖 20 回帖 624 粉丝 1 关注私信	WiNrOOt 5 3 楼这些代码跟你调试有关系吗？看他干嘛 2007-8-16 11:53 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复