察壳:Microsoft Visual C++ 6.0
用OD载入,查出一个字符串,用w32和c32查出都是乱码
那我就用bp MessageBoxA 下段,运行
77E541E5 /74 0A je short USER32.77E541F1
77E541E7 |50 push eax
77E541E8 |FF76 78 push dword ptr ds:[esi+78]
77E541EB |FF15 E814E177 call dword ptr ds:[<&GDI32.SelectObject>>; GDI32.SelectObject
77E541F1 \8D45 F0 lea eax,dword ptr ss:[ebp-10]
77E541F4 50 push eax
77E541F5 FF76 04 push dword ptr ds:[esi+4]
77E541F8 E8 DC86FDFF call USER32.77E2C8D9
77E541FD FF75 FC push dword ptr ss:[ebp-4]
77E54200 FF75 F8 push dword ptr ss:[ebp-8]
77E54203 FF75 F4 push dword ptr ss:[ebp-C]
77E54206 FF75 F0 push dword ptr ss:[ebp-10]
77E54209 FF76 78 push dword ptr ds:[esi+78]
77E5420C FF15 EC14E177 call dword ptr ds:[<&GDI32.IntersectClip>; GDI32.IntersectClipRect
77E54212 6A 00 push 0
77E54214 6A 00 push 0
77E54216 FF76 6C push dword ptr ds:[esi+6C]
77E54219 FF76 78 push dword ptr ds:[esi+78]
77E5421C FF15 0C14E177 call dword ptr ds:[<&GDI32.OffsetWindowO>; GDI32.OffsetWindowOrgEx
77E54222 5E pop esi
77E54223 C9 leave
77E54224 C2 0400 retn 4
77E54227 90 nop
77E54228 90 nop
77E54229 90 nop
77E5422A 90 nop
77E5422B 90 nop
77E5422C 8BFF mov edi,edi
77E5422E 55 push ebp
77E5422F 8BEC mov ebp,esp
77E54231 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
77E54234 8B01 mov eax,dword ptr ds:[ecx]
77E54236 8B50 48 mov edx,dword ptr ds:[eax+48]
77E54239 2B50 40 sub edx,dword ptr ds:[eax+40]
77E5423C 8951 28 mov dword ptr ds:[ecx+28],edx
77E5423F 8B50 4C mov edx,dword ptr ds:[eax+4C]
77E54242 2B50 44 sub edx,dword ptr ds:[eax+44]
77E54245 2B51 2C sub edx,dword ptr ds:[ecx+2C]
77E54248 85D2 test edx,edx
77E5424A 7E 04 jle short USER32.77E54250
77E5424C 8349 34 FF or dword ptr ds:[ecx+34],FFFFFFFF
77E54250 51 push ecx
77E54251 E8 18F8FDFF call USER32.77E33A6E
77E54256 5D pop ebp
77E54257 C2 0400 retn 4
77E5425A 90 nop
77E5425B 90 nop
77E5425C 90 nop
77E5425D 90 nop
77E5425E 90 nop
77E5425F > 8BFF mov edi,edi // 断在这里
77E54261 55 push ebp
77E54262 8BEC mov ebp,esp
77E54264 833D B814E777 0>cmp dword ptr ds:[77E714B8],0
77E5426B 75 24 jnz short USER32.77E54291
77E5426D 64:A1 18000000 mov eax,dword ptr fs:[18]
77E54273 6A 00 push 0
77E54275 FF70 24 push dword ptr ds:[eax+24]
77E54278 68 281AE777 push USER32.77E71A28
77E5427D FF15 3C12E177 call dword ptr ds:[<&KERNEL32.Interlocke>; kernel32.InterlockedCompareExchange
77E54283 85C0 test eax,eax
77E54285 75 0A jnz short USER32.77E54291
77E54287 C705 241AE777 0>mov dword ptr ds:[77E71A24],1
77E54291 6A 00 push 0
77E54293 FF75 14 push dword ptr ss:[ebp+14]
77E54296 FF75 10 push dword ptr ss:[ebp+10]
77E54299 FF75 0C push dword ptr ss:[ebp+C]
77E5429C FF75 08 push dword ptr ss:[ebp+8]
77E5429F E8 09000000 call USER32.MessageBoxExA
77E542A4 5D pop ebp
77E542A5 C2 1000 retn 10
77E542A8 90 nop
77E542A9 90 nop
77E542AA 90 nop
77E542AB 90 nop
77E542AC 90 nop
77E542AD > 8BFF mov edi,edi
77E542AF 55 push ebp
77E542B0 8BEC mov ebp,esp
77E542B2 6A FF push -1
77E542B4 FF75 18 push dword ptr ss:[ebp+18]
77E542B7 FF75 14 push dword ptr ss:[ebp+14]
77E542BA FF75 10 push dword ptr ss:[ebp+10]
77E542BD FF75 0C push dword ptr ss:[ebp+C]
77E542C0 FF75 08 push dword ptr ss:[ebp+8]
77E542C3 E8 A9390100 call USER32.MessageBoxTimeoutA
77E542C8 5D pop ebp
77E542C9 C2 1400 retn 14
这个怎么加载加载了dll文件
我是新手都不知道怎么弄了,有谁帮下忙么?
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
