有2个EXE文件 2个.DLL
00401000 > 68 01704600 PUSH startup.00467001
00401005 E8 01000000 CALL startup.0040100B
0040100A C3 RETN
0040100B C3 RETN
0040100C 14 51 ADC AL,51
0040100E E8 9D51E967 CALL 682961B0
00401013 3C 86 CMP AL,86
00401015 22BA B2351600 AND BH,BYTE PTR DS:[EDX+1635B2]
0040101B E5 75 IN EAX,75 ; I/O 命令
0040101D 61 POPAD
0040101E BD 629A87DF MOV EBP,DF879A62
00401023 8721 XCHG DWORD PTR DS:[ECX],ESP
00401025 93 XCHG EAX,EBX
00401026 85C2 TEST EDX,EAX
00401028 D8E3 FSUB ST,ST(3)
0040102A 9C PUSHFD
0040102B 37 AAA
0040102C 41 INC ECX
0040102D 1317 ADC EDX,DWORD PTR DS:[EDI]
0040102F 4B DEC EBX
00401030 6BA1 24F9781D D>IMUL ESP,DWORD PTR DS:[ECX+1D78F924],-25
00401037 211F AND DWORD PTR DS:[EDI],EBX
00401039 50 PUSH EAX
0040103A BF 9CAF4791 MOV EDI,9147AF9C
0040103F 5E POP ESI
上面的开头
走3次
00467001 60 PUSHAD
00467002 E8 03000000 CALL startup.0046700A
00467007 - E9 EB045D45 JMP 45A374F7
0046700C 55 PUSH EBP
0046700D C3 RETN
0046700E E8 01000000 CALL startup.00467014
00467013 EB 5D JMP SHORT startup.00467072
00467015 BB EDFFFFFF MOV EBX,-13
0046701A 03DD ADD EBX,EBP
0046701C 81EB 00700600 SUB EBX,67000
00467022 807D 4D 01 CMP BYTE PTR SS:[EBP+4D],1
00467026 75 0C JNZ SHORT startup.00467034
00467028 8B7424 28 MOV ESI,DWORD PTR SS:[ESP+28]
0046702C 83FE 01 CMP ESI,1
0046702F 895D 4E MOV DWORD PTR SS:[EBP+4E],EBX
00467032 75 31 JNZ SHORT startup.00467065
00467034 8D45 53 LEA EAX,DWORD PTR SS:[EBP+53]
00467037 50 PUSH EAX
00467038 53 PUSH EBX
00467039 FFB5 ED090000 PUSH DWORD PTR SS:[EBP+9ED]
0046703F 8D45 35 LEA EAX,DWORD PTR SS:[EBP+35]
00467042 50 PUSH EAX
00467043 E9 82000000 JMP startup.004670CA
[培训]科锐逆向工程师培训第53期2025年7月8日开班!
