-
-
[求助]pe-armor部分源码求解
-
发表于:
2008-4-11 22:32
4056
-
ShellStart0:
call next0
;********************
ImportTableBegin:
ImportTable DD AddressFirst-ImportTable
DD 0,0
AppImpRVA1 DD DllName-ImportTable
AppImpRVA2 DD AddressFirst-ImportTable
DD 0,0,0,0,0
AddressFirst DD FirstFunc-ImportTable
AddressSecond DD SecondFunc-ImportTable
AddressThird DD ThirdFunc-ImportTable
DD 0
DllName DB 'KERNEL32.dll'
DW 0
FirstFunc DW 0
DB 'GetProcAddress',0
SecondFunc DW 0
DB 'GetModuleHandleA',0
ThirdFunc DW 0
DB 'LoadLibraryA',0
ImportTableEnd:
ShellBase DD 0
ShellPackSize DD 0
Virtualalloc DB 'VirtualAlloc',0
VirtualallocADDR DD 0
TlsTable DB 18h dup (?)
next0:
pop ebp
sub ebp,(ImportTable-ShellStart0)
lea esi,[ebp+(DllName-ShellStart0)]
push esi
call dword ptr [ebp+(AddressSecond-ShellStart0)] ;
这句话是什么意思呢,起什么作用呢? lea esi,[ebp+(Virtualalloc-ShellStart0)]
push esi
push eax
call dword ptr [ebp+(AddressFirst-ShellStart0)]
mov dword ptr [ebp+(VirtualallocADDR-ShellStart0)],eax
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
