0064F800 > E8 D8020000 CALL hch.0064FADD //载入OD 停在这,若F9,直接运行,且运行前其实找不到某DLL,这个DLL,不存在的,每次名字不一样
0064F805 EB 22 JMP SHORT hch.0064F829
0064F807 80BA 3038857F 8>CMP BYTE PTR DS:[EDX+7F853830],8A
0064F80E 43 INC EBX
0064F80F 9B WAIT
0064F810 192A SBB DWORD PTR DS:[EDX],EBP
0064F812 FD STD
0064F813 FB STI
0064F814 ^ E1 8B LOOPDE SHORT hch.0064F7A1
0064F816 CA 237B RETF 7B23 ; 远返回
0064F819 58 POP EAX
0064F81A 847A AA TEST BYTE PTR DS:[EDX-56],BH
0064F81D F8 CLC
0064F81E 4E DEC ESI
0064F81F BB AC795EE5 MOV EBX,E55E79AC
0064F824 56 PUSH ESI
0064F825 17 POP SS ; 段寄存器更改
0064F826 88FF MOV BH,BH
0064F828 15 50C3627C ADC EAX,7C62C350
0064F82D EB 5A JMP SHORT hch.0064F889
0064F82F 36:F1 INT1 ; 多余的前缀
0064F831 0000 ADD BYTE PTR DS:[EAX],AL
0064F833 0024E9 ADD BYTE PTR DS:[ECX+EBP*8],AH
0064F836 64:0000 ADD BYTE PTR FS:[EAX],AL
0064F839 F8 CLC
0064F83A 64:0097 4C02000>ADD BYTE PTR FS:[EDI+24C],DL
0064F841 0000 ADD BYTE PTR DS:[EAX],AL
-------------------------------------------------------------------------------------
0064F800 > E8 D8020000 CALL hch.0064FADD //F7进入
0064FADD 55 PUSH EBP
0064FADE 8BEC MOV EBP,ESP
0064FAE0 83EC 10 SUB ESP,10
0064FAE3 53 PUSH EBX
0064FAE4 56 PUSH ESI
0064FAE5 57 PUSH EDI
0064FAE6 EB 0A JMP SHORT hch.0064FAF2
0064FAE8 838B 4504EB01 F>OR DWORD PTR DS:[EBX+1EB0445],FFFFFFF0
0064FAEF EB 04 JMP SHORT hch.0064FAF5
0064FAF1 54 PUSH ESP
0064FAF2 ^ EB F5 JMP SHORT hch.0064FAE9
0064FAF4 6BEB 0C IMUL EBP,EBX,0C
0064FAF7 B7 6B MOV BH,6B
0064FAF9 8D40 FB LEA EAX,DWORD PTR DS:[EAX-5]
0064FAFC EB 01 JMP SHORT hch.0064FAFF
0064FAFE 09EB OR EBX,EBP
0064FB00 06 PUSH ES
0064FB01 9B WAIT
0064FB02 0D EBF4E7E8 OR EAX,E8E7F4EB
0064FB07 EB 0D JMP SHORT hch.0064FB16
0064FB09 9C PUSHFD
0064FB0A FE89 45F0EB03 DEC BYTE PTR DS:[ECX+3EBF045]
0064FB10 BB 4B62EB06 MOV EBX,6EB624B
0064FB15 - 66:EB F3 JMP SHORT 0000FB0B
0064FB18 3C 5B CMP AL,5B
0064FB1A BC EB13CC25 MOV ESP,25CC13EB
0064FB1F E7 8B OUT 8B,EAX ; I/O 命令
0064FB21 45 INC EBP
0064FB22 F0:83C0 30 LOCK ADD EAX,30 ; 不允许锁定前缀
0064FB26 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
0064FB29 EB 02 JMP SHORT hch.0064FB2D
0064FB2B B5 39 MOV CH,39
0064FB2D EB 04 JMP SHORT hch.0064FB33
0064FB2F 32EB XOR CH,BL
0064FB31 EE OUT DX,AL ; I/O 命令
0064FB32 AB STOS DWORD PTR ES:[EDI]
0064FB33 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0064FB36 8378 18 00 CMP DWORD PTR DS:[EAX+18],0
0064FB3A 75 35 JNZ SHORT hch.0064FB71
0064FB3C 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0064FB3F 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10]
0064FB42 2B48 08 SUB ECX,DWORD PTR DS:[EAX+8]
0064FB45 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0064FB48 0348 04 ADD ECX,DWORD PTR DS:[EAX+4]
0064FB4B 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0064FB4E 8948 04 MOV DWORD PTR DS:[EAX+4],ECX
0064FB51 6A 01 PUSH 1
0064FB53 FF75 F4 PUSH DWORD PTR SS:[EBP-C]
0064FB56 FF75 F0 PUSH DWORD PTR SS:[EBP-10]
0064FB59 E8 F1010000 CALL hch.0064FD4F
0064FB5E 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0064FB61 C740 18 0100000>MOV DWORD PTR DS:[EAX+18],1
0064FB68 FF75 F0 PUSH DWORD PTR SS:[EBP-10]
0064FB6B E8 01010000 CALL hch.0064FC71
0064FB70 59 POP ECX
0064FB71 EB 0E JMP SHORT hch.0064FB81
0064FB73 218B 4504EB03 AND DWORD PTR DS:[EBX+3EB0445],ECX
0064FB79 06 PUSH ES
0064FB7A - E9 25EB0602 JMP 026BE6A4
0064FB7F 28BB EBF18DEB SUB BYTE PTR DS:[EBX+EB8DF1EB],BH
0064FB85 1122 ADC DWORD PTR DS:[EDX],ESP
0064FB87 39A3 18100000 CMP DWORD PTR DS:[EBX+1018],ESP
0064FB8D EB 03 JMP SHORT hch.0064FB92
0064FB8F 6D INS DWORD PTR ES:[EDI],DX ; I/O 命令
0064FB90 ^ 70 E5 JO SHORT hch.0064FB77
0064FB92 EB 06 JMP SHORT hch.0064FB9A
0064FB94 ^ 78 87 JS SHORT hch.0064FB1D
0064FB96 EC IN AL,DX ; I/O 命令
0064FB97 ^ EB EF JMP SHORT hch.0064FB88
[培训]科锐逆向工程师培训第53期2025年7月8日开班!
