首页 > 逆向调试 > Borland C++入口点特征码

Borland C++入口点特征码

Borland C++入口点特征码:(一进去就是一个跳转)

00401000 > $ /EB 10         JMP SHORT ImageWat.00401012
00401002     |66            DB 66                                    ;  CHAR 'f'
00401003     |62            DB 62                                    ;  CHAR 'b'
00401004     |3A            DB 3A                                    ;  CHAR ':'
00401005     |43            DB 43                                    ;  CHAR 'C'
00401006     |2B            DB 2B                                    ;  CHAR '+'
00401007     |2B            DB 2B                                    ;  CHAR '+'
00401008     |48            DB 48                                    ;  CHAR 'H'
00401009     |4F            DB 4F                                    ;  CHAR 'O'
0040100A     |4F            DB 4F                                    ;  CHAR 'O'
0040100B     |4B            DB 4B                                    ;  CHAR 'K'
0040100C     |90            NOP
0040100D     |E9            DB E9
0040100E   . |50966100      DD OFFSET ImageWat.___CPPdebugHook
00401012   > \A1 43966100   MOV EAX,DWORD PTR DS:[619643]
00401017   .  C1E0 02       SHL EAX,2
0040101A   .  A3 47966100   MOV DWORD PTR DS:[619647],EAX
0040101F   .  52            PUSH EDX
00401020   .  6A 00         PUSH 0                                   ; /pModule = NULL
00401022   .  E8 FD6B2100   CALL <JMP.&KERNEL32.GetModuleHandleA>    ; \GetModuleHandleA
00401027   .  8BD0          MOV EDX,EAX
00401029   .  E8 82BC2000   CALL ImageWat.0060CCB0
0040102E   .  5A            POP EDX
0040102F   .  E8 E0BB2000   CALL ImageWat.0060CC14
00401034   .  E8 B7BC2000   CALL ImageWat.0060CCF0
00401039   .  6A 00         PUSH 0                                   ; /Arg1 = 00000000
0040103B   .  E8 D4CE2000   CALL ImageWat.0060DF14                   ; \ImageWat.0060DF14
00401040   .  59            POP ECX
00401041   .  68 EC956100   PUSH ImageWat.006195EC
00401046   .  6A 00         PUSH 0                                   ; /pModule = NULL
00401048   .  E8 D76B2100   CALL <JMP.&KERNEL32.GetModuleHandleA>    ; \GetModuleHandleA
0040104D   .  A3 4B966100   MOV DWORD PTR DS:[61964B],EAX
00401052   .  6A 00         PUSH 0
00401054   .  E9 C7232100   JMP ImageWat.00613420
00401059 > $  E9 02CF2000   JMP ImageWat.0060DF60

觉得文章还不错?点击此处对作者进行打赏!


本文地址: 程序人生 >> Borland C++入口点特征码
作者:代码疯子(Wins0n) 本站内容如无声明均属原创,转载请保留作者信息与原文链接,谢谢!


更多



分类: 逆向调试 标签: , ,
  1. 本文目前尚无任何评论.