几种程序的反汇编代码入口特征

时间:2021-10-06 01:03:15

一.Borland Delphi 6.0 - 7.0
004029BC > $  55                PUSH EBP
004029BD   .  8BEC              MOV EBP,ESP
004029BF   .  83C4 F0          ADD ESP,-10
004029C2   .  53                PUSH EBX
004029C3   .  B8 84294000    MOV EAX,keymaker.00402984
004029C8   .  E8 0BF4FFFF     CALL keymaker.00401DD8
004029CD   .  68 242A4000   PUSH keymaker.00402A24                  
004029D2   .  6A 00              PUSH 0                                  
004029D4   .  6A 00              PUSH 0                                  
004029D6   .  E8 C9F4FFFF    CALL keymaker.00401EA4                 
004029DB   .  8BD8              MOV EBX,EAX
004029DD   .  E8 E2F4FFFF    CALL <JMP.&kernel32.GetLastError>       
004029E2   .  3D B7000000   CMP EAX,0B7


二.Microsoft Visual C++ 6.0
00401B70 >/$  55                   PUSH EBP                                
00401B71  |.  8BEC                 MOV EBP,ESP
00401B73  |.  6A FF                PUSH -1
00401B75  |.  68 08254000     PUSH crackme.00402508
00401B7A  |.  68 F61C4000     PUSH <JMP.&MSVCRT._except_handler3>     
00401B7F  |.  64:A1 0000000  MOV EAX,DWORD PTR FS:[0]
00401B85  |.  50                     PUSH EAX
00401B86  |.  64:8925 00000   MOV DWORD PTR FS:[0],ESP
00401B8D  |.  83EC 68            SUB ESP,68
00401B90  |.  53                     PUSH EBX
00401B91  |.  56                     PUSH ESI
00401B92  |.  57                     PUSH EDI
00401B93  |.  8965 E8             MOV [LOCAL.6],ESP
00401B96  |.  33DB                 XOR EBX,EBX
00401B98  |.  895D FC             MOV [LOCAL.1],EBX
00401B9B  |.  6A 02                PUSH 2
00401B9D  |.  FF15 98214000  CALL DWORD PTR DS:[<&MSVCRT.__set_app_ty>


三.Microsoft Visual Basic 5.0 / 6.0
004013EC > $  68 A4244000   PUSH Crack.004024A4
004013F1   .  E8 F0FFFFFF      CALL <JMP.&MSVBVM60.ThunRTMain>
004013F6   .  0000                ADD BYTE PTR DS:[EAX],AL
004013F8   .  0000                ADD BYTE PTR DS:[EAX],AL
004013FA   .  0000                ADD BYTE PTR DS:[EAX],AL
004013FC   .  3000                XOR BYTE PTR DS:[EAX],AL
004013FE   .  0000                ADD BYTE PTR DS:[EAX],AL


四.Borland C++ 1999
00401408 > $ /EB 10              JMP SHORT Unpacked.0040141A
0040140A     |66                     DB 66                               
0040140B     |62                     DB 62                              
0040140C     |3A                     DB 3A                                  
0040140D     |43                     DB 43                                  
0040140E     |2B                     DB 2B                                 
0040140F     |2B                     DB 2B                                  
00401410     |48                     DB 48                                   
00401411     |4F                     DB 4F                                   
00401412     |4F                     DB 4F                                   
00401413     |4B                     DB 4B                                   
00401414     |90                     NOP
00401415     |E9                     DB E9
00401416     |98F04900          DD OFFSET Unpacked.___CPPdebugHook
0040141A   > \A1 8BF04900    MOV EAX,DWORD PTR DS:[49F08B]
0040141F   .  C1E0 02             SHL EAX,2
00401422   .  A3 8FF04900      MOV DWORD PTR DS:[49F08F],EAX
00401427   .  52                     PUSH EDX
00401428   .  6A 00                PUSH 0                                  
0040142A   .  E8 E9CD0900     CALL <JMP.&KERNEL32.GetModuleHandleA>   
0040142F   .  8BD0                 MOV EDX,EAX
00401431   .  E8 4E200900     CALL Unpacked.00493484
00401436   .  5A                     POP EDX


五.汇编
00401025 >/$  6A F6              PUSH -0A                               
00401027  |.  E8 A0000000     CALL <JMP.&kernel32.GetStdHandle>       
0040102C  |.  A3 00304000     MOV DWORD PTR DS:[403000],EAX
00401031  |.  6A F5                PUSH -0B                               
00401033  |.  E8 94000000     CALL <JMP.&kernel32.GetStdHandle>      
00401038  |.  A3 04304000     MOV DWORD PTR DS:[403004],EAX
0040103D  |.  6A 01               PUSH 1                                  
0040103F  |.  68 00104000     PUSH EchoLine.00401000                  
00401044  |.  E8 8F000000     CALL <JMP.&kernel32.SetConsoleCtrlHandle>
00401049  |.  6A 07               PUSH 7                                  
0040104B  |.  FF35 00304000 PUSH DWORD PTR DS:[403000]