各种语言的OEP汇总
来源:互联网 发布:金蝶软件端口号 编辑:程序博客网 时间:2024/06/09 01:28
Borland C++
0040163C B> /EB 10 jmp short Borland_.0040164E
0040163E |66:623A bound di,dword ptr ds:[edx]
00401641 |43 inc ebx
00401642 |2B2B sub ebp,dword ptr ds:[ebx]
00401644 |48 dec eax
00401645 |4F dec edi
00401646 |4F dec edi
00401647 |4B dec ebx
00401648 |90 nop
00401649 -|E9 98E04E00 jmp SHELL32.008EF6E6
0040164E \\A1 8BE04E00 mov eax,dword ptr ds:[4EE08B]
00401653 C1E0 02 shl eax,2
00401656 A3 8FE04E00 mov dword ptr ds:[4EE08F],eax
0040165B 52 push edx
0040165C 6A 00 push 0
0040165E E8 DFBC0E00 call <jmp.&KERNEL32.GetModuleHandleA>
**********************************************************************************
Delphi
00458650 D> 55 push ebp
00458651 8BEC mov ebp,esp
00458653 83C4 F0 add esp,-10
00458656 B8 70844500 mov eax,Delphi.00458470
0045865B E8 00D6FAFF call Delphi.00405C60
00458660 A1 58A14500 mov eax,dword ptr ds:[45A158]
00458665 8B00 mov eax,dword ptr ds:[eax]
00458667 E8 E0E1FFFF call Delphi.0045684C
0045866C A1 58A14500 mov eax,dword ptr ds:[45A158]
00458671 8B00 mov eax,dword ptr ds:[eax]
00458673 BA B0864500 mov edx,Delphi.004586B0
00458678 E8 DFDDFFFF call Delphi.0045645C
0045867D 8B0D 48A24500 mov ecx,dword ptr ds:[45A248] ; Delphi.0045BC00
00458683 A1 58A14500 mov eax,dword ptr ds:[45A158]
00458688 8B00 mov eax,dword ptr ds:[eax]
0045868A 8B15 EC7D4500 mov edx,dword ptr ds:[457DEC] ; Delphi.00457E38
00458690 E8 CFE1FFFF call Delphi.00456864
00458695 A1 58A14500 mov eax,dword ptr ds:[45A158]
0045869A 8B00 mov eax,dword ptr ds:[eax]
0045869C E8 43E2FFFF call Delphi.004568E4
**********************************************************************************
Visual C++
0046C07B U> 55 push ebp
0046C07C 8BEC mov ebp,esp
0046C07E 6A FF push -1
0046C080 68 18064C00 push UltraSna.004C0618
0046C085 68 F8364700 push UltraSna.004736F8
0046C08A 64:A1 00000000 mov eax,dword ptr fs:[0]
0046C090 50 push eax
0046C091 64:8925 00000000 mov dword ptr fs:[0],esp
0046C098 83EC 58 sub esp,58
0046C09B 53 push ebx
0046C09C 56 push esi
0046C09D 57 push edi
0046C09E 8965 E8 mov dword ptr ss:[ebp-18],esp
0046C0A1 FF15 74824A00 call dword ptr ds:[<&KERNEL32.GetVersion>] ; kernel32.GetVersion
0046C0A7 33D2 xor edx,edx
0046C0A9 8AD4 mov dl,ah
0046C0AB 8915 403F4F00 mov dword ptr ds:[4F3F40],edx
0046C0B1 8BC8 mov ecx,eax
0046C0B3 81E1 FF000000 and ecx,0FF
0046C0B9 890D 3C3F4F00 mov dword ptr ds:[4F3F3C],ecx
**********************************************************************************
汇编
00401000 汇> 6A 00 push 0
00401002 E8 C50A0000 call <jmp.&KERNEL32.GetModuleHandleA>
00401007 A3 0C354000 mov dword ptr ds:[40350C],eax
0040100C E8 B50A0000 call <jmp.&KERNEL32.GetCommandLineA>
00401011 A3 10354000 mov dword ptr ds:[403510],eax
00401016 6A 0A push 0A
00401018 FF35 10354000 push dword ptr ds:[403510]
0040101E 6A 00 push 0
00401020 FF35 0C354000 push dword ptr ds:[40350C]
00401026 E8 06000000 call 汇编.00401031
0040102B 50 push eax
0040102C E8 8F0A0000 call <jmp.&KERNEL32.ExitProcess>
00401031 55 push ebp
00401032 8BEC mov ebp,esp
00401034 83C4 B0 add esp,-50
00401037 C745 D0 30000000 mov dword ptr ss:[ebp-30],30
0040103E C745 D4 0B000000 mov dword ptr ss:[ebp-2C],0B
00401045 C745 D8 37114000 mov dword ptr ss:[ebp-28],汇编.00401137
**********************************************************************************
VB
0040116C V>/$ 68 147C4000 push VB.00407C14
00401171 |. E8 F0FFFFFF call <jmp.&MSVBVM60.#100>
00401176 |. 0000 add byte ptr ds:[eax],al
00401178 |. 0000 add byte ptr ds:[eax],al
0040117A |. 0000 add byte ptr ds:[eax],al
0040117C |. 3000 xor byte ptr ds:[eax],al
易语言入口
00401000 > E8 06000000 call Dumped.0040100B
00401005 50 push eax
00401006 E8 BB010000 call <jmp.&KERNEL32.ExitProcess>
0040100B 55 push ebp
0040100C 8BEC mov ebp,esp
0040100E 81C4 F0FEFFFF add esp,-110
00401014 E9 83000000 jmp Dumped.0040109C
00401019 6B72 6E 6C imul esi,dword ptr ds:[edx+6E],6C
0040101D 6E outs dx,byte ptr es:[edi]
也是有令一种形式
Microsoft Visual C++ 6.0 [Overlay]的E语言
00403831 >/$ 55 PUSH EBP
00403832 |. 8BEC MOV EBP,ESP
00403834 |. 6A FF PUSH -1
00403836 |. 68 F0624000 PUSH Dumped.004062F0
0040383B |. 68 A44C4000 PUSH Dumped.00404CA4 ; SE 处理程序安装
00403840 |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
00403846 |. 50 PUSH EAX
00403847 |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP
0040163C B> /EB 10 jmp short Borland_.0040164E
0040163E |66:623A bound di,dword ptr ds:[edx]
00401641 |43 inc ebx
00401642 |2B2B sub ebp,dword ptr ds:[ebx]
00401644 |48 dec eax
00401645 |4F dec edi
00401646 |4F dec edi
00401647 |4B dec ebx
00401648 |90 nop
00401649 -|E9 98E04E00 jmp SHELL32.008EF6E6
0040164E \\A1 8BE04E00 mov eax,dword ptr ds:[4EE08B]
00401653 C1E0 02 shl eax,2
00401656 A3 8FE04E00 mov dword ptr ds:[4EE08F],eax
0040165B 52 push edx
0040165C 6A 00 push 0
0040165E E8 DFBC0E00 call <jmp.&KERNEL32.GetModuleHandleA>
**********************************************************************************
Delphi
00458650 D> 55 push ebp
00458651 8BEC mov ebp,esp
00458653 83C4 F0 add esp,-10
00458656 B8 70844500 mov eax,Delphi.00458470
0045865B E8 00D6FAFF call Delphi.00405C60
00458660 A1 58A14500 mov eax,dword ptr ds:[45A158]
00458665 8B00 mov eax,dword ptr ds:[eax]
00458667 E8 E0E1FFFF call Delphi.0045684C
0045866C A1 58A14500 mov eax,dword ptr ds:[45A158]
00458671 8B00 mov eax,dword ptr ds:[eax]
00458673 BA B0864500 mov edx,Delphi.004586B0
00458678 E8 DFDDFFFF call Delphi.0045645C
0045867D 8B0D 48A24500 mov ecx,dword ptr ds:[45A248] ; Delphi.0045BC00
00458683 A1 58A14500 mov eax,dword ptr ds:[45A158]
00458688 8B00 mov eax,dword ptr ds:[eax]
0045868A 8B15 EC7D4500 mov edx,dword ptr ds:[457DEC] ; Delphi.00457E38
00458690 E8 CFE1FFFF call Delphi.00456864
00458695 A1 58A14500 mov eax,dword ptr ds:[45A158]
0045869A 8B00 mov eax,dword ptr ds:[eax]
0045869C E8 43E2FFFF call Delphi.004568E4
**********************************************************************************
Visual C++
0046C07B U> 55 push ebp
0046C07C 8BEC mov ebp,esp
0046C07E 6A FF push -1
0046C080 68 18064C00 push UltraSna.004C0618
0046C085 68 F8364700 push UltraSna.004736F8
0046C08A 64:A1 00000000 mov eax,dword ptr fs:[0]
0046C090 50 push eax
0046C091 64:8925 00000000 mov dword ptr fs:[0],esp
0046C098 83EC 58 sub esp,58
0046C09B 53 push ebx
0046C09C 56 push esi
0046C09D 57 push edi
0046C09E 8965 E8 mov dword ptr ss:[ebp-18],esp
0046C0A1 FF15 74824A00 call dword ptr ds:[<&KERNEL32.GetVersion>] ; kernel32.GetVersion
0046C0A7 33D2 xor edx,edx
0046C0A9 8AD4 mov dl,ah
0046C0AB 8915 403F4F00 mov dword ptr ds:[4F3F40],edx
0046C0B1 8BC8 mov ecx,eax
0046C0B3 81E1 FF000000 and ecx,0FF
0046C0B9 890D 3C3F4F00 mov dword ptr ds:[4F3F3C],ecx
**********************************************************************************
汇编
00401000 汇> 6A 00 push 0
00401002 E8 C50A0000 call <jmp.&KERNEL32.GetModuleHandleA>
00401007 A3 0C354000 mov dword ptr ds:[40350C],eax
0040100C E8 B50A0000 call <jmp.&KERNEL32.GetCommandLineA>
00401011 A3 10354000 mov dword ptr ds:[403510],eax
00401016 6A 0A push 0A
00401018 FF35 10354000 push dword ptr ds:[403510]
0040101E 6A 00 push 0
00401020 FF35 0C354000 push dword ptr ds:[40350C]
00401026 E8 06000000 call 汇编.00401031
0040102B 50 push eax
0040102C E8 8F0A0000 call <jmp.&KERNEL32.ExitProcess>
00401031 55 push ebp
00401032 8BEC mov ebp,esp
00401034 83C4 B0 add esp,-50
00401037 C745 D0 30000000 mov dword ptr ss:[ebp-30],30
0040103E C745 D4 0B000000 mov dword ptr ss:[ebp-2C],0B
00401045 C745 D8 37114000 mov dword ptr ss:[ebp-28],汇编.00401137
**********************************************************************************
VB
0040116C V>/$ 68 147C4000 push VB.00407C14
00401171 |. E8 F0FFFFFF call <jmp.&MSVBVM60.#100>
00401176 |. 0000 add byte ptr ds:[eax],al
00401178 |. 0000 add byte ptr ds:[eax],al
0040117A |. 0000 add byte ptr ds:[eax],al
0040117C |. 3000 xor byte ptr ds:[eax],al
易语言入口
00401000 > E8 06000000 call Dumped.0040100B
00401005 50 push eax
00401006 E8 BB010000 call <jmp.&KERNEL32.ExitProcess>
0040100B 55 push ebp
0040100C 8BEC mov ebp,esp
0040100E 81C4 F0FEFFFF add esp,-110
00401014 E9 83000000 jmp Dumped.0040109C
00401019 6B72 6E 6C imul esi,dword ptr ds:[edx+6E],6C
0040101D 6E outs dx,byte ptr es:[edi]
也是有令一种形式
Microsoft Visual C++ 6.0 [Overlay]的E语言
00403831 >/$ 55 PUSH EBP
00403832 |. 8BEC MOV EBP,ESP
00403834 |. 6A FF PUSH -1
00403836 |. 68 F0624000 PUSH Dumped.004062F0
0040383B |. 68 A44C4000 PUSH Dumped.00404CA4 ; SE 处理程序安装
00403840 |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
00403846 |. 50 PUSH EAX
00403847 |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP
0 0
- 各种语言的OEP汇总
- 常见各种语言编写的程序的入口点代码(识别是否到达OEP)
- 主要几种编程语言的OEP特征段
- 常见编程语言的OEP入口点特征
- OEP入口的特征
- VB的OEP特征
- 各种编程语言的代码覆盖率工具汇总---重要
- 各种编程语言的代码覆盖率工具汇总
- c语言各种排序汇总(不包括优化后的)
- 各种编程语言面试题汇总
- C语言各种排序算法汇总
- linux的各种命令汇总
- 关于Java语言中,各种数据类型所占的位数汇总
- 读取文件的OEP的方法
- VC读取PE文件的OEP
- 寻找OEP的几种常用方法
- 脱壳 OEP 程序的入口点
- 各种语言的主要用途
- DEM高程如何归零
- struct和typedef struct 区别
- android 编解码
- mySQL优化, my.ini 配置说明
- ShareSDK for Android 2.3.1已经发布
- 各种语言的OEP汇总
- Unity中WWW的应用
- h.264视频文件封装
- 平行线的相交问题
- 让adb logcat打印内核调试信息
- 心里长了蜘蛛猴
- 最短编译距离(Minimum Edit Distance)算法及java实现
- 清楚在window下访问共享文件夹的登录信息
- Lambda 表达式[来自微软官网],作为.net程序员要好好补一补
