一些语言的特点
一下是几种语言的入口点特征:delphi:
55 PUSH EBP
8BEC MOV EBP,ESP
83C4 F0 ADD ESP,-10
B8 A86F4B00 MOV EAX,PE.004B6FA8
vc++
55 PUSH EBP
8BEC MOV EBP,ESP
83EC 44 SUB ESP,44
56 PUSH ESI
vb:
00401166- FF25 6C104000 JMP DWORD PTR DS:[<&MSVBVM60.#100>] ; MSVBVM60.ThunRTMain
0040116C >68 147C4000 PUSH PACKME.00407C14
00401171 E8 F0FFFFFF CALL <JMP.&MSVBVM60.#100>
00401176 0000 ADD BYTE PTR DS:,AL
00401178 0000 ADD BYTE PTR DS:,AL
0040117A 0000 ADD BYTE PTR DS:,AL
0040117C 3000 XOR BYTE PTR DS:,AL
bc++
0040163C > $ /EB 10 JMP SHORT BCLOCK.0040164E
0040163E |66 DB 66 ;CHAR 'f'
0040163F |62 DB 62 ;CHAR 'b'
00401640 |3A DB 3A ;CHAR ':'
00401641 |43 DB 43 ;CHAR 'C'
00401642 |2B DB 2B ;CHAR '+'
00401643 |2B DB 2B ;CHAR '+'
00401644 |48 DB 48 ;CHAR 'H'
00401645 |4F DB 4F ;CHAR 'O'
00401646 |4F DB 4F ;CHAR 'O'
00401647 |4B DB 4B ;CHAR 'K'
00401648 |90 NOP
00401649 |E9 DB E9
0040164A . |98E04E00 DD OFFSET BCLOCK.___CPPdebugHook
0040164E > \A1 8BE04E00 MOV EAX,DWORD PTR DS:
00401653 .C1E0 02 SHL EAX,2
00401656 .A3 8FE04E00 MOV DWORD PTR DS:,EAX
0040165B .52 PUSH EDX
0040165C .6A 00 PUSH 0 ; /pModule = NULL
0040165E .E8 DFBC0E00 CALL <JMP.&KERNEL32.GetModuleHandleA> ; \GetModuleHandleA
00401663 .8BD0 MOV EDX,EAX
dasm:
00401000 >/$6A 00 PUSH 0 ; /pModule = NULL
00401002|.E8 C50A0000 CALL <JMP.&KERNEL32.GetModuleHandleA> ; \GetModuleHandleA
00401007|.A3 0C354000 MOV DWORD PTR DS:,EAX
0040100C|.E8 B50A0000 CALL <JMP.&KERNEL32.GetCommandLineA> ; [GetCommandLineA
00401011|.A3 10354000 MOV DWORD PTR DS:,EAX
00401016|.6A 0A PUSH 0A ; /Arg4 = 0000000A
00401018|.FF35 10354000 PUSH DWORD PTR DS: ; |Arg3 = 00000000
0040101E|.6A 00 PUSH 0 ; |Arg2 = 00000000
00401020|.FF35 0C354000 PUSH DWORD PTR DS: ; |Arg1 = 00000000 谢谢分享努力学习中 收藏了!
页:
[1]