当前位置：服务支持 > 软件文章 > 各种编程语言的入口方法总结

各种编程语言的入口方法总结

阅读数 35

入口点不看地址看特征

1.Borland Delphi 6.0 - 7.0

PUSH EBP

MOV EBP,ESP
ADD ESP,-14

PUSH EBX

PUSH ESI

PUSH EDI

XOR EAX,EAX

MOV DWORD PTR SS:[EBP-14],EAX

MOV EAX,unpack.00509720

CALL unpack.0040694C

2. Microsoft Visual C++ 6.0

PUSH EBP ; (初始 cpu 选择)

MOV EBP,ESP

PUSH -1

PUSH Screensh.00563740

PUSH Screensh.0049C78C ; SE 处理程序安装

MOV EAX,DWORD PTR FS:[0]

PUSH EAX

MOV DWORD PTR FS:[0],ESP

SUB ESP,58

3.Microsoft Visual C++ 6.0 [Overlay] E语言

PUSH EBP

MOV EBP,ESP

PUSH -1

PUSH Nisy521.004062F0

PUSH Nisy521.00404CA4 ; SE 处理程序安装

MOV EAX,DWORD PTR FS:[0]

PUSH EAX

MOV DWORD PTR FS:[0],ESP

4.Microsoft Visual Basic 5.0 / 6.0

JMP DWORD PTR DS:[] ; MSVBVM60.ThunRTMain

PUSH PACKME.00407C14

CALL

ADD BYTE PTR DS:[EAX],AL

ADD BYTE PTR DS:[EAX],AL

ADD BYTE PTR DS:[EAX],AL

XOR BYTE PTR DS:[EAX],AL

或省略第一行的JMP

push dumped_.0040D4D0

call

add byte ptr ds:[eax],al

add byte ptr ds:[eax],al

add byte ptr ds:[eax],al

xor byte ptr ds:[eax],al

add byte ptr ds:[eax],al

5.BC++

JMP SHORT BCLOCK.0040164E

; CHAR 'f'

; CHAR 'b'

; CHAR ':'

; CHAR 'C'

; CHAR '+'

; CHAR '+'

; CHAR 'H'

; CHAR 'O'

; CHAR 'O'

; CHAR 'K'

NOP

00401649 |E9 DB E9

DD OFFSET BCLOCK.___CPPdebugHook

MOV EAX,DWORD PTR DS:[4EE08B]

SHL EAX,2

MOV DWORD PTR DS:[4EE08F],EAX

PUSH EDX

PUSH 0 ; /pModule = NULL

CALL ; \GetModuleHandleA

MOV EDX,EAX

6.Dasm:

; /pModule = NULL

CALL ; \GetModuleHandleA

MOV DWORD PTR DS:[40350C],EAX

CALL ; [GetCommandLineA

MOV DWORD PTR DS:[403510],EAX

PUSH 0A ; /Arg4 = 0000000A

PUSH DWORD PTR DS:[403510] ; |Arg3 = 00000000

PUSH 0 ; |Arg2 = 00000000

PUSH DWORD PTR DS:[40350C] ; |Arg1 = 00000000

7.VC8 -> Microsoft Corporation

call QQRecord.00446C13 ; (Initial CPU selection)

jmp QQRecord.0043DD01

push ebp

mov ebp,esp

push ecx

push ebx

mov eax,dword ptr ss:[ebp+C]

add eax,0C

mov dword ptr ss:[ebp-4],eax

mov ebx,dword ptr fs:[0]

mov eax,dword ptr ds:[ebx]

mov dword ptr fs:[0],eax

mov eax,dword ptr ss:[ebp+8]

mov ebx,dword ptr ss:[ebp+C]

mov ebp,dword ptr ss:[ebp-4]

mov esp,dword ptr ds:[ebx-4]

jmp eax

pop ebx

leave

retn 8

8.PB

PUSH EBP

MOV EBP, ESP

PUSH EBX

PUSH ESI

PUSH EDI

MOV EBX, 00416000
TEST WORD PTR CS:[004113D2], 850F0004

FILD DWORD PTR [EAX]

ADD [EAX], AL

PUSH 00000000

CALL [00418454] ; CoInitialize

CALL 0041100A

MOV [EBX+00000108], 00000001

LEA EAX, [EBX+00000290]

PUSH EAX

CALL [004183DC] ; GetVersionExA

SUB ESP, 00000044

MOV [ESP], 00000044

MOV [ESP+2C], 00000000

PUSH ESP

CALL [004183D4] ; GetStartupInfoA

MOV EAX, 0000000A

TEST [ESP+2C], 00000001

JZ 410DBC

MOVZX EAX, WORD PTR [ESP+30]

ADD ESP, 00000044

MOV [EBX+000000FE], EAX

CALL [004183B0] ; GetCommandLineA

9.Borland C++ 1999

jmp short VBto_UNP.004014E2

bound di,dword ptr ds:[edx]

inc ebx

sub ebp,dword ptr ds:[ebx]

dec eax

dec edi

dec edi

dec ebx

nop

jmp 0097157A

mov eax,dword ptr ds:[57008B]

shl eax,2

mov dword ptr ds:[57008F],eax

push edx

push 0

call <jmp.&kernel32.GetModuleHandleA>

10,Microsoft Visual C++ ver. 8.0

call SolidPDF.004A3F56

jmp SolidPDF.004A38AF

int3

int3

int3

int3

int3

int3

push ecx

lea ecx,dword ptr ss:[esp+8]

sub ecx,eax

and ecx,0F

add eax,ecx

sbb ecx,ecx

or eax,ecx

pop ecx

jmp SolidPDF.004A3810

push ecx

lea ecx,dword ptr ss:[esp+8]
免责声明：本文系网络转载或改编，未找到原创作者，版权归原作者所有。如涉及版权，请联系删

返回上级列表

联系我们

Delphi历史版本介绍（二）：从Delphi 8到Delphi XE3

AVEVA软件编程是C语言吗？【求助】此段C语言代码运行不了