{"id":120,"date":"2022-04-18T19:50:25","date_gmt":"2022-04-18T11:50:25","guid":{"rendered":"http:\/\/www.sangco.cn\/?p=120"},"modified":"2022-04-18T19:51:46","modified_gmt":"2022-04-18T11:51:46","slug":"oep%e5%85%a5%e5%8f%a3%e7%9a%84%e7%89%b9%e5%be%81","status":"publish","type":"post","link":"https:\/\/www.sangco.cn\/?p=120","title":{"rendered":"OEP\u5165\u53e3\u7684\u7279\u5f81"},"content":{"rendered":"<p>\u5165\u53e3\u7279\u5f81&#8230;&#8230;&#8230;&#8230;<br \/>\n<span style=\"color: #ff6600;\">Microsoft Visual C++ 6.0<\/span><br \/>\npush ebp<br \/>\nmov ebp, esp<br \/>\npush -1<br \/>\npush 004C0618<br \/>\npush 004736F8<br \/>\nmov eax, dword ptr fs:[0]<br \/>\npush eax<br \/>\nmov dword ptr fs:[0], esp<br \/>\nsub esp, 58<br \/>\npush ebx<br \/>\npush esi<br \/>\npush edi<br \/>\nmov [local.6], esp<\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #ff6600;\">Microsoft Visual Basic 5.0 \/ 6.0<\/span><br \/>\nJMP DWORD PTR DS[&lt;&amp;MSVBVM60.#100&gt;]<br \/>\nPUSH Dumped.00407C14<br \/>\nCALL &lt;JMP.&amp;MSVBVM60.#100&gt;<br \/>\nADD BYTE PTR DS:[EAX],AL<br \/>\nADD BYTE PTR DS:[EAX],AL<br \/>\nADD BYTE PTR DS:[EAX],AL<br \/>\nXOR BYTE PTR DS:[EAX],AL<br \/>\n<span style=\"color: #ff0000;\">VB\u8fd8\u6709\u4e00\u79cd<\/span><br \/>\npush Dumped.0040D4D0<br \/>\ncall &lt;jmp.&amp;msvbvm60.ThunRTMain&gt;<br \/>\nadd byte ptr ds:[eax],al<br \/>\nadd byte ptr ds:[eax],al<br \/>\nadd byte ptr ds:[eax],al<br \/>\nxor byte ptr ds:[eax],al<br \/>\nadd byte ptr ds:[eax],al<\/p>\n<p><span style=\"color: #ff6600;\">Borland C++<\/span><br \/>\nJMP SHORT BCLOCK.0040164E<br \/>\nDB 66 ; CHAR &#8216;f&#8217;<br \/>\nDB 62 ; CHAR &#8216;b&#8217;<br \/>\nDB 3A ; CHAR &#8216;:&#8217;<br \/>\nDB 43 ; CHAR &#8216;C&#8217;<br \/>\nDB 2B ; CHAR &#8216;+&#8217;<br \/>\nDB 2B ; CHAR &#8216;+&#8217;<br \/>\nDB 48 ; CHAR &#8216;H&#8217;<br \/>\nDB 4F ; CHAR &#8216;O&#8217;<br \/>\nDB 4F ; CHAR &#8216;O&#8217;<br \/>\nDB 4B ; CHAR &#8216;K&#8217;<br \/>\nNOP<br \/>\nDB E9<br \/>\nDD OFFSET BCLOCK.___CPPdebugHook<br \/>\nMOV EAX,DWORD PTR DS:[4EE08B]<br \/>\nSHL EAX,2<br \/>\nMOV DWORD PTR DS:[4EE08F],EAX<br \/>\nPUSH EDX<br \/>\nPUSH 0 ; \/pModule = NULL<br \/>\nCALL &lt;JMP.&amp;KERNEL32.GetModuleHandleA&gt; ; \/GetModuleHandleA<br \/>\nMOV EDX,EAX<\/p>\n<p><span style=\"color: #ff6600;\">Borland Delphi 6.0 &#8211; 7.0<\/span><br \/>\nPUSH EBP<br \/>\nMOV EBP,ESP<br \/>\nADD ESP,-14<br \/>\nPUSH EBX<br \/>\nPUSH ESI<br \/>\nPUSH EDI<br \/>\nXOR EAX,EAX<br \/>\nMOV DWORD PTR SS:[EBP-14],EAX<br \/>\nMOV EAX,Dumped.00509720<br \/>\nCALL Dumped.0040694C<\/p>\n<p><span style=\"color: #ff6600;\">\u6613\u8bed\u8a00\u5165\u53e3<\/span><br \/>\ncall Dumped.0040100B<br \/>\npush eax<br \/>\ncall &lt;jmp.&amp;KERNEL32.ExitProcess&gt;<br \/>\npush ebp<br \/>\nmov ebp,esp<br \/>\nadd esp,-110<br \/>\njmp Dumped.0040109C<br \/>\nimul esi,dword ptr ds:[edx+6E],6C<br \/>\nouts dx,byte ptr es:[edi]<br \/>\n<span style=\"color: #ff6600;\">\u4e5f\u662f\u6709\u4ee4\u4e00\u79cd\u5f62\u5f0f<\/span><br \/>\nMicrosoft Visual C++ 6.0 [Overlay]\u7684E\u8bed\u8a00<br \/>\nPUSH EBP<br \/>\nMOV EBP,ESP<br \/>\nPUSH -1<br \/>\nPUSH Dumped.004062F0<br \/>\nPUSH Dumped.00404CA4 ; SE \u5904\u7406\u7a0b\u5e8f\u5b89\u88c5<br \/>\nMOV EAX,DWORD PTR FS:[0]<br \/>\nPUSH EAX<br \/>\nMOV DWORD PTR FS:[0],ESP<\/p>\n<p><span style=\"color: #ff6600;\">MASM32 \/ TASM32<\/span><br \/>\npush 0 ; \/pModule = NULL<br \/>\ncall &lt;jmp.&amp;kernel32.GetModuleHandleA&gt; ; \/GetModuleHandleA<br \/>\nmov dword ptr ds:[403000],eax<br \/>\npush 0 ; \/lParam = NULL<br \/>\npush Dumped.004010DF ; |DlgProc = dump.004010DF<br \/>\npush 0 ; |hOwner = NULL<br \/>\npush 65 ; |pTemplate = 65<br \/>\npush dword ptr ds:[403000] ; |hInst = NULL<br \/>\ncall &lt;jmp.&amp;user32.DialogBoxParamA&gt; ; \/DialogBoxParamA<\/p>\n<p><span style=\"color: #ff6600;\">VC8<\/span><br \/>\ncall Dumped.004ACF97<br \/>\njmp Dumped.004A28FC<br \/>\nint 3<br \/>\nint 3<br \/>\nint 3<br \/>\nint 3<br \/>\nint 3<br \/>\nint 3<br \/>\nint 3<br \/>\nint 3<br \/>\nint 3<br \/>\nint 3<br \/>\nmov ecx,dword ptr ss:[esp+4]<br \/>\ntest ecx,3<br \/>\nje short Dumped.004A2B20<br \/>\nmov al,byte ptr ds:[ecx]<br \/>\nadd ecx,1<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u5165\u53e3\u7279\u5f81&#8230;&#8230;&#8230;&#8230; Microsoft Visual C++ 6.0 push ebp mov ebp, esp push -1 push 004C0618 push 004736F8 mov &#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"topic":[],"class_list":["post-120","post","type-post","status-publish","format-standard","hentry","category-6"],"_links":{"self":[{"href":"https:\/\/www.sangco.cn\/index.php?rest_route=\/wp\/v2\/posts\/120","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sangco.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sangco.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sangco.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sangco.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=120"}],"version-history":[{"count":3,"href":"https:\/\/www.sangco.cn\/index.php?rest_route=\/wp\/v2\/posts\/120\/revisions"}],"predecessor-version":[{"id":123,"href":"https:\/\/www.sangco.cn\/index.php?rest_route=\/wp\/v2\/posts\/120\/revisions\/123"}],"wp:attachment":[{"href":"https:\/\/www.sangco.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=120"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sangco.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=120"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sangco.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=120"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.sangco.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftopic&post=120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}