请教OD调试问题。如何能知到这一行代码就是OEP.

发布网友 发布时间：2022-04-19 09:45

我来回答

共1个回答

热心网友 时间：2023-06-27 02:49

不同编程语言写的，OEP都不同，但是同一种编程语言编写的软件OEP基本相同，你可以记住常见的几个，
delphi:2 H7 `& M; m q. L5 l* L
55 PUSH EBP. l( f, o8 q+ `9 ?; A
8BEC MOV EBP,ESP% R5 |" F5 C% k$ m5 m
83C4 F0 ADD ESP,-10/ `6 b! {' i1 h9 f3 ?" ^4 l; U
B8 A86F4B00 MOV EAX,PE.004B6FA8

vc++" X5 Q- ? K' E- |$ S# e
55 PUSH EBP
8BEC MOV EBP,ESP; K) r& [- b0 J6 l0 g$ D
83EC 44 SUB ESP,44
56 PUSH ESI
vc6.0
55 push ebp$ `2 {# E+ Q; p6 \) t$ V* y
8BEC mov ebp,esp
6A FF push -1( w' I9 e* s) A! ^
vc7.0
6A 70 push 70
68 50110001 push hh.01001150
E8 1D020000 call hh.010017B04 i9 G& T% ~2 f0 [
33DB xor ebx,ebx: d" U& G% c0 b* m- D# J" [
vb:
' Y+ F; r9 x# T( _! b" O
00401166 - FF25 6C104000 JMP DWORD PTR DS:[] ; MSVBVM60.ThunRTMain5 F4 h: l8 `0 r; k# n) l& Z% T
0040116C > 68 147C4000 PUSH PACKME.00407C144 S4 D0 P7 i# P. W# k4 c
00401171 E8 F0FFFFFF CALL : Z2 Z- [* S1 L" N
00401176 0000 ADD BYTE PTR DS:[EAX],AL
00401178 0000 ADD BYTE PTR DS:[EAX],AL
0040117A 0000 ADD BYTE PTR DS:[EAX],AL
0040117C 3000 XOR BYTE PTR DS:[EAX],AL3 ?! a) m% D( r

bc++8 _2 b+ m- J7 Q% k% M1 w
0040163C > $ /EB 10 JMP SHORT BCLOCK.0040164E: w/ e" \% ^7 N. i
0040163E |66 DB 66 ; CHAR 'f'
0040163F |62 DB 62 ; CHAR 'b'- U; @1 p# W: V6 ?1 ^& @
00401640 |3A DB 3A ; CHAR ':'$ l: R1 C/ D$ B9 B9 A: L
00401641 |43 DB 43 ; CHAR 'C'& X) n: I' M' C0 m- [0 ]
00401642 |2B DB 2B ; CHAR '+'
00401643 |2B DB 2B ; CHAR '+'
00401644 |48 DB 48 ; CHAR 'H'8 ]; W/ X$ B( t

00401645 |4F DB 4F ; CHAR 'O' b6 x# O( u& z0 N
00401646 |4F DB 4F ; CHAR 'O'& H/ V" _6 h# r6 L0 l8 U
00401647 |4B DB 4B ; CHAR 'K'
00401648 |90 NOP& O5 ?; d8 g0 f4 b8 I) \
00401649 |E9 DB E9- y# g; w: q% }$ M, x, F
0040164A . |98E04E00 DD OFFSET BCLOCK.___CPPdebugHook1 d; W4 T# V9 o* {9 D/ ^
0040164E > \A1 8BE04E00 MOV EAX,DWORD PTR DS:[4EE08B], s2 s" Y7 w' Q0 U @6 J
00401653 . C1E0 02 SHL EAX,2) Y" g' {/ i- V1 y- H6 L1 i @7 L
00401656 . A3 8FE04E00 MOV DWORD PTR DS:[4EE08F],EAX
0040165B . 52 PUSH EDX6 y, T3 x8 D; ~/ D% b5 e
0040165C . 6A 00 PUSH 0 ; /pMole = NULL
0040165E . E8 DFBC0E00 CALL ; \GetMoleHandleA
00401663 . 8BD0 MOV EDX,EAX( j9 n4 s6 ~3 S' c
dasm:; m! i: G% {% F
00401000 >/$ 6A 00 PUSH 0 ; /pMole = NULL
00401002 |. E8 C50A0000 CALL ; \GetMoleHandleA
00401007 |. A3 0C354000 MOV DWORD PTR DS:[40350C],EAX
0040100C |. E8 B50A0000 CALL ; [GetCommandLineA. z6 K/ E1 z2 p) C$ U
00401011 |. A3 10354000 MOV DWORD PTR DS:[403510],EAX
00401016 |. 6A 0A PUSH 0A ; /Arg4 = 0000000A! c6 q. j6 U' R$ V3 ~
00401018 |. FF35 10354000 PUSH DWORD PTR DS:[403510] ; |Arg3 = 000000001 L9 n% H# M4 W3 R2 U1 C4 d
0040101E |. 6A 00 PUSH 0 ; |Arg2 = 000000003 O" c9 s7 V9 L) \0 e
00401020 |. FF35 0C354000 PUSH DWORD PTR DS:[40350C] ; |Arg1 = 000000008