控制台程序X86:
EP入口处
CPU Disasm
地址 HEX 数据 指令 注释
00401604 |> \C745 FC FEFFF mov dword ptr [ebp-4], -2
0040160B |. 8B45 E0 mov eax, dword ptr [ebp-20]
0040160E |> E8 E3060000 call __SEH_epilog4 ; [__SEH_epilog4
00401613 |. C3 ret
00401614 |. E8 B0030000 call __security_init_cookie ;EP入口
;00401619 \.^ E9 7AFEFFFF jmp __scrt_common_main_seh ;跳向Startup代码
0040161E /$ 55 push ebp ; WOW64Test_x86.__raise_securityfailure(exception_pointers
0040161F |. 8BEC mov ebp, es�
00401621 |. 6A 00 push 0 ; /Filter = 00000000
00401623 |. FF15 28204100 call dword ptr [<&KERNEL32.SetUnhandledExceptionFilter>] ; \KERNEL32.SetUnhandledExceptionFilter
00401629 |. FF75 08 push dword ptr [exception_pointers] ; /pExceptionInfo => [exception_pointers]
0040162C |. FF15 24204100 call dword ptr [<&KERNEL32.UnhandledExceptionFilter>] ; \KERNEL32.UnhandledExceptionFilter
00401632 |. 68 090400C0 push C0000409 ; /ExitCode = 3221226505.
00401637 |. FF15 2C204100 call dword ptr [<&KERNEL32.GetCurrentProcess>] ; |[KERNEL32.GetCurrentProcess
StartUP处
逆向控制台程序
原文:http://www.cnblogs.com/DJ0322/p/4857483.html
