请教OD调试问题。如何能知到这一行代码就是OEP.
的有关信息介绍如下:
不同编橡斗程语言写的,OEP都不同,但是同一种编程语言编写的软件OEP基本相同,你可以记住常见的几个,delphi:2 H7 `& M; m q. L5 l* L 55 PUSH EBP. l( f, o8 q+ `9 ?; A 8BEC MOV EBP,ESP% R5 |" F5 C% k$ m5 m 83C4 F0 ADD ESP,-10/ `6 b! {' i1 h9 f3 ?" ^4 l; U B8 A86F4B00 MOV EAX,PE.004B6FA8vc++" X5 Q- ? K' E- |$ S# e 55 PUSH EBP 8BEC MOV EBP,ESP; K) r& [- b0 J6 l0 g$ D 83EC 44 SUB ESP,44 56 PUSH ESIvc6.0 55 push ebp$ `2 {# E+ Q; p6 \) t$ V* y 8BEC mov ebp,esp 6A FF push -1( w' I9 e* s) A! ^vc7.0 6A 70 push 70 68 50110001 push hh.01001150 E8 1D020000 call hh.010017B04 i9 G& T% ~2 f0 [ 33DB xor ebx,ebx: d" U& G% c0 b* m- D# J" [vb:' Y+ F; r9 x# T( _! b" O00401166 - FF25 6C104000 JMP DWORD PTR DS:[] ; MSVBVM60.ThunRTMain5 F4 h: l8 `0 r; k# n) l& Z% T0040116C > 68 147C4000 PUSH PACKME.00407C144 S4 D0 P7 i# P. W# k4 c00401171 E8 F0FFFFFF CALL : Z2 Z- [* S1 L" N00401176 0000 ADD BYTE PTR DS:[EAX],AL00401178 0000 ADD BYTE PTR DS:[EAX],AL0040117A 0000 ADD BYTE PTR DS:[EAX],AL0040117C 3000 XOR BYTE PTR DS:[EAX],AL3 ?! a) m% D( rbc++8 _2 b+ m- J7 Q% k% M1 w0040163C > $ /EB 10 JMP SHORT BCLOCK.0040164E: w/ e" \% ^7 N. i0040163E |66 DB 66 ; CHAR 'f'0040163F |62 DB 62 ; CHAR 'b'- U; @1 p# W: V6 ?1 ^& @00401640 |3A DB 3A ; CHAR '滑如哗:'$ l: R1 C/ D$ B9 B9 A: L00401641 |43 DB 43 ; CHAR 'C'& X) n: I'信行 M' C0 m- [0 ]00401642 |2B DB 2B ; CHAR '+'00401643 |2B DB 2B ; CHAR '+'00401644 |48 DB 48 ; CHAR 'H'8 ]; W/ X$ B( t00401645 |4F DB 4F ; CHAR 'O' b6 x# O( u& z0 N00401646 |4F DB 4F ; CHAR 'O'& H/ V" _6 h# r6 L0 l8 U00401647 |4B DB 4B ; CHAR 'K'00401648 |90 NOP& O5 ?; d8 g0 f4 b8 I) \00401649 |E9 DB E9- y# g; w: q% }$ M, x, F0040164A . |98E04E00 DD OFFSET BCLOCK.___CPPdebugHook1 d; W4 T# V9 o* {9 D/ ^0040164E > \A1 8BE04E00 MOV EAX,DWORD PTR DS:[4EE08B], s2 s" Y7 w' Q0 U @6 J00401653 . C1E0 02 SHL EAX,2) Y" g' {/ i- V1 y- H6 L1 i @7 L00401656 . A3 8FE04E00 MOV DWORD PTR DS:[4EE08F],EAX0040165B . 52 PUSH EDX6 y, T3 x8 D; ~/ D% b5 e0040165C . 6A 00 PUSH 0 ; /pModule = NULL0040165E . E8 DFBC0E00 CALL ; \GetModuleHandleA00401663 . 8BD0 MOV EDX,EAX( j9 n4 s6 ~3 S' cdasm:; m! i: G% {% F00401000 >/$ 6A 00 PUSH 0 ; /pModule = NULL00401002 |. E8 C50A0000 CALL ; \GetModuleHandleA00401007 |. A3 0C354000 MOV DWORD PTR DS:[40350C],EAX0040100C |. E8 B50A0000 CALL ; [GetCommandLineA. z6 K/ E1 z2 p) C$ U00401011 |. A3 10354000 MOV DWORD PTR DS:[403510],EAX00401016 |. 6A 0A PUSH 0A ; /Arg4 = 0000000A! c6 q. j6 U' R$ V3 ~00401018 |. FF35 10354000 PUSH DWORD PTR DS:[403510] ; |Arg3 = 000000001 L9 n% H# M4 W3 R2 U1 C4 d0040101E |. 6A 00 PUSH 0 ; |Arg2 = 000000003 O" c9 s7 V9 L) \0 e00401020 |. FF35 0C354000 PUSH DWORD PTR DS:[40350C] ; |Arg1 = 000000008
