Loading... ## 不可执行花指令 ``` //IDA 识别 #define JUNKCODE __asm{ __asm jmp junk1 __asm __emit 0x12 __asm junk2: __asm ret __asm __emit 0x34 __asm junk1: __asm call junk2 } __asm { _emit 075h _emit 2h _emit 0E9h _emit 0EDh } ``` ## 普通花指令 ``` push s2 mov ecx , s1 mov eax , 0xC3000000 s1:mov ebx , ecx cmp ecx , 0x0 je junkcode sub ecx , 0x1 jmp ebx junkcode: clc s2:add eax ,s4-0xC3000000 mov ecx , s3 mov edx , 0xD0FF1716 s3:mov ebx , ecx sub ebx,4 cmp ecx , 0x0 je junkcode2 sub ecx , 0x1 jmp ebx junkcode2: clc s4:add esp , 0x4 //主程序代码,别忘记检验edx的值 //可开头加push,末尾加pop恢复寄存器 ``` ``` nop push ebp nop mov ebp,esp nop mov eax,原入口点 push eax ret ``` ``` push ebp nop nop mov ebp,esp nop nop inc ecx dex ecx mov eax,原入口点 push eax ret ``` ``` push ebp mov ebp,esp pop esp jmp 原入口点地址- jmp XXXXXX等价于: PUSH XXXXXX RETN ``` ``` push ebx push ebx push ebx pop ebx pop ebx pop ebx add esp,1 add esp,-1 push 入口点地址 retn ``` ``` push ebp push esp pop ebp add esp,-0C add esp,0C push eax jmp入口 ``` 垃圾代码 ``` void jlwltwnsizt() { float jdxezfwo1fd = 3595785; if (jdxezfwo1fd = 17104435)jdxezfwo1fd = 7179609; if (jdxezfwo1fd = 6727346)jdxezfwo1fd = 5186313; if (jdxezfwo1fd = 2642530)jdxezfwo1fd = 6098365; if (jdxezfwo1fd = 100804505)jdxezfwo1fd = 18155918; if (jdxezfwo1fd = 13639432)jdxezfwo1fd = 1309472; if (jdxezfwo1fd = 20163483)jdxezfwo1fd = 72897350; if (jdxezfwo1fd = 4537353)jdxezfwo1fd = 17846170; if (jdxezfwo1fd = 3012330)jdxezfwo1fd = 17363813; if (jdxezfwo1fd = 7726324)jdxezfwo1fd = 17223047; if (jdxezfwo1fd = 21198746)jdxezfwo1fd = 8367300; if (jdxezfwo1fd = 17805906)jdxezfwo1fd = 19763965; if (jdxezfwo1fd = 71442650)jdxezfwo1fd = 3389300; if (jdxezfwo1fd = 72795400)jdxezfwo1fd = 20021901; if (jdxezfwo1fd = 1669214)jdxezfwo1fd = 3343457; if (jdxezfwo1fd = 11587996)jdxezfwo1fd = 28890194; } ``` 最后修改:2022 年 05 月 22 日 © 允许规范转载 赞 1 如果觉得我的文章对你有用,请随意赞赏