Home > Others

Five language entry points

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

==================== Five language Entry Point features ================================
Delphi:

55 push EBP
8bec mov EBP, ESP
83c4 F0 add ESP,-10
B8 a86f4b00 mov eax, pe.004b6fa8

VC ++
55 push EBP
8bec mov EBP, ESP
83ec 44 sub ESP, 44
56 push ESI

VB
Ff25 6c104000 jmp dword ptr ds: [<& msvbvm60. #100>]; msvbvm60.thunrtmain
68 147c4000 push packme.00407c14
E8 f0ffffff call <JMP. & msvbvm60. #100>
0000 add byte ptr ds: [eax], Al
0000 add byte ptr ds: [eax], Al
0000 add byte ptr ds: [eax], Al
3000 XOR byte ptr ds: [eax], Al
VB
00402360 68 2c4d4000 push killbox.00404d2c; ASCII "vb5! 6 & * vb6chs. dll"
00402365 E8 eeffffff call killbox.00402358; JMP to msvbvm60.thunrtmain
0040236a 0000 add byte ptr ds: [eax], Al
0040236c 0000 add byte ptr ds: [eax], Al
0040236e 0000 add byte ptr ds: [eax], Al
00402370 3000 XOR byte ptr ds: [eax], Al
00402372 0000 add byte ptr ds: [eax], Al
00402374 3800 CMP byte ptr ds: [eax], Al
00402376 0000 add byte ptr ds: [eax], Al
00402378 0000 add byte ptr ds: [eax], Al
0040237a 0000 add byte ptr ds: [eax], Al
0040237c 4f dec EDI
0040237d C2 f150 retn 50f1


BC ++
0040163c> $/EB 10 JMP short bclock.0040164e
0040163e | 66 dB 66; char 'F'
0040163f | 62 dB 62; char 'B'
00401640 | 3A dB 3A; char ':'
00401641 | 43 dB 43; char 'C'
00401642 | 2B dB 2B; char '+'
00401643 | 2B dB 2B; char '+'
00401644 | 48 dB 48; char 'H'
00401645 | 4f dB 4f; char 'O'
00401646 | 4f dB 4f; char 'O'
00401647 | 4B dB 4b; char 'K'
00401648 | 90 NOP
00401649 | E9 dB E9

Dasm:

6a 00 push 0;/pmodule = NULL
E8 c50a0000 call <JMP. & kernel32.getmodulehandlea>;/getmodulehandlea
A3 0c354000 mov dword ptr ds: [40350c], eax
E8 b50a0000 call <JMP. & kernel32.getcommandlinea>; [getcommandlinea
A3 10354000 mov dword ptr ds: [403510], eax
6a 0a push 0a;/arg4 = 0000000a
Ff35 10354000 push dword ptr ds: [403510

######################################## ######################################## ##############
TMD shell entry features
0041d014> B8 00000000 mov eax, 0; load point. Check the code.
0041d019 60 pushad
0041d01a 0bc0 or eax, eax; The themida shell is visible in the eye.
0041d01c 74 68 je short invincible plug-in. 0041d086
0041d01e E8 00000000 call invincible plug-in. 0041d023

 

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
five png five factorial valor points newegg points swagbucks points waze points justfab points

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More