一些加花软件的花指令收集

破说原创1

1
2
3
4
5
6
7
8
9
10
11
004124B5      B1 01         mov cl,0x1
004124B7 2C 90 sub al,0x90
004124B9 95 xchg eax,ebp
004124BA 4D dec ebp
004124BB 42 inc edx ; ntdll.KiFastSystemCallRet
004124BC 40 inc eax
004124BD 20C4 and ah,al
004124BF 8350 06 6E adc dword ptr ds:[eax+0x6],0x6E
004124C3 226A E4 and ch,byte ptr ds:[edx-0x1C]
004124C6 B8 70114000 mov eax,test.<ModuleEntryPoint>
004124CB FFD0 call eax

破说原创2

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
004124B5      55            push ebp
004124B6 68 10100000 push 0x1010
004124BB 8D90 90906888 lea edx,dword ptr ds:[eax-0x77976F70]
004124C1 50 push eax
004124C2 8D90 90909000 lea edx,dword ptr ds:[eax+0x909090]
004124C8 50 push eax
004124C9 6A 00 push 0x0
004124CB 90 nop
004124CC 90 nop
004124CD 90 nop
004124CE 90 nop
004124CF 90 nop
004124D0 90 nop
004124D1 90 nop
004124D2 58 pop eax ; kernel32.7C817077
004124D3 64:A3 0000000>mov dword ptr fs:[0],eax
004124D9 58 pop eax ; kernel32.7C817077
004124DA 58 pop eax ; kernel32.7C817077
004124DB 58 pop eax ; kernel32.7C817077
004124DC 58 pop eax ; kernel32.7C817077
004124DD 8BE8 mov ebp,eax
004124DF B8 70114000 mov eax,test.<ModuleEntryPoint>
004124E4 FFE0 jmp eax

双重跳转

1
2
3
4
5
6
7
8
9
10
11
004124B5      B1 01         mov cl,0x1
004124B7 2C 90 sub al,0x90
004124B9 95 xchg eax,ebp
004124BA 4D dec ebp
004124BB 42 inc edx ; ntdll.KiFastSystemCallRet
004124BC 40 inc eax
004124BD 20C4 and ah,al
004124BF 8350 06 6E adc dword ptr ds:[eax+0x6],0x6E
004124C3 226A E4 and ch,byte ptr ds:[edx-0x1C]
004124C6 ^ 0F84 A4ECFEFF je test.<ModuleEntryPoint>
004124CC ^ 0F85 9EECFEFF jnz test.<ModuleEntryPoint>

北斗2.3

1
2
3
4
5
6
7
004124B5      9C            pushfd
004124B6 60 pushad
004124B7 70 61 jo short test.0041251A
004124B9 636B 24 arpl word ptr ds:[ebx+0x24],bp
004124BC 40 inc eax
004124BD B8 70114000 mov eax,test.<ModuleEntryPoint>
004124C2 FFD0 call eax

PE Diminisher

1
2
3
4
5
6
7
8
9
0040F4ED      53            push ebx
0040F4EE 51 push ecx
0040F4EF 52 push edx ; ntdll.KiFastSystemCallRet
0040F4F0 56 push esi
0040F4F1 57 push edi
0040F4F2 55 push ebp
0040F4F3 E8 00000000 call test.0040F4F8
0040F4F8 B8 70114000 mov eax,test.<ModuleEntryPoint>
0040F4FD FFD0 call eax

北斗1.1

1
2
3
4
5
6
7
8
0040F4ED      9C            pushfd
0040F4EE 60 pushad
0040F4EF E8 00000000 call test.0040F4F4
0040F4F4 5D pop ebp ; kernel32.7C817077
0040F4F5 B8 57844000 mov eax,test.00408457
0040F4FA 2D 50844000 sub eax,test.00408450
0040F4FF B8 70114000 mov eax,test.<ModuleEntryPoint>
0040F504 FFD0 call eax

nothing

1
2
3
4
5
0040F4ED      83EC 50       sub esp,0x50
0040F4F0 60 pushad
0040F4F1 68 E8000000 push 0xE8
0040F4F6 B8 70114000 mov eax,test.<ModuleEntryPoint>
0040F4FB FFD0 call eax

Crypto-Lock

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
0040F4ED      60            pushad
0040F4EE BE 15904000 mov esi,test.00409015
0040F4F3 8DBE EB7FFFFF lea edi,dword ptr ds:[esi-0x8015]
0040F4F9 57 push edi
0040F4FA 83CD FF or ebp,-0x1
0040F4FD EB 10 jmp short test.0040F50F
0040F4FF 90 nop
0040F500 90 nop
0040F501 90 nop
0040F502 90 nop
0040F503 90 nop
0040F504 90 nop
0040F505 8A06 mov al,byte ptr ds:[esi]
0040F507 46 inc esi
0040F508 8807 mov byte ptr ds:[edi],al
0040F50A 47 inc edi
0040F50B 90 nop
0040F50C 90 nop
0040F50D 90 nop
0040F50E 90 nop
0040F50F B8 70114000 mov eax,test.<ModuleEntryPoint>
0040F514 FFD0 call eax

PowerBasic 7.02

这个有点问题

1
2
3
4
5
6
7
8
9
10
0040F511      55            push ebp
0040F512 8BEC mov ebp,esp
0040F514 53 push ebx
0040F515 56 push esi
0040F516 57 push edi
0040F517 BB 00504000 mov ebx,test.00405000
0040F51C 66:2E:F705 34>test word ptr cs:[0x402034],0x4
0040F526 0F85 98000000 jnz test.0040F5C4
0040F52C B8 88884600 mov eax,0x468888
0040F531 FFD0 call eax

seh

1
2
3
4
5
push 4010cc                                  //地址00401051压入堆栈
push dword ptr fs:[0] //fs[0]压入堆栈,执行完成后,fs[0]指向栈顶
mov dword ptr fs:[0],esp //构造1个err结构
mov esi,0 //简单的赋值语句
mov eax,dword ptr ds:[esi] //产生异常
自愿打赏专区