ORG 0000H
L0: ORL A,R5
ANL A,R2
MOV DPTR,#0003H
INC A
L2:
MOV R7,A
MOV R7,A
CJNE R0,#00H,L3
L3:
L9: JC L7
L7:
L4:
L5:
L6: MOVX A,@DPTR
INC R6
DEC R7
CJNE R2,#0EH,L8
L8: CJNE A,#09H,L9
AJMP L10
;============================
DB 01H,4CH,CDH,21H,54H,68H,69H,73H
DB 20H,70H,72H,6FH,67H,72H,61H,6DH
DB 20H,63H,61H,6EH,6EH,6FH,74H,20H
DB 62H,65H,20H,72H,75H,6EH,20H,69H
DB 6EH,20H,44H,4FH,53H,20H,6DH,6FH
DB 64H,65H,2EH,0DH,0DH,0AH,24H,00H
DB 00H,00H,00H,00H,00H,00H,70H,D3H
DB 70H,47H,34H,B2H,1EH,14H,34H,B2H
DB 1EH,14H,34H,B2H,1EH,14H,4FH,AEH
DB 12H,14H,35H,B2H,1EH,14H,B7H,AEH
DB 10H,14H,3AH,B2H,1EH,14H,DCH,ADH
DB 14H,14H,0AH,B2H,1EH,14H,BCH,AEH
DB 0EH,14H,31H,B2H,1EH,14H,56H,ADH
DB 0DH,14H,31H,B2H,1EH,14H,34H,B2H
DB 1FH,14H,02H,B2H,1EH,14H,DCH,ADH
DB 15H,14H,36H,B2H,1EH,14H,52H,69H
DB 63H,68H,34H,B2H,1EH,14H,00H,00H
DB 00H,00H,00H,00H,00H,00H,00H,00H
DB 00H,00H,00H,00H,00H,00H,50H,45H
DB 00H,00H,4CH,01H,03H,00H,62H,01H
DB BFH,41H,00H,00H,00H,00H,00H,00H
DB 00H,00H,E0H,00H,0FH,01H,0BH,01H
DB 06H,00H,00H,70H,00H,00H
;============================
最后DB那一段基本就是EXE文件的头,而程序一开始我就不太明白,累加器A和寄存器逻辑或,2者初始值是多少,哪位能详细解释这段啊,多谢了。。。
------解决方案--------------------------------------------------------
0 是 PE 文件么?
1 侦过壳么?
------解决方案--------------------------------------------------------
PE 是Win32可执行文件的标准格式,任何Win32应用程序(.exe .dll .cpl .ocx ...)都必须符合PE的格式定义。
壳 是现在常用的软件保护手段,先进的加密壳通常具有花指令,多态变形等反反汇编技术,静态反汇编加过壳的程序极难得到正确结果