每日总结-第二十三天-ida数据
2020-04-28 本文已影响0人
SamiraG
linux下upx壳特征:
$ strings main | grep UPX
UPX!$
$Info: This file is packed with the UPX executable packer http://upx.sf.net $
$Id: UPX 3.95 Copyright (C) 1996-2018 the UPX Team. All Rights Reserved. $
UPX!u
UPX!
UPX!
有时候会用其他字母替换掉UPX导致解压缩壳失败
eg:
strings papavm | grep ZOB
ZOB!@
$Info: This file is packed with the ZOB executable packer http://upx.sf.net $
$Id: ZOB 3.95 Copyright (C) 1996-2018 the ZOB Team. All Rights Reserved. $
ZOB!u
ZOB!
ZOB!
只用把ZOB替换成UPX就可以使用upx -d脱壳
ida数据类型
a是一个四字节32bit的数据(Dword类型)
- SHIBYTE(a) = a >> 24
- SBYTE1(a) = (a >> 8) & 0xff
- BYTE2(a) = (a >> 16)
- SBYTE2(a) = (a >> 16)
#define BYTEn(x, n) (*((_BYTE*)&(x)+n)) // 无符号
#define SBYTEn(x, n) (*((int8*)&(x)+n)) // 有符号
