常见程序入口点(OEP)特征

delphi:

  55            PUSH EBP

  8BEC          MOV EBP,ESP

  83C4 F0       ADD ESP,-10

  B8 A86F4B00   MOV EAX,PE.004B6FA8

 

 

vc++

   55            PUSH EBP

   8BEC          MOV EBP,ESP

   83EC 44       SUB ESP,44

   56            PUSH ESI

 

vc6.0

  55                 push ebp

  8BEC               mov ebp,esp

  6A FF              push -1

 

vc7.0

  6A 70              push 70

  68 50110001        push hh.01001150

  E8 1D020000        call hh.010017B0

  33DB               xor ebx,ebx

 

vb:

00401166  - FF25 6C104000   JMP DWORD PTR DS:[<&MSVBVM60.#100>]      ; MSVBVM60.ThunRTMain

0040116C >  68 147C4000     PUSH PACKME.00407C14

00401171    E8 F0FFFFFF     CALL

00401176    0000            ADD BYTE PTR DS:[EAX],AL

00401178    0000            ADD BYTE PTR DS:[EAX],AL

0040117A    0000            ADD BYTE PTR DS:[EAX],AL

0040117C    3000            XOR BYTE PTR DS:[EAX],AL