常见各种语言编写的程序的入口点代码 Borland Delphi 6.0 - 7.0 00509CB0 > $ 55 PUSH EBP 00509CB1 . 8BEC MOV EBP,ESP 00509CB3 . 83C4 EC ADD ESP,-14 00509CB6 . 53 PUSH EBX 00509CB7 . 56 PUSH ESI 00509CB8 . 57 PUSH EDI 00509CB9 . 33C0 XOR EAX,EAX 00509CBB . 8945 EC MOV DWORD PTR SS:[EBP-14],EAX 00509CBE . B8 20975000 MOV EAX,unpack.00509720 00509CC3 . E8 84CCEFFF CALL unpack.0040694C Microsoft Visual C++ 6.0 00496EB8 >/$ 55 PUSH EBP ; (初始 cpu 选择) 00496EB9 |. 8BEC MOV EBP,ESP 00496EBB |. 6A FF PUSH -1 00496EBD |. 68 40375600 PUSH Screensh.00563740 00496EC2 |. 68 8CC74900 PUSH Screensh.0049C78C ; SE 处理程序安装 00496EC7 |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0] 00496ECD |. 50 PUSH EAX 00496ECE |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP 00496ED5 |. 83EC 58 SUB ESP,58 Microsoft Visual C++ 6.0 [Overlay] E语言 00403831 >/$ 55 PUSH EBP 00403832 |. 8BEC MOV EBP,ESP 00403834 |. 6A FF PUSH -1 00403836 |. 68 F0624000 PUSH Nisy521.004062F0 0040383B |. 68 A44C4000 PUSH Nisy521.00404CA4 ; SE 处理程序安装 00403840 |. 64:A1 0000000>MOV EAX,DWORD PTR FS:[0] 00403846 |. 50 PUSH EAX 00403847 |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP Microsoft Visual Basic 5.0 / 6.0 00401166 - FF25 6C104000 JMP DWORD PTR DS:[] ; MSVBVM60.ThunRTMain 0040116C > 68 147C4000 PUSH PACKME.00407C14 00401171 E8 F0FFFFFF CALL 00401176 0000 ADD BYTE PTR DS:[EAX],AL 00401178 0000 ADD BYTE PTR DS:[EAX],AL 0040117A 0000 ADD BYTE PTR DS:[EAX],AL 0040117C 3000 XOR BYTE PTR DS:[EAX],AL 或省略第一行的JMP 00401FBC > 68 D0D44000 push dumped_.0040D4D0 00401FC1 E8 EEFFFFFF call 00401FC6 0000 add byte ptr ds:[eax],al 00401FC8 0000 add byte ptr ds:[eax],al 00401FCA 0000 add byte ptr ds:[eax],al 00401FCC 3000 xor byte ptr ds:[eax],al 00401FCE 0000 add byte ptr ds:[eax],al BC++ 0040163C > $ /EB 10 JMP SHORT BCLOCK.0040164E 0040163E |66 DB 66 ; CHAR 'f' 0040163F |62 DB 62 ; CHAR 'b' 00401640 |3A DB 3A ; CHAR ':' 00401641 |43 DB 43 ; CHAR 'C' 00401642 |2B DB 2B ; CHAR '+' 00401643 |2B DB 2B ; CHAR '+' 00401644 |48 DB 48 ; CHAR 'H' 00401645 |4F DB 4F ; CHAR 'O' 00401646 |4F DB 4F ; CHAR 'O' 00401647 |4B DB 4B ; CHAR 'K' 00401648 |90 NOP 00401649 |E9 DB E9 0040164A . |98E04E00 DD OFFSET BCLOCK.___CPPdebugHook 0040164E > \A1 8BE04E00 MOV EAX,DWORD PTR DS:[4EE08B] 00401653 . C1E0 02 SHL EAX,2 00401656 . A3 8FE04E00 MOV DWORD PTR DS:[4EE08F],EAX 0040165B . 52 PUSH EDX 0040165C . 6A 00 PUSH 0 ; /pModule = NULL 0040165E . E8 DFBC0E00 CALL ; \GetModuleHandleA 00401663 . 8BD0 MOV EDX,EAX Dasm: 00401000 >/$ 6A 00 PUSH 0 ; /pModule = NULL 00401002 |. E8 C50A0000 CALL ; \GetModuleHandleA 00401007 |. A3 0C354000 MOV DWORD PTR DS:[40350C],EAX 0040100C |. E8 B50A0000 CALL ; [GetCommandLineA 00401011 |. A3 10354000 MOV DWORD PTR DS:[403510],EAX 00401016 |. 6A 0A PUSH 0A ; /Arg4 = 0000000A 00401018 |. FF35 10354000 PUSH DWORD PTR DS:[403510] ; |Arg3 = 00000000 0040101E |. 6A 00 PUSH 0 ; |Arg2 = 00000000 00401020 |. FF35 0C354000 PUSH DWORD PTR DS:[40350C] ; |Arg1 = 00000000 VC8 -> Microsoft Corporation 0043DEE1 Q> E8 2D8D0000 call QQRecord.00446C13 ; (Initial CPU selection) 0043DEE6 ^ E9 16FEFFFF jmp QQRecord.0043DD01 0043DEEB 55 push ebp 0043DEEC 8BEC mov ebp,esp 0043DEEE 51 push ecx 0043DEEF 53 push ebx 0043DEF0 8B45 0C mov eax,dword ptr ss:[ebp+C] 0043DEF3 83C0 0C add eax,0C 0043DEF6 8945 FC mov dword ptr ss:[ebp-4],eax 0043DEF9 64:8B1D 00000000 mov ebx,dword ptr fs:[0] 0043DF00 8B03 mov eax,dword ptr ds:[ebx] 0043DF02 64:A3 00000000 mov dword ptr fs:[0],eax 0043DF08 8B45 08 mov eax,dword ptr ss:[ebp+8] 0043DF0B 8B5D 0C mov ebx,dword ptr ss:[ebp+C] 0043DF0E 8B6D FC mov ebp,dword ptr ss:[ebp-4] 0043DF11 8B63 FC mov esp,dword ptr ds:[ebx-4] 0043DF14 FFE0 jmp eax 0043DF16 5B pop ebx 0043DF17 C9 leave 0043DF18 C2 0800 retn 8 PB 00410D50: 55 PUSH EBP 00410D51: 8BEC MOV EBP, ESP 00410D53: 53 PUSH EBX 00410D54: 56 PUSH ESI 00410D55: 57 PUSH EDI 00410D56: BB00604100 MOV EBX, 00416000 00410D5B: 662EF705D213410004000F85 TEST WORD PTR CS:[004113D2], 850F0004 00410D67: DB00 FILD DWORD PTR [EAX] 00410D69: 0000 ADD [EAX], AL 00410D6B: 6A00 PUSH 00000000 00410D6D: FF1554844100 CALL [00418454] ; CoInitialize 00410D73: E892020000 CALL 0041100A 00410D78: C7830801000001000000 MOV [EBX+00000108], 00000001 00410D82: 8D8390020000 LEA EAX, [EBX+00000290] 00410D88: 50 PUSH EAX 00410D89: FF15DC834100 CALL [004183DC] ; GetVersionExA 00410D8F: 83EC44 SUB ESP, 00000044 00410D92: C7042444000000 MOV [ESP], 00000044 00410D99: C744242C00000000 MOV [ESP+2C], 00000000 00410DA1: 54 PUSH ESP 00410DA2: FF15D4834100 CALL [004183D4] ; GetStartupInfoA 00410DA8: B80A000000 MOV EAX, 0000000A 00410DAD: F744242C01000000 TEST [ESP+2C], 00000001 00410DB5: 7405 JZ 410DBC 00410DB7: 0FB7442430 MOVZX EAX, WORD PTR [ESP+30] 00410DBC: 83C444 ADD ESP, 00000044 00410DBF: 8983FE000000 MOV [EBX+000000FE], EAX 00410DC5: FF15B0834100 CALL [004183B0] ; GetCommandLineA Borland C++ 1999 004014D0 VB> /EB 10 jmp short VBto_UNP.004014E2 004014D2 |66:623A bound di,dword ptr ds:[edx] 004014D5 |43 inc ebx 004014D6 |2B2B sub ebp,dword ptr ds:[ebx] 004014D8 |48 dec eax 004014D9 |4F dec edi 004014DA |4F dec edi 004014DB |4B dec ebx 004014DC |90 nop 004014DD -|E9 980057>jmp 0097157A 004014E2 \A1 8B0057>mov eax,dword ptr ds:[57008B] 004014E7 C1E0 02 shl eax,2 004014EA A3 8F0057>mov dword ptr ds:[57008F],eax 004014EF 52 push edx 004014F0 6A 00 push 0 004014F2 E8 C7D116>call