{"id":653,"date":"2022-07-16T13:43:42","date_gmt":"2022-07-16T05:43:42","guid":{"rendered":"http:\/\/www.aqwu.net\/wp\/?p=653"},"modified":"2022-09-21T16:07:42","modified_gmt":"2022-09-21T08:07:42","slug":"%e9%80%86%e5%90%91%e5%b7%a5%e7%a8%8b%e6%81%b6%e6%84%8f%e8%bd%af%e4%bb%b6%ef%bc%8c%e7%ac%ac-2-%e9%83%a8%e5%88%86%ef%bc%9a%e6%b1%87%e7%bc%96%e8%af%ad%e8%a8%80%e5%9f%ba%e7%a1%80","status":"publish","type":"post","link":"https:\/\/www.aqwu.net\/wp\/?p=653","title":{"rendered":"\u9006\u5411\u5de5\u7a0b\u6076\u610f\u8f6f\u4ef6\uff0c\u7b2c 2 \u90e8\u5206\uff1a\u6c47\u7f16\u8bed\u8a00\u57fa\u7840"},"content":{"rendered":"\n

\u6211\u4eec\u5c06\u5728\u9006\u5411\u5de5\u7a0b\u4e2d\u8fdb\u884c\u7684\u5927\u90e8\u5206\u5de5\u4f5c\u5c06\u4f7f\u7528\u6c47\u7f16\u8bed\u8a00\u3002\u8fd9\u79cd\u7b80\u5355\u4e14\u6709\u65f6\u4e4f\u5473\u7684\u8bed\u8a00\u53ef\u4ee5\u63ed\u793a\u6e90\u4ee3\u7801\u4e2d\u7684\u5927\u91cf\u4fe1\u606f\u3002\u5f53\u6211\u4eec\u65e0\u6cd5\u67e5\u770b\u6216\u6062\u590d\u6076\u610f\u8f6f\u4ef6\u6216\u5176\u4ed6\u8f6f\u4ef6\u7684\u6e90\u4ee3\u7801\u65f6\uff0c\u6211\u4eec\u53ef\u4ee5\u4f7f\u7528\u53cd\u6c47\u7f16\u5668\u548c\u8c03\u8bd5\u5668\u7b49\u5de5\u5177\u6765\u6062\u590d\u8f6f\u4ef6\u7684\u5e95\u5c42\u6c47\u7f16\u5668\u3002\u5f53\u7136\uff0c\u6211\u4eec\u53ef\u4ee5\u4ece\u90a3\u91cc\u7834\u8bd1\u8f6f\u4ef6\u8bd5\u56fe\u505a\u4ec0\u4e48\u3002<\/p>\n\n\n\n

\u539f\u6587\u94fe\u63a5\uff1ahttps:\/\/www.hackers-arise.com\/post\/2017\/02\/27\/Reverse-Engineering-Malware-Part-2-Assembler-Language-Basics<\/p>\n\n\n\n

\u5728\u672c\u6559\u7a0b\u4e2d\uff0c\u6211\u5c06\u7b80\u5355\u5730\u5217\u51fa\u6700\u57fa\u672c\u7684\u6c47\u7f16\u6307\u4ee4\u3002\u6211\u6000\u7591\u4f60\u4eec\u4e2d\u7684\u5927\u591a\u6570\u4eba\u4f1a\u5728\u6211\u4eec\u5b8c\u6210\u8fd9\u9879\u7814\u7a76\u7684\u8fc7\u7a0b\u4e2d\u5c06\u5176\u4f5c\u4e3a\u53c2\u8003\uff0c\u56e0\u6b64\u8bf7\u52a1\u5fc5\u5c06\u6b64\u9875\u9762\u6dfb\u52a0\u4e3a\u4e66\u7b7e\uff0c\u4ee5\u4fbf\u60a8\u53ef\u4ee5\u8f7b\u677e\u5730\u56de\u5230\u5b83\u3002<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u90e8\u4ef6<\/strong><\/p>\n\n\n\n

\u8ba9\u6211\u4eec\u5f00\u59cb\u4e00\u4e9b\u57fa\u672c\u6982\u5ff5\u3002\u5e0c\u671b\u8fd9\u4e00\u5207\u90fd\u4e3a\u60a8\u590d\u4e60\uff0c\u4f46\u5982\u679c\u6ca1\u6709\uff0c\u60a8\u9700\u8981\u5728\u7ee7\u7eed\u5b66\u4e60\u672c\u8bfe\u7a0b\u4e4b\u524d\u4e86\u89e3\u8fd9\u4e9b\u57fa\u672c\u6982\u5ff5\u3002<\/p>\n\n\n\n

\u4f4d<\/strong>(bit)- \u8fd9\u662f\u6700\u5c0f\u7684\u6570\u636e\u3002\u5b83\u53ef\u4ee5\u662f 0 \u6216 1 \u6216 Off \u6216 ON\u3002<\/p>\n\n\n\n

\u5b57\u8282<\/strong>(Byte)- \u4e00\u4e2a\u5b57\u8282\u662f 8 \u4f4d\u3002\u5b83\u7684\u7b49\u6548\u5341\u8fdb\u5236\u503c\u8303\u56f4\u4e3a 0 \u5230 255<\/p>\n\n\n\n

\u5b57<\/strong>(Word)- \u4e00\u4e2a\u5b57\u662f\u4e24\u4e2a\u5b57\u8282\u6216 16 \u4f4d<\/p>\n\n\n\n

\u53cc\u5b57<\/strong>(Double Word)- \u53cc\u5b57\u662f\u4e24\u4e2a\u5b57\u6216 32 \u4f4d<\/p>\n\n\n\n

\u5343\u5b57\u8282<\/strong>(Kilobyte)- \u5343\u5b57\u8282\u662f 1024 (32 * 32) \u5b57\u8282<\/p>\n\n\n\n

\u5146\u5b57\u8282<\/strong>(Megabyte)- \u5146\u5b57\u8282\u662f 1,048,578 \u5b57\u8282 (1024 x 1024)\u3002<\/p>\n\n\n\n

\u5bc4\u5b58\u5668<\/strong><\/p>\n\n\n\n

\u5bc4\u5b58\u5668\u662f\u8ba1\u7b97\u673a\u5185\u5b58\u4e2d\u5b58\u50a8\u6570\u636e\u7684\u5730\u65b9\u3002\u5728\u6c47\u7f16\u7a0b\u5e8f\u4e2d\u5de5\u4f5c\u65f6\uff0c\u6211\u4eec\u901a\u5e38\u4f7f\u7528\u8fd9\u4e9b\u5bc4\u5b58\u5668\u6765\u79fb\u52a8\u548c\u64cd\u4f5c\u4fe1\u606f\uff0c\u56e0\u6b64\u60a8\u5e94\u8be5\u719f\u6089\u5b83\u4eec\u3002<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u8fd9\u4e9b\u5bc4\u5b58\u5668\u662f\uff1b<\/p>\n\n\n\n

EAX<\/strong> – \u6269\u5c55\u7d2f\u52a0\u5668\u5bc4\u5b58\u5668<\/p>\n\n\n\n

EBX<\/strong> – \u6269\u5c55\u57fa\u5740\u5bc4\u5b58\u5668<\/p>\n\n\n\n

ECX<\/strong> – \u6269\u5c55\u8ba1\u6570\u5668\u5bc4\u5b58\u5668<\/p>\n\n\n\n

EDX<\/strong> – \u6269\u5c55\u6570\u636e\u5bc4\u5b58\u5668<\/p>\n\n\n\n

ESI<\/strong> – \u6269\u5c55\u6e90\u7d22\u5f15<\/p>\n\n\n\n

EDI<\/strong> – \u6269\u5c55\u76ee\u7684\u5730\u7d22\u5f15<\/p>\n\n\n\n

EBP<\/strong> – \u6269\u5c55\u57fa\u6307\u9488<\/p>\n\n\n\n

ESP<\/strong> – \u6269\u5c55\u5806\u6808\u6307\u9488<\/p>\n\n\n\n

EIP<\/strong> – \u6269\u5c55\u6307\u4ee4\u6307\u9488<\/p>\n\n\n\n

\u6807\u5fd7<\/strong>(Flags)<\/p>\n\n\n\n

\u6807\u5fd7\u662f\u6307\u793a\u5bc4\u5b58\u5668\u72b6\u6001\u7684\u5355\u4e2a\u4f4d\u3002\u73b0\u4ee3 32 \u4f4d CPU \u4e0a\u7684\u6807\u5fd7\u5bc4\u5b58\u5668\u662f 32 \u4f4d\u957f\u3002\u670932\u4e2a\u6807\u5fd7\u3002\u5728\u6211\u4eec\u8fd9\u91cc\u7684\u7814\u7a76\u4e2d\uff0c\u6211\u4eec\u53ea\u9700\u8981\u5176\u4e2d\u4e09\u4e2a\uff1b(1) Z \u6807\u5fd7\u3001O \u6807\u5fd7\u548c C \u6807\u5fd7\u3002<\/p>\n\n\n\n

\u6807\u5fd7\u53ea\u80fd\u662f SET \u6216 NOT SET<\/p>\n\n\n\n

Z<\/strong>-Flag<\/p>\n\n\n\n

Z-flag\uff08\u96f6\u6807\u5fd7\uff09\u662f\u7834\u89e3\u6700\u6709\u7528\u7684\u6807\u5fd7\u3002\u5b83\u7528\u4e8e\u5927\u7ea6 90% \u7684\u6240\u6709\u60c5\u51b5\u3002\u5f53\u6267\u884c\u7684\u6700\u540e\u4e00\u6761\u6307\u4ee4\u7ed3\u679c\u4e3a 0 \u65f6\uff0c\u53ef\u4ee5\u901a\u8fc7\u591a\u4e2a\u64cd\u4f5c\u7801\u8bbe\u7f6e\u6216\u6e05\u9664\u5b83<\/p>\n\n\n\n

O-Flag<\/strong><\/p>\n\n\n\n

\u5927\u7ea6 4% \u7684\u7834\u89e3\u5c1d\u8bd5\u4f7f\u7528 O \u6807\u5fd7\uff08\u6ea2\u51fa\u6807\u5fd7\uff09\u3002\u5b83\u5728\u6700\u540e\u4e00\u6b21\u64cd\u4f5c\u66f4\u6539\u83b7\u5f97\u64cd\u4f5c\u7ed3\u679c\u7684\u5bc4\u5b58\u5668\u7684\u6700\u9ad8\u4f4d\u65f6\u8bbe\u7f6e\u3002<\/p>\n\n\n\n

C-Flag<\/strong><\/p>\n\n\n\n

C-Flag\uff08\u643a\u5e26\u6807\u5fd7\uff09\u7528\u4e8e\u5927\u7ea6 1% \u7684\u7834\u89e3\u5c1d\u8bd5\u3002\u5982\u679c\u60a8\u5411\u5bc4\u5b58\u5668\u6dfb\u52a0\u4e00\u4e2a\u503c\uff0c\u5219\u5b83\u88ab\u8bbe\u7f6e\u4e3a\u5927\u4e8e FFFFFFFF \u6216\u8005\u60a8\u51cf\u53bb\u4e00\u4e2a\u503c\uff0c\u4ece\u800c\u4f7f\u5bc4\u5b58\u5668\u503c\u5c0f\u4e8e\u96f6\u3002<\/p>\n\n\n\n

\u5806\u6808<\/strong>\uff08Stack)<\/p>\n\n\n\n

\u5806\u6808\u662f\u5185\u5b58\u7684\u4e00\u90e8\u5206\uff0c\u60a8\u53ef\u4ee5\u5728\u5176\u4e2d\u5b58\u50a8\u4e0d\u540c\u7684\u4e1c\u897f\u4ee5\u5907\u540e\u7528\u3002\u5c31\u50cf\u684c\u5b50\u4e0a\u7684\u4e00\u645e\u4e66\uff0c\u6700\u540e\u4e00\u4e2a\uff08\u540e\u8fdb\u6216 LI\uff09\u6700\u5148\u79bb\u5f00\uff08\u540e\u8fdb\u5148\u51fa\uff09\u3002<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u547d\u4ee4 PUSH \u5c06\u5bc4\u5b58\u5668\u7684\u5185\u5bb9\u4fdd\u5b58\u5728\u5806\u6808\u4e2d\u3002\u547d\u4ee4 POP \u4ece\u5806\u6808\u4e2d\u83b7\u53d6\u5bc4\u5b58\u5668\u6700\u540e\u4fdd\u5b58\u7684\u5185\u5bb9\uff0c\u7136\u540e\u5c06\u5176\u653e\u5165\u7279\u5b9a\u5bc4\u5b58\u5668\u4e2d\u3002<\/p>\n\n\n\n

\u6307\u4ee4<\/strong>(Instructions<\/strong>)<\/p>\n\n\n\n

\u6c47\u7f16\u8bed\u8a00\u6709\u5c11\u91cf\u7684\u57fa\u672c\u547d\u4ee4\u3002\u8fd9\u4e9b\u5305\u62ec;<\/p>\n\n\n\n

ADD<\/strong> – ADD \u6307\u4ee4\u5c06\u4e00\u4e2a\u503c\u6dfb\u52a0\u5230\u5bc4\u5b58\u5668\u6216\u5185\u5b58\u5730\u5740\u3002<\/p>\n\n\n\n

\u53e5\u6cd5\uff1a<\/strong><\/p>\n\n\n\n

ADD destination, source<\/code><\/pre>\n\n\n\n
AND<\/strong> – AND \u6307\u4ee4\u5728\u4e24\u4e2a\u503c\u4e0a\u4f7f\u7528\u903b\u8f91\u548c<\/p>\n\n\n\n
\u53e5\u6cd5\uff1a<\/strong><\/p>\n\n\n\n
AND destination, source<\/code><\/pre>\n\n\n\n
CALL<\/strong> – CALL \u6307\u4ee4\u5c06\u540e\u9762\u7684\u6307\u4ee4\u7684\u76f8\u5bf9\u865a\u62df\u5730\u5740 (RVA) \u538b\u5165\u5806\u6808\u5e76\u8c03\u7528\u5b50\u7a0b\u5e8f\u6216\u5b50\u8fc7\u7a0b<\/p>\n\n\n\n
\u53e5\u6cd5\uff1a<\/strong><\/p>\n\n\n\n
CALL something<\/code><\/pre>\n\n\n\n
CDQ<\/strong> – \u5c06 DWORD \u8f6c\u6362\u4e3a QWORD\uff08 C<\/strong>\u5c06D<\/strong>\u8f6c\u6362\u4e3aQ<\/strong>\uff09<\/p>\n\n\n\n
\u53e5\u6cd5\uff1a<\/strong><\/p>\n\n\n\n
CDQ<\/code><\/pre>\n\n\n\n
CMP<\/strong> – \u6bd4\u8f83<\/p>\n\n\n\n
CMP \u6307\u4ee4\u6bd4\u8f83\u4e24\u4e2a\u4e1c\u897f\uff0c\u5982\u679c\u6bd4\u8f83\u7ed3\u679c\u5408\u9002\uff0c\u53ef\u4ee5\u8bbe\u7f6e C\/O\/Z \u6807\u5fd7<\/p>\n\n\n\n
\u53e5\u6cd5\uff1a<\/strong><\/p>\n\n\n\n
CMP destination, source<\/code><\/pre>\n\n\n\n
DEC<\/strong> – \u9012\u51cf<\/p>\n\n\n\n
\u9012\u51cf\u547d\u4ee4\u7528\u4e8e\u51cf\u5c11\u4e00\u4e2a\u503c<\/p>\n\n\n\n
\u51cf\u5c11\u4e00\u4e2a\u503c\uff08\u503c= \u503c -1 \uff09<\/p>\n\n\n\n
\u53e5\u6cd5\uff1a<\/strong><\/p>\n\n\n\n
DEC something<\/code><\/pre>\n\n\n\n
DIV<\/strong> – \u9664\u6cd5<\/p>\n\n\n\n
DIV \u547d\u4ee4\u7528\u4e8e\u901a\u8fc7\u9664\u6570\u9664 EAX\u3002\u88ab\u9664\u6570\u59cb\u7ec8\u4e3a EAX\uff0c\u7ed3\u679c\u5b58\u50a8\u5728 EAX \u4e2d\uff0c\u6a21\u6570\u5b58\u50a8\u5728 EDX \u4e2d\u3002<\/p>\n\n\n\n
\u53e5\u6cd5\uff1a<\/strong><\/p>\n\n\n\n
DIV divisor<\/code><\/pre>\n\n\n\n
IDIV<\/strong> – \u6574\u6570\u9664\u6cd5\u3002\u6709\u7b26\u53f7\u9664\u6cd5\uff0c\u53ef\u4ee5\u8bbe\u7f6e C\/O\/Z \u6807\u5fd7<\/p>\n\n\n\n
\u53e5\u6cd5\uff1a<\/strong><\/p>\n\n\n\n
IDIV divisor<\/code><\/pre>\n\n\n\n
IMUL<\/strong> – \u6574\u6570\u4e58\u6cd5<\/p>\n\n\n\n
\u53e5\u6cd5\uff1a<\/strong><\/p>\n\n\n\n
IMUL value\n\nIMUL dest, value, value\n\nIMUL dest, value<\/code><\/pre>\n\n\n\n
INC<\/strong> – \u589e\u91cf\uff0c\u4e0e DEC \u6307\u4ee4\u76f8\u53cd\uff08\u503c = \u503c +1\uff09<\/p>\n\n\n\n
\u53e5\u6cd5\uff1a<\/strong><\/p>\n\n\n\n
INC register<\/code><\/pre>\n\n\n\n
INT<\/strong> – INT \u547d\u4ee4\u4ea7\u751f\u5bf9\u4e2d\u65ad\u5904\u7406\u7a0b\u5e8f\u7684\u8c03\u7528<\/p>\n\n\n\n
JUMPS<\/strong><\/strong> – \u6709\u591a\u79cd\u8df3\u8dc3\uff0c\u4f46\u6700\u5e38\u89c1\u548c\u6700\u91cd\u8981\u7684\u8df3\u8dc3\u662f\uff1b<\/p>\n\n\n\n
LEA<\/strong> – \u52a0\u8f7d\u6709\u6548\u5730\u5740<\/p>\n\n\n\n
\u53e5\u6cd5\uff1a<\/strong><\/p>\n\n\n\n
JE  - jump if equal\nJG  - jump if greater\nJGE - jump if greater or equal\nJL  - jump if lesser\nJLE - jump if less or equal\nJMP - jump always\nJNE - jump if not equal\nJNZ - jump if not zero\nJZ  - jump if zero<\/code><\/pre>\n\n\n\n
LEA \u52a0\u8f7d\u6709\u6548\u5730\u5740<\/p>\n\n\n\n
\u53e5\u6cd5\uff1a<\/strong><\/p>\n\n\n\n
LEA destination, source<\/code><\/pre>\n\n\n\n
MOV<\/strong> – move \u5c06\u503c\u4ece\u6e90\u590d\u5236\u5230\u76ee\u6807<\/p>\n\n\n\n
\u53e5\u6cd5\uff1a<\/strong><\/p>\n\n\n\n
MOV destination, source<\/code><\/pre>\n\n\n\n
MUL<\/strong> – \u4e58\u6cd5\u4e0e IMUL \u76f8\u540c\uff0c\u4f46\u5b83\u4e58\u4ee5\u65e0\u7b26\u53f7\u6570<\/p>\n\n\n\n
\u53e5\u6cd5\uff1a<\/strong><\/p>\n\n\n\n
MUL value<\/code><\/pre>\n\n\n\n
NOP<\/strong> – \u6ca1\u6709\u64cd\u4f5c\u4ec0\u4e48\u90fd\u4e0d\u505a<\/p>\n\n\n\n
\u53e5\u6cd5\uff1a<\/strong><\/p>\n\n\n\n
NOP<\/code><\/pre>\n\n\n\n
OR<\/strong> – \u903b\u8f91\u5305\u542b OR<\/p>\n\n\n\n
\u53e5\u6cd5\uff1a<\/strong><\/p>\n\n\n\n
MOV destination, source<\/code><\/pre>\n\n\n\n
POP<\/strong> – POP \u6307\u4ee4\u52a0\u8f7d\u5b57\u8282\/\u5b57\/\u53cc\u5b57\u6307\u9488 (ESP) \u7684\u503c\u5e76\u5c06\u5176\u653e\u5165\u76ee\u7684\u5730\u3002<\/p>\n\n\n\n
\u53e5\u6cd5\uff1a<\/strong><\/p>\n\n\n\n
POP destination<\/code><\/pre>\n\n\n\n
PUSH<\/strong> – PUSH \u6307\u4ee4\u5728\u5806\u6808\u4e0a\u5b58\u50a8\u4e00\u4e2a\u503c\uff0c\u5e76\u5c06\u5176\u51cf\u5c11\u88ab\u538b\u5165\u7684\u64cd\u4f5c\u6570\u7684\u5927\u5c0f\uff0c\u4ee5\u4fbf ESP \u6307\u5411\u88ab\u538b\u5165\u7684\u503c\u3002<\/p>\n\n\n\n
\u53e5\u6cd5\uff1a<\/strong><\/p>\n\n\n\n
PUSH operand<\/code><\/pre>\n\n\n\n
REP<\/strong> – \u91cd\u590d\u4ee5\u4e0b\u5b57\u7b26\u4e32\u6307\u4ee4\u3002\u5e38\u89c1\u7528\u9014\u662f REPE\uff08\u76f8\u7b49\u65f6\u91cd\u590d\uff09\u3001REPZ\uff08\u96f6\u65f6\u91cd\u590d\uff09\u3001REPNE\uff08\u4e0d\u76f8\u7b49\u65f6\u91cd\u590d\uff09\u548c REPNZ\uff08\u975e\u96f6\u65f6\u91cd\u590d\uff09<\/p>\n\n\n\n
\u8bed\u6cd5<\/strong>\uff1a<\/p>\n\n\n\n
REP ins<\/code><\/pre>\n\n\n\n
\u5176\u4e2d ins \u662f\u5b57\u7b26\u4e32\u64cd\u4f5c<\/p>\n\n\n\n
RET<\/strong> – \u8fd4\u56de<\/p>\n\n\n\n
\u53e5\u6cd5\uff1a<\/strong><\/p>\n\n\n\n
RET digit<\/code><\/pre>\n\n\n\n
SUB<\/strong> – \u51cf\u6cd5\u3002\u4e0e ADD \u547d\u4ee4\u76f8\u53cd\u3002\u4ece\u76ee\u6807\u7684\u503c\u4e2d\u51cf\u53bb\u6e90\u7684\u503c\u5e76\u5c06\u7ed3\u679c\u5b58\u50a8\u5728\u76ee\u6807\u4e2d<\/p>\n\n\n\n
\u53e5\u6cd5\uff1a<\/strong><\/p>\n\n\n\n
SUB destination, source<\/code><\/pre>\n\n\n\n
TEST –<\/strong>\u5b83\u6267\u884c\u903b\u8f91 AND \u4f46\u4e0d\u5b58\u50a8\u503c<\/p>\n\n\n\n
\u53e5\u6cd5\uff1a<\/strong><\/p>\n\n\n\n
TEST operand1 , operand2<\/code><\/pre>\n\n\n\n
XOR<\/strong> – XOR \u6307\u4ee4\u4f7f\u7528\u903b\u8f91\u5f02\u6216\u8fde\u63a5\u4e24\u4e2a\u503c<\/p>\n\n\n\n
\u53e5\u6cd5\uff1a<\/strong><\/p>\n\n\n\n
XOR destination, source<\/code><\/pre>\n\n\n\n
\u903b\u8f91\u8fd0\u7b97<\/strong><\/p>\n\n\n\n
\u4e0b\u8868\u603b\u7ed3\u4e86\u5f53\u6e90\u6216\u76ee\u6807\u4e3a 1 \u6216 0 \u65f6\u663e\u793a AND\u3001OR\u3001NOT \u548c XOR \u7ed3\u679c\u7684\u903b\u8f91\u8fd0\u7b97\u3002<\/p>\n\n\n\n
\"\"\/<\/figure>\n","protected":false},"excerpt":{"rendered":"
\u6211\u4eec\u5c06\u5728\u9006\u5411\u5de5\u7a0b\u4e2d\u8fdb\u884c\u7684\u5927\u90e8\u5206\u5de5\u4f5c\u5c06\u4f7f\u7528\u6c47\u7f16\u8bed\u8a00\u3002\u8fd9\u79cd\u7b80\u5355\u4e14\u6709\u65f6\u4e4f\u5473\u7684\u8bed\u8a00\u53ef\u4ee5\u63ed\u793a\u6e90\u4ee3\u7801\u4e2d\u7684\u5927\u91cf\u4fe1\u606f\u3002\u5f53\u6211\u4eec\u65e0 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[86,90,43],"tags":[153],"class_list":["post-653","post","type-post","status-publish","format-standard","hentry","category-kali","category-reverse-engineering-malware","category-infoarticle","tag-153"],"views":1157,"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts\/653","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=653"}],"version-history":[{"count":2,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts\/653\/revisions"}],"predecessor-version":[{"id":656,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts\/653\/revisions\/656"}],"wp:attachment":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=653"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=653"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=653"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}