9,506
社区成员
发帖
与我相关
我的任务
分享求大神分析一下下面的函数原型 ,谢谢
Win32Dasm 反汇编:
Exported fn(): GS_Hprotect - Ord:0001h
:10001010 56 push esi
:10001011 8B742408 mov esi, dword ptr [esp+08]
:10001015 57 push edi
:10001016 8A4602 mov al, byte ptr [esi+02]
:10001019 8D7E14 lea edi, dword ptr [esi+14]
:1000101C A254690110 mov byte ptr [10016954], al
:10001021 668B4E04 mov cx, word ptr [esi+04]
:10001025 66890D56690110 mov word ptr [10016956], cx
:1000102C 668B5606 mov dx, word ptr [esi+06]
:10001030 66891548690110 mov word ptr [10016948], dx
:10001037 8B4608 mov eax, dword ptr [esi+08]
:1000103A A350690110 mov dword ptr [10016950], eax
:1000103F 8B4E0C mov ecx, dword ptr [esi+0C]
:10001042 890D4C690110 mov dword ptr [1001694C], ecx
:10001048 8B5610 mov edx, dword ptr [esi+10]
:1000104B 33C0 xor eax, eax
:1000104D 891544690110 mov dword ptr [10016944], edx
:10001053 893D40690110 mov dword ptr [10016940], edi
:10001059 668B06 mov ax, word ptr [esi]
:1000105C 48 dec eax
:1000105D 83F811 cmp eax, 00000011
:10001060 0F8799000000 ja 100010FF
:10001066 FF248534110010 jmp dword ptr [4*eax+10001134]
ollyDbg 反汇编出来的是下面的:
Address Hex dump Command Comments
1000EA6B /. 55 PUSH EBP
1000EA6C |. 8BEC MOV EBP,ESP
1000EA6E |. 53 PUSH EBX
1000EA6F |. 8B5D 08 MOV EBX,DWORD PTR SS:[ARG.1]
1000EA72 |. 56 PUSH ESI
1000EA73 |. 8B75 0C MOV ESI,DWORD PTR SS:[ARG.2]
1000EA76 |. 57 PUSH EDI
1000EA77 |. 8B7D 10 MOV EDI,DWORD PTR SS:[ARG.3]
1000EA7A |. 85F6 TEST ESI,ESI
1000EA7C |. 75 09 JNE SHORT 1000EA87
1000EA7E |. 833D 58690110 CMP DWORD PTR DS:[10016958],0
1000EA85 |. EB 26 JMP SHORT 1000EAAD
1000EA87 |> 83FE 01 CMP ESI,1
1000EA8A |. 74 05 JE SHORT 1000EA91
1000EA8C |. 83FE 02 CMP ESI,2
1000EA8F |. 75 22 JNE SHORT 1000EAB3
1000EA91 |> A1 DC6E0110 MOV EAX,DWORD PTR DS:[10016EDC]
1000EA96 |. 85C0 TEST EAX,EAX
1000EA98 |. 74 09 JE SHORT 1000EAA3
多谢了
Exported fn(): GS_Hprotect - Ord:0001h
:10001010 56 push esi
:10001011 8B742408 mov esi, dword ptr [esp+08]
:10001015 57 push edi
:10001016 8A4602 mov al, byte ptr [esi+02]
:10001019 8D7E14 lea edi, dword ptr [esi+14]
:1000101C A254690110 mov byte ptr [10016954], al
:10001021 668B4E04 mov cx, word ptr [esi+04]
:10001025 66890D56690110 mov word ptr [10016956], cx
:1000102C 668B5606 mov dx, word ptr [esi+06]
:10001030 66891548690110 mov word ptr [10016948], dx
:10001037 8B4608 mov eax, dword ptr [esi+08]
:1000103A A350690110 mov dword ptr [10016950], eax
:1000103F 8B4E0C mov ecx, dword ptr [esi+0C]
:10001042 890D4C690110 mov dword ptr [1001694C], ecx
:10001048 8B5610 mov edx, dword ptr [esi+10]
:1000104B 33C0 xor eax, eax
:1000104D 891544690110 mov dword ptr [10016944], edx
:10001053 893D40690110 mov dword ptr [10016940], edi
:10001059 668B06 mov ax, word ptr [esi]
:1000105C 48 dec eax
:1000105D 83F811 cmp eax, 00000011
:10001060 0F8799000000 ja 100010FF
:10001066 FF248534110010 jmp dword ptr [4*eax+10001134]
ollyDbg 反汇编出来的是下面的:
Address Hex dump Command Comments
1000EA6B /. 55 PUSH EBP
1000EA6C |. 8BEC MOV EBP,ESP
1000EA6E |. 53 PUSH EBX
1000EA6F |. 8B5D 08 MOV EBX,DWORD PTR SS:[ARG.1]
1000EA72 |. 56 PUSH ESI
1000EA73 |. 8B75 0C MOV ESI,DWORD PTR SS:[ARG.2]
1000EA76 |. 57 PUSH EDI
1000EA77 |. 8B7D 10 MOV EDI,DWORD PTR SS:[ARG.3]
1000EA7A |. 85F6 TEST ESI,ESI
1000EA7C |. 75 09 JNE SHORT 1000EA87
1000EA7E |. 833D 58690110 CMP DWORD PTR DS:[10016958],0
1000EA85 |. EB 26 JMP SHORT 1000EAAD
1000EA87 |> 83FE 01 CMP ESI,1
1000EA8A |. 74 05 JE SHORT 1000EA91
1000EA8C |. 83FE 02 CMP ESI,2
1000EA8F |. 75 22 JNE SHORT 1000EAB3
1000EA91 |> A1 DC6E0110 MOV EAX,DWORD PTR DS:[10016EDC]
1000EA96 |. 85C0 TEST EAX,EAX
1000EA98 |. 74 09 JE SHORT 1000EAA3
多谢了
...全文
请发表友善的回复…
发表回复
