21,459
社区成员
发帖
与我相关
我的任务
分享如何对应入口参数
我在vb里写了如下代码:
Private Sub Command1_Click()
Dim a, b As Long
Dim d, e As String
d = Mid("7788855846843334554834", 20, 5)
End Sub
我在VB Decompiler Pro里反汇编出来是这样的
loc_00401F10: push ebp
loc_00401F11: mov ebp, esp
loc_00401F13: sub esp, 0000000Ch
loc_00401F16: push 004010E6h ; undef 'Ignore this
loc_00401F1B: mov eax, fs:[00000000h]
loc_00401F21: push eax
loc_00401F22: mov fs:[00000000h], esp
loc_00401F29: sub esp, 00000080h
loc_00401F2F: push ebx
loc_00401F30: push esi
loc_00401F31: push edi
loc_00401F32: mov var_C, esp
loc_00401F35: mov var_8, 004010C0h
loc_00401F3C: mov eax, arg_8
loc_00401F3F: mov ecx, eax
loc_00401F41: and ecx, 00000001h
loc_00401F44: mov var_4, ecx
loc_00401F47: and al, FEh
loc_00401F49: push eax
loc_00401F4A: mov arg_8, eax
loc_00401F4D: mov edx, [eax]
loc_00401F4F: call [edx+00000004h]
loc_00401F52: xor esi, esi
loc_00401F54: lea edx, var_7C
loc_00401F57: mov var_5C, esi
loc_00401F5A: mov var_7C, esi
loc_00401F5D: lea ecx, var_4C
loc_00401F60: mov var_24, esi
loc_00401F63: mov var_38, esi
loc_00401F66: mov var_3C, esi
loc_00401F69: mov var_4C, esi
loc_00401F6C: mov var_6C, esi
loc_00401F6F: mov var_54, 00000005h
loc_00401F76: mov var_5C, 00000002h
loc_00401F7D: mov var_74, 004018B0h ; "7788855846843334554834"
loc_00401F84: mov var_7C, 00000008h
loc_00401F8B: call [0040107Ch] ; %ecx = %S_edx_S '__vbaVarDup
loc_00401F91: lea eax, var_5C
loc_00401F94: lea ecx, var_4C
loc_00401F97: push eax
loc_00401F98: push 00000014h
loc_00401F9A: lea edx, var_6C
loc_00401F9D: push ecx
loc_00401F9E: push edx
loc_00401F9F: call [00401034h] ; %x1 = Mid(%StkVar2, %StkVar3, %StkVar4)
loc_00401FA5: lea edx, var_6C
loc_00401FA8: lea ecx, var_38
loc_00401FAB: call [00401008h] ; %ecx = %S_edx_S '__vbaVarMove
loc_00401FB1: lea eax, var_5C
loc_00401FB4: lea ecx, var_4C
loc_00401FB7: push eax
loc_00401FB8: push ecx
loc_00401FB9: push 00000002h
loc_00401FBB: call [00401010h] ; undef 'Ignore this '__vbaFreeVarList
loc_00401FC1: add esp, 0000000Ch
loc_00401FC4: mov var_4, esi
loc_00401FC7: push 00402000h
loc_00401FCC: jmp 00401FE6h
loc_00401FCE: lea edx, var_6C
loc_00401FD1: lea eax, var_5C
loc_00401FD4: push edx
loc_00401FD5: lea ecx, var_4C
loc_00401FD8: push eax
loc_00401FD9: push ecx
loc_00401FDA: push 00000003h
loc_00401FDC: call [00401010h] ; undef 'Ignore this '__vbaFreeVarList
loc_00401FE2: add esp, 00000010h
loc_00401FE5: ret
loc_00401FE6: mov esi, [0040100Ch] ; undef 'Ignore this '__vbaFreeVar
loc_00401FEC: lea ecx, var_24
loc_00401FEF: call undef 'Ignore this '__vbaFreeVar
loc_00401FF1: lea ecx, var_38
loc_00401FF4: call undef 'Ignore this '__vbaFreeVar
loc_00401FF6: lea ecx, var_3C
loc_00401FF9: call [00401094h] ; %ecx = ""
loc_00401FFF: ret
loc_00402000: mov eax, arg_8
loc_00402003: push eax
loc_00402004: mov edx, [eax]
loc_00402006: call [edx+00000008h]
loc_00402009: mov eax, var_4
loc_0040200C: mov ecx, var_14
loc_0040200F: pop edi
loc_00402010: pop esi
loc_00402011: mov fs:[00000000h], ecx
loc_00402018: pop ebx
loc_00402019: mov esp, ebp
loc_0040201B: pop ebp
loc_0040201C: retn 0004h
可是当我在OD里追踪的追到这的时候
loc_00401F9F: call [00401034h] ; %x1 = Mid(%StkVar2, %StkVar3, %StkVar4)
可是我却怎么也找不到那三个参数的存储位置
edx,ecx.eax存储的似乎都不是参数
这是怎么回事呢?
可以帮下我吗?qq19116773
Private Sub Command1_Click()
Dim a, b As Long
Dim d, e As String
d = Mid("7788855846843334554834", 20, 5)
End Sub
我在VB Decompiler Pro里反汇编出来是这样的
loc_00401F10: push ebp
loc_00401F11: mov ebp, esp
loc_00401F13: sub esp, 0000000Ch
loc_00401F16: push 004010E6h ; undef 'Ignore this
loc_00401F1B: mov eax, fs:[00000000h]
loc_00401F21: push eax
loc_00401F22: mov fs:[00000000h], esp
loc_00401F29: sub esp, 00000080h
loc_00401F2F: push ebx
loc_00401F30: push esi
loc_00401F31: push edi
loc_00401F32: mov var_C, esp
loc_00401F35: mov var_8, 004010C0h
loc_00401F3C: mov eax, arg_8
loc_00401F3F: mov ecx, eax
loc_00401F41: and ecx, 00000001h
loc_00401F44: mov var_4, ecx
loc_00401F47: and al, FEh
loc_00401F49: push eax
loc_00401F4A: mov arg_8, eax
loc_00401F4D: mov edx, [eax]
loc_00401F4F: call [edx+00000004h]
loc_00401F52: xor esi, esi
loc_00401F54: lea edx, var_7C
loc_00401F57: mov var_5C, esi
loc_00401F5A: mov var_7C, esi
loc_00401F5D: lea ecx, var_4C
loc_00401F60: mov var_24, esi
loc_00401F63: mov var_38, esi
loc_00401F66: mov var_3C, esi
loc_00401F69: mov var_4C, esi
loc_00401F6C: mov var_6C, esi
loc_00401F6F: mov var_54, 00000005h
loc_00401F76: mov var_5C, 00000002h
loc_00401F7D: mov var_74, 004018B0h ; "7788855846843334554834"
loc_00401F84: mov var_7C, 00000008h
loc_00401F8B: call [0040107Ch] ; %ecx = %S_edx_S '__vbaVarDup
loc_00401F91: lea eax, var_5C
loc_00401F94: lea ecx, var_4C
loc_00401F97: push eax
loc_00401F98: push 00000014h
loc_00401F9A: lea edx, var_6C
loc_00401F9D: push ecx
loc_00401F9E: push edx
loc_00401F9F: call [00401034h] ; %x1 = Mid(%StkVar2, %StkVar3, %StkVar4)
loc_00401FA5: lea edx, var_6C
loc_00401FA8: lea ecx, var_38
loc_00401FAB: call [00401008h] ; %ecx = %S_edx_S '__vbaVarMove
loc_00401FB1: lea eax, var_5C
loc_00401FB4: lea ecx, var_4C
loc_00401FB7: push eax
loc_00401FB8: push ecx
loc_00401FB9: push 00000002h
loc_00401FBB: call [00401010h] ; undef 'Ignore this '__vbaFreeVarList
loc_00401FC1: add esp, 0000000Ch
loc_00401FC4: mov var_4, esi
loc_00401FC7: push 00402000h
loc_00401FCC: jmp 00401FE6h
loc_00401FCE: lea edx, var_6C
loc_00401FD1: lea eax, var_5C
loc_00401FD4: push edx
loc_00401FD5: lea ecx, var_4C
loc_00401FD8: push eax
loc_00401FD9: push ecx
loc_00401FDA: push 00000003h
loc_00401FDC: call [00401010h] ; undef 'Ignore this '__vbaFreeVarList
loc_00401FE2: add esp, 00000010h
loc_00401FE5: ret
loc_00401FE6: mov esi, [0040100Ch] ; undef 'Ignore this '__vbaFreeVar
loc_00401FEC: lea ecx, var_24
loc_00401FEF: call undef 'Ignore this '__vbaFreeVar
loc_00401FF1: lea ecx, var_38
loc_00401FF4: call undef 'Ignore this '__vbaFreeVar
loc_00401FF6: lea ecx, var_3C
loc_00401FF9: call [00401094h] ; %ecx = ""
loc_00401FFF: ret
loc_00402000: mov eax, arg_8
loc_00402003: push eax
loc_00402004: mov edx, [eax]
loc_00402006: call [edx+00000008h]
loc_00402009: mov eax, var_4
loc_0040200C: mov ecx, var_14
loc_0040200F: pop edi
loc_00402010: pop esi
loc_00402011: mov fs:[00000000h], ecx
loc_00402018: pop ebx
loc_00402019: mov esp, ebp
loc_0040201B: pop ebp
loc_0040201C: retn 0004h
可是当我在OD里追踪的追到这的时候
loc_00401F9F: call [00401034h] ; %x1 = Mid(%StkVar2, %StkVar3, %StkVar4)
可是我却怎么也找不到那三个参数的存储位置
edx,ecx.eax存储的似乎都不是参数
这是怎么回事呢?
可以帮下我吗?qq19116773
...全文
请发表友善的回复…
发表回复
