能力值:
( LV2,RANK:10 )
[求助]关于LEA指令
你例子里面执行完lea eax, [edx-02]之后,edx的值是不变的。所以和下面的那个不完全相等。
不知道为什么设计这个指令,不过我觉得多多益善啊,各有个的用处嘛。这个指令多好用啊,能取变量的地址,有时候还用来做加减乘除运算。
能力值:
( LV2,RANK:10 )
[求助]vc中的(BYTE)
v2=1540213470=0x5BCDCADE;
v1=0xDE
这里如果char默认是有符号的,那么打印出来就是-34;如果是无符号的,打印出来是222。
VC2005设置在Project > Properties... > Configuration Properties > C/C++ > Language > Default Char Unsigned,可选选项有Yes,No,<inherit from parent or project defaults>。
能力值:
( LV2,RANK:10 )
能力值:
( LV2,RANK:10 )
能力值:
( LV2,RANK:10 )
[求助]OD中如何给变量加标签?
命令行里面输入d 42B710,这是数据窗口里就显示42B710处的数据了,选中42B710处这个字节,点右键,选标签,起个名字就行了。
能力值:
( LV2,RANK:10 )
[求助]WM_INITMENU和WM_INITMENUPOPUP
对呀,2个消息都会出现。我个人觉得这些消息符合条件就会发生,关键是你如何用这些消息设计你自己的控件。随便在窗口里点一下鼠标都可能产生几十条消息。就说“点击”这个事件吧,有人设计的在WM_LBUTTONDOWN处理,也有人设计的在WM_LBUTTONUP处理,可能都可以达到效果,但是看哪个更符合你的设计。回到最开始的那两个菜单消息,比如说WM_INITMENU消息,如果你看消息注释,他会说:
Remarks A WM_INITMENU message is sent only when a menu is first accessed; only one WM_INITMENU message is generated for each access. For example, moving the mouse across several menu items while holding down the button does not generate new messages. WM_INITMENU does not provide information about menu items.
如果你按这个方法,左键按下菜单栏里面的Format,这是他会弹出Format下拉菜单,不要松开鼠标,再移到菜单栏的View菜单上,又回弹出View的下拉菜单,最后你松开鼠标。这个过程中,WM_INITMENU只产生一次,可是WM_INITMUNUPOPUP会相应的产生两次。你的程序是怎样设计的?在这种情况下哪个更接近你的目的?
能力值:
( LV2,RANK:10 )
[求助]WM_INITMENU和WM_INITMENUPOPUP
算了,好人做到底,送佛送到西。。。
以下是记录了点击Format菜单的记录
<00001> 003A0580 S WM_SETCURSOR hwnd:000206AA nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00002> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00003> 003A0580 S WM_CTLCOLOREDIT hdcEdit:6B0108B5 hwndEdit:000206AA <00004> 003A0580 R WM_CTLCOLOREDIT hBrush:01100066 <00005> 003A0580 S WM_SETCURSOR hwnd:000206AA nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00006> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00007> 003A0580 S WM_SETCURSOR hwnd:000206AA nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00008> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00009> 003A0580 S WM_SETCURSOR hwnd:000206AA nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00010> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00011> 003A0580 S WM_SETCURSOR hwnd:000206AA nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00012> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00013> 003A0580 S WM_SETCURSOR hwnd:000206AA nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00014> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00015> 003A0580 S WM_SETCURSOR hwnd:000206AA nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00016> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00017> 003A0580 S WM_SETCURSOR hwnd:000206AA nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00018> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00019> 003A0580 S WM_SETCURSOR hwnd:000206AA nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00020> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00021> 003A0580 S WM_SETCURSOR hwnd:000206AA nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00022> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00023> 003A0580 S WM_SETCURSOR hwnd:000206AA nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00024> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00025> 003A0580 S WM_SETCURSOR hwnd:000206AA nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00026> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00027> 003A0580 S WM_SETCURSOR hwnd:000206AA nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00028> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00029> 003A0580 S WM_SETCURSOR hwnd:000206AA nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00030> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00031> 003A0580 S WM_SETCURSOR hwnd:000206AA nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00032> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00033> 003A0580 S WM_SETCURSOR hwnd:000206AA nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00034> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00035> 003A0580 S WM_SETCURSOR hwnd:000206AA nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00036> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00037> 003A0580 S WM_SETCURSOR hwnd:000206AA nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00038> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00039> 003A0580 S WM_SETCURSOR hwnd:000206AA nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00040> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00041> 003A0580 S WM_SETCURSOR hwnd:000206AA nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00042> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00043> 003A0580 S WM_SETCURSOR hwnd:000206AA nHittest:HTBORDER wMouseMsg:WM_MOUSEMOVE <00044> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00045> 003A0580 S WM_CTLCOLOREDIT hdcEdit:A2010DBF hwndEdit:000206AA <00046> 003A0580 R WM_CTLCOLOREDIT hBrush:01100066 <00047> 003A0580 S WM_NCHITTEST xPos:176 yPos:79 <00048> 003A0580 R WM_NCHITTEST nHittest:HTMENU <00049> 003A0580 S WM_SETCURSOR hwnd:003A0580 nHittest:HTMENU wMouseMsg:WM_MOUSEMOVE <00050> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00051> 003A0580 P WM_NCMOUSEMOVE nHittest:HTMENU xPos:176 yPos:79 <00052> 003A0580 S WM_NCHITTEST xPos:175 yPos:77 <00053> 003A0580 R WM_NCHITTEST nHittest:HTMENU <00054> 003A0580 S WM_SETCURSOR hwnd:003A0580 nHittest:HTMENU wMouseMsg:WM_MOUSEMOVE <00055> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00056> 003A0580 P WM_NCMOUSEMOVE nHittest:HTMENU xPos:175 yPos:77 <00057> 003A0580 S WM_NCHITTEST xPos:173 yPos:77 <00058> 003A0580 R WM_NCHITTEST nHittest:HTMENU <00059> 003A0580 S WM_SETCURSOR hwnd:003A0580 nHittest:HTMENU wMouseMsg:WM_MOUSEMOVE <00060> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00061> 003A0580 P WM_NCMOUSEMOVE nHittest:HTMENU xPos:173 yPos:77 <00062> 003A0580 S WM_NCHITTEST xPos:173 yPos:76 <00063> 003A0580 R WM_NCHITTEST nHittest:HTMENU <00064> 003A0580 S WM_SETCURSOR hwnd:003A0580 nHittest:HTMENU wMouseMsg:WM_MOUSEMOVE <00065> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00066> 003A0580 P WM_NCMOUSEMOVE nHittest:HTMENU xPos:173 yPos:76 <00067> 003A0580 S WM_NCHITTEST xPos:172 yPos:76 <00068> 003A0580 R WM_NCHITTEST nHittest:HTMENU <00069> 003A0580 S WM_SETCURSOR hwnd:003A0580 nHittest:HTMENU wMouseMsg:WM_MOUSEMOVE <00070> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00071> 003A0580 P WM_NCMOUSEMOVE nHittest:HTMENU xPos:172 yPos:76 <00072> 003A0580 S WM_NCHITTEST xPos:170 yPos:74 <00073> 003A0580 R WM_NCHITTEST nHittest:HTMENU <00074> 003A0580 S WM_SETCURSOR hwnd:003A0580 nHittest:HTMENU wMouseMsg:WM_MOUSEMOVE <00075> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00076> 003A0580 P WM_NCMOUSEMOVE nHittest:HTMENU xPos:170 yPos:74 <00077> 003A0580 S WM_NCHITTEST xPos:169 yPos:74 <00078> 003A0580 R WM_NCHITTEST nHittest:HTMENU <00079> 003A0580 S WM_SETCURSOR hwnd:003A0580 nHittest:HTMENU wMouseMsg:WM_MOUSEMOVE <00080> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00081> 003A0580 P WM_NCMOUSEMOVE nHittest:HTMENU xPos:169 yPos:74 <00082> 003A0580 S WM_NCHITTEST xPos:167 yPos:73 <00083> 003A0580 R WM_NCHITTEST nHittest:HTMENU <00084> 003A0580 S WM_SETCURSOR hwnd:003A0580 nHittest:HTMENU wMouseMsg:WM_MOUSEMOVE <00085> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00086> 003A0580 P WM_NCMOUSEMOVE nHittest:HTMENU xPos:167 yPos:73 <00087> 003A0580 S WM_NCHITTEST xPos:166 yPos:73 <00088> 003A0580 R WM_NCHITTEST nHittest:HTMENU <00089> 003A0580 S WM_SETCURSOR hwnd:003A0580 nHittest:HTMENU wMouseMsg:WM_MOUSEMOVE <00090> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00091> 003A0580 P WM_NCMOUSEMOVE nHittest:HTMENU xPos:166 yPos:73 <00092> 003A0580 S WM_NCHITTEST xPos:164 yPos:73 <00093> 003A0580 R WM_NCHITTEST nHittest:HTMENU <00094> 003A0580 S WM_SETCURSOR hwnd:003A0580 nHittest:HTMENU wMouseMsg:WM_MOUSEMOVE <00095> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00096> 003A0580 P WM_NCMOUSEMOVE nHittest:HTMENU xPos:164 yPos:73 <00097> 003A0580 S WM_NCHITTEST xPos:163 yPos:73 <00098> 003A0580 R WM_NCHITTEST nHittest:HTMENU <00099> 003A0580 S WM_SETCURSOR hwnd:003A0580 nHittest:HTMENU wMouseMsg:WM_MOUSEMOVE <00100> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00101> 003A0580 P WM_NCMOUSEMOVE nHittest:HTMENU xPos:163 yPos:73 <00102> 003A0580 S WM_NCHITTEST xPos:163 yPos:71 <00103> 003A0580 R WM_NCHITTEST nHittest:HTMENU <00104> 003A0580 S WM_SETCURSOR hwnd:003A0580 nHittest:HTMENU wMouseMsg:WM_MOUSEMOVE <00105> 003A0580 R WM_SETCURSOR fHaltProcessing:False <00106> 003A0580 P WM_NCMOUSEMOVE nHittest:HTMENU xPos:163 yPos:71 <00107> 003A0580 S WM_NCHITTEST xPos:163 yPos:71 <00108> 003A0580 R WM_NCHITTEST nHittest:HTMENU<00109> 003A0580 S WM_MOUSEACTIVATE hwndTopLevel:003A0580 nHittest:HTMENU uMsg:WM_LBUTTONDOWN <00110> 003A0580 R WM_MOUSEACTIVATE fuActivate:MA_ACTIVATE <00111> 003A0580 S WM_WINDOWPOSCHANGING lpwp:0007FE98 <00112> 003A0580 R WM_WINDOWPOSCHANGING <00113> 003A0580 S WM_NCPAINT hrgn:00000001 <00114> 003A0580 R WM_NCPAINT <00115> 003A0580 S WM_ERASEBKGND hdc:D4010A47 <00116> 003A0580 R WM_ERASEBKGND fErased:True <00117> 003A0580 S WM_WINDOWPOSCHANGED lpwp:0007FE98 <00118> 003A0580 R WM_WINDOWPOSCHANGED <00119> 003A0580 S WM_ACTIVATEAPP fActive:True dwThreadID:00000000 <00120> 003A0580 R WM_ACTIVATEAPP <00121> 003A0580 S WM_NCACTIVATE fActive:True <00122> 003A0580 R WM_NCACTIVATE <00123> 003A0580 S WM_ACTIVATE fActive:WA_ACTIVE fMinimized:False hwndPrevious:(null) <00124> 003A0580 S WM_IME_SETCONTEXT fSet:1 (LONG)iShow:C000000F <00125> 003A0580 S WM_IME_NOTIFY dwCommand:0000000B dwData:00000000 <00126> 003A0580 R WM_IME_NOTIFY <00127> 003A0580 S WM_IME_NOTIFY dwCommand:00000002 dwData:00000000 <00128> 003A0580 R WM_IME_NOTIFY <00129> 003A0580 R WM_IME_SETCONTEXT <00130> 003A0580 S WM_SETFOCUS hwndLoseFocus:(null) <00131> 003A0580 S WM_KILLFOCUS hwndGetFocus:000206AA <00132> 003A0580 S WM_COMMAND wNotifyCode:EN_KILLFOCUS wID:15 hwndCtl:000206AA <00133> 003A0580 R WM_COMMAND <00134> 003A0580 R WM_KILLFOCUS <00135> 003A0580 S WM_IME_SETCONTEXT fSet:0 (LONG)iShow:C000000F <00136> 003A0580 R WM_IME_SETCONTEXT <00137> 003A0580 S WM_COMMAND wNotifyCode:EN_SETFOCUS wID:15 hwndCtl:000206AA <00138> 003A0580 R WM_COMMAND <00139> 003A0580 R WM_SETFOCUS <00140> 003A0580 R WM_ACTIVATE<00141> 003A0580 S WM_SETCURSOR hwnd:003A0580 nHittest:HTMENU wMouseMsg:WM_LBUTTONDOWN <00142> 003A0580 R WM_SETCURSOR fHaltProcessing:False<00143> 003A0580 P WM_NCLBUTTONDOWN nHittest:HTMENU xPos:163 yPos:71 <00144> 003A0580 S WM_SYSCOMMAND uCmdType:SC_MOUSEMENU xPos:163 yPos:71 <00145> 003A0580 S WM_ENTERMENULOOP fIsTrackPopupMenu:False <00146> 003A0580 R WM_ENTERMENULOOP <00147> 003A0580 S WM_SETCURSOR hwnd:003A0580 nHittest:HTCAPTION wMouseMsg:0000 <00148> 003A0580 R WM_SETCURSOR fHaltProcessing:False<00149> 003A0580 S WM_INITMENU hmenuInit:0046057E <00150> 003A0580 R WM_INITMENU <00151> 003A0580 S WM_MENUSELECT uItem:2 fuFlags:MF_POPUP | MF_HILITE | MF_MOUSESELECT hmenu:0046057E <00152> 003A0580 R WM_MENUSELECT<00153> 003A0580 S WM_INITMENUPOPUP hmenuPopup:000806B6 uPos:2 fSystemMenu:False <00154> 003A0580 R WM_INITMENUPOPUP <00155> 003A0580 S WM_PAINT hdc:00000000 <00156> 003A0580 R WM_PAINT <00157> 003A0580 S WM_CTLCOLOREDIT hdcEdit:D4010A47 hwndEdit:000206AA <00158> 003A0580 R WM_CTLCOLOREDIT hBrush:01100066 <00159> 003A0580 S WM_CTLCOLOREDIT hdcEdit:56011F4B hwndEdit:000206AA <00160> 003A0580 R WM_CTLCOLOREDIT hBrush:01100066 <00161> 003A0580 S WM_CTLCOLOREDIT hdcEdit:56011F4B hwndEdit:000206AA <00162> 003A0580 R WM_CTLCOLOREDIT hBrush:01100066 <00163> 003A0580 S WM_CTLCOLOREDIT hdcEdit:56011F4B hwndEdit:000206AA <00164> 003A0580 R WM_CTLCOLOREDIT hBrush:01100066 <00165> 003A0580 P WM_MOUSEMOVE fwKeys:MK_LBUTTON xPos:163 yPos:71 <00166> 003A0580 P WM_NCMOUSELEAVE <00167> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00168> 003A0580 R WM_ENTERIDLE <00169> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00170> 003A0580 R WM_ENTERIDLE <00171> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00172> 003A0580 R WM_ENTERIDLE <00173> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00174> 003A0580 R WM_ENTERIDLE<00175> 003A0580 P WM_LBUTTONUP fwKeys:0000 xPos:163 yPos:71 <00176> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00177> 003A0580 R WM_ENTERIDLE <00178> 003A0580 P WM_MOUSEMOVE fwKeys:0000 xPos:163 yPos:70 <00179> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00180> 003A0580 R WM_ENTERIDLE <00181> 003A0580 P WM_MOUSEMOVE fwKeys:0000 xPos:163 yPos:64 <00182> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00183> 003A0580 R WM_ENTERIDLE <00184> 003A0580 P WM_MOUSEMOVE fwKeys:0000 xPos:163 yPos:61 <00185> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00186> 003A0580 R WM_ENTERIDLE <00187> 003A0580 P WM_MOUSEMOVE fwKeys:0000 xPos:163 yPos:58 <00188> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00189> 003A0580 R WM_ENTERIDLE <00190> 003A0580 P WM_MOUSEMOVE fwKeys:0000 xPos:164 yPos:55 <00191> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00192> 003A0580 R WM_ENTERIDLE <00193> 003A0580 P WM_MOUSEMOVE fwKeys:0000 xPos:165 yPos:52 <00194> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00195> 003A0580 R WM_ENTERIDLE <00196> 003A0580 P WM_MOUSEMOVE fwKeys:0000 xPos:165 yPos:50 <00197> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00198> 003A0580 R WM_ENTERIDLE <00199> 003A0580 P WM_MOUSEMOVE fwKeys:0000 xPos:165 yPos:49 <00200> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00201> 003A0580 R WM_ENTERIDLE <00202> 003A0580 P WM_MOUSEMOVE fwKeys:0000 xPos:167 yPos:46 <00203> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00204> 003A0580 R WM_ENTERIDLE <00205> 003A0580 P WM_MOUSEMOVE fwKeys:0000 xPos:168 yPos:44 <00206> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00207> 003A0580 R WM_ENTERIDLE <00208> 003A0580 P WM_MOUSEMOVE fwKeys:0000 xPos:168 yPos:43 <00209> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00210> 003A0580 R WM_ENTERIDLE <00211> 003A0580 P WM_MOUSEMOVE fwKeys:0000 xPos:168 yPos:41 <00212> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00213> 003A0580 R WM_ENTERIDLE <00214> 003A0580 P WM_MOUSEMOVE fwKeys:0000 xPos:170 yPos:38 <00215> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00216> 003A0580 R WM_ENTERIDLE <00217> 003A0580 P WM_MOUSEMOVE fwKeys:0000 xPos:171 yPos:38 <00218> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00219> 003A0580 R WM_ENTERIDLE <00220> 003A0580 P WM_MOUSEMOVE fwKeys:0000 xPos:171 yPos:37 <00221> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00222> 003A0580 R WM_ENTERIDLE <00223> 003A0580 P WM_MOUSEMOVE fwKeys:0000 xPos:171 yPos:35 <00224> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00225> 003A0580 R WM_ENTERIDLE <00226> 003A0580 P WM_MOUSEMOVE fwKeys:0000 xPos:173 yPos:34 <00227> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00228> 003A0580 R WM_ENTERIDLE <00229> 003A0580 P WM_MOUSEMOVE fwKeys:0000 xPos:174 yPos:31 <00230> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00231> 003A0580 R WM_ENTERIDLE <00232> 003A0580 P WM_MOUSEMOVE fwKeys:0000 xPos:174 yPos:29 <00233> 003A0580 S WM_ENTERIDLE fuSource:MSGF_MENU hwnd:002207D6 <00234> 003A0580 R WM_ENTERIDLE <00235> 003A0580 S WM_UNINITMENUPOPUP <00236> 003A0580 R WM_UNINITMENUPOPUP <00237> 003A0580 S WM_CAPTURECHANGED hwndNewCapture:00000000 <00238> 003A0580 R WM_CAPTURECHANGED <00239> 003A0580 S WM_MENUSELECT uItem:0 fuFlags:FFFF (menu was closed) hmenu:00000000 <00240> 003A0580 R WM_MENUSELECT <00241> 003A0580 S WM_EXITMENULOOP fIsTrackPopupMenu:False <00242> 003A0580 R WM_EXITMENULOOP <00243> 003A0580 R WM_SYSCOMMAND <00244> 003A0580 S WM_NCACTIVATE fActive:False <00245> 003A0580 R WM_NCACTIVATE fDeactivateOK:True <00246> 003A0580 S WM_ACTIVATE fActive:WA_INACTIVE fMinimized:False hwndPrevious:(null) <00247> 003A0580 R WM_ACTIVATE <00248> 003A0580 S WM_ACTIVATEAPP fActive:False dwThreadID:00000C10 <00249> 003A0580 R WM_ACTIVATEAPP <00250> 003A0580 S WM_COMMAND wNotifyCode:EN_KILLFOCUS wID:15 hwndCtl:000206AA <00251> 003A0580 R WM_COMMAND
能力值:
( LV2,RANK:10 )
[求助]WM_INITMENU和WM_INITMENUPOPUP
WM_INITMENU的解释里面说了,是在你点菜单栏(menu bar)里面的一项时才发生的。举个例子,打开记事本,里面有File,Edit,Format,View和Help。楼主你的鼠标为什么不能点到这些项目?你点了File,在弹出New/Open/Save/Save as.../Page Setup.../Print.../Exit这几项之前,就会收到WM_INITMENU消息。你可以用VS的Spy++看到这个消息。消息记录比较长,我就不贴了,楼主亲自试一下就明白了。
能力值:
( LV2,RANK:10 )
能力值:
( LV2,RANK:10 )
[求助]SendMessage函数返回EAX是什么
查具体的消息就行了,可以下载看雪主页上的win32帮助,也可用MSDN查。举个例子,比如WM_GETTEXT
WM_GETTEXT An application sends a WM_GETTEXT message to copy the text that corresponds to a window into a buffer provided by the caller. WM_GETTEXT wParam = (WPARAM) cchTextMax; // number of characters to copy lParam = (LPARAM) lpszText; // address of buffer for text Parameters cchTextMax Value of wParam. Specifies the maximum number of characters to be copied, including the terminating null character. lpszText Value of lParam. Points to the buffer that is to receive the text. Return Values The return value is the number of characters copied .
能力值:
( LV2,RANK:10 )
[求助]请教OD设置问题
其实那些local就是局部变量,比如[ebp-4];arg就是传入的参数,比如[ebp+8]。
如果楼主看不惯的话,就改一下好了,在Options > Debugging Options > Analysis1 > Show ARGs and LOCALs in procedures,把前面的勾去掉就好了。
能力值:
( LV2,RANK:10 )
[分享]脱一个简单的PECompact壳+文件自效验
时间太久了,软件都找不到了。不过我水平也不高,所以只要用心找找,明码还是很容易的。至于永久的注册码,我当时没有跟,这个需要仔细分析才行,从CreateFile函数下手,看看读取了注册文件之后进行了哪些计算和比较,应该会有些头绪的。
能力值:
( LV2,RANK:10 )
[分享]脱一个简单的PECompact壳+文件自效验
用未脱壳的原exe跟,就像前面提示的那个地方,在0040FDB3下断点,然后单步跟进,会来到一块之前分配的内存里面,跟不了多远就看到真正的函数了。
0040FD9C /$ 53 push ebx 0040FD9D |. 68 D4FD4000 push 0040FDD4 ; /pModule = "kernel32.dll" 0040FDA2 |. E8 017AFFFF call <jmp.&kernel32.GetModuleHandleA> ; \GetModuleHandleA 0040FDA7 |. 8BD8 mov ebx, eax 0040FDA9 |. 85DB test ebx, ebx 0040FDAB |. 74 10 je short 0040FDBD 0040FDAD |. 68 E4FD4000 push 0040FDE4 ; ASCII "GetDiskFreeSpaceExA" 0040FDB2 |. 53 push ebx ; kernel32.7C800000 0040FDB3 |. E8 087AFFFF call 004077C0 <<<< 在这里下断
能力值:
( LV2,RANK:10 )
[讨论]如何动态内存补丁
只要找对下断的时机就行了。
比如说,可能软件的思路是这样的:
申请一块内存1
解压一段代码到内存1
申请一块内存2
解压一段代码到内存2
.....
假如你要修改内存2里面的代码,就断2次
申请一块内存1
解压一段代码到内存1
申请一块内存2
记录内存2的地址 <------ 第一次断下
解压一段代码到内存2
计算你要改的代码的地址=记录的内存2的地址+偏移,修改代码 <------ 第二次断下
......
如果程序本身在固定地址存储了内存2的地址,就不需要第一次断下了。直接找到它并计算修改就行了。
能力值:
( LV2,RANK:10 )
能力值:
( LV2,RANK:10 )
能力值:
( LV2,RANK:10 )
能力值:
( LV2,RANK:10 )
[求助]OD里给DLL打补丁,问题1已解决,请回复问题2
[QUOTE=lixiaodog;544933]但事实上jmp
XXXXXXXX 的地址是绝对地址呀?
重定位表如何计算?[/QUOTE]
在OD里面随便找一个jmp对照一下机器码和反汇编代码,你就会发现那个反汇编地址是经过OD翻译过的地址。
重定位表看PE文档,写的很清楚。