|
[求助]请帮助我在安装OllyDbg v1.10出现的问提
OD不需要安装,绿色的 |
|
[求助]在OD中,我想让程序运行到0041d720处停下来,该怎么办
00437C20 /$ 83EC 20 sub esp, 20 00437C23 |. 8B4424 24 mov eax, dword ptr [esp+24] 00437C27 |. 56 push esi 00437C28 |. 57 push edi 00437C29 |. B9 08000000 mov ecx, 8 00437C2E |. BE 905E4700 mov esi, 00475E90 00437C33 |. 8D7C24 08 lea edi, dword ptr [esp+8] 00437C37 |. F3:A5 rep movs dword ptr es:[edi], dword p> 00437C39 |. 8B4C24 30 mov ecx, dword ptr [esp+30] 00437C3D |. 894424 20 mov dword ptr [esp+20], eax 00437C41 |. 8B4424 18 mov eax, dword ptr [esp+18] 00437C45 |. 8D5424 1C lea edx, dword ptr [esp+1C] 00437C49 |. 894C24 24 mov dword ptr [esp+24], ecx 00437C4D |. 8B4C24 0C mov ecx, dword ptr [esp+C] 00437C51 |. 52 push edx ; /pArguments 00437C52 |. 8B5424 0C mov edx, dword ptr [esp+C] ; | 00437C56 |. 50 push eax ; |nArguments 00437C57 |. 51 push ecx ; |ExceptionFlags 00437C58 |. 52 push edx ; |ExceptionCode 00437C59 |. FF15 B8F94800 call dword ptr [<&KERNEL32.RaiseExcep>; \RaiseException 00437C5F |. 5F pop edi ; BBCLI.004884C0 |
|
[求助]这个程序不知道如何下手,哪位能指点一下
我想搞明白一个函数是什么功能,可是它调用了无数个CALL,跟的我一头雾水,该如何才好??? 00457855 /$ 56 push esi 00457856 |. E8 95BAFBFF call 004132F0 0045785B |. 8BF0 mov esi, eax 0045785D |. 85F6 test esi, esi 0045785F |. 74 1E je short 0045787F 00457861 |. 8B06 mov eax, dword ptr [esi] 00457863 |. 8BCE mov ecx, esi 00457865 |. FF90 B8000000 call dword ptr [eax+B8] 0045786B |. 85C0 test eax, eax 0045786D |. 74 10 je short 0045787F 0045786F |. 8B4E 68 mov ecx, dword ptr [esi+68] 00457872 |. 85C9 test ecx, ecx 00457874 |. 74 09 je short 0045787F 00457876 |. 8B01 mov eax, dword ptr [ecx] 00457878 |. FF7424 08 push dword ptr [esp+8] 0045787C |. FF50 6C call dword ptr [eax+6C] 0045787F |> 5E pop esi 00457880 \. C2 0400 retn 4 ******************************************************************* 4132f0: 004132F0 /$ 55 push ebp 004132F1 |. 8BEC mov ebp, esp 004132F3 |. 83EC 08 sub esp, 8 004132F6 |. E8 7A950300 call 0044C875 004132FB |. 85C0 test eax, eax 004132FD |. 74 18 je short 00413317 004132FF |. E8 71950300 call 0044C875 00413304 |. 8945 FC mov dword ptr [ebp-4], eax 00413307 |. 8B45 FC mov eax, dword ptr [ebp-4] 0041330A |. 8B10 mov edx, dword ptr [eax] 0041330C |. 8B4D FC mov ecx, dword ptr [ebp-4] 0041330F |. FF52 7C call dword ptr [edx+7C] 00413312 |. 8945 F8 mov dword ptr [ebp-8], eax 00413315 |. EB 07 jmp short 0041331E 00413317 |> C745 F8 00000>mov dword ptr [ebp-8], 0 0041331E |> 8B45 F8 mov eax, dword ptr [ebp-8] 00413321 |. 8BE5 mov esp, ebp 00413323 |. 5D pop ebp 00413324 \. C3 retn ***************************************************************** 44c875: 0044C875 /$ E8 BD950100 call 00465E37 0044C87A |. 8B40 04 mov eax, dword ptr [eax+4] 0044C87D |. 85C0 test eax, eax 0044C87F |. 75 08 jnz short 0044C889 0044C881 |. E8 8B950100 call 00465E11 0044C886 |. 8B40 04 mov eax, dword ptr [eax+4] 0044C889 \> C3 retn ******************************************************************* 465e37: 00465E37 /$ E8 D5FFFFFF call 00465E11 00465E3C |. 05 70100000 add eax, 1070 00465E41 |. 68 19614300 push 00436119 00465E46 |. 8BC8 mov ecx, eax 00465E48 |. E8 6E120000 call 004670BB 00465E4D \. C3 retn ************************************************************************ 465e11: 00465E11 /$ 68 4D614300 push 0043614D 00465E16 |. B9 C0BB4800 mov ecx, 0048BBC0 00465E1B |. E8 9B120000 call 004670BB 00465E20 |. 8B40 04 mov eax, dword ptr [eax+4] 00465E23 |. 85C0 test eax, eax 00465E25 |. 75 0F jnz short 00465E36 00465E27 |. 68 AF5D4600 push 00465DAF 00465E2C |. B9 C4BB4800 mov ecx, 0048BBC4 00465E31 |. E8 47130000 call 0046717D 00465E36 \> C3 retn ********************************************************** 4670bb: 004670BB /$ 56 push esi 004670BC |. 57 push edi 004670BD |. 8BF9 mov edi, ecx 004670BF |. 833F 00 cmp dword ptr [edi], 0 004670C2 |. 75 2D jnz short 004670F1 004670C4 |. 8B0D 40BF4800 mov ecx, dword ptr [48BF40] ; BBCLI.0048BF48 004670CA |. 85C9 test ecx, ecx 004670CC |. 75 1C jnz short 004670EA 004670CE |. B9 48BF4800 mov ecx, 0048BF48 004670D3 |. 8BC1 mov eax, ecx 004670D5 |. 85C0 test eax, eax 004670D7 |. 74 09 je short 004670E2 004670D9 |. E8 5BFCFFFF call 00466D39 004670DE |. 8BC8 mov ecx, eax 004670E0 |. EB 02 jmp short 004670E4 004670E2 |> 33C9 xor ecx, ecx 004670E4 |> 890D 40BF4800 mov dword ptr [48BF40], ecx 004670EA |> E8 8CFCFFFF call 00466D7B 004670EF |. 8907 mov dword ptr [edi], eax 004670F1 |> A1 40BF4800 mov eax, dword ptr [48BF40] 004670F6 |. 8B37 mov esi, dword ptr [edi] 004670F8 |. FF30 push dword ptr [eax] ; /TlsIndex 004670FA |. FF15 94F94800 call dword ptr [<&KERNEL32.TlsGetValue>] ; \TlsGetValue 00467100 |. 85C0 test eax, eax 00467102 |. 74 0D je short 00467111 00467104 |. 3B70 08 cmp esi, dword ptr [eax+8] 00467107 |. 7D 08 jge short 00467111 00467109 |. 8B40 0C mov eax, dword ptr [eax+C] 0046710C |. 8B34B0 mov esi, dword ptr [eax+esi*4] 0046710F |. EB 02 jmp short 00467113 00467111 |> 33F6 xor esi, esi 00467113 |> 85F6 test esi, esi 00467115 |. 75 14 jnz short 0046712B 00467117 |. FF5424 0C call dword ptr [esp+C] 0046711B |. 8B0D 40BF4800 mov ecx, dword ptr [48BF40] ; BBCLI.0048BF48 00467121 |. 8BF0 mov esi, eax 00467123 |. 56 push esi 00467124 |. FF37 push dword ptr [edi] 00467126 |. E8 BFFDFFFF call 00466EEA 0046712B |> 8BC6 mov eax, esi 0046712D |. 5F pop edi 0046712E |. 5E pop esi 0046712F \. C2 0400 retn 4 *********************************************************************** |
|
请问win32汇编如何一次添加多个子键?[求助]
那你用啥??? |
|
[求助]小弟急求计算器汇编设计源代码!
不会有人给你的,呵呵 |
|
判断一个文件是否存在用什么API函数?
FileExists |
|
|
|
巧改ShowMessage的提示标题
procedure TForm1.Button1Click(Sender: TObject); begin if DllHandle <> 0 then begin EnabledKey := GetProcAddress(DllHandle, 'EnabledKey'); if @EnabledKey <> nil then begin if EnabledKey(DllFileName) then messagebox(0,'成功屏蔽','友情提示',mb_ok); end; end; end; |
|
巧改ShowMessage的提示标题
呵呵,可以用MESSAGEBOX吗,标准的API函数呢 |
|
可不可以把两个exe文件合并为一个文件?
我给你一个把EXE当作资源文件绑到主EXE中的例子吧: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX {$R app.res} /////////////////////////////////////////////////////////////// //释放EXE资源文件 function ExtractRes(ResType, ResName, ResNewName: string): boolean; var Res: TResourceStream; begin try Res := TResourceStream.Create(Hinstance, Resname, Pchar(ResType)); try Res.SavetoFile(ResNewName); Result := true; finally Res.Free; end; except Result := false; end; end; 下面我们来研究一下上面的{$R app.res} 制作过程如下 先制作一个文本文件 内容如下: app exefile HijackThis.exe 这里的APP是资源名,可以随便起 EXEFILE是资源类型,应该是固定的,不很清楚 后面跟的是待绑文件名 然后存为*.RC文件(似乎存为其他文件都可以,诸如.TXT也行) 然后利用BORLAND提供的BRCC32.EXE把上面这个RC文件编译成RES文件 至于释放过程就很简单了,调用上面的过程 如下 procedure TForm1.XPDOS1Click(Sender: TObject); begin ExtractRes('exefile','app','tmp.exe');//这里的APP要同刚才制作的文本里的APP同(资源名相同) end; |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值