|
[原创]实用软件-详细注释的源代码
哈,不错。 |
|
[分享]使用softice调试vc写的应用程序
用softice调试一般驱动程序的步骤, 1、用symbol loader装载*.sys驱动文件 2、module->setting: translation:选中symbols and source code加载symbol和源代码 并选中package source with symbol table 3、执行symbal loader中module菜单下的“translate” 4、执行symbal loader中module菜单下的“load” 5、ctrl-d打开softice,设置断点 6、打开driverstudio中的drivermoniter工具 7、用drivermoniter打开*.sys驱动文件 8、在dirvermoniter中点击go按钮,运行驱动 9、然后softice会在断点处弹出来 |
|
[已解决]这段代码会造成内存泄露?
楼上说的很对 |
|
[原创]double类型数据存储结构
不错,帮顶 |
|
[分享]一点点小成就
public start start proc near push 0 ; lpModuleName call GetModuleHandleA mov hInstance, eax push 0 ; dwInitParam push offset DialogFunc ; lpDialogFunc push 0 ; hWndParent push 64h ; lpTemplateName push hInstance ; hInstance call DialogBoxParamA push 0 ; uExitCode call ExitProcess start endp DialogFunc proc near ; DATA XREF: start+Eo .text:00401394 .text:00401394 String = byte ptr -108h .text:00401394 ThreadId = dword ptr -4 .text:00401394 hDlg = dword ptr 8 .text:00401394 arg_4 = dword ptr 0Ch .text:00401394 arg_8 = dword ptr 10h .text:00401394 .text:00401394 push ebp .text:00401395 mov ebp, esp .text:00401397 add esp, 0FFFFFDECh .text:0040139D push ebx .text:0040139E push edi .text:0040139F push esi .text:004013A0 mov eax, [ebp+arg_4] .text:004013A3 cmp eax, 10h .text:004013A6 jnz short loc_4013C4 .text:004013A8 test byte_403114, 1 .text:004013AF jnz loc_4014D3 .text:004013B5 push 0 ; nResult .text:004013B7 push [ebp+hDlg] ; hDlg .text:004013BA call EndDialog .text:004013BF jmp loc_4014D3 .text:004013C4 ; --------------------------------------------------------------------------- .text:004013C4 .text:004013C4 loc_4013C4: ; CODE XREF: DialogFunc+12j .text:004013C4 cmp eax, 110h .text:004013C9 jnz short loc_40140F .text:004013CB push [ebp+hDlg] .text:004013CE pop hDlg .text:004013D4 push 3E8h ; lpIconName .text:004013D9 push hInstance ; hInstance .text:004013DF call LoadIconA .text:004013E4 push eax ; lParam .text:004013E5 push 1 ; wParam .text:004013E7 push 80h ; Msg .text:004013EC push [ebp+hDlg] ; hWnd .text:004013EF call SendMessageA .text:004013F4 push 0 ; lParam .text:004013F6 push 104h ; wParam .text:004013FB push 0C5h ; Msg .text:00401400 push 65h ; nIDDlgItem .text:00401402 push [ebp+hDlg] ; hDlg .text:00401405 call SendDlgItemMessageA .text:0040140A jmp loc_4014D3 .text:0040140F ; --------------------------------------------------------------------------- .text:0040140F .text:0040140F loc_40140F: ; CODE XREF: DialogFunc+35j .text:0040140F cmp eax, 111h .text:00401414 jnz loc_4014C7 .text:0040141A mov eax, [ebp+arg_8] .text:0040141D cmp ax, 66h .text:00401421 jnz short loc_40144C .text:00401423 push offset pszPath ; pszPath .text:00401428 push [ebp+hDlg] ; int .text:0040142B call sub_401058 .text:00401430 or eax, eax .text:00401432 jz loc_4014D3 .text:00401438 push offset pszPath ; lpString .text:0040143D push 65h ; nIDDlgItem .text:0040143F push [ebp+hDlg] ; hDlg .text:00401442 call SetDlgItemTextA .text:00401447 jmp loc_4014D3 .text:0040144C ; --------------------------------------------------------------------------- .text:0040144C .text:0040144C loc_40144C: ; CODE XREF: DialogFunc+8Dj .text:0040144C cmp ax, 65h .text:00401450 jnz short loc_40147D .text:00401452 push 104h ; cchMax .text:00401457 lea eax, [ebp+String] .text:0040145D push eax ; lpString .text:0040145E push 65h ; nIDDlgItem .text:00401460 push [ebp+hDlg] ; hDlg .text:00401463 call GetDlgItemTextA .text:00401468 mov ebx, eax .text:0040146A push 1 ; nIDDlgItem .text:0040146C push [ebp+hDlg] ; hDlg .text:0040146F call GetDlgItem .text:00401474 push ebx ; bEnable .text:00401475 push eax ; hWnd .text:00401476 call EnableWindow .text:0040147B jmp short loc_4014D3 .text:0040147D ; --------------------------------------------------------------------------- .text:0040147D .text:0040147D loc_40147D: ; CODE XREF: DialogFunc+BCj .text:0040147D cmp ax, 1 .text:00401481 jnz short loc_4014D3 .text:00401483 test byte_403114, 1 .text:0040148A jz short loc_401495 .text:0040148C or byte_403114, 2 .text:00401493 jmp short loc_4014C5 .text:00401495 ; --------------------------------------------------------------------------- .text:00401495 .text:00401495 loc_401495: ; CODE XREF: DialogFunc+F6j .text:00401495 push 104h ; cchMax .text:0040149A push offset pszPath ; lpString .text:0040149F push 65h ; nIDDlgItem .text:004014A1 push [ebp+hDlg] ; hDlg .text:004014A4 call GetDlgItemTextA .text:004014A9 lea eax, [ebp+ThreadId] .text:004014AC push eax ; lpThreadId .text:004014AD push 0 ; dwCreationFlags .text:004014AF push 0 ; lpParameter .text:004014B1 push offset StartAddress ; lpStartAddress .text:004014B6 push 0 ; dwStackSize .text:004014B8 push 0 ; lpThreadAttributes .text:004014BA call CreateThread .text:004014BF push eax ; hObject .text:004014C0 call CloseHandle .text:004014C5 .text:004014C5 loc_4014C5: ; CODE XREF: DialogFunc+FFj .text:004014C5 jmp short loc_4014D3 .text:004014C7 ; --------------------------------------------------------------------------- .text:004014C7 .text:004014C7 loc_4014C7: ; CODE XREF: DialogFunc+80j .text:004014C7 mov eax, 0 .text:004014CC pop esi .text:004014CD pop edi .text:004014CE pop ebx .text:004014CF leave .text:004014D0 retn 10h .text:004014D3 ; --------------------------------------------------------------------------- .text:004014D3 .text:004014D3 loc_4014D3: ; CODE XREF: DialogFunc+1Bj .text:004014D3 ; DialogFunc+2Bj ... .text:004014D3 mov eax, 1 .text:004014D8 pop esi .text:004014D9 pop edi .text:004014DA pop ebx .text:004014DB leave .text:004014DC retn 10h .text:004014DC DialogFunc endp StartAddress proc near ; DATA XREF: DialogFunc+11Do .text:00401268 .text:00401268 String = byte ptr -100h .text:00401268 .text:00401268 push ebp .text:00401269 mov ebp, esp .text:0040126B add esp, 0FFFFFF00h .text:00401271 push ebx .text:00401272 push ecx .text:00401273 push edx .text:00401274 push esi .text:00401275 push edi .text:00401276 and byte_403114, 0FDh .text:0040127D or byte_403114, 1 .text:00401284 push 65h ; nIDDlgItem .text:00401286 push hDlg ; hDlg .text:0040128C call GetDlgItem .text:00401291 push 0 ; bEnable .text:00401293 push eax ; hWnd .text:00401294 call EnableWindow .text:00401299 push 66h ; nIDDlgItem .text:0040129B push hDlg ; hDlg .text:004012A1 call GetDlgItem .text:004012A6 push 0 ; bEnable .text:004012A8 push eax ; hWnd .text:004012A9 call EnableWindow .text:004012AE push offset aGS ; "停止(&S)" .text:004012B3 push 1 ; nIDDlgItem .text:004012B5 push hDlg ; hDlg .text:004012BB call SetDlgItemTextA .text:004012C0 xor eax, eax .text:004012C2 mov dword_403008, eax .text:004012C7 mov dword_40300C, eax .text:004012CC push 0 ; hTemplateFile .text:004012CE push 80h ; dwFlagsAndAttributes .text:004012D3 push 2 ; dwCreationDisposition .text:004012D5 push 0 ; lpSecurityAttributes .text:004012D7 push 1 ; dwShareMode .text:004012D9 push 40000000h ; dwDesiredAccess .text:004012DE push offset FileName ; "c:\\bach.txt" .text:004012E3 call CreateFileA .text:004012E8 mov hFile, eax .text:004012ED push offset pszPath ; lpString2 .text:004012F2 call sub_401154 .text:004012F7 push dword_403008 .text:004012FD push dword_40300C .text:00401303 push offset aD ; "共找到%d? .text:00401308 lea eax, [ebp+String] .text:0040130E push eax ; LPSTR .text:0040130F call wsprintfA .text:00401314 add esp, 10h .text:00401317 lea eax, [ebp+String] .text:0040131D push eax ; lpString .text:0040131E push 67h ; nIDDlgItem .text:00401320 push hDlg ; hDlg .text:00401326 call SetDlgItemTextA .text:0040132B push hFile ; hObject .text:00401331 call CloseHandle .text:00401336 push 66h ; nIDDlgItem .text:00401338 push hDlg ; hDlg .text:0040133E call GetDlgItem .text:00401343 push 1 ; bEnable .text:00401345 push eax ; hWnd .text:00401346 call EnableWindow .text:0040134B push 65h ; nIDDlgItem .text:0040134D push hDlg ; hDlg .text:00401353 call GetDlgItem .text:00401358 push 1 ; bEnable .text:0040135A push eax ; hWnd .text:0040135B call EnableWindow .text:00401360 push offset aKS ; "开始(&S)" .text:00401365 push 1 ; nIDDlgItem .text:00401367 push hDlg ; hDlg .text:0040136D call SetDlgItemTextA .text:00401372 push offset pszPath ; lpString .text:00401377 push 65h ; nIDDlgItem .text:00401379 push hDlg ; hDlg .text:0040137F call SetDlgItemTextA .text:00401384 and byte_403114, 0FEh .text:0040138B pop edi .text:0040138C pop esi .text:0040138D pop edx .text:0040138E pop ecx .text:0040138F pop ebx .text:00401390 leave .text:00401391 retn 4 .text:00401391 StartAddress endp |
|
[求助]控制台程序窗口如何取消?
同意四楼的办法 |
|
[已解决]关于ReadProcessMemory的问题
嗯,应该跟你的写文件有关。跟ReadProcessMemory没关系。 |
|
[原创]生成一个关于URLDownloadToFile的shellcode机器码
呵呵,顶顶。 编译时注意去掉/GZ选项。 |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值