用汇编语言调用SERVER2000存储过程usp_Save_Char_Info_E(传入31个参数,返因一个INT型值),现已经找到004232CD |. 51 PUSH ECX这个地方的ECX是传入的第26个参数,但我不知道这个ECX的值是从哪里取的,本人才学汇编的菜鸟一个,请好心的高手帮忙看看。在此谢过了。
注:已将完整的文件上传,如果我没有拷贝到的代码请下载文件看
0042321E |. 51 PUSH ECX
0042321F |. 68 C8894600 PUSH ps_dbAge.004689C8 ; ASCII "SaveCharacter db alloc failed %d %s"
00423224 |. 68 80094700 PUSH ps_dbAge.00470980
00423229 |. E8 52FB0000 CALL ps_dbAge.00432D80
0042322E |. 83C4 10 ADD ESP,10
00423231 |. 80BC24 382200>CMP BYTE PTR SS:[ESP+2238],0
00423239 |. 74 1C JE SHORT ps_dbAge.00423257
0042323B |. 8BC5 MOV EAX,EBP
0042323D |. E8 4E62FEFF CALL ps_dbAge.00409490
00423242 |. 55 PUSH EBP
00423243 |. B9 880A4700 MOV ECX,ps_dbAge.00470A88
00423248 |. E8 931A0000 CALL ps_dbAge.00424CE0
0042324D |. 83C4 04 ADD ESP,4
00423250 |. 8BC5 MOV EAX,EBP
00423252 |. E8 9962FEFF CALL ps_dbAge.004094F0
00423257 |> 5E POP ESI
00423258 |. 33C0 XOR EAX,EAX
0042325A |. 5D POP EBP
0042325B |. 8B8C24 202200>MOV ECX,DWORD PTR SS:[ESP+2220]
00423262 |. 33CC XOR ECX,ESP
00423264 |. E8 5A1B0200 CALL ps_dbAge.00444DC3
00423269 |. 81C4 24220000 ADD ESP,2224
0042326F |. C3 RETN
00423270 |> 53 PUSH EBX
00423271 |. 57 PUSH EDI
00423272 |. FF15 DC004600 CALL DWORD PTR DS:[<&KERNEL32.GetTickCou>; [GetTickCount
00423278 |. 8BC5 MOV EAX,EBP
0042327A |. C74424 14 010>MOV DWORD PTR SS:[ESP+14],1
00423282 |. E8 0962FEFF CALL ps_dbAge.00409490
00423287 |. 8BCE MOV ECX,ESI
00423289 |. E8 A2B40100 CALL ps_dbAge.0043E730
0042328E |. D985 A4000000 FLD DWORD PTR SS:[EBP+A4]
00423294 |. 0FBF95 940000>MOVSX EDX,WORD PTR SS:[EBP+94]
0042329B |. 52 PUSH EDX
0042329C |. 0FBF85 900000>MOVSX EAX,WORD PTR SS:[EBP+90]
004232A3 |. 50 PUSH EAX
004232A4 |. 8B8D 8C000000 MOV ECX,DWORD PTR SS:[EBP+8C]
004232AA |. 51 PUSH ECX
004232AB |. 8B95 88000000 MOV EDX,DWORD PTR SS:[EBP+88]
004232B1 |. 52 PUSH EDX
004232B2 |. 8B85 84000000 MOV EAX,DWORD PTR SS:[EBP+84]
004232B8 |. 50 PUSH EAX
004232B9 |. 8B8D 80000000 MOV ECX,DWORD PTR SS:[EBP+80]
004232BF |. 0FB695 AE0000>MOVZX EDX,BYTE PTR SS:[EBP+AE]
004232C6 |. 0FB685 AD0000>MOVZX EAX,BYTE PTR SS:[EBP+AD]
004232CD |. 51 PUSH ECX
004232CE |. 0FB68D AC0000>MOVZX ECX,BYTE PTR SS:[EBP+AC]
004232D5 |. 52 PUSH EDX
004232D6 |. 0FBF95 AA0000>MOVSX EDX,WORD PTR SS:[EBP+AA]
004232DD |. 50 PUSH EAX
004232DE |. 0FB785 A80000>MOVZX EAX,WORD PTR SS:[EBP+A8]
004232E5 |. 51 PUSH ECX
004232E6 |. 52 PUSH EDX
004232E7 |. 50 PUSH EAX
004232E8 |. 8B4D 78 MOV ECX,DWORD PTR SS:[EBP+78]
004232EB |. 8B55 74 MOV EDX,DWORD PTR SS:[EBP+74]
004232EE |. 0FBF85 9A0000>MOVSX EAX,WORD PTR SS:[EBP+9A]
004232F5 |. 83EC 18 SUB ESP,18
004232F8 |. DD5C24 10 FSTP QWORD PTR SS:[ESP+10]
004232FC |. D985 A0000000 FLD DWORD PTR SS:[EBP+A0]
00423302 |. DD5C24 08 FSTP QWORD PTR SS:[ESP+8]
00423306 |. D985 9C000000 FLD DWORD PTR SS:[EBP+9C]
0042330C |. DD1C24 FSTP QWORD PTR SS:[ESP]
0042330F |. 51 PUSH ECX
00423310 |. 0FBF8D 980000>MOVSX ECX,WORD PTR SS:[EBP+98]
00423317 |. 52 PUSH EDX
00423318 |. 0FBF95 C00000>MOVSX EDX,WORD PTR SS:[EBP+C0]
0042331F |. 50 PUSH EAX
00423320 |. 0FBF85 BE0000>MOVSX EAX,WORD PTR SS:[EBP+BE]
00423327 |. 51 PUSH ECX
00423328 |. 0FBF8D BC0000>MOVSX ECX,WORD PTR SS:[EBP+BC]
0042332F |. 52 PUSH EDX
00423330 |. 0FBF95 BA0000>MOVSX EDX,WORD PTR SS:[EBP+BA]
00423337 |. 50 PUSH EAX
00423338 |. 0FBF85 B60000>MOVSX EAX,WORD PTR SS:[EBP+B6]
0042333F |. 51 PUSH ECX
00423340 |. 0FBF8D B40000>MOVSX ECX,WORD PTR SS:[EBP+B4]
00423347 |. 52 PUSH EDX
00423348 |. 0FBF95 B80000>MOVSX EDX,WORD PTR SS:[EBP+B8]
0042334F |. 50 PUSH EAX
00423350 |. 0FBF85 B20000>MOVSX EAX,WORD PTR SS:[EBP+B2]
00423357 |. 51 PUSH ECX
00423358 |. 0FBF8D B00000>MOVSX ECX,WORD PTR SS:[EBP+B0]
0042335F |. 52 PUSH EDX
00423360 |. 0FBF55 72 MOVSX EDX,WORD PTR SS:[EBP+72]
00423364 |. 50 PUSH EAX
00423365 |. 0FBF45 70 MOVSX EAX,WORD PTR SS:[EBP+70]
00423369 |. 51 PUSH ECX
0042336A |. 0FB74D 6E MOVZX ECX,WORD PTR SS:[EBP+6E]
0042336E |. 52 PUSH EDX
0042336F |. 8B55 60 MOV EDX,DWORD PTR SS:[EBP+60]
00423372 |. 50 PUSH EAX
00423373 |. 51 PUSH ECX
00423374 |. 52 PUSH EDX
00423375 |. 8D8424 B80200>LEA EAX,DWORD PTR SS:[ESP+2B8]
0042337C |. 68 40894600 PUSH ps_dbAge.00468940 ; ASCII "{?=call usp_Save_Char_Info_E(%d,%d, %d,%d, %d,%d,%d,%d,%d,%d, %d,%d,%d, %d,%d, %d,%d, %f,%f,%f, %d,%d,%d,%d,%d, %d,%d,%d,%d, %u,%u)}"
00423381 |. 50 PUSH EAX
00423382 |. E8 F8100200 CALL ps_dbAge.0044447F
00423387 |. 81C4 90000000 ADD ESP,90
0042338D |. 6A 04 PUSH 4
0042338F |. 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+1C]
00423393 |. 51 PUSH ECX
00423394 |. 8D5424 1C LEA EDX,DWORD PTR SS:[ESP+1C]
00423398 |. 52 PUSH EDX
00423399 |. 6A 04 PUSH 4
0042339B |. 6A F0 PUSH -10
0042339D |. 6A 04 PUSH 4
0042339F |. 6A 01 PUSH 1
004233A1 |. 8BCE MOV ECX,ESI
004233A3 |. E8 68C00100 CALL ps_dbAge.0043F410
004233A8 |. 66:85C0 TEST AX,AX
004233AB |. 0F85 D6140000 JNZ ps_dbAge.00424887
004233B1 |. 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+10]
004233B5 |. 8D8424 300200>LEA EAX,DWORD PTR SS:[ESP+230]
004233BC |. 50 PUSH EAX
004233BD |. E8 8EBF0100 CALL ps_dbAge.0043F350
004233C2 |. 66:85C0 TEST AX,AX
004233C5 |. 0F85 BC140000 JNZ ps_dbAge.00424887
004233CB |. 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+10]
004233CF |. E8 FCBF0100 CALL ps_dbAge.0043F3D0
004233D4 |. 66:85C0 TEST AX,AX
004233D7 |. 0F85 AA140000 JNZ ps_dbAge.00424887
[课程]FART 脱壳王!加量不加价!FART作者讲授!
