能力值:
( LV2,RANK:10 )
|
-
-
2 楼
原程序反汇编后如下:
.text:08198CEC
.text:08198CEC ; =============== S U B R O U T I N E =======================================
.text:08198CEC
.text:08198CEC ; Attributes: bp-based frame
.text:08198CEC
.text:08198CEC public Tcl_ExitObjCmd
.text:08198CEC Tcl_ExitObjCmd proc near
.text:08198CEC
.text:08198CEC status = dword ptr -0Ch
.text:08198CEC arg_4 = dword ptr 0Ch
.text:08198CEC arg_8 = dword ptr 10h
.text:08198CEC arg_C = dword ptr 14h
.text:08198CEC
.text:08198CEC push ebp
.text:08198CED mov ebp, esp
.text:08198CEF push esi
.text:08198CF0 push ebx
.text:08198CF1 sub esp, 10h
.text:08198CF4 call $+5
.text:08198CF9 pop ebx
.text:08198CFA add ebx, 2CBB2Bh
.text:08198D00 mov esi, [ebp+arg_4]
.text:08198D03 mov edx, [ebp+arg_8]
.text:08198D06 mov ecx, [ebp+arg_C]
.text:08198D09 lea eax, [edx-1]
.text:08198D0C cmp eax, 1
.text:08198D0F jbe short loc_8198D28
.text:08198D11 lea eax, (a?returncode? - 8464824h)[ebx] ; "?returnCode?"
.text:08198D17 push eax
.text:08198D18 push ecx
.text:08198D19 push 1
.text:08198D1B push esi
.text:08198D1C call Tcl_WrongNumArgs
.text:08198D21 mov eax, 1
.text:08198D26 jmp short loc_8198D68
.text:08198D28 ; ---------------------------------------------------------------------------
.text:08198D28
.text:08198D28 loc_8198D28: ; CODE XREF: Tcl_ExitObjCmd+23j
.text:08198D28 cmp edx, 1
.text:08198D2B jnz short loc_8198D38
.text:08198D2D mov [ebp+status], 0
.text:08198D34 jmp short loc_8198D58
.text:08198D34 ; ---------------------------------------------------------------------------
.text:08198D36 align 4
.text:08198D38
.text:08198D38 loc_8198D38: ; CODE XREF: Tcl_ExitObjCmd+3Fj
.text:08198D38 sub esp, 4
.text:08198D3B lea eax, [ebp+status]
.text:08198D3E push eax
.text:08198D3F push dword ptr [ecx+4]
.text:08198D42 push esi
.text:08198D43 call Tcl_GetIntFromObj
.text:08198D48 add esp, 10h
.text:08198D4B test eax, eax
.text:08198D4D jz short loc_8198D58
.text:08198D4F mov eax, 1
.text:08198D54 jmp short loc_8198D68
.text:08198D54 ; ---------------------------------------------------------------------------
.text:08198D56 align 4
.text:08198D58
.text:08198D58 loc_8198D58: ; CODE XREF: Tcl_ExitObjCmd+48j
.text:08198D58 ; Tcl_ExitObjCmd+61j
.text:08198D58 sub esp, 0Ch
.text:08198D5B push [ebp+status] ; status
.text:08198D5E call Tcl_Exit
.text:08198D5E ; ---------------------------------------------------------------------------
.text:08198D63 db 0B8h ; ?
.text:08198D64 db 0
.text:08198D65 db 0
.text:08198D66 db 0
.text:08198D67 db 0
.text:08198D68 ; ---------------------------------------------------------------------------
.text:08198D68
.text:08198D68 loc_8198D68: ; CODE XREF: Tcl_ExitObjCmd+3Aj
.text:08198D68 ; Tcl_ExitObjCmd+68j
.text:08198D68 lea esp, [ebp-8]
.text:08198D6B pop ebx
.text:08198D6C pop esi
.text:08198D6D pop ebp
.text:08198D6E retn
.text:08198D6E Tcl_ExitObjCmd endp
发现程序是从这个函数中的:.text:08198D5E call Tcl_Exit
退出的,但就是找不到是哪个调用这个函数的,如何处理!
|
能力值:
( LV7,RANK:110 )
|
-
-
3 楼
程序很大么,发上来看看
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
不算太大,请看看! 主要是帮不到字符串参考!
这是linux下的程序,不过也可以用IDAwin来看了!
|
能力值:
( LV2,RANK:10 )
|
-
-
5 楼
各位大侠,可上手看看,本人刚从武当仙山回来也无济于事,看来仙山没有带给我什么好东东!
|
能力值:
( LV2,RANK:10 )
|
-
-
6 楼
搞了一天,还是最终没搞定,只好用命令行了!
|
|
|