[求助] call 6FB5FD10 参数的个数和形式？-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [求助] call 6FB5FD10 参数的个数和形式？ 0.00雪花

发表于: 2010-5-30 14:53 1075

[旧帖] [求助] call 6FB5FD10 参数的个数和形式？ 0.00雪花

liyu

2010-5-30 14:53

1075

6FB5FE10 .  A1 94C3BC6F mov    eax, dword ptr [6FBCC394]
6FB5FE15 .  85C0       test eax, eax                                     ;  Switch (cases 0..8)
6FB5FE17 .  53          push ebx
6FB5FE18 .  C705 9CC3BC6F>mov    dword ptr [6FBCC39C], 0
6FB5FE22 .  75 0F       jnz    short 6FB5FE33
6FB5FE24 .  6A 01       push 1                                           ;  Case 0 of switch 6FB5FE15
6FB5FE26 .  6A 01       push 1
6FB5FE28 .  E8 07D4F5FF call <jmp.&D2Net.#10005>
6FB5FE2D .  6A 00       push 0
6FB5FE2F .  6A 01       push 1
6FB5FE31 .  EB 11       jmp    short 6FB5FE44
6FB5FE33 >  83F8 01    cmp    eax, 1
6FB5FE36 .  75 24       jnz    short 6FB5FE5C
6FB5FE38 .  50          push eax                                           ;  Case 1 of switch 6FB5FE15
6FB5FE39 .  6A 02       push 2
6FB5FE3B .  E8 F4D3F5FF call <jmp.&D2Net.#10005>
6FB5FE40 .  6A 00       push 0
6FB5FE42 .  6A 02       push 2
6FB5FE44 >  E8 D9D3F5FF call <jmp.&D2Net.#10034>
6FB5FE49 .  BB 40FCB56F mov    ebx, 6FB5FC40
6FB5FE4E .  E8 ADCCF8FF call 6FAECB00
6FB5FE53 .  6A 00       push 0
6FB5FE55 .  E8 E0D3F5FF call <jmp.&D2Net.#10012>
6FB5FE5A .  EB 62       jmp    short 6FB5FEBE
6FB5FE5C >  83F8 04    cmp    eax, 4
6FB5FE5F .  75 18       jnz    short 6FB5FE79
6FB5FE61 .  68 2844BA6F push 6FBA4428                                     ;  ASCII "63.241.83.77"; Case 4 of switch 6FB5FE15
6FB5FE66 .  6A 00       push 0
6FB5FE68 .  E8 B5D3F5FF call <jmp.&D2Net.#10034>
6FB5FE6D .  BB 40FCB56F mov    ebx, 6FB5FC40
6FB5FE72 .  E8 89CCF8FF call 6FAECB00
6FB5FE77 .  EB 63       jmp    short 6FB5FEDC
6FB5FE79 >  83F8 06    cmp    eax, 6
6FB5FE7C .  74 13       je    short 6FB5FE91
6FB5FE7E .  83F8 08    cmp    eax, 8
6FB5FE81 .  74 0E       je    short 6FB5FE91
6FB5FE83 .  B8 2043BA6F mov    eax, 6FBA4320                               ;  ASCII "63.241.83.77"; Default case of switch 6FB5FE15
6FB5FE88 .  33C9       xor    ecx, ecx
6FB5FE8A .  E8 81FEFFFF call 6FB5FD10
6FB5FE8F .  EB 4B       jmp    short 6FB5FEDC
6FB5FE91 >  6A 01       push 1                                           ;  Cases 6,8 of switch 6FB5FE15
6FB5FE93 .  6A 00       push 0
6FB5FE95 .  E8 9AD3F5FF call <jmp.&D2Net.#10005>
6FB5FE9A .  6A 08       push 8

其中
6FB5FD0F    CC          int3
6FB5FD10  /$  53          push ebx
6FB5FD11  |.  50          push eax
6FB5FD12  |.  51          push ecx
6FB5FD13  |.  E8 0AD5F5FF call <jmp.&D2Net.#10034>
6FB5FD18  |.  BB 40FCB56F mov    ebx, 6FB5FC40
6FB5FD1D  |.  E8 DECDF8FF call 6FAECB00
6FB5FD22  |.  B8 01000000 mov    eax, 1
6FB5FD27  |.  5B          pop    ebx
6FB5FD28  \.  C3          retn

有没有相关的例子可以借鉴分析的介绍一下，谢谢。

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入！

收藏・0

免费・0

支持