-
-
[旧帖]
[求助]请点评一下这两个代码,谢谢
0.00雪花
-
发表于:
2010-6-22 15:39
1370
-
[旧帖] [求助]请点评一下这两个代码,谢谢
0.00雪花
程序的功能是在自身的导入表中搜索 ExitProcess函数。然后调用它。
我写了两个代码,不知道哪个好一点。最好能说一下为什么,谢谢
.386
.model flat,stdcall
option casemap:none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include windows.inc
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.data
szText db 'szText',0
szCaption db 'szCaption',0
hModule dd ?
hFristOrg dd ?
_isize dd ?
_MessageBox db 'ExitProcess',0
hFrist dd ?
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
_dingwei proc
invoke GetModuleHandle,NULL
mov hModule,eax
.if eax
mov esi,eax
assume esi:ptr IMAGE_DOS_HEADER
.if [esi].e_magic == IMAGE_DOS_SIGNATURE
add esi,[esi].e_lfanew
assume esi:ptr IMAGE_NT_HEADERS
.if [esi].Signature==IMAGE_NT_SIGNATURE
mov ebx,[esi].OptionalHeader.DataDirectory[8].isize
add ebx,eax
mov _isize,ebx
mov esi,[esi].OptionalHeader.DataDirectory[8].VirtualAddress
.if esi
add esi,eax
assume esi:ptr IMAGE_IMPORT_DESCRIPTOR
mov ebx,[esi].FirstThunk
add ebx,eax
mov hFrist,ebx
mov ebx ,[esi].OriginalFirstThunk
add ebx,eax
mov hFristOrg,ebx
mov eax,0
.while _isize>0
.if dword ptr[ebx]!=0
mov edx,[ebx]
add edx,hModule
assume edx:ptr IMAGE_IMPORT_BY_NAME
cld
lea esi,[edx].Name1
lea edi,offset _MessageBox
mov ecx,11
repe cmpsb
je _ok
.endif
add ebx,4
add eax,1
.endw
_ok:
sal eax,2
add eax,hFrist
push 0
call dword ptr[eax]
.endif
.endif
.endif
.endif
ret
_dingwei endp
start:
call _dingwei
invoke MessageBox,NULL,addr szText,addr szCaption,MB_OK
invoke ExitProcess,0
end start
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.386
.model flat,stdcall
option casemap:none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include windows.inc
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.data
szText db 'szText',0
szCaption db 'szCaption',0
szDll db 'kernel32.dll',0
hModule dd ?
hFirstOrg dd ?
_isize dd ?
_MessageBox db 'ExitProcess',0
hFirst dd ?
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
_dingwei proc
invoke GetModuleHandle,NULL
mov hModule,eax
.if eax
mov esi,eax
assume esi:ptr IMAGE_DOS_HEADER
.if [esi].e_magic == IMAGE_DOS_SIGNATURE
add esi,[esi].e_lfanew
assume esi:ptr IMAGE_NT_HEADERS
.if [esi].Signature==IMAGE_NT_SIGNATURE
mov ebx,[esi].OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT * sizeof IMAGE_DATA_DIRECTORY].isize
add ebx,eax
mov _isize,ebx
mov esi,[esi].OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT * sizeof IMAGE_DATA_DIRECTORY].VirtualAddress
.if esi
add esi,eax
finddll:
assume esi:ptr IMAGE_IMPORT_DESCRIPTOR
mov edi,[esi].Name1
add edi,hModule
invoke lstrcmp,edi,addr szDll
.if eax !=0
add esi,14h
jmp finddll
.endif
mov eax,hModule
mov ebx,[esi].FirstThunk
add ebx,eax
mov hFirst,ebx
mov ebx ,[esi].OriginalFirstThunk
add ebx,eax
mov hFirstOrg,ebx
mov eax,0
findapi:
mov edx,[ebx]
add edx,hModule
assume edx:ptr IMAGE_IMPORT_BY_NAME
cld
lea esi,[edx].Name1
lea edi,offset _MessageBox
mov ecx,11
repe cmpsb
je _ok
inc eax
add ebx,4
jmp findapi
_ok:
sal eax,2
add eax,hFirst
push 0
call dword ptr[eax]
.endif
.endif
.endif
.endif
ret
_dingwei endp
start:
call _dingwei
invoke MessageBox,NULL,addr szText,addr szCaption,MB_OK ;上面的函数调用ExitProecess退出了,这句不会执行到
invoke ExitProcess,0
end start
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
