能力值:
( LV2,RANK:10 )
|
-
-
2 楼
我觉得非常难以区分哪些call应该看进去哪些不用看,经常有下面这条指令:
call __EH_prolog3
跳到函数所在处,函数是:
text:007A87C5 __EH_prolog3 proc near ; CODE XREF: sub_401000+7p
.text:007A87C5 ; .text:00401083p ...
.text:007A87C5
.text:007A87C5 arg_0 = byte ptr 4
.text:007A87C5
.text:007A87C5 push eax
.text:007A87C6 push large dword ptr fs:0
.text:007A87CD lea eax, [esp+8+arg_0]
.text:007A87D1 sub esp, [esp+0Ch]
.text:007A87D5 push ebx
.text:007A87D6 push esi
.text:007A87D7 push edi
.text:007A87D8 mov [eax], ebp
.text:007A87DA mov ebp, eax
.text:007A87DC mov eax, dword_A489D0
.text:007A87E1 xor eax, ebp
.text:007A87E3 push eax
.text:007A87E4 push dword ptr [ebp-4]
.text:007A87E7 mov dword ptr [ebp-4], 0FFFFFFFFh
.text:007A87EE lea eax, [ebp-0Ch]
.text:007A87F1 mov large fs:0, eax
.text:007A87F7 retn
按F5键翻译成C语言:
int *__usercall _EH_prolog3<eax>(int a1<ebp>, char a2)
{
signed int r; // [sp+0h] [bp+0h]@1
int v4; // [sp-8h] [bp-8h]@1
*(_DWORD *)&a2 = a1;
r = -1;
return &v4;
}
看不明白做了些什么事情,似乎翻译的C语言很难看懂,困惑啊
|
|
|