-
-
[求助]使用int 2e 进行防跟踪的困惑???
-
发表于: 2010-11-26 14:49
-
原始反汇编代码:
00401135 . 0FC6F4 90 shufps xmm6, xmm4, 90
00401139 . B8 CD2EEB07 mov eax, 7EB2ECD
0040113E . 2D C42EEB08 sub eax, 8EB2EC4
00401143 .^ EB F5 jmp short 0040113A
00401145 > 52 push edx
00401146 . 91 xchg eax, ecx
00401147 . 0FC9 bswap ecx
00401149 . C1E1 04 shl ecx, 4
0040114C . 8B00 mov eax, dword ptr [eax]
0040114E . 2B4424 04 sub eax, dword ptr [esp+4]
00401152 . 03C8 add ecx, eax
单步执行到0040113A:
0040113A ? CD 2E int 2E
0040113C ? EB 07 jmp short 00401145
0040113E . 2D C42EEB08 sub eax, 8EB2EC4
00401143 .^ EB F5 jmp short 0040113A
00401145 > 52 push edx ---> 单步跟踪时edx = 0xFFFFFFFF, 在401147处设断点,按F9执行时,入栈的是0x401143,???
00401146 . 91 xchg eax, ecx
00401147 . 0FC9 bswap ecx
00401149 . C1E1 04 shl ecx, 4
0040114C . 8B00 mov eax, dword ptr [eax]
00401135 . 0FC6F4 90 shufps xmm6, xmm4, 90
00401139 . B8 CD2EEB07 mov eax, 7EB2ECD
0040113E . 2D C42EEB08 sub eax, 8EB2EC4
00401143 .^ EB F5 jmp short 0040113A
00401145 > 52 push edx
00401146 . 91 xchg eax, ecx
00401147 . 0FC9 bswap ecx
00401149 . C1E1 04 shl ecx, 4
0040114C . 8B00 mov eax, dword ptr [eax]
0040114E . 2B4424 04 sub eax, dword ptr [esp+4]
00401152 . 03C8 add ecx, eax
单步执行到0040113A:
0040113A ? CD 2E int 2E
0040113C ? EB 07 jmp short 00401145
0040113E . 2D C42EEB08 sub eax, 8EB2EC4
00401143 .^ EB F5 jmp short 0040113A
00401145 > 52 push edx ---> 单步跟踪时edx = 0xFFFFFFFF, 在401147处设断点,按F9执行时,入栈的是0x401143,???
00401146 . 91 xchg eax, ecx
00401147 . 0FC9 bswap ecx
00401149 . C1E1 04 shl ecx, 4
0040114C . 8B00 mov eax, dword ptr [eax]
[招生]系统0day安全班,企业级设备固件漏洞挖掘,Linux平台漏洞挖掘!
