看windows高级调试时有个问题一直没想清楚,下面是5.2.2节的那个程序发生异常后,用windbg查看 eip
0:000> u eip
002c63d1 006100 add byte ptr
[ecx],ah //ah=0
002c63d4 6c ins byte ptr es:[edi],dx
002c63d5 007500 add byte ptr [ebp],dh
002c63d8 650032 add byte ptr gs:[edx],dh
002c63db 0000 add byte ptr [eax],al
002c63dd 00adba0df0ad add byte ptr [ebp-520FF246h],ch
002c63e3 ba0df0adba mov edx,0BAADF00Dh
002c63e8 0df0adba0d or eax,0DBAADF0h
0:000> recx
ecx=
7c802413
0:000> u 7c802413
kernel32!SleepEx+0x8a:
7c802413 c20800
ret 8
7c802416 8975d8 mov dword ptr [ebp-28h],esi
7c802419 c745dc00000080 mov dword ptr [ebp-24h],80000000h
7c802420 8d45d8 lea eax,[ebp-28h]
7c802423 8945e4 mov dword ptr [ebp-1Ch],eax
7c802426 ebbd jmp kernel32!SleepEx+0x55 (7c8023e5)
7c802428 3d01010000 cmp eax,101h
7c80242d 75ca jne kernel32!SleepEx+0x70 (7c8023f9)
按书上的意思这里跳到了7c802413执行了ret导致指令指针指向了无效代码,
这里add指令怎么成了跳转指令了,求解啊?
[课程]FART 脱壳王!加量不加价!FART作者讲授!