00DE3CF1处的jle是判断的那一句的条件跳转的呀,小弟不才,请多多指教了。
00DE39D8 55 push ebp
00DE39D9 8BEC mov ebp, esp
00DE39DB 83EC 30 sub esp, 30
00DE39DE 897D F0 mov dword ptr [ebp-10], edi
00DE39E1 68 E8C5E601 push mainapp.01E6C5E8
00DE39E6 B8 20000000 mov eax, 20
00DE39EB 68 ECC5E601 push mainapp.01E6C5EC
00DE39F0 68 F0C5E601 push mainapp.01E6C5F0
00DE39F5 A2 20C67002 mov byte ptr [270C620], al
00DE39FA A2 21C67002 mov byte ptr [270C621], al
00DE39FF 33D2 xor edx, edx
00DE3A01 A2 22C67002 mov byte ptr [270C622], al
00DE3A06 A2 23C67002 mov byte ptr [270C623], al
00DE3A0B A2 24C67002 mov byte ptr [270C624], al
00DE3A10 A2 25C67002 mov byte ptr [270C625], al
00DE3A15 A2 26C67002 mov byte ptr [270C626], al
00DE3A1A A2 27C67002 mov byte ptr [270C627], al
00DE3A1F A2 28C67002 mov byte ptr [270C628], al
00DE3A24 A2 29C67002 mov byte ptr [270C629], al
00DE3A29 A2 2AC67002 mov byte ptr [270C62A], al
00DE3A2E A2 2BC67002 mov byte ptr [270C62B], al
00DE3A33 A2 2CC67002 mov byte ptr [270C62C], al
00DE3A38 A2 2DC67002 mov byte ptr [270C62D], al
00DE3A3D A2 2EC67002 mov byte ptr [270C62E], al
00DE3A42 A2 2FC67002 mov byte ptr [270C62F], al
00DE3A47 8915 30C67002 mov dword ptr [270C630], edx
00DE3A4D A2 04CA7002 mov byte ptr [270CA04], al
00DE3A52 A2 05CA7002 mov byte ptr [270CA05], al
00DE3A57 A2 06CA7002 mov byte ptr [270CA06], al
00DE3A5C A2 07CA7002 mov byte ptr [270CA07], al
00DE3A61 A2 08CA7002 mov byte ptr [270CA08], al
00DE3A66 A2 09CA7002 mov byte ptr [270CA09], al
00DE3A6B A2 0ACA7002 mov byte ptr [270CA0A], al
00DE3A70 A2 0BCA7002 mov byte ptr [270CA0B], al
00DE3A75 A2 0CCA7002 mov byte ptr [270CA0C], al
00DE3A7A A2 0DCA7002 mov byte ptr [270CA0D], al
00DE3A7F A2 0ECA7002 mov byte ptr [270CA0E], al
00DE3A84 A2 0FCA7002 mov byte ptr [270CA0F], al
00DE3A89 A2 10CA7002 mov byte ptr [270CA10], al
00DE3A8E A2 11CA7002 mov byte ptr [270CA11], al
00DE3A93 A2 12CA7002 mov byte ptr [270CA12], al
00DE3A98 A2 13CA7002 mov byte ptr [270CA13], al
00DE3A9D 8915 14CA7002 mov dword ptr [270CA14], edx
00DE3AA3 A2 74CA7002 mov byte ptr [270CA74], al
00DE3AA8 A2 75CA7002 mov byte ptr [270CA75], al
00DE3AAD A2 76CA7002 mov byte ptr [270CA76], al
00DE3AB2 A2 77CA7002 mov byte ptr [270CA77], al
00DE3AB7 A2 78CA7002 mov byte ptr [270CA78], al
00DE3ABC A2 79CA7002 mov byte ptr [270CA79], al
00DE3AC1 A2 7ACA7002 mov byte ptr [270CA7A], al
00DE3AC6 A2 7BCA7002 mov byte ptr [270CA7B], al
00DE3ACB A2 7CCA7002 mov byte ptr [270CA7C], al
00DE3AD0 A2 7DCA7002 mov byte ptr [270CA7D], al
00DE3AD5 A2 7ECA7002 mov byte ptr [270CA7E], al
00DE3ADA A2 7FCA7002 mov byte ptr [270CA7F], al
00DE3ADF A2 80CA7002 mov byte ptr [270CA80], al
00DE3AE4 A2 81CA7002 mov byte ptr [270CA81], al
00DE3AE9 A2 82CA7002 mov byte ptr [270CA82], al
00DE3AEE A2 83CA7002 mov byte ptr [270CA83], al
00DE3AF3 A2 84CA7002 mov byte ptr [270CA84], al
00DE3AF8 A2 85CA7002 mov byte ptr [270CA85], al
00DE3AFD A2 86CA7002 mov byte ptr [270CA86], al
00DE3B02 A2 87CA7002 mov byte ptr [270CA87], al
00DE3B07 A2 88CA7002 mov byte ptr [270CA88], al
00DE3B0C A2 89CA7002 mov byte ptr [270CA89], al
00DE3B11 A2 8ACA7002 mov byte ptr [270CA8A], al
00DE3B16 A2 8BCA7002 mov byte ptr [270CA8B], al
00DE3B1B 8915 8CCA7002 mov dword ptr [270CA8C], edx
00DE3B21 6A 23 push 23
00DE3B23 68 5CC6E601 push mainapp.01E6C65C
00DE3B28 E8 D3BB6FFF call mainapp.004DF700
00DE3B2D E8 AAB29B00 call mainapp.0179EDDC
00DE3B32 68 F4C5E601 push mainapp.01E6C5F4
00DE3B37 8945 E4 mov dword ptr [ebp-1C], eax
00DE3B3A 8D45 E4 lea eax, dword ptr [ebp-1C]
00DE3B3D 50 push eax
00DE3B3E E8 A1DA62FF call mainapp.004115E4
00DE3B43 8BF8 mov edi, eax
00DE3B45 A1 30DF0B02 mov eax, dword ptr [20BDF30]
00DE3B4A 83F8 FF cmp eax, -1
00DE3B4D 0F8C 93000000 jl mainapp.00DE3BE6
00DE3B53 85C0 test eax, eax
00DE3B55 0F8F 8B000000 jg mainapp.00DE3BE6
00DE3B5B 8D45 F8 lea eax, dword ptr [ebp-8]
00DE3B5E 50 push eax
00DE3B5F 68 F8C5E601 push mainapp.01E6C5F8
00DE3B64 6A 0D push 0D
00DE3B66 68 80C6E601 push mainapp.01E6C680
00DE3B6B E8 C4A46EFF call mainapp.004CE034
00DE3B70 8B45 F8 mov eax, dword ptr [ebp-8]
00DE3B73 85C0 test eax, eax
00DE3B75 0F85 EE020000 jnz mainapp.00DE3E69
00DE3B7B 8D45 FC lea eax, dword ptr [ebp-4]
00DE3B7E 50 push eax
00DE3B7F E8 20DD6DFF call mainapp.004C18A4
00DE3B84 8B45 FC mov eax, dword ptr [ebp-4]
00DE3B87 85C0 test eax, eax
00DE3B89 75 19 jnz short mainapp.00DE3BA4
00DE3B8B 68 FCC5E601 push mainapp.01E6C5FC
00DE3B90 68 00C6E601 push mainapp.01E6C600
00DE3B95 68 04C6E601 push mainapp.01E6C604
00DE3B9A E8 2AB493FF call mainapp.0071EFC9
00DE3B9F 83F8 01 cmp eax, 1
00DE3BA2 ^ 74 B7 je short mainapp.00DE3B5B
00DE3BA4 68 08C6E601 push mainapp.01E6C608
00DE3BA9 E8 66376EFF call mainapp.004C7314
00DE3BAE 3D E84E0000 cmp eax, 4EE8
00DE3BB3 0F84 57020000 je mainapp.00DE3E10
00DE3BB9 8D45 F4 lea eax, dword ptr [ebp-C]
00DE3BBC 50 push eax
00DE3BBD 68 0CC6E601 push mainapp.01E6C60C
00DE3BC2 6A 08 push 8
00DE3BC4 68 4CDE0B02 push mainapp.020BDE4C
00DE3BC9 68 10C6E601 push mainapp.01E6C610
00DE3BCE E8 7D176EFF call mainapp.004C5350
00DE3BD3 A1 00DC0B02 mov eax, dword ptr [20BDC00]
00DE3BD8 83F8 02 cmp eax, 2
00DE3BDB ^ 0F8F 7AFFFFFF jg mainapp.00DE3B5B
00DE3BE1 E9 1D010000 jmp mainapp.00DE3D03
00DE3BE6 83F8 01 cmp eax, 1
00DE3BE9 75 47 jnz short mainapp.00DE3C32
00DE3BEB 68 8CCA7002 push mainapp.0270CA8C
00DE3BF0 68 50C6E601 push mainapp.01E6C650
00DE3BF5 8D4D D8 lea ecx, dword ptr [ebp-28]
00DE3BF8 8D55 E8 lea edx, dword ptr [ebp-18]
00DE3BFB 6A 18 push 18
00DE3BFD 33C0 xor eax, eax
00DE3BFF 68 74CA7002 push mainapp.0270CA74
00DE3C04 52 push edx
00DE3C05 8945 F4 mov dword ptr [ebp-C], eax
00DE3C08 68 54C6E601 push mainapp.01E6C654
00DE3C0D 8945 E8 mov dword ptr [ebp-18], eax
00DE3C10 8D45 F4 lea eax, dword ptr [ebp-C]
00DE3C13 6A 0C push 0C
00DE3C15 51 push ecx
00DE3C16 50 push eax
00DE3C17 68 58C6E601 push mainapp.01E6C658
00DE3C1C 6A 08 push 8
00DE3C1E 68 4CDE0B02 push mainapp.020BDE4C
00DE3C23 E8 68338200 call mainapp.01606F90
00DE3C28 85C0 test eax, eax
00DE3C2A 0F8E 55020000 jle mainapp.00DE3E85
00DE3C30 EB 73 jmp short mainapp.00DE3CA5
00DE3C32 68 8CCA7002 push mainapp.0270CA8C
00DE3C37 68 44C6E601 push mainapp.01E6C644
00DE3C3C 8D4D F4 lea ecx, dword ptr [ebp-C]
00DE3C3F 8D55 D8 lea edx, dword ptr [ebp-28]
00DE3C42 8D45 E8 lea eax, dword ptr [ebp-18]
00DE3C45 6A 18 push 18
00DE3C47 68 74CA7002 push mainapp.0270CA74
00DE3C4C 50 push eax
00DE3C4D 68 48C6E601 push mainapp.01E6C648
00DE3C52 6A 0C push 0C
00DE3C54 52 push edx
00DE3C55 51 push ecx
00DE3C56 68 4CC6E601 push mainapp.01E6C64C
00DE3C5B 6A 08 push 8
00DE3C5D 68 4CDE0B02 push mainapp.020BDE4C
00DE3C62 E8 193F8E00 call mainapp.016C7B80
00DE3C67 85C0 test eax, eax
00DE3C69 7F 3A jg short mainapp.00DE3CA5
00DE3C6B C605 4CDE0B02 2>mov byte ptr [20BDE4C], 24
00DE3C72 B8 20000000 mov eax, 20
00DE3C77 A2 4FDE0B02 mov byte ptr [20BDE4F], al
00DE3C7C C605 4DDE0B02 5>mov byte ptr [20BDE4D], 52
00DE3C83 A2 50DE0B02 mov byte ptr [20BDE50], al
00DE3C88 C605 4EDE0B02 5>mov byte ptr [20BDE4E], 58
00DE3C8F A2 51DE0B02 mov byte ptr [20BDE51], al
00DE3C94 C745 F4 0300000>mov dword ptr [ebp-C], 3
00DE3C9B A2 52DE0B02 mov byte ptr [20BDE52], al
00DE3CA0 A2 53DE0B02 mov byte ptr [20BDE53], al
00DE3CA5 E8 8EFEA800 call mainapp.01873B38
00DE3CAA 33C0 xor eax, eax
00DE3CAC 50 push eax
00DE3CAD 50 push eax
00DE3CAE 6A 08 push 8
00DE3CB0 68 4CDE0B02 push mainapp.020BDE4C
00DE3CB5 50 push eax
00DE3CB6 6A 10 push 10
00DE3CB8 68 20C67002 push mainapp.0270C620
00DE3CBD E8 DAAB62FF call <jmp.&lib.for>
00DE3CC2 8B45 F4 mov eax, dword ptr [ebp-C]
00DE3CC5 A3 30C67002 mov dword ptr [270C630], eax
00DE3CCA 8D55 D8 lea edx, dword ptr [ebp-28]
00DE3CCD 33C9 xor ecx, ecx
00DE3CCF 51 push ecx
00DE3CD0 51 push ecx
00DE3CD1 6A 0C push 0C
00DE3CD3 52 push edx
00DE3CD4 51 push ecx
00DE3CD5 6A 10 push 10
00DE3CD7 68 04CA7002 push mainapp.0270CA04
00DE3CDC E8 BBAB62FF call <jmp.&lib.for>
00DE3CE1 83C4 38 add esp, 38
00DE3CE4 8B45 E8 mov eax, dword ptr [ebp-18]
00DE3CE7 A3 14CA7002 mov dword ptr [270CA14], eax
00DE3CEC 85FF test edi, edi
00DE3CEE 897D EC mov dword ptr [ebp-14], edi
00DE3CF1 7E 09 jle short mainapp.00DE3CFC
00DE3CF3 8D45 EC lea eax, dword ptr [ebp-14]
00DE3CF6 50 push eax
00DE3CF7 E8 9026FFFF call mainapp.00DD638C
[课程]Linux pwn 探索篇!
