能力值:
( LV2,RANK:10 )
|
-
-
2 楼
应该就在字符串"right!\n""agin!\n"附近有比较语句吧
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
在004012B4的那个call里
|
能力值:
( LV12,RANK:440 )
|
-
-
4 楼
可以查看字符串,或者直接就一路跟进去就行了。建议楼主把基本再多看看。
|
能力值:
( LV2,RANK:10 )
|
-
-
5 楼
00401005 /E9 06000000 jmp 1.00401010
0040100A |CC int3
0040100B |CC int3
0040100C |CC int3
0040100D |CC int3
0040100E |CC int3
0040100F |CC int3
00401010 \55 push ebp
00401011 8BEC mov ebp,esp
00401013 83EC 48 sub esp,48
00401016 53 push ebx
00401017 56 push esi
00401018 57 push edi
00401019 8D7D B8 lea edi,dword ptr ss:[ebp-48]
0040101C B9 12000000 mov ecx,12
00401021 B8 CCCCCCCC mov eax,CCCCCCCC
00401026 F3:AB rep stos dword ptr es:[edi]
00401028 C745 FC A086010>mov dword ptr ss:[ebp-4],186A0
0040102F B8 01000000 mov eax,1
00401034 85C0 test eax,eax
00401036 74 3C je short 1.00401074
00401038 8D4D F8 lea ecx,dword ptr ss:[ebp-8]
0040103B 51 push ecx
0040103C 68 30504200 push 1.00425030 ; ASCII "%d"
00401041 E8 EA000000 call 1.00401130
00401046 83C4 08 add esp,8
00401049 8B55 F8 mov edx,dword ptr ss:[ebp-8]
0040104C 3B55 FC cmp edx,dword ptr ss:[ebp-4]
0040104F 75 14 jnz short 1.00401065
00401051 68 24504200 push 1.00425024 ; ASCII "right!
"
00401056 E8 55000000 call 1.004010B0
0040105B 83C4 04 add esp,4
0040105E E8 3DE90000 call 1.0040F9A0
00401063 EB 0F jmp short 1.00401074
00401065 68 1C504200 push 1.0042501C ; ASCII "agin!
"
0040106A E8 41000000 call 1.004010B0
0040106F 83C4 04 add esp,4
00401072 ^ EB BB jmp short 1.0040102F
00401074 5F pop edi
00401075 5E pop esi
00401076 5B pop ebx
00401077 83C4 48 add esp,48
0040107A 3BEC cmp ebp,esp
0040107C E8 0F010000 call 1.00401190
00401081 8BE5 mov esp,ebp
00401083 5D pop ebp
00401084 C3 retn
这就是关键call内的内容 00401028 C745 FC A086010>mov dword ptr ss:[ebp-4],186A0 这一行就是给变量赋值 186A0就是十六进制的100000
|
能力值:
( LV2,RANK:10 )
|
-
-
6 楼
0040138C /$ 55 PUSH EBP
0040138D |. 89E5 MOV EBP,ESP
0040138F |. 83EC 18 SUB ESP,18
00401392 |. 83E4 F0 AND ESP,FFFFFFF0
00401395 |. B8 00000000 MOV EAX,0
0040139A |. 83C0 0F ADD EAX,0F
0040139D |. 83C0 0F ADD EAX,0F
004013A0 |. C1E8 04 SHR EAX,4
004013A3 |. C1E0 04 SHL EAX,4
004013A6 |. 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
004013A9 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
004013AC |. E8 FF030000 CALL a.004017B0
004013B1 |. E8 5A010000 CALL a.00401510
004013B6 |. C745 FC A0860>MOV DWORD PTR SS:[EBP-4],186A0
004013BD |> 8D45 F8 /LEA EAX,DWORD PTR SS:[EBP-8] ; ||
004013C0 |. 894424 04 |MOV DWORD PTR SS:[ESP+4],EAX ; ||
004013C4 |. C70424 013040>|MOV DWORD PTR SS:[ESP],a.00403001 ; ||ASCII "%d"
004013CB |. E8 B0040000 |CALL <JMP.&msvcrt.scanf> ; |\scanf
004013D0 |. 8B45 F8 |MOV EAX,DWORD PTR SS:[EBP-8] ; |
004013D3 |. 3B45 FC |CMP EAX,DWORD PTR SS:[EBP-4] ; |
004013D6 |. 75 13 |JNZ SHORT a.004013EB ; |
004013D8 |. C70424 043040>|MOV DWORD PTR SS:[ESP],a.00403004 ; |ASCII "right!
"
004013DF |. E8 8C040000 |CALL <JMP.&msvcrt.printf> ; \printf
004013E4 |. E8 F7030000 |CALL <JMP.&msvcrt._getch> ; [_getch
004013E9 |. EB 0E |JMP SHORT a.004013F9
004013EB |> C70424 0C3040>|MOV DWORD PTR SS:[ESP],a.0040300C ; |ASCII "agin!
"
004013F2 |. E8 79040000 |CALL <JMP.&msvcrt.printf> ; \printf
004013F7 |.^ EB C4 \JMP SHORT a.004013BD
004013F9 |> B8 00000000 MOV EAX,0
004013FE |. C9 LEAVE
--------------------------------------------------------------------------------------
|
能力值:
( LV2,RANK:10 )
|
-
-
7 楼
谢谢大神,利用暑假系统的学一下,还望多多赐教
|
|
|
|
