首页
社区
课程
招聘
[求助]delphi汇编看不懂
发表于: 2013-12-18 23:39 4192

[求助]delphi汇编看不懂

2013-12-18 23:39
4192
用ida看delphi函数, System::_16754,这种怎么查手册什么的
好多类似于@System@_16754 ,@XXXXXX,这种ida识别不了怎么办?
唉,delphi的程序零基础怎么分析啊。??

1.
什么作用?

@System@_16694  proc near               ; CODE XREF: __linkproc__ HandleAnyException+20p
UPX0:00403A10                                         ; System::_16754+2Ep ...
UPX0:00403A10                 fninit
UPX0:00403A12                 wait
UPX0:00403A13                 fldcw   ds:word_425024
UPX0:00403A19                 retn
UPX0:00403A19 @System@_16694  endp



2.
这段又干嘛的?跟异常处理有关。。。?
那位大哥给小弟分析个大概流程,不胜感激。。。?
 System::_16754
UPX0:0040412C @System@_16754  proc near               ; DATA XREF: System::_16755+Do
UPX0:0040412C                                         ; System::_16780+Bo
UPX0:0040412C
UPX0:0040412C ExceptionInfo   = _EXCEPTION_POINTERS ptr  4
UPX0:0040412C
UPX0:0040412C                 mov     eax, [esp+ExceptionInfo.ExceptionRecord]
UPX0:00404130                 test    dword ptr [eax+4], 6
UPX0:00404137                 jnz     loc_4041C6
UPX0:0040413D                 cmp     ds:byte_42502C, 0
UPX0:00404144                 ja      short loc_404155
UPX0:00404146                 lea     eax, [esp+ExceptionInfo]
UPX0:0040414A                 push    eax             ; ExceptionInfo
UPX0:0040414B                 call    j_UnhandledExceptionFilter
UPX0:00404150                 cmp     eax, 0
UPX0:00404153                 jz      short loc_4041C6
UPX0:00404155
UPX0:00404155 loc_404155:                             ; CODE XREF: System::_16754+18j
UPX0:00404155                 mov     eax, [esp+ExceptionInfo.ExceptionRecord]
UPX0:00404159                 cld
UPX0:0040415A                 call    @System@_16694  ; System::_16694
UPX0:0040415F                 mov     edx, [esp+ExceptionInfo.ContextRecord]
UPX0:00404163                 push    0               ; _DWORD
UPX0:00404165                 push    eax             ; _DWORD
UPX0:00404166                 push    offset loc_404172 ; _DWORD
UPX0:0040416B                 push    edx             ; _DWORD
UPX0:0040416C                 call    ds:dword_426018
UPX0:00404172
UPX0:00404172 loc_404172:                             ; DATA XREF: System::_16754+3Ao
UPX0:00404172                 mov     ebx, [esp+ExceptionInfo.ExceptionRecord]
UPX0:00404176                 cmp     dword ptr [ebx], 0EEDFADEh
UPX0:0040417C                 mov     edx, [ebx+14h]
UPX0:0040417F                 mov     eax, [ebx+18h]
UPX0:00404182                 jz      short loc_4041A1
UPX0:00404184                 mov     edx, ds:dword_426010
UPX0:0040418A                 test    edx, edx
UPX0:0040418C                 jz      sub_40408C
UPX0:00404192                 mov     eax, ebx
UPX0:00404194                 call    edx ; dword_426010
UPX0:00404196                 test    eax, eax
UPX0:00404198                 jz      sub_40408C
UPX0:0040419E                 mov     edx, [ebx+0Ch]
UPX0:004041A1
UPX0:004041A1 loc_4041A1:                             ; CODE XREF: System::_16754+56j
UPX0:004041A1                 call    @System@_16743  ; System::_16743
UPX0:004041A6                 mov     ecx, ds:dword_426004
UPX0:004041AC                 test    ecx, ecx
UPX0:004041AE                 jz      short loc_4041B2
UPX0:004041B0                 call    ecx ; dword_426004
UPX0:004041B2
UPX0:004041B2 loc_4041B2:                             ; CODE XREF: System::_16754+82j
UPX0:004041B2                 mov     ecx, [esp+ExceptionInfo.ExceptionRecord]
UPX0:004041B6                 mov     eax, 0D9h
UPX0:004041BB                 mov     edx, [ecx+14h]
UPX0:004041BE                 mov     [esp+0], edx
UPX0:004041C1                 jmp     sub_40455C
UPX0:004041C6 ; ---------------------------------------------------------------------------
UPX0:004041C6
UPX0:004041C6 loc_4041C6:                             ; CODE XREF: System::_16754+Bj
UPX0:004041C6                                         ; System::_16754+27j
UPX0:004041C6                 xor     eax, eax
UPX0:004041C8                 retn
UPX0:004041C8 @System@_16754  endp


[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 0
支持
分享
最新回复 (1)
雪    币: 135
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
这不是初始化浮点寄存器么?
2013-12-18 23:59
0
游客
登录 | 注册 方可回帖
返回
//