-
-
[求助]delphi汇编看不懂
-
发表于:
2013-12-18 23:39
4186
-
用ida看delphi函数, System::_16754,这种怎么查手册什么的
好多类似于@System@_16754 ,@XXXXXX,这种ida识别不了怎么办?
唉,delphi的程序零基础怎么分析啊。??
1.
什么作用?
@System@_16694 proc near ; CODE XREF: __linkproc__ HandleAnyException+20p
UPX0:00403A10 ; System::_16754+2Ep ...
UPX0:00403A10 fninit
UPX0:00403A12 wait
UPX0:00403A13 fldcw ds:word_425024
UPX0:00403A19 retn
UPX0:00403A19 @System@_16694 endp
2.
这段又干嘛的?跟异常处理有关。。。?
那位大哥给小弟分析个大概流程,不胜感激。。。?
System::_16754
UPX0:0040412C @System@_16754 proc near ; DATA XREF: System::_16755+Do
UPX0:0040412C ; System::_16780+Bo
UPX0:0040412C
UPX0:0040412C ExceptionInfo = _EXCEPTION_POINTERS ptr 4
UPX0:0040412C
UPX0:0040412C mov eax, [esp+ExceptionInfo.ExceptionRecord]
UPX0:00404130 test dword ptr [eax+4], 6
UPX0:00404137 jnz loc_4041C6
UPX0:0040413D cmp ds:byte_42502C, 0
UPX0:00404144 ja short loc_404155
UPX0:00404146 lea eax, [esp+ExceptionInfo]
UPX0:0040414A push eax ; ExceptionInfo
UPX0:0040414B call j_UnhandledExceptionFilter
UPX0:00404150 cmp eax, 0
UPX0:00404153 jz short loc_4041C6
UPX0:00404155
UPX0:00404155 loc_404155: ; CODE XREF: System::_16754+18j
UPX0:00404155 mov eax, [esp+ExceptionInfo.ExceptionRecord]
UPX0:00404159 cld
UPX0:0040415A call @System@_16694 ; System::_16694
UPX0:0040415F mov edx, [esp+ExceptionInfo.ContextRecord]
UPX0:00404163 push 0 ; _DWORD
UPX0:00404165 push eax ; _DWORD
UPX0:00404166 push offset loc_404172 ; _DWORD
UPX0:0040416B push edx ; _DWORD
UPX0:0040416C call ds:dword_426018
UPX0:00404172
UPX0:00404172 loc_404172: ; DATA XREF: System::_16754+3Ao
UPX0:00404172 mov ebx, [esp+ExceptionInfo.ExceptionRecord]
UPX0:00404176 cmp dword ptr [ebx], 0EEDFADEh
UPX0:0040417C mov edx, [ebx+14h]
UPX0:0040417F mov eax, [ebx+18h]
UPX0:00404182 jz short loc_4041A1
UPX0:00404184 mov edx, ds:dword_426010
UPX0:0040418A test edx, edx
UPX0:0040418C jz sub_40408C
UPX0:00404192 mov eax, ebx
UPX0:00404194 call edx ; dword_426010
UPX0:00404196 test eax, eax
UPX0:00404198 jz sub_40408C
UPX0:0040419E mov edx, [ebx+0Ch]
UPX0:004041A1
UPX0:004041A1 loc_4041A1: ; CODE XREF: System::_16754+56j
UPX0:004041A1 call @System@_16743 ; System::_16743
UPX0:004041A6 mov ecx, ds:dword_426004
UPX0:004041AC test ecx, ecx
UPX0:004041AE jz short loc_4041B2
UPX0:004041B0 call ecx ; dword_426004
UPX0:004041B2
UPX0:004041B2 loc_4041B2: ; CODE XREF: System::_16754+82j
UPX0:004041B2 mov ecx, [esp+ExceptionInfo.ExceptionRecord]
UPX0:004041B6 mov eax, 0D9h
UPX0:004041BB mov edx, [ecx+14h]
UPX0:004041BE mov [esp+0], edx
UPX0:004041C1 jmp sub_40455C
UPX0:004041C6 ; ---------------------------------------------------------------------------
UPX0:004041C6
UPX0:004041C6 loc_4041C6: ; CODE XREF: System::_16754+Bj
UPX0:004041C6 ; System::_16754+27j
UPX0:004041C6 xor eax, eax
UPX0:004041C8 retn
UPX0:004041C8 @System@_16754 endp
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!