首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. 付费问答
    3. 发新帖
[旧帖] 谁帮我看下这个是什么函数,干嘛用的 0.00雪花
发表于: 2016-3-1 17:19 3056

[旧帖] 谁帮我看下这个是什么函数,干嘛用的 0.00雪花

赵建新 活跃值
2016-3-1 17:19
3056
我的是WIN7 64系统,LoadLibrary('d3d9.dll');  基址713f0000
应该是入口+22e10的地方,为啥在这HOOK就能优化D3D了

71412E0E      8BFF          mov edi,edi
71412E10   .  55            push ebp
71412E11   .  8BEC          mov ebp,esp
71412E13   .  81EC 48010000 sub esp,0x148
71412E19   .  53            push ebx
71412E1A   .  56            push esi
71412E1B   .  8B75 08       mov esi,dword ptr ss:[ebp+0x8]
71412E1E   .  85F6          test esi,esi
71412E20   .  0F84 9E000000 je d3d9.71412EC4
71412E26   .  8D5E 04       lea ebx,dword ptr ds:[esi+0x4]
71412E29   >  837B 18 00    cmp dword ptr ds:[ebx+0x18],0x0
71412E2D   .  895D F8       mov dword ptr ss:[ebp-0x8],ebx
71412E30   .  895D F0       mov dword ptr ss:[ebp-0x10],ebx
71412E33   .  C745 F4 00000>mov dword ptr ss:[ebp-0xC],0x0
71412E3A   .  74 07         je short d3d9.71412E43
71412E3C   .  53            push ebx                             ; /pCriticalSection
71412E3D   .  FF15 98143F71 call dword ptr ds:[<&KERNEL32.EnterC>; \EnterCriticalSection
71412E43   >  8B45 20       mov eax,dword ptr ss:[ebp+0x20]
71412E46   .  8B4D 0C       mov ecx,dword ptr ss:[ebp+0xC]
71412E49   .  C700 00000000 mov dword ptr ds:[eax],0x0
71412E4F   .  8B46 2C       mov eax,dword ptr ds:[esi+0x2C]
71412E52   .  3BC8          cmp ecx,eax
71412E54   .  0F83 F02F0600 jnb d3d9.71475E4A
71412E5A   >  F745 18 00020>test dword ptr ss:[ebp+0x18],0x200
71412E61   .  57            push edi
71412E62   .  BF 01000000   mov edi,0x1
71412E67   .  897D FC       mov dword ptr ss:[ebp-0x4],edi
71412E6A   .  0F85 18300600 jnz d3d9.71475E88
71412E70   >  8B55 1C       mov edx,dword ptr ss:[ebp+0x1C]
71412E73   .  33C0          xor eax,eax
71412E75   .  3942 20       cmp dword ptr ds:[edx+0x20],eax
71412E78   .  0F84 21300600 je d3d9.71475E9F
71412E7E   >  8D55 08       lea edx,dword ptr ss:[ebp+0x8]
71412E81   .  52            push edx
71412E82   .  8B55 18       mov edx,dword ptr ss:[ebp+0x18]
71412E85   .  50            push eax
71412E86   .  8B45 1C       mov eax,dword ptr ss:[ebp+0x1C]
71412E89   .  50            push eax
71412E8A   .  8B45 14       mov eax,dword ptr ss:[ebp+0x14]
71412E8D   .  52            push edx
71412E8E   .  8B55 10       mov edx,dword ptr ss:[ebp+0x10]
71412E91   .  50            push eax
71412E92   .  52            push edx
71412E93   .  51            push ecx
71412E94   .  8BCE          mov ecx,esi
71412E96   .  C745 08 00000>mov dword ptr ss:[ebp+0x8],0x0
71412E9D   .  E8 F03AFFFF   call d3d9.71406992
71412EA2   .  8B4D 20       mov ecx,dword ptr ss:[ebp+0x20]
71412EA5   .  8BF0          mov esi,eax
71412EA7   .  8B45 08       mov eax,dword ptr ss:[ebp+0x8]
71412EAA   .  8901          mov dword ptr ds:[ecx],eax
71412EAC   .  837B 18 00    cmp dword ptr ds:[ebx+0x18],0x0
71412EB0   .  5F            pop edi
71412EB1   .  74 07         je short d3d9.71412EBA
71412EB3   .  53            push ebx                             ; /pCriticalSection
71412EB4   .  FF15 9C143F71 call dword ptr ds:[<&KERNEL32.LeaveC>; \LeaveCriticalSection
71412EBA   >  8BC6          mov eax,esi
71412EBC   .  5E            pop esi
71412EBD   .  5B            pop ebx
71412EBE   .  8BE5          mov esp,ebp
71412EC0   .  5D            pop ebp
71412EC1   .  C2 1C00       retn 0x1C

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 0
支持
分享
最新回复 (5)
wang王
雪    币: 4751
活跃值: (1783)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
2
71412E96   .  C745 08 00000>mov dword ptr ss:[ebp+0x8],0x0
71412E9D   .  E8 F03AFFFF   call d3d9.71406992
这是关键点  用vs调试 选择反汇编模式  加载微软符号表  就知道什么功能了
2016-3-1 18:27
0
赵建新
雪    币: 8
活跃值: (21)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
3
[QUOTE=wang王;1417678]71412E96   .  C745 08 00000>mov dword ptr ss:[ebp+0x8],0x0
71412E9D   .  E8 F03AFFFF   call d3d9.71406992
这是关键点  用vs调试 选择反汇编模式  加载微软符号表  就知道什么功能了[/QUOTE]

你给我分析下行不,我有点茫然
2016-3-1 21:54
0
赵建新
雪    币: 8
活跃值: (21)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
4
[QUOTE=wang王;1417678]71412E96   .  C745 08 00000>mov dword ptr ss:[ebp+0x8],0x0
71412E9D   .  E8 F03AFFFF   call d3d9.71406992
这是关键点  用vs调试 选择反汇编模式  加载微软符号表  就知道什么功能了[/QUOTE]

71406992   $  8BFF          mov edi,edi
71406994   .  55            push ebp
71406995   .  8BEC          mov ebp,esp
71406997   .  6A FF         push -0x1
71406999   .  68 F39F5871   push d3d9.71589FF3
7140699E   .  64:A1 0000000>mov eax,dword ptr fs:[0]
714069A4   .  50            push eax
714069A5   .  81EC C4000000 sub esp,0xC4
714069AB   .  53            push ebx
714069AC   .  56            push esi
714069AD   .  57            push edi
714069AE   .  A1 50925971   mov eax,dword ptr ds:[0x71599250]
714069B3   .  33C5          xor eax,ebp
714069B5   .  50            push eax
714069B6   .  8D45 F4       lea eax,dword ptr ss:[ebp-0xC]
714069B9   .  64:A3 0000000>mov dword ptr fs:[0],eax
714069BF   .  8BF1          mov esi,ecx
714069C1   .  8B7D 18       mov edi,dword ptr ss:[ebp+0x18]
714069C4   .  33C0          xor eax,eax
714069C6   .  837D 0C 04    cmp dword ptr ss:[ebp+0xC],0x4
714069CA   .  8945 D8       mov dword ptr ss:[ebp-0x28],eax
714069CD   .  8945 F0       mov dword ptr ss:[ebp-0x10],eax
714069D0   .  8945 D0       mov dword ptr ss:[ebp-0x30],eax
714069D3   .  897D CC       mov dword ptr ss:[ebp-0x34],edi
714069D6   .  8D58 10       lea ebx,dword ptr ds:[eax+0x10]
714069D9   .  0F84 C8EB0600 je d3d9.714755A7
714069DF   >  6A 30         push 0x30                                        ; /n = 30 (48.)
714069E1   .  8D4D 98       lea ecx,dword ptr ss:[ebp-0x68]                  ; |
714069E4   .  6A 00         push 0x0                                         ; |c = 00
714069E6   .  51            push ecx                                         ; |s
714069E7   .  E8 29ACFEFF   call <jmp.&msvcrt.memset>                        ; \memset
714069EC   .  6A 30         push 0x30                                        ; /n = 30 (48.)
714069EE   .  8D95 30FFFFFF lea edx,dword ptr ss:[ebp-0xD0]                  ; |
714069F4   .  6A 00         push 0x0                                         ; |c = 00
714069F6   .  52            push edx                                         ; |s
714069F7   .  E8 19ACFEFF   call <jmp.&msvcrt.memset>                        ; \memset
714069FC   .  6A 04         push 0x4
714069FE   .  8D45 E0       lea eax,dword ptr ss:[ebp-0x20]
71406A01   .  50            push eax
71406A02   .  68 60014071   push d3d9.71400160                               ;  ASCII 55,"seVSConverter"
71406A07   .  6A 04         push 0x4
71406A09   .  C745 DC 00000>mov dword ptr ss:[ebp-0x24],0x0
71406A10   .  E8 1D350000   call d3d9.71409F32
71406A15   .  83C4 28       add esp,0x28
71406A18   .  85C0          test eax,eax
71406A1A   .  0F85 0DEC0600 jnz d3d9.7147562D
71406A20   >  6A 04         push 0x4
71406A22   .  8D4D E0       lea ecx,dword ptr ss:[ebp-0x20]
71406A25   .  51            push ecx
71406A26   .  68 50014071   push d3d9.71400150                               ;  ASCII 55,"sePSConverter"
71406A2B   .  6A 04         push 0x4
71406A2D   .  E8 00350000   call d3d9.71409F32
71406A32   .  83C4 10       add esp,0x10
71406A35   .  85C0          test eax,eax
71406A37   .  0F85 06EC0600 jnz d3d9.71475643
71406A3D   >  8B5D 14       mov ebx,dword ptr ss:[ebp+0x14]
71406A40   .  8BD3          mov edx,ebx
71406A42   .  C1EA 02       shr edx,0x2
71406A45   .  81E2 00010000 and edx,0x100
71406A4B   .  0BDA          or ebx,edx
71406A4D   .  837D 10 00    cmp dword ptr ss:[ebp+0x10],0x0
71406A51   .  895D 14       mov dword ptr ss:[ebp+0x14],ebx
71406A54   .  0F84 FFEB0600 je d3d9.71475659
71406A5A   >  33C0          xor eax,eax
71406A5C   >  F7C3 A0200000 test ebx,0x20A0
71406A62   .  0F85 8B9A0000 jnz d3d9.714104F3
71406A68   .  85C0          test eax,eax
71406A6A   .  0F85 839A0000 jnz d3d9.714104F3
71406A70   .  B8 01000000   mov eax,0x1
71406A75   >  8B4D 1C       mov ecx,dword ptr ss:[ebp+0x1C]
71406A78   .  8B55 0C       mov edx,dword ptr ss:[ebp+0xC]
71406A7B   .  51            push ecx
71406A7C   .  57            push edi
71406A7D   .  50            push eax
71406A7E   .  53            push ebx
71406A7F   .  8945 E4       mov dword ptr ss:[ebp-0x1C],eax
71406A82   .  8B45 08       mov eax,dword ptr ss:[ebp+0x8]
71406A85   .  52            push edx
71406A86   .  50            push eax
71406A87   .  8BCE          mov ecx,esi
71406A89   .  E8 15130000   call d3d9.71407DA3
71406A8E   .  85C0          test eax,eax
71406A90   .  0F8C 1C950300 jl d3d9.7143FFB2
71406A96   .  837D 10 00    cmp dword ptr ss:[ebp+0x10],0x0
71406A9A   .  74 12         je short d3d9.71406AAE
71406A9C   .  8B4D 10       mov ecx,dword ptr ss:[ebp+0x10]
71406A9F   .  51            push ecx                                         ; /hWnd
71406AA0   .  FF15 34123F71 call dword ptr ds:[<&USER32.IsWindow>]           ; \IsWindow
71406AA6   .  85C0          test eax,eax
71406AA8   .  0F84 BFEB0600 je d3d9.7147566D
71406AAE   >  F7C3 00020000 test ebx,0x200
71406AB4   .  0F85 E3EB0600 jnz d3d9.7147569D
71406ABA   .  C745 18 01000>mov dword ptr ss:[ebp+0x18],0x1
71406AC1   >  33DB          xor ebx,ebx
71406AC3   .  395D 18       cmp dword ptr ss:[ebp+0x18],ebx
71406AC6   .  76 55         jbe short d3d9.71406B1D
71406AC8   .  8B4D 10       mov ecx,dword ptr ss:[ebp+0x10]
71406ACB   .  8D57 1C       lea edx,dword ptr ds:[edi+0x1C]
71406ACE   .  8955 EC       mov dword ptr ss:[ebp-0x14],edx
71406AD1   .  8BFA          mov edi,edx
71406AD3   >  8B07          mov eax,dword ptr ds:[edi]
71406AD5   .  85C0          test eax,eax
71406AD7   .  74 15         je short d3d9.71406AEE
71406AD9   .  50            push eax                                         ; /hWnd
71406ADA   .  FF15 34123F71 call dword ptr ds:[<&USER32.IsWindow>]           ; \IsWindow
71406AE0   .  85C0          test eax,eax
71406AE2   .  0F84 33ED0600 je d3d9.7147581B
71406AE8   .  8B55 EC       mov edx,dword ptr ss:[ebp-0x14]
71406AEB   .  8B4D 10       mov ecx,dword ptr ss:[ebp+0x10]
71406AEE   >  8B86 804B0000 mov eax,dword ptr ds:[esi+0x4B80]
71406AF4   .  85C0          test eax,eax
71406AF6   .  0F85 E81B0000 jnz d3d9.714086E4
71406AFC   .  85C9          test ecx,ecx
71406AFE   .  0F84 B1EB0600 je d3d9.714756B5
71406B04   >  85C0          test eax,eax
71406B06   .  0F85 D81B0000 jnz d3d9.714086E4
71406B0C   >  85DB          test ebx,ebx
71406B0E   .  0F87 AFEB0600 ja d3d9.714756C3
71406B14   >  43            inc ebx
71406B15   .  83C7 38       add edi,0x38
71406B18   .  3B5D 18       cmp ebx,dword ptr ss:[ebp+0x18]
71406B1B   .^ 72 B6         jb short d3d9.71406AD3
71406B1D   >  837D 18 01    cmp dword ptr ss:[ebp+0x18],0x1
71406B21   .  75 07         jnz short d3d9.71406B2A
71406B23   .  8165 14 FFFDF>and dword ptr ss:[ebp+0x14],0xFFFFFDFF
71406B2A   >  8B45 0C       mov eax,dword ptr ss:[ebp+0xC]
71406B2D   .  83F8 03       cmp eax,0x3
71406B30   .  0F84 ACEB0600 je d3d9.714756E2
71406B36   >  8B7D 14       mov edi,dword ptr ss:[ebp+0x14]
71406B39   .  C1EF 0E       shr edi,0xE
71406B3C   .  83E7 01       and edi,0x1
71406B3F   .  897D D4       mov dword ptr ss:[ebp-0x2C],edi
71406B42   .  83F8 01       cmp eax,0x1
71406B45   .  0F85 7B940300 jnz d3d9.7143FFC6
71406B4B   .  6A 00         push 0x0
71406B4D   .  E8 48E2FEFF   call d3d9.713F4D9A
71406B52   .  85C0          test eax,eax
71406B54   .  0F84 96EB0600 je d3d9.714756F0
71406B5A   >  8B55 08       mov edx,dword ptr ss:[ebp+0x8]
71406B5D   .  69D2 E0020000 imul edx,edx,0x2E0
71406B63   .  8B9C32 CC0200>mov ebx,dword ptr ds:[edx+esi+0x2CC]
71406B6A   .  8B8C32 680100>mov ecx,dword ptr ds:[edx+esi+0x168]
71406B71   .  8D0432        lea eax,dword ptr ds:[edx+esi]
71406B74   .  8B96 804B0000 mov edx,dword ptr ds:[esi+0x4B80]
71406B7A   .  53            push ebx
71406B7B   .  8B98 D0020000 mov ebx,dword ptr ds:[eax+0x2D0]
71406B81   .  53            push ebx
71406B82   .  51            push ecx
71406B83   .  8B4D D8       mov ecx,dword ptr ss:[ebp-0x28]
71406B86   .  51            push ecx
71406B87   .  8B4D 0C       mov ecx,dword ptr ss:[ebp+0xC]
71406B8A   .  51            push ecx
71406B8B   .  8B4D E4       mov ecx,dword ptr ss:[ebp-0x1C]
71406B8E   .  6A 00         push 0x0
71406B90   .  51            push ecx
71406B91   .  33C9          xor ecx,ecx
71406B93   .  85D2          test edx,edx
71406B95   .  0F94C1        sete cl
71406B98   .  57            push edi
71406B99   .  83C0 30       add eax,0x30
71406B9C   .  8D55 98       lea edx,dword ptr ss:[ebp-0x68]
71406B9F   .  51            push ecx
71406BA0   .  50            push eax
71406BA1   .  52            push edx
71406BA2   .  E8 EE45FFFF   call d3d9.713FB195
71406BA7   .  8BF8          mov edi,eax
71406BA9   .  8B45 F0       mov eax,dword ptr ss:[ebp-0x10]
71406BAC   .  83C4 2C       add esp,0x2C
71406BAF   .  85C0          test eax,eax
71406BB1   .  0F85 53ED0600 jnz d3d9.7147590A
71406BB7   >  85FF          test edi,edi
71406BB9   .  0F8C 57ED0600 jl d3d9.71475916
71406BBF   >  837D 18 01    cmp dword ptr ss:[ebp+0x18],0x1
71406BC3   .  8B45 08       mov eax,dword ptr ss:[ebp+0x8]
71406BC6   .  8985 30FFFFFF mov dword ptr ss:[ebp-0xD0],eax
71406BCC   .  0F87 93EB0600 ja d3d9.71475765
71406BD2   >  8B45 0C       mov eax,dword ptr ss:[ebp+0xC]
71406BD5   .  85C0          test eax,eax
71406BD7   .  0F8E F9EE0600 jle d3d9.71475AD6
71406BDD   .  83F8 04       cmp eax,0x4
71406BE0   .  0F8F F0EE0600 jg d3d9.71475AD6
71406BE6   .  6A 00         push 0x0
71406BE8   .  E8 ADE1FEFF   call d3d9.713F4D9A
71406BED   .  85C0          test eax,eax
71406BEF   .  0F84 DF930300 je d3d9.7143FFD4
71406BF5   >  F645 14 10    test byte ptr ss:[ebp+0x14],0x10
71406BF9   .  74 32         je short d3d9.71406C2D
71406BFB   .  8B4D 08       mov ecx,dword ptr ss:[ebp+0x8]
71406BFE   .  69C9 E0020000 imul ecx,ecx,0x2E0
71406C04   .  81BC31 300200>cmp dword ptr ds:[ecx+esi+0x230],0xFFFE0200
71406C0F   .  8D040E        lea eax,dword ptr ds:[esi+ecx]
71406C12   .  0F82 BBED0600 jb d3d9.714759D3
71406C18   >  8365 14 EF    and dword ptr ss:[ebp+0x14],0xFFFFFFEF
71406C1C   .  C745 D0 01000>mov dword ptr ss:[ebp-0x30],0x1
71406C23   >  F645 14 10    test byte ptr ss:[ebp+0x14],0x10
71406C27   .  0F85 BBED0600 jnz d3d9.714759E8
71406C2D   >  68 583F0000   push 0x3F58
71406C32   .  BB 01000000   mov ebx,0x1
71406C37   .  E8 E2E0FEFF   call d3d9.713F4D1E
71406C3C   .  83C4 04       add esp,0x4
71406C3F   .  8945 EC       mov dword ptr ss:[ebp-0x14],eax
71406C42   .  895D FC       mov dword ptr ss:[ebp-0x4],ebx
71406C45   .  85C0          test eax,eax
71406C47   .  0F84 95930300 je d3d9.7143FFE2
71406C4D   .  8BC8          mov ecx,eax
71406C4F   .  E8 A9170000   call d3d9.714083FD
71406C54   >  8BF8          mov edi,eax
71406C56   .  C745 FC FFFFF>mov dword ptr ss:[ebp-0x4],-0x1
71406C5D   .  85FF          test edi,edi
71406C5F   .  0F84 C5ED0600 je d3d9.71475A2A
71406C65   .  8B55 D0       mov edx,dword ptr ss:[ebp-0x30]
71406C68   .  8B45 08       mov eax,dword ptr ss:[ebp+0x8]
71406C6B   .  8B4D 1C       mov ecx,dword ptr ss:[ebp+0x1C]
71406C6E   .  53            push ebx
71406C6F   .  52            push edx
71406C70   .  8B55 CC       mov edx,dword ptr ss:[ebp-0x34]
71406C73   .  56            push esi
71406C74   .  50            push eax
71406C75   .  8B45 14       mov eax,dword ptr ss:[ebp+0x14]
71406C78   .  51            push ecx
71406C79   .  8B4D 10       mov ecx,dword ptr ss:[ebp+0x10]
71406C7C   .  52            push edx
71406C7D   .  8B55 0C       mov edx,dword ptr ss:[ebp+0xC]
71406C80   .  50            push eax
71406C81   .  51            push ecx
71406C82   .  52            push edx
71406C83   .  8B55 18       mov edx,dword ptr ss:[ebp+0x18]
71406C86   .  8D45 98       lea eax,dword ptr ss:[ebp-0x68]
71406C89   .  50            push eax
71406C8A   .  8D8D 30FFFFFF lea ecx,dword ptr ss:[ebp-0xD0]
71406C90   .  51            push ecx
71406C91   .  52            push edx
71406C92   .  8BCF          mov ecx,edi
71406C94   .  E8 69000000   call d3d9.71406D02
71406C99   .  8BF0          mov esi,eax
71406C9B   .  85F6          test esi,esi
71406C9D   .  0F8C A5ED0600 jl d3d9.71475A48
71406CA3   .  6A 04         push 0x4
71406CA5   .  8D45 C8       lea eax,dword ptr ss:[ebp-0x38]
71406CA8   .  50            push eax
71406CA9   .  68 EC6C4071   push d3d9.71406CEC
71406CAE   .  6A 04         push 0x4
71406CB0   .  E8 7D320000   call d3d9.71409F32
71406CB5   .  83C4 10       add esp,0x10
71406CB8   .  85C0          test eax,eax
71406CBA   .  0F85 C3ED0600 jnz d3d9.71475A83
71406CC0   >  8BCF          mov ecx,edi
71406CC2   .  E8 119FFFFF   call d3d9.71400BD8
71406CC7   .  8BF0          mov esi,eax
71406CC9   .  85F6          test esi,esi
71406CCB   .  0F85 CAED0600 jnz d3d9.71475A9B
71406CD1   .  8B4D 20       mov ecx,dword ptr ss:[ebp+0x20]
71406CD4   .  8939          mov dword ptr ds:[ecx],edi
71406CD6   .  33C0          xor eax,eax
71406CD8   .  8B4D F4       mov ecx,dword ptr ss:[ebp-0xC]
71406CDB   .  64:890D 00000>mov dword ptr fs:[0],ecx
71406CE2   .  59            pop ecx
71406CE3   .  5F            pop edi
71406CE4   .  5E            pop esi
71406CE5   .  5B            pop ebx
71406CE6   .  8BE5          mov esp,ebp
71406CE8   .  5D            pop ebp
71406CE9   .  C2 1C00       retn 0x1C
2016-3-1 22:00
0
wang王
雪    币: 4751
活跃值: (1783)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
5
该自己动手  就不要依赖别人  当遇到困难 自己要独立解决  你才真的学会了
2016-3-2 01:09
0
syser
雪    币: 3586
活跃值: (4729)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
6
CreateDevice
2016-3-2 06:25
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//