6F40AFB7 8D4485 00 LEA EAX, DWORD PTR SS:[EBP+EAX*4]
6F40AFBB 894424 60 MOV DWORD PTR SS:[ESP+0x60], EAX
6F40AFBF 894C24 58 MOV DWORD PTR SS:[ESP+0x58], ECX
6F40AFC3 0F8D B6010000 JGE 6F40B17F
6F40AFC9 8DA424 00000000 LEA ESP, DWORD PTR SS:[ESP]
6F40AFD0 8B48 0C MOV ECX, DWORD PTR DS:[EAX+0xC]
6F40AFD3 8B5424 34 MOV EDX, DWORD PTR SS:[ESP+0x34]
6F40AFD7 8D2C89 LEA EBP, DWORD PTR DS:[ECX+ECX*4]
6F40AFDA 8B48 08 MOV ECX, DWORD PTR DS:[EAX+0x8]
6F40AFDD 8D0C89 LEA ECX, DWORD PTR DS:[ECX+ECX*4]
6F40AFE0 894C24 30 MOV DWORD PTR SS:[ESP+0x30], ECX
6F40AFE4 8B4CAA 10 MOV ECX, DWORD PTR DS:[EDX+EBP*4+0x10]
6F40AFE8 8B6C24 30 MOV EBP, DWORD PTR SS:[ESP+0x30]
6F40AFEC 0B4CAA 10 OR ECX, DWORD PTR DS:[EDX+EBP*4+0x10]
6F40AFF0 F6C1 02 TEST CL, 0x2
6F40AFF3 8948 10 MOV DWORD PTR DS:[EAX+0x10], ECX ; 关键写入点
6F40AFF6 75 63 JNZ SHORT 6F40B05B
6F40AFF8 0FBF50 04 MOVSX EDX, WORD PTR DS:[EAX+0x4]
6F40AFFC 03D7 ADD EDX, EDI
6F40AFFE 3B56 60 CMP EDX, DWORD PTR DS:[ESI+0x60]
6F40B001 73 52 JNB SHORT 6F40B055
6F40B003 0FBF50 06 MOVSX EDX, WORD PTR DS:[EAX+0x6]
6F40B007 03D3 ADD EDX, EBX
6F40B009 3B56 6C CMP EDX, DWORD PTR DS:[ESI+0x6C]
6F40B00C 73 47 JNB SHORT 6F40B055
6F40B00E 8B10 MOV EDX, DWORD PTR DS:[EAX]
6F40B010 8B6C24 54 MOV EBP, DWORD PTR SS:[ESP+0x54]
6F40B014 83E1 01 AND ECX, 0x1
6F40B017 8D5455 00 LEA EDX, DWORD PTR SS:[EBP+EDX*2]
6F40B01B 66:8B6C8C 38 MOV BP, WORD PTR SS:[ESP+ECX*4+0x38]
6F40B020 66:212A AND WORD PTR DS:[EDX], BP
6F40B023 8B10 MOV EDX, DWORD PTR DS:[EAX]
6F40B025 8B6C24 2C MOV EBP, DWORD PTR SS:[ESP+0x2C]
6F40B029 66:8B4C8C 3A MOV CX, WORD PTR SS:[ESP+ECX*4+0x3A]
6F40B02E 66:094C55 00 OR WORD PTR SS:[EBP+EDX*2], CX
6F40B033 8D5455 00 LEA EDX, DWORD PTR SS:[EBP+EDX*2]
6F40B037 8B10 MOV EDX, DWORD PTR DS:[EAX]
6F40B039 66:8B4424 18 MOV AX, WORD PTR SS:[ESP+0x18]
6F40B03E 8B6C24 10 MOV EBP, DWORD PTR SS:[ESP+0x10]
6F40B042 33C9 XOR ECX, ECX
6F40B044 66:394455 00 CMP WORD PTR SS:[EBP+EDX*2], AX
6F40B049 8B4424 60 MOV EAX, DWORD PTR SS:[ESP+0x60]
6F40B04D 0F9FC1 SETG CL
6F40B050 0948 10 OR DWORD PTR DS:[EAX+0x10], ECX
6F40B053 EB 06 JMP SHORT 6F40B05B
6F40B055 83C9 02 OR ECX, 0x2
6F40B058 8948 10 MOV DWORD PTR DS:[EAX+0x10], ECX
6F40B05B 8B4C24 58 MOV ECX, DWORD PTR SS:[ESP+0x58]
6F40B05F 8B5424 5C MOV EDX, DWORD PTR SS:[ESP+0x5C]
6F40B063 83C1 01 ADD ECX, 0x1
6F40B066 83C0 14 ADD EAX, 0x14
6F40B069 3B4A 24 CMP ECX, DWORD PTR DS:[EDX+0x24]
6F40B06C 894C24 58 MOV DWORD PTR SS:[ESP+0x58], ECX
6F40B070 894424 60 MOV DWORD PTR SS:[ESP+0x60], EAX
6F40B074 ^ 0F8C 56FFFFFF JL 6F40AFD0
6F40B07A 5B POP EBX
6F40B07B 5F POP EDI
6F40B07C 5E POP ESI
6F40B07D 5D POP EBP
6F40B07E 83C4 40 ADD ESP, 0x40
6F40B081 C2 1000 RETN 0x10
但是发现这个是在一个时钟中循环检测的,ECX的值在0和1中循环检测判断,ECX的值是单位的状态,但是界面中有很多单位,也就存在多个ECX的值,而我要触发的是:某个单位的数值变化,如何在茫茫的代码中下断拦截到只是针对该单位的状态变化并继续开展F8跟踪分析呢?
五毒女
