首页
社区
课程
招聘
未解决 [求助]hljsplit分割文件遇到的问题
发表于: 2020-4-21 20:55 1799

未解决 [求助]hljsplit分割文件遇到的问题

2020-4-21 20:55
1799

这个工具分割文件的时候,如果点取消会删除已经分割好的文件。
比如文件大小500MB,以100MB的碎片进行分割。当已经产生
.001,.002,.003分割完成后,如果你点取消,那么前面已经分割好的
3个文件也会被删除了。如何阻止程序的删除呢?

 

这个坛里朋友帮我分析过的,我自己以为把问题修复搞好了。
今天我发现,我改动的地方并没有阻止程序删除文件。
我又把代码反汇编了一下,发现删除文件的call一共有4处。
我也不知道修改哪一出?这4个地方,OD设置断点会跑飞。
谁能帮我分析改一下,谢谢!

  • Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:00461130(C)
    |
    :0046116D 8D853CFDFFFF lea eax, dword ptr [ebp+FFFFFD3C]
    :00461173 E84420FAFF call 004031BC
    :00461178 E8871AFAFF call 00402C04

  • Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:004610B2(U)
    |
    :0046117D 807F1800 cmp byte ptr [edi+18], 00
    :00461181 7408 je 0046118B
    :00461183 8B45D4 mov eax, dword ptr [ebp-2C]
    :00461186 E89980FAFF call 00409224 // deletefile-001

  • Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:00461181(C)

  • Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:00461630(C)
    |
    :004615FC 8D4DFC lea ecx, dword ptr [ebp-04]
    :004615FF 8BD3 mov edx, ebx
    :00461601 8BC6 mov eax, esi
    :00461603 E8B8040000 call 00461AC0
    :00461608 8B45FC mov eax, dword ptr [ebp-04]
    :0046160B E8147CFAFF call 00409224 // deletefile-002
    :00461610 83C301 add ebx, 00000001
    :00461613 7105 jno 0046161A
    :00461615 E8BA23FAFF call 004039D4

  • Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:004619DA(U)
    |
    :0046195C 8D8520FDFFFF lea eax, dword ptr [ebp+FFFFFD20]
    :00461962 E85518FAFF call 004031BC
    :00461967 E89812FAFF call 00402C04
    :0046196C 8D856CFEFFFF lea eax, dword ptr [ebp+FFFFFE6C]
    :00461972 E84518FAFF call 004031BC
    :00461977 E88812FAFF call 00402C04
    :0046197C 837DDC00 cmp dword ptr [ebp-24], 00000000
    :00461980 750E jne 00461990
    :00461982 837DD800 cmp dword ptr [ebp-28], 00000000
    :00461986 7508 jne 00461990
    :00461988 8B45B8 mov eax, dword ptr [ebp-48]
    :0046198B E89478FAFF call 00409224 // deletefile-003

  • Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:004619D2(C)
    |
    :0046199D 8D8D14FDFFFF lea ecx, dword ptr [ebp+FFFFFD14]
    :004619A3 8B45FC mov eax, dword ptr [ebp-04]
    :004619A6 8B4010 mov eax, dword ptr [eax+10]
    :004619A9 8BD3 mov edx, ebx
    :004619AB 8B30 mov esi, dword ptr [eax]
    :004619AD FF560C call [esi+0C]
    :004619B0 8B8514FDFFFF mov eax, dword ptr [ebp+FFFFFD14]
    :004619B6 E86978FAFF call 00409224 // deletefile-004
    :004619BB 83C301 add ebx, 00000001
    :004619BE 7105 jno 004619C5
    :004619C0 E80F20FAFF call 004039D4

// 下面这个是删除的主函数 ; sysutils.DeleteFile

  • Referenced by a CALL at Addresses:
    |:00461186 , :0046160B , :0046198B , :004619B6
    |
    :00409224 53 push ebx
    :00409225 8BD8 mov ebx, eax
    :00409227 8BC3 mov eax, ebx
    :00409229 E8B6BAFFFF call 00404CE4
    :0040922E 50 push eax

  • Reference To: KERNEL32.DeleteFileA, Ord:0000h

                                |
    

    :0040922F E814DAFFFF Call 00406C48
    :00409234 83F801 cmp eax, 00000001
    :00409237 1BC0 sbb eax, eax
    :00409239 40 inc eax
    :0040923A 5B pop ebx
    :0040923B C3 ret


[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

上传的附件:
收藏
免费 0
支持
分享
最新回复 (4)
雪    币: 10199
活跃值: (3426)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
004619B6 
2020-4-22 09:04
1
雪    币: 1540
活跃值: (2807)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
一共有4个deletefile的call你怎么知道是第4个?
能否发个改好的版本?
od为啥断点断不到呢?
2020-4-22 09:31
0
雪    币: 10199
活跃值: (3426)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
00461997  jmp xxxxxx
2020-4-22 16:00
0
雪    币: 1540
活跃值: (2807)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
5
直接nop这句吗,会影响栈平衡和其它内存资源释放吗?
2020-4-22 16:03
0
游客
登录 | 注册 方可回帖
返回
//