-
-
未解决
[求助]hljsplit分割文件遇到的问题
-
发表于:
2020-4-21 20:55
1760
-
未解决 [求助]hljsplit分割文件遇到的问题
这个工具分割文件的时候,如果点取消会删除已经分割好的文件。
比如文件大小500MB,以100MB的碎片进行分割。当已经产生
.001,.002,.003分割完成后,如果你点取消,那么前面已经分割好的
3个文件也会被删除了。如何阻止程序的删除呢?
这个坛里朋友帮我分析过的,我自己以为把问题修复搞好了。
今天我发现,我改动的地方并没有阻止程序删除文件。
我又把代码反汇编了一下,发现删除文件的call一共有4处。
我也不知道修改哪一出?这4个地方,OD设置断点会跑飞。
谁能帮我分析改一下,谢谢!
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00461130(C)
|
:0046116D 8D853CFDFFFF lea eax, dword ptr [ebp+FFFFFD3C]
:00461173 E84420FAFF call 004031BC
:00461178 E8871AFAFF call 00402C04
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004610B2(U)
|
:0046117D 807F1800 cmp byte ptr [edi+18], 00
:00461181 7408 je 0046118B
:00461183 8B45D4 mov eax, dword ptr [ebp-2C]
:00461186 E89980FAFF call 00409224 // deletefile-001
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00461181(C)
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00461630(C)
|
:004615FC 8D4DFC lea ecx, dword ptr [ebp-04]
:004615FF 8BD3 mov edx, ebx
:00461601 8BC6 mov eax, esi
:00461603 E8B8040000 call 00461AC0
:00461608 8B45FC mov eax, dword ptr [ebp-04]
:0046160B E8147CFAFF call 00409224 // deletefile-002
:00461610 83C301 add ebx, 00000001
:00461613 7105 jno 0046161A
:00461615 E8BA23FAFF call 004039D4
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004619DA(U)
|
:0046195C 8D8520FDFFFF lea eax, dword ptr [ebp+FFFFFD20]
:00461962 E85518FAFF call 004031BC
:00461967 E89812FAFF call 00402C04
:0046196C 8D856CFEFFFF lea eax, dword ptr [ebp+FFFFFE6C]
:00461972 E84518FAFF call 004031BC
:00461977 E88812FAFF call 00402C04
:0046197C 837DDC00 cmp dword ptr [ebp-24], 00000000
:00461980 750E jne 00461990
:00461982 837DD800 cmp dword ptr [ebp-28], 00000000
:00461986 7508 jne 00461990
:00461988 8B45B8 mov eax, dword ptr [ebp-48]
:0046198B E89478FAFF call 00409224 // deletefile-003
Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004619D2(C)
|
:0046199D 8D8D14FDFFFF lea ecx, dword ptr [ebp+FFFFFD14]
:004619A3 8B45FC mov eax, dword ptr [ebp-04]
:004619A6 8B4010 mov eax, dword ptr [eax+10]
:004619A9 8BD3 mov edx, ebx
:004619AB 8B30 mov esi, dword ptr [eax]
:004619AD FF560C call [esi+0C]
:004619B0 8B8514FDFFFF mov eax, dword ptr [ebp+FFFFFD14]
:004619B6 E86978FAFF call 00409224 // deletefile-004
:004619BB 83C301 add ebx, 00000001
:004619BE 7105 jno 004619C5
:004619C0 E80F20FAFF call 004039D4
// 下面这个是删除的主函数 ; sysutils.DeleteFile
Referenced by a CALL at Addresses:
|:00461186 , :0046160B , :0046198B , :004619B6
|
:00409224 53 push ebx
:00409225 8BD8 mov ebx, eax
:00409227 8BC3 mov eax, ebx
:00409229 E8B6BAFFFF call 00404CE4
:0040922E 50 push eax
Reference To: KERNEL32.DeleteFileA, Ord:0000h
|
:0040922F E814DAFFFF Call 00406C48
:00409234 83F801 cmp eax, 00000001
:00409237 1BC0 sbb eax, eax
:00409239 40 inc eax
:0040923A 5B pop ebx
:0040923B C3 ret
[课程]Linux pwn 探索篇!
