-
-
[求助]搜索KERNEL32的代码的疑问
-
发表于:
2006-6-15 23:00
4248
-
.586p
.model flat
extrn ExitProcess:PROC
.data
limit equ 5
db 0
.code
test:
call delta
delta:
pop ebp
sub ebp,offset delta
mov esi,[esp]
and esi,0FFFF0000h
call GetK32
push 00000000h
call ExitProcess
GetK32:
__1:
cmp byte ptr [ebp+K32_Limit],00h
jz WeFailed
cmp word ptr [esi],"ZM"
jz CheckPE
__2:
sub esi,10000h
dec byte ptr [ebp+K32_Limit]
jmp __1
CheckPE:
mov edi,[esi+3Ch]
add edi,esi
cmp dword ptr [edi],"EP"
jz WeGotK32
jmp __2
WeFailed:
mov esi,0BFF70000h
WeGotK32:
xchg eax,esi
ret
K32_Limit dw limit
end test
这份代码,对
dec byte ptr [ebp+K32_Limit]
这句作用不是很明白,编译后,在od中调试,出现:
运行到这句:
00401037 |. FE8D 55104000 dec byte ptr ss:[ebp+401055]
提示访问违例.?
哪位大哥能说说?
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
