-
-
[求助]搜索KERNEL32的代码的疑问
-
发表于:
2006-6-15 23:00
4247
-
.586p
.model flat
extrn ExitProcess:PROC
.data
limit equ 5
db 0
.code
test:
call delta
delta:
pop ebp
sub ebp,offset delta
mov esi,[esp]
and esi,0FFFF0000h
call GetK32
push 00000000h
call ExitProcess
GetK32:
__1:
cmp byte ptr [ebp+K32_Limit],00h
jz WeFailed
cmp word ptr [esi],"ZM"
jz CheckPE
__2:
sub esi,10000h
dec byte ptr [ebp+K32_Limit]
jmp __1
CheckPE:
mov edi,[esi+3Ch]
add edi,esi
cmp dword ptr [edi],"EP"
jz WeGotK32
jmp __2
WeFailed:
mov esi,0BFF70000h
WeGotK32:
xchg eax,esi
ret
K32_Limit dw limit
end test
这份代码,对
dec byte ptr [ebp+K32_Limit]
这句作用不是很明白,编译后,在od中调试,出现:
运行到这句:
00401037 |. FE8D 55104000 dec byte ptr ss:[ebp+401055]
提示访问违例.?
哪位大哥能说说?
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
