-
-
关于TlsGetValue
-
发表于:
2006-7-26 10:35
17571
-
00411DC3 /$ 56 push esi ; 调用TlsGetValue(10)
00411DC4 |. 57 push edi
00411DC5 |. FF15 6CB24200 call [<&KERNEL32.GetLastError>] ; [GetLastError
00411DCB |. FF35 00544300 push dword ptr [435400] ; /TlsIndex = A
00411DD1 |. 8BF8 mov edi, eax ; |
00411DD3 |. FF15 78B14200 call [<&KERNEL32.TlsGetValue>] ; \TlsGetValue
00411DD9 |. 8BF0 mov esi, eax ; eax==0x00DA0F80
00411DDB |. 85F6 test esi, esi
00411DDD |. 75 3F jnz short 00411E1E
00411DDF |. 6A 74 push 74
00411DE1 |. 6A 01 push 1
00411DE3 |. E8 A83F0000 call 00415D90
00411DE8 |. 8BF0 mov esi, eax
00411DEA |. 59 pop ecx
00411DEB |. 85F6 test esi, esi
00411DED |. 59 pop ecx
00411DEE |. 74 26 je short 00411E16
00411DF0 |. 56 push esi ; /pValue
00411DF1 |. FF35 00544300 push dword ptr [435400] ; |TlsIndex = A
00411DF7 |. FF15 80B14200 call [<&KERNEL32.TlsSetValue>] ; \TlsSetValue
00411DFD |. 85C0 test eax, eax
00411DFF |. 74 15 je short 00411E16
00411E01 |. 56 push esi
00411E02 |. E8 A9FFFFFF call 00411DB0
00411E07 |. 59 pop ecx
00411E08 |. FF15 18B24200 call [<&KERNEL32.GetCurrentThreadId>] ; [GetCurrentThreadId
00411E0E |. 834E 04 FF or dword ptr [esi+4], FFFFFFFF
00411E12 |. 8906 mov [esi], eax
00411E14 |. EB 08 jmp short 00411E1E
00411E16 |> 6A 10 push 10
00411E18 |. E8 FDD7FFFF call 0040F61A
00411E1D |. 59 pop ecx
00411E1E |> 57 push edi ; /Error
00411E1F |. FF15 00B24200 call [<&KERNEL32.SetLastError>] ; \SetLastError
00411E25 |. 8BC6 mov eax, esi
00411E27 |. 5F pop edi
00411E28 |. 5E pop esi
00411E29 \. C3 retn
我不太明白,为什么在调用TlsGetValue前,先调用GetLastError,并把这返回值保存,等调用完TlsGetValue后在通过SetLastError重新设置。这样做的目的是什么?
[课程]Linux pwn 探索篇!