00401000 >/$ E8 24000000 CALL crackme2.00401029
00401005 |. 8B4C24 0C MOV ECX,DWORD PTR SS:[ESP+C]
00401009 |. C701 17000100 MOV DWORD PTR DS:[ECX],10017
0040100F |. C781 B8000000>MOV DWORD PTR DS:[ECX+B8],0
00401019 |. 31C0 XOR EAX,EAX
0040101B |. 8941 14 MOV DWORD PTR DS:[ECX+14],EAX
0040101E |. 8941 18 MOV DWORD PTR DS:[ECX+18],EAX
00401021 |. 806A 00 E8 SUB BYTE PTR DS:[EDX],0E8
00401025 |. 33C0 XOR EAX,EAX
00401027 |. 33DB XOR EBX,EBX
00401029 |$ 68 60104000 PUSH crackme2.00401060 ; SE 处理程序安装
0040102E |. 64:FF35 00000>PUSH DWORD PTR FS:[0]
00401035 |. 64:8925 00000>MOV DWORD PTR FS:[0],ESP
0040103C |. 9C PUSHFD
0040103D |. 813424 540100>XOR DWORD PTR SS:[ESP],154
00401044 |. 9D POPFD
00401045 6A 30 PUSH 30
00401047 |. 68 00604000 PUSH crackme2.00406000 ; |Title = "crackme2"
0040104C |. 68 7A604000 PUSH crackme2.0040607A ; |Text = "What the hell are you doing in my app with a debugger?"
00401051 |. 6A 00 PUSH 0 ; |hOwner = NULL
00401053 |. E8 9C030000 CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA
00401058 6A 00 PUSH 0
0040105A \. E8 A7030000 CALL <JMP.&kernel32.ExitProcess> ; \ExitProcess
0040105F . C3 RETN
为什么这段代码执行到:00401047 |. 68 00604000 PUSH crackme2.00406000 ; |Title = "crackme2"这里就发生单步异常?这个是问题一。另外为什么虽然发生了异常,但当程序被调试的时候没有跳到00401060处开始执行呢?而是直接顺着往下执行了!这个是问题二。
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!