0042CE6C /$ 55 push ebp //前面几句都好理解
0042CE6D |. 8BEC mov ebp, esp
0042CE6F |. 83EC 10 sub esp, 10
0042CE72 |. A1 A4954400 mov eax, dword ptr [4495A4]
0042CE77 |. 8365 F8 00 and dword ptr [ebp-8], 0
0042CE7B |. 8365 FC 00 and dword ptr [ebp-4], 0
0042CE7F |. 53 push ebx
0042CE80 |. 57 push edi
0042CE81 |. BF 4EE640BB mov edi, BB40E64E
0042CE86 |. 3BC7 cmp eax, edi ;
0042CE88 |. BB 0000FFFF mov ebx, FFFF0000
0042CE8D |. 74 0D je short 脱啊脱.0042CE9C
0042CE8F |. 85C3 test ebx, eax
0042CE91 |. 74 09 je short 脱啊脱.0042CE9C
0042CE93 |. F7D0 not eax
0042CE95 |. A3 A8954400 mov dword ptr [4495A8], eax
0042CE9A |. EB 60 jmp short 脱啊脱.0042CEFC
0042CE9C |> 56 push esi
0042CE9D |. 8D45 F8 lea eax, dword ptr [ebp-8]
0042CEA0 |. 50 push eax ; /pFileTime
0042CEA1 |. FF15 70914300 call near dword ptr [439170] ; \GetSystemTimeAsFileTime
0042CEA7 |. 8B75 FC mov esi, dword ptr [ebp-4]
0042CEAA >|. 3375 F8 xor esi, dword ptr [ebp-8]
下面是CALL单步进入时的代码:
7C8018BA > 8BFF mov edi, edi
7C8018BC 55 push ebp
7C8018BD 8BEC mov ebp, esp
7C8018BF A1 1800FE7F mov eax, dword ptr [7FFE0018]
7C8018C4 8B15 1400FE7F mov edx, dword ptr [7FFE0014]
7C8018CA 3B05 1C00FE7F cmp eax, dword ptr [7FFE001C]
7C8018D0 ^ 75 ED jnz short kernel32.7C8018BF
7C8018D2 8B4D 08 mov ecx, dword ptr [ebp+8]
7C8018D5 8911 mov dword ptr [ecx], edx
7C8018D7 8941 04 mov dword ptr [ecx+4], eax
7C8018DA 5D pop ebp
7C8018DB C2 0400 retn 4
我想知道这个getsysetmtimeasfiletime函数取了系统时间以后放在什么地方,是取的时间哪一部分,请帮忙指点一下这段代码的大体意思。谢谢
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
