[求助]这个程序不知道如何下手，哪位能指点一下-付费问答-看雪-安全社区|安全招聘|kanxue.com

最新回复 (1)
wping 雪币： 212 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 88 回帖 386 粉丝 0 关注私信	wping 2 楼我想搞明白一个函数是什么功能，可是它调用了无数个CALL，跟的我一头雾水，该如何才好？？？ 00457855 /$ 56 push esi 00457856 \|. E8 95BAFBFF call 004132F0 0045785B \|. 8BF0 mov esi, eax 0045785D \|. 85F6 test esi, esi 0045785F \|. 74 1E je short 0045787F 00457861 \|. 8B06 mov eax, dword ptr [esi] 00457863 \|. 8BCE mov ecx, esi 00457865 \|. FF90 B8000000 call dword ptr [eax+B8] 0045786B \|. 85C0 test eax, eax 0045786D \|. 74 10 je short 0045787F 0045786F \|. 8B4E 68 mov ecx, dword ptr [esi+68] 00457872 \|. 85C9 test ecx, ecx 00457874 \|. 74 09 je short 0045787F 00457876 \|. 8B01 mov eax, dword ptr [ecx] 00457878 \|. FF7424 08 push dword ptr [esp+8] 0045787C \|. FF50 6C call dword ptr [eax+6C] 0045787F \|> 5E pop esi 00457880 \. C2 0400 retn 4 ***************************************************************** 4132f0: 004132F0 /$ 55 push ebp 004132F1 \|. 8BEC mov ebp, esp 004132F3 \|. 83EC 08 sub esp, 8 004132F6 \|. E8 7A950300 call 0044C875 004132FB \|. 85C0 test eax, eax 004132FD \|. 74 18 je short 00413317 004132FF \|. E8 71950300 call 0044C875 00413304 \|. 8945 FC mov dword ptr [ebp-4], eax 00413307 \|. 8B45 FC mov eax, dword ptr [ebp-4] 0041330A \|. 8B10 mov edx, dword ptr [eax] 0041330C \|. 8B4D FC mov ecx, dword ptr [ebp-4] 0041330F \|. FF52 7C call dword ptr [edx+7C] 00413312 \|. 8945 F8 mov dword ptr [ebp-8], eax 00413315 \|. EB 07 jmp short 0041331E 00413317 \|> C745 F8 00000>mov dword ptr [ebp-8], 0 0041331E \|> 8B45 F8 mov eax, dword ptr [ebp-8] 00413321 \|. 8BE5 mov esp, ebp 00413323 \|. 5D pop ebp 00413324 \. C3 retn ************************************************************* 44c875: 0044C875 /$ E8 BD950100 call 00465E37 0044C87A \|. 8B40 04 mov eax, dword ptr [eax+4] 0044C87D \|. 85C0 test eax, eax 0044C87F \|. 75 08 jnz short 0044C889 0044C881 \|. E8 8B950100 call 00465E11 0044C886 \|. 8B40 04 mov eax, dword ptr [eax+4] 0044C889 \> C3 retn *************************************************************** 465e37: 00465E37 /$ E8 D5FFFFFF call 00465E11 00465E3C \|. 05 70100000 add eax, 1070 00465E41 \|. 68 19614300 push 00436119 00465E46 \|. 8BC8 mov ecx, eax 00465E48 \|. E8 6E120000 call 004670BB 00465E4D \. C3 retn ******************************************************************** 465e11: 00465E11 /$ 68 4D614300 push 0043614D 00465E16 \|. B9 C0BB4800 mov ecx, 0048BBC0 00465E1B \|. E8 9B120000 call 004670BB 00465E20 \|. 8B40 04 mov eax, dword ptr [eax+4] 00465E23 \|. 85C0 test eax, eax 00465E25 \|. 75 0F jnz short 00465E36 00465E27 \|. 68 AF5D4600 push 00465DAF 00465E2C \|. B9 C4BB4800 mov ecx, 0048BBC4 00465E31 \|. E8 47130000 call 0046717D 00465E36 \> C3 retn ******************************************************** 4670bb: 004670BB /$ 56 push esi 004670BC \|. 57 push edi 004670BD \|. 8BF9 mov edi, ecx 004670BF \|. 833F 00 cmp dword ptr [edi], 0 004670C2 \|. 75 2D jnz short 004670F1 004670C4 \|. 8B0D 40BF4800 mov ecx, dword ptr [48BF40] ; BBCLI.0048BF48 004670CA \|. 85C9 test ecx, ecx 004670CC \|. 75 1C jnz short 004670EA 004670CE \|. B9 48BF4800 mov ecx, 0048BF48 004670D3 \|. 8BC1 mov eax, ecx 004670D5 \|. 85C0 test eax, eax 004670D7 \|. 74 09 je short 004670E2 004670D9 \|. E8 5BFCFFFF call 00466D39 004670DE \|. 8BC8 mov ecx, eax 004670E0 \|. EB 02 jmp short 004670E4 004670E2 \|> 33C9 xor ecx, ecx 004670E4 \|> 890D 40BF4800 mov dword ptr [48BF40], ecx 004670EA \|> E8 8CFCFFFF call 00466D7B 004670EF \|. 8907 mov dword ptr [edi], eax 004670F1 \|> A1 40BF4800 mov eax, dword ptr [48BF40] 004670F6 \|. 8B37 mov esi, dword ptr [edi] 004670F8 \|. FF30 push dword ptr [eax] ; /TlsIndex 004670FA \|. FF15 94F94800 call dword ptr [<&KERNEL32.TlsGetValue>] ; \TlsGetValue 00467100 \|. 85C0 test eax, eax 00467102 \|. 74 0D je short 00467111 00467104 \|. 3B70 08 cmp esi, dword ptr [eax+8] 00467107 \|. 7D 08 jge short 00467111 00467109 \|. 8B40 0C mov eax, dword ptr [eax+C] 0046710C \|. 8B34B0 mov esi, dword ptr [eax+esi4] 0046710F \|. EB 02 jmp short 00467113 00467111 \|> 33F6 xor esi, esi 00467113 \|> 85F6 test esi, esi 00467115 \|. 75 14 jnz short 0046712B 00467117 \|. FF5424 0C call dword ptr [esp+C] 0046711B \|. 8B0D 40BF4800 mov ecx, dword ptr [48BF40] ; BBCLI.0048BF48 00467121 \|. 8BF0 mov esi, eax 00467123 \|. 56 push esi 00467124 \|. FF37 push dword ptr [edi] 00467126 \|. E8 BFFDFFFF call 00466EEA 0046712B \|> 8BC6 mov eax, esi 0046712D \|. 5F pop edi 0046712E \|. 5E pop esi 0046712F \. C2 0400 retn 4 ********************************************************************** 2007-11-21 07:42 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (1)

wping

雪币： 212

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

回帖

386

粉丝

关注

私信

wping: 2 楼

我想搞明白一个函数是什么功能，可是它调用了无数个CALL，跟的我一头雾水，该如何才好？？？

00457855  /$  56          push esi
00457856  |.  E8 95BAFBFF call 004132F0
0045785B  |.  8BF0       mov    esi, eax
0045785D  |.  85F6       test esi, esi
0045785F  |.  74 1E       je    short 0045787F
00457861  |.  8B06       mov    eax, dword ptr [esi]
00457863  |.  8BCE       mov    ecx, esi
00457865  |.  FF90 B8000000 call dword ptr [eax+B8]
0045786B  |.  85C0       test eax, eax
0045786D  |.  74 10       je    short 0045787F
0045786F  |.  8B4E 68    mov    ecx, dword ptr [esi+68]
00457872  |.  85C9       test ecx, ecx
00457874  |.  74 09       je    short 0045787F
00457876  |.  8B01       mov    eax, dword ptr [ecx]
00457878  |.  FF7424 08    push dword ptr [esp+8]
0045787C  |.  FF50 6C    call dword ptr [eax+6C]
0045787F  |>  5E          pop    esi
00457880  \.  C2 0400    retn 4

*******************************************************************
4132f0:
004132F0  /$  55          push ebp
004132F1  |.  8BEC       mov    ebp, esp
004132F3  |.  83EC 08    sub    esp, 8
004132F6  |.  E8 7A950300 call 0044C875
004132FB  |.  85C0       test eax, eax
004132FD  |.  74 18       je    short 00413317
004132FF  |.  E8 71950300 call 0044C875
00413304  |.  8945 FC    mov    dword ptr [ebp-4], eax
00413307  |.  8B45 FC    mov    eax, dword ptr [ebp-4]
0041330A  |.  8B10       mov    edx, dword ptr [eax]
0041330C  |.  8B4D FC    mov    ecx, dword ptr [ebp-4]
0041330F  |.  FF52 7C    call dword ptr [edx+7C]
00413312  |.  8945 F8    mov    dword ptr [ebp-8], eax
00413315  |.  EB 07       jmp    short 0041331E
00413317  |>  C745 F8 00000>mov    dword ptr [ebp-8], 0
0041331E  |>  8B45 F8    mov    eax, dword ptr [ebp-8]
00413321  |.  8BE5       mov    esp, ebp
00413323  |.  5D          pop    ebp
00413324  \.  C3          retn
*****************************************************************
44c875:
0044C875  /$  E8 BD950100 call 00465E37
0044C87A  |.  8B40 04    mov    eax, dword ptr [eax+4]
0044C87D  |.  85C0       test eax, eax
0044C87F  |.  75 08       jnz    short 0044C889
0044C881  |.  E8 8B950100 call 00465E11
0044C886  |.  8B40 04    mov    eax, dword ptr [eax+4]
0044C889  \>  C3          retn

*******************************************************************
465e37:
00465E37  /$  E8 D5FFFFFF call 00465E11
00465E3C  |.  05 70100000 add    eax, 1070
00465E41  |.  68 19614300 push 00436119
00465E46  |.  8BC8       mov    ecx, eax
00465E48  |.  E8 6E120000 call 004670BB
00465E4D  \.  C3          retn

************************************************************************
465e11:
00465E11  /$  68 4D614300 push 0043614D
00465E16  |.  B9 C0BB4800 mov    ecx, 0048BBC0
00465E1B  |.  E8 9B120000 call 004670BB
00465E20  |.  8B40 04    mov    eax, dword ptr [eax+4]
00465E23  |.  85C0       test eax, eax
00465E25  |.  75 0F       jnz    short 00465E36
00465E27  |.  68 AF5D4600 push 00465DAF
00465E2C  |.  B9 C4BB4800 mov    ecx, 0048BBC4
00465E31  |.  E8 47130000 call 0046717D
00465E36  \>  C3          retn

**********************************************************
4670bb:
004670BB  /$  56          push esi
004670BC  |.  57          push edi
004670BD  |.  8BF9       mov    edi, ecx
004670BF  |.  833F 00    cmp    dword ptr [edi], 0
004670C2  |.  75 2D       jnz    short 004670F1
004670C4  |.  8B0D 40BF4800 mov    ecx, dword ptr [48BF40]             ;  BBCLI.0048BF48
004670CA  |.  85C9       test ecx, ecx
004670CC  |.  75 1C       jnz    short 004670EA
004670CE  |.  B9 48BF4800 mov    ecx, 0048BF48
004670D3  |.  8BC1       mov    eax, ecx
004670D5  |.  85C0       test eax, eax
004670D7  |.  74 09       je    short 004670E2
004670D9  |.  E8 5BFCFFFF call 00466D39
004670DE  |.  8BC8       mov    ecx, eax
004670E0  |.  EB 02       jmp    short 004670E4
004670E2  |>  33C9       xor    ecx, ecx
004670E4  |>  890D 40BF4800 mov    dword ptr [48BF40], ecx
004670EA  |>  E8 8CFCFFFF call 00466D7B
004670EF  |.  8907       mov    dword ptr [edi], eax
004670F1  |>  A1 40BF4800 mov    eax, dword ptr [48BF40]
004670F6  |.  8B37       mov    esi, dword ptr [edi]
004670F8  |.  FF30       push dword ptr [eax]                      ; /TlsIndex
004670FA  |.  FF15 94F94800 call dword ptr [<&KERNEL32.TlsGetValue>] ; \TlsGetValue
00467100  |.  85C0       test eax, eax
00467102  |.  74 0D       je    short 00467111
00467104  |.  3B70 08    cmp    esi, dword ptr [eax+8]
00467107  |.  7D 08       jge    short 00467111
00467109  |.  8B40 0C    mov    eax, dword ptr [eax+C]
0046710C  |.  8B34B0       mov    esi, dword ptr [eax+esi*4]
0046710F  |.  EB 02       jmp    short 00467113
00467111  |>  33F6       xor    esi, esi
00467113  |>  85F6       test esi, esi
00467115  |.  75 14       jnz    short 0046712B
00467117  |.  FF5424 0C    call dword ptr [esp+C]
0046711B  |.  8B0D 40BF4800 mov    ecx, dword ptr [48BF40]             ;  BBCLI.0048BF48
00467121  |.  8BF0       mov    esi, eax
00467123  |.  56          push esi
00467124  |.  FF37       push dword ptr [edi]
00467126  |.  E8 BFFDFFFF call 00466EEA
0046712B  |>  8BC6       mov    eax, esi
0046712D  |.  5F          pop    edi
0046712E  |.  5E          pop    esi
0046712F  \.  C2 0400    retn 4

***********************************************************************

2007-11-21 07:42

[旧帖] [求助]这个程序不知道如何下手，哪位能指点一下 0.00雪花