首页
社区
课程
招聘
[旧帖] [求助]在函数的尾部用retn 一定会回到调用该函数的位置么? 0.00雪花
发表于: 2007-12-3 10:32 4963

[旧帖] [求助]在函数的尾部用retn 一定会回到调用该函数的位置么? 0.00雪花

2007-12-3 10:32
4963
text:00467993 loc_467993:                             ; CODE XREF: Pak+30Cj
.text:00467993 mov     esp, ebp
.text:00467995 pop     ebp
.text:00467996 retn

如上列表,一个处理license的代码,在其尾部用了pop弹出一个 ebp,然后用retn,结果追踪发现这retn每次都会去 esp指向的那个地址,一个正确注册码的注册过程,要在这个地方循环12次,才结束这个函数,返回到调用的位置,不知道这个retn的用法是做什么?为什么不是直接返回到调用该子函数的位置,而是会被跳转到其他位置去?
我在对这个Pak(处理license的模块)做调用的地方把返回值强行改过了,在返回界面说license注册成功,但事实上并没有注册成功,因为该Pak模块注册成功后会在一个dat数据文件中写下license的数据,并且在使用的时候去读该文件,从而验证license,所以这类程序,如何才能将其license注册的过程绕过去呢?

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 0
支持
分享
最新回复 (5)
雪    币: 206
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
retn = pop return address to eip
return address可以被修改
2007-12-3 15:46
0
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
我的理解是ret的用途就是将当前堆栈最上面的那个地址弹出来,并返回到该地址去,那么retn和ret有什么区别呀
2007-12-6 11:09
0
雪    币: 144
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
n就是指压下的参数个数乘4?忘记了
2007-12-6 12:27
0
雪    币: 220
活跃值: (117)
能力值: ( LV6,RANK:90 )
在线值:
发帖
回帖
粉丝
5
[QUOTE=;]...[/QUOTE]
retn 是 return near
retf 是 return far
就是近 和 远 的区别。
2007-12-27 07:50
0
雪    币: 220
活跃值: (117)
能力值: ( LV6,RANK:90 )
在线值:
发帖
回帖
粉丝
6
刚才查了一下手册。

Opcode  Instruction     Description
C3      RET             Near return to calling procedure
CB      RET             Far return to calling procedure
C2 iw   RET imm16       Near return to calling procedure and pop imm16 bytes from stack
CA iw   RET imm16       Far return to calling procedure and pop imm16 bytes from stack

Description

Transfers program control to a return address located on the top of the stack.
The address is usually placed on the stack by a CALL instruction,
and the return is made to the instruction that follows the CALL instruction.

The optional source operand specifies the number of stack bytes to be released after the return address is popped;
the default is none.
This operand can be used to release parameters from the stack that were passed to the called procedure and are no longer needed.
It must be used when the CALL instruction used to switch to a new procedure uses a call gate with a non-zero word count to access the new procedure.
Here, the source operand for the RET instruction must specify the same number of bytes as is specified in the word count field of the call gate.

The RET instruction can be used to execute three different types of returns:

-- Near return     return to a calling procedure within the current code segment (the segment currently pointed to by the CS register), sometimes referred to as an intrasegment return.
-- Far return     return to a calling procedure located in a different segment than the current code segment, sometimes referred to as an intersegment return.
2007-12-27 08:08
0
游客
登录 | 注册 方可回帖
返回
//