.text:00420D20 sub_420D20      proc near
.text:00420D20
.text:00420D20 var_9C          = qword ptr -9Ch
.text:00420D20 var_94          = dword ptr -94h
.text:00420D20 Text            = word ptr -90h
.text:00420D20 Dst             = byte ptr -8Eh
.text:00420D20 var_C           = dword ptr -0Ch
.text:00420D20 var_8           = qword ptr -8
.text:00420D20
.text:00420D20                 push    ebp
.text:00420D21                 mov     ebp, esp
.text:00420D23                 sub     esp, 94h
.text:00420D29                 mov     eax, dword_429DA8
.text:00420D2E                 xor     eax, ebp
.text:00420D30                 mov     [ebp+var_C], eax
.text:00420D33                 mov     [ebp+var_94], ecx
.text:00420D39                 mov     ax, ds:word_425A30
.text:00420D3F                 mov     [ebp+Text], ax
.text:00420D46                 push    7Eh             ; Size
.text:00420D48                 push    0               ; Val
.text:00420D4A                 lea     ecx, [ebp+Dst]
.text:00420D50                 push    ecx             ; Dst
.text:00420D51                 call    _memset
.text:00420D56                 add     esp, 0Ch
.text:00420D59                 fld     ds:dbl_425DC0
.text:00420D5F                 fstp    [ebp+var_8]
.text:00420D62                 fld     [ebp+var_8]
.text:00420D65                 fadd    st, st
.text:00420D67                 fstp    [ebp+var_8]
.text:00420D6A                 sub     esp, 8
.text:00420D6D                 fld     [ebp+var_8]
.text:00420D70                 fstp    [esp+9Ch+var_9C]
.text:00420D73                 push    offset aPi2F    ; "PI * 2 = %f"
.text:00420D78                 push    40h             ; Count
.text:00420D7A                 lea     edx, [ebp+Text]
.text:00420D80                 push    edx             ; Dest
.text:00420D81                 call    __snwprintf    [COLOR="Red"]; 当调用此函数时错误发生[/COLOR]
.text:00420D86                 add     esp, 14h
.text:00420D89                 push    40h             ; uType
.text:00420D8B                 push    offset Caption  ; "TestFloag"
.text:00420D90                 lea     eax, [ebp+Text]
.text:00420D96                 push    eax             ; lpText
.text:00420D97                 mov     ecx, [ebp+var_94]
.text:00420D9D                 call    sub_405C75
.text:00420DA2                 mov     ecx, [ebp+var_C]
.text:00420DA5                 xor     ecx, ebp
.text:00420DA7                 call    sub_40ECBD
.text:00420DAC                 mov     esp, ebp
.text:00420DAE                 pop     ebp
.text:00420DAF                 retn
.text:00420DAF sub_420D20      endp

.text:0040F618                 cmp     ds:off_42405C, 0
.text:0040F61F                 jz      short loc_40F63B
.text:0040F621                 push    offset off_42405C
.text:0040F626                 [COLOR="Red"]call    __IsNonwritableInCurrentImage ；检测只读区段[/COLOR]
.text:0040F62B                 test    eax, eax
.text:0040F62D                 pop     ecx
.text:0040F62E                 [COLOR="Red"]jz      short loc_40F63B[/COLOR]
.text:0040F630                 push    [esp+arg_0]
.text:0040F634                [COLOR="Red"] call    ds:off_42405C  ；_fpmath  如果不只读，跳过这个浮点函数的操作，将导致最后的6002错误[/COLOR]
.text:0040F63A                 pop     ecx


__IsNonwritableInCurrentImage：
.text:00415D90                 push    ebp
.text:00415D91                 mov     ebp, esp
.text:00415D93                 push    0FFFFFFFEh
.text:00415D95                 push    offset unk_4302B0
.text:00415D9A                 push    offset __except_handler4
.text:00415D9F                 mov     eax, large fs:0
.text:00415DA5                 push    eax
.text:00415DA6                 sub     esp, 8
.text:00415DA9                 push    ebx
.text:00415DAA                 push    esi
.text:00415DAB                 push    edi
.text:00415DAC                 mov     eax, dword_429DA8
.text:00415DB1                 xor     [ebp+var_8], eax
.text:00415DB4                 xor     eax, ebp
.text:00415DB6                 push    eax
.text:00415DB7                 lea     eax, [ebp+var_10]
.text:00415DBA                 mov     large fs:0, eax
.text:00415DC0                 mov     [ebp+var_18], esp
.text:00415DC3                 mov     [ebp+var_4], 0
.text:00415DCA                 push    offset __ImageBase
.text:00415DCF                 call    __ValidateImageBase
.text:00415DD4                 add     esp, 4
.text:00415DD7                 test    eax, eax
.text:00415DD9                 jz      short loc_415E30
.text:00415DDB                 mov     eax, [ebp+arg_0]
.text:00415DDE                 sub     eax, offset __ImageBase
.text:00415DE3                 push    eax
.text:00415DE4                 push    offset __ImageBase
.text:00415DE9                 call    __FindPESection
.text:00415DEE                 add     esp, 8
.text:00415DF1                 test    eax, eax
.text:00415DF3                 jz      short loc_415E30
[COLOR="Red"]； 检测是否只读区段
.text:00415DF5                 mov     eax, [eax+24h]  ；pSecHeader->Characteristics  
.text:00415DF8                 shr     eax, 1Fh
.text:00415DFB                 not     eax
.text:00415DFD                 and     eax, 1[/COLOR]
.text:00415E00                 mov     [ebp+var_4], 0FFFFFFFEh
.text:00415E07                 mov     ecx, [ebp+var_10]
.text:00415E0A                 mov     large fs:0, ecx
.text:00415E11                 pop     ecx
.text:00415E12                 pop     edi
.text:00415E13                 pop     esi
.text:00415E14                 pop     ebx
.text:00415E15                 mov     esp, ebp
.text:00415E17                 pop     ebp
.text:00415E18                 retn

[招生]科锐逆向工程师培训(2024年11月15日实地，远程教学同时开班, 第51期)