-
-
[求助]如何知道某一地址是从何处执行过来的
-
发表于:
2009-1-15 14:24
4297
-
类似如下的汇编代码,怎么知道地址0040AE90从什么地方执行过来的
* Reference To: USER32.DrawMenuBar, Ord:00B8h
|
:0040AE4E FF15B4A64B00 Call dword ptr [004BA6B4]
:0040AE54 C744242054134C00 mov [esp+20], 004C1354
:0040AE5C 8D4C2420 lea ecx, dword ptr [esp+20]
:0040AE60 C644243002 mov [esp+30], 02
:0040AE65 E8A0A40700 call 0048530A
:0040AE6A 8D4C2410 lea ecx, dword ptr [esp+10]
:0040AE6E C7442430FFFFFFFF mov [esp+30], FFFFFFFF
:0040AE76 E872940700 call 004842ED
:0040AE7B 8B4C2428 mov ecx, dword ptr [esp+28]
:0040AE7F 5F pop edi
:0040AE80 5E pop esi
:0040AE81 5D pop ebp
:0040AE82 64890D00000000 mov dword ptr fs:[00000000], ecx
:0040AE89 5B pop ebx
:0040AE8A 83C424 add esp, 00000024
:0040AE8D C20400 ret 0004
:0040AE90 8B442404 mov eax, dword ptr [esp+04] ****************
:0040AE94 81EC04010000 sub esp, 00000104
:0040AE9A 85C0 test eax, eax
:0040AE9C 7440 je 0040AEDE
:0040AE9E 8B0D78A14F00 mov ecx, dword ptr [004FA178]
:0040AEA4 8D442400 lea eax, dword ptr [esp]
:0040AEA8 6804010000 push 00000104
:0040AEAD 50 push eax
:0040AEAE 51 push ecx
* Reference To: KERNEL32.GetShortPathNameA, Ord:01ADh
|
:0040AEAF FF1560A34B00 Call dword ptr [004BA360]
:0040AEB5 E8D0F60800 call 0049A58A
:0040AEBA 8B4004 mov eax, dword ptr [eax+04]
:0040AEBD 8D542400 lea edx, dword ptr [esp]
:0040AEC1 52 push edx
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
