[讨论]这段汇编代码看不明白，高手解释解释一下。-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [讨论]这段汇编代码看不明白，高手解释解释一下。 0.00雪花

发表于: 2009-3-18 15:51 2350

[旧帖] [讨论]这段汇编代码看不明白，高手解释解释一下。 0.00雪花

ashiw

2009-3-18 15:51

2350

01950410 >  B8 9C140000    mov    eax, 149C
01950415 E8 76C70400    call <__alloca_probe>
0195041A 8B0D 54D89F01 mov    ecx, dword ptr [19FD854]
01950420 53             push ebx
01950421 55             push ebp
01950422 56             push esi
01950423 57             push edi
01950424 8D4424 60    lea    eax, dword ptr [esp+60]
01950428 51             push ecx
01950429 894424 14    mov    dword ptr [esp+14], eax
0195042D C74424 30 A1C89>mov    dword ptr [esp+30], <__open>
01950435 C74424 38 0CC89>mov    dword ptr [esp+38], <__eof>
0195043D C74424 34 2CC79>mov    dword ptr [esp+34], <__close>
01950445 C74424 3C EEC49>mov    dword ptr [esp+3C], <__read>
0195044D C74424 44 DDC49>mov    dword ptr [esp+44], <__tell>
01950455 C74424 40 05C49>mov    dword ptr [esp+40], <__lseek>
0195045D C74424 48 FAC39>mov    dword ptr [esp+48], <_atoi>
01950465 E8 69A70400    call <operator new(uint)>
0195046A 8B15 58D89F01 mov    edx, dword ptr [19FD858]
01950470 8BF0          mov    esi, eax
01950472 52             push edx
01950473 897424 30    mov    dword ptr [esp+30], esi
01950477 E8 57A70400    call <operator new(uint)>
0195047C 8BF8          mov    edi, eax
0195047E A1 60D89F01    mov    eax, dword ptr [19FD860]
01950483 50             push eax
01950484 897C24 30    mov    dword ptr [esp+30], edi
01950488 E8 46A70400    call <operator new(uint)>
0195048D 8B0D 54D89F01 mov    ecx, dword ptr [19FD854]
01950493 8B15 58D89F01 mov    edx, dword ptr [19FD858]
01950499 8B1D 60D89F01 mov    ebx, dword ptr [19FD860]
0195049F 894C24 60    mov    dword ptr [esp+60], ecx
019504A3 8D4C24 70    lea    ecx, dword ptr [esp+70]
019504A7 8BE8          mov    ebp, eax
019504A9 8B4424 1C    mov    eax, dword ptr [esp+1C]
019504AD 51             push ecx
019504AE 6A 0C          push 0C
019504B0 68 64D89F01    push 019FD864
019504B5 C74424 64 2CD29>mov    dword ptr [esp+64], 019FD22C
019504BD 897424 68    mov    dword ptr [esp+68], esi
019504C1 C74424 70 B0D49>mov    dword ptr [esp+70], 019FD4B0
019504C9 897C24 74    mov    dword ptr [esp+74], edi
019504CD 895424 78    mov    dword ptr [esp+78], edx
019504D1 894424 60    mov    dword ptr [esp+60], eax
019504D5 E8 A6650400    call <sub_10086A80>
019504DA 83C4 18       add    esp, 18
019504DD 85DB          test ebx, ebx
019504DF 7E 4A          jle    short <loc_1004052B>
019504E1 BF A8D79F01    mov    edi, 019FD7A8
019504E6 83C3 07       add    ebx, 7
019504E9 2BFD          sub    edi, ebp
019504EB 8BF5          mov    esi, ebp
019504ED C1EB 03       shr    ebx, 3
019504F0 >  8B1437       mov    edx, dword ptr [edi+esi]
019504F3 8B4437 04    mov    eax, dword ptr [edi+esi+4]
019504F7 895424 14    mov    dword ptr [esp+14], edx
019504FB 8D4C24 64    lea    ecx, dword ptr [esp+64]
019504FF 894424 18    mov    dword ptr [esp+18], eax
01950503 6A 00          push 0
01950505 8D5424 20    lea    edx, dword ptr [esp+20]
01950509 51             push ecx
0195050A 8D4424 1C    lea    eax, dword ptr [esp+1C]
0195050E 52             push edx
0195050F 50             push eax
01950510 E8 8B660400    call <sub_10086BA0>
01950515 8B4C24 2C    mov    ecx, dword ptr [esp+2C]
01950519 8B5424 30    mov    edx, dword ptr [esp+30]
0195051D 890E          mov    dword ptr [esi], ecx
0195051F 8956 04       mov    dword ptr [esi+4], edx
01950522 83C4 10       add    esp, 10
01950525 83C6 08       add    esi, 8
01950528 4B             dec    ebx
01950529  ^ 75 C5          jnz    short <loc_100404F0>
0195052B >  8B5C24 54    mov    ebx, dword ptr [esp+54]
0195052F 8B7424 50    mov    esi, dword ptr [esp+50]
01950533 8B7C24 4C    mov    edi, dword ptr [esp+4C]
01950537 8D4424 64    lea    eax, dword ptr [esp+64]
0195053B 50             push eax
0195053C 6A 0C          push 0C
0195053E 68 64D89F01    push 019FD864
01950543 E8 38650400    call <sub_10086A80>
01950548 83C4 0C       add    esp, 0C
0195054B 85DB          test ebx, ebx
0195054D 7E 43          jle    short <loc_10040592>
0195054F 83C3 07       add    ebx, 7
01950552 2BFE          sub    edi, esi
01950554 C1EB 03       shr    ebx, 3
01950557 >  8B0C37       mov    ecx, dword ptr [edi+esi]
0195055A 8B5437 04    mov    edx, dword ptr [edi+esi+4]
0195055E 894C24 1C    mov    dword ptr [esp+1C], ecx
01950562 8D4424 64    lea    eax, dword ptr [esp+64]
01950566 895424 20    mov    dword ptr [esp+20], edx
0195056A 6A 00          push 0
0195056C 8D4C24 18    lea    ecx, dword ptr [esp+18]
01950570 50             push eax
01950571 8D5424 24    lea    edx, dword ptr [esp+24]
01950575 51             push ecx
01950576 52             push edx
01950577 E8 24660400    call <sub_10086BA0>
0195057C 8B4424 24    mov    eax, dword ptr [esp+24]
01950580 8B4C24 28    mov    ecx, dword ptr [esp+28]
01950584 8906          mov    dword ptr [esi], eax
01950586 894E 04       mov    dword ptr [esi+4], ecx
01950589 83C4 10       add    esp, 10
0195058C 83C6 08       add    esi, 8
0195058F 4B             dec    ebx
01950590  ^ 75 C5          jnz    short <loc_10040557>
01950592 >  8B5C24 60    mov    ebx, dword ptr [esp+60]
01950596 8B7424 5C    mov    esi, dword ptr [esp+5C]
0195059A 8B7C24 58    mov    edi, dword ptr [esp+58]
0195059E 8D5424 64    lea    edx, dword ptr [esp+64]
019505A2 52             push edx
019505A3 6A 0C          push 0C
019505A5 68 64D89F01    push 019FD864
019505AA E8 D1640400    call <sub_10086A80>
019505AF 83C4 0C       add    esp, 0C
019505B2 85DB          test ebx, ebx
019505B4 7E 43          jle    short <loc_100405F9>
019505B6 83C3 07       add    ebx, 7
019505B9 2BFE          sub    edi, esi
019505BB C1EB 03       shr    ebx, 3
019505BE >  8B0437       mov    eax, dword ptr [edi+esi]
019505C1 8B4C37 04    mov    ecx, dword ptr [edi+esi+4]
019505C5 894424 1C    mov    dword ptr [esp+1C], eax
019505C9 8D5424 64    lea    edx, dword ptr [esp+64]
019505CD 894C24 20    mov    dword ptr [esp+20], ecx
019505D1 6A 00          push 0
019505D3 8D4424 18    lea    eax, dword ptr [esp+18]
019505D7 52             push edx
019505D8 8D4C24 24    lea    ecx, dword ptr [esp+24]
019505DC 50             push eax
019505DD 51             push ecx
019505DE E8 BD650400    call <sub_10086BA0>
019505E3 8B5424 24    mov    edx, dword ptr [esp+24]
019505E7 8B4424 28    mov    eax, dword ptr [esp+28]
019505EB 8916          mov    dword ptr [esi], edx
019505ED 8946 04       mov    dword ptr [esi+4], eax
019505F0 83C4 10       add    esp, 10
019505F3 83C6 08       add    esi, 8
019505F6 4B             dec    ebx
019505F7  ^ 75 C5          jnz    short <loc_100405BE>
019505F9 >  8B9424 B0140000 mov    edx, dword ptr [esp+14B0]
01950600 8D4C24 2C    lea    ecx, dword ptr [esp+2C]
01950604 51             push ecx
01950605 52             push edx
01950606 FFD5          call ebp
01950608 8B4424 30    mov    eax, dword ptr [esp+30]
0195060C 50             push eax
0195060D E8 B6A50400    call <operator delete(void *)>
01950612 8B4C24 30    mov    ecx, dword ptr [esp+30]
01950616 51             push ecx
01950617 E8 ACA50400    call <operator delete(void *)>
0195061C 55             push ebp
0195061D E8 A6A50400    call <operator delete(void *)>
01950622 8B4424 24    mov    eax, dword ptr [esp+24]
01950626 83C4 14       add    esp, 14
01950629 8D5424 20    lea    edx, dword ptr [esp+20]
0195062D 2BC2          sub    eax, edx
0195062F 5F             pop    edi
01950630 F7D8          neg    eax
01950632 5E             pop    esi
01950633 5D             pop    ebp
01950634 1BC0          sbb    eax, eax
01950636 5B             pop    ebx
01950637 81C4 9C140000 add    esp, 149C
0195063D C3             retn

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法

收藏・0

免费・0

支持