[求助]有些不懂的地方，希望大伙一起帮我看看.谢谢-经典问答-看雪-安全社区|安全招聘|kanxue.com

[求助]有些不懂的地方，希望大伙一起帮我看看.谢谢

2009-4-2 22:16 2853

[求助]有些不懂的地方，希望大伙一起帮我看看.谢谢

ludingping 活跃值

活跃值

2009-4-2 22:16

2853

CODE:00596910
CODE:00596910 ; =============== S U B R O U T I N E =======================================
CODE:00596910
CODE:00596910 ; Attributes: bp-based frame
CODE:00596910
CODE:00596910 sub_596910    proc near             ; DATA XREF: sub_597E2C+Bo
CODE:00596910
CODE:00596910 var_C          = dword ptr -0Ch
CODE:00596910 var_8          = dword ptr -8
CODE:00596910 var_4          = dword ptr -4
CODE:00596910
CODE:00596910                push ebp
CODE:00596911                mov    ebp, esp
CODE:00596913                push 0
CODE:00596915                push 0
CODE:00596917                push 0 ;初始化三个本地变量
CODE:00596919                push ebx ;
CODE:0059691A                push esi ;
CODE:0059691B                push edi ;
CODE:0059691C                mov    esi, edx ;设置edx 为参数1--param1
CODE:0059691E                mov    ebx, eax ;设eax 为参数0 -- param0

CODE:00596920                xor    eax, eax ;
CODE:00596922                push ebp
CODE:00596923                push offset loc_5969A6
CODE:00596928                push dword ptr fs:[eax] ;try{
CODE:0059692B                mov    fs:[eax], esp ;

CODE:0059692E                lea    ecx, [ebp+var_4] ;

CODE:00596931                xor    edx, edx ;

CODE:00596933                mov    eax, esi ;
CODE:00596935                mov    edi, [eax] ;
CODE:00596937                call dword ptr [edi+0Ch] ;vmtCreateObject
;SomeObject Var4 = CreateObject();
CODE:0059693A                mov    eax, [ebp+var_4] ;
CODE:0059693D                push eax ;
CODE:0059693E                lea    edx, [ebp+var_8] ;
CODE:00596941                mov    eax, [ebx+18h] ;param0->Number18h
CODE:00596944                mov    ecx, [eax] ;
CODE:00596946                call dword ptr [ecx+58h] ;Var4.Call58h();
CODE:00596949                mov    edx, [ebp+var_8] ;
CODE:0059694C                pop    eax
CODE:0059694D                call @System@@LStrCmp$qqrv ; System::__linkproc__ LStrCmp(void) ;
CODE:00596952                jz    short loc_596968 ;if(var_8!=var_4)
;{//进行异常处理
CODE:00596954                mov    ecx, 1C8h
CODE:00596959                mov    edx, offset asc_5969BC ; "D:\\Client\\Game\\gameSrc"...
CODE:0059695E                mov    eax, offset asc_596A08 ; "Assertion failure"
CODE:00596963                call @System@@Assert$qqrx17System@AnsiStringt1i ; System::__linkproc__ Assert(System::AnsiString,System::AnsiString,int)
CODE:00596968
CODE:00596968 loc_596968:                            ; CODE XREF: sub_596910+42j
CODE:00596968                lea    ecx, [ebp+var_C]
CODE:0059696B                mov    edx, 1
CODE:00596970                mov    eax, esi
CODE:00596972                mov    esi, [eax]
CODE:00596974                call dword ptr [esi+0Ch]
CODE:00596977                mov    edx, [ebp+var_C]
CODE:0059697A                mov    eax, ebx
CODE:0059697C                call sub_5956E4
CODE:00596981                mov    edx, eax
CODE:00596983                mov    eax, [ebx+18h]
CODE:00596986                mov    ecx, [eax]
CODE:00596988                call dword ptr [ecx+68h]
CODE:0059698B                xor    eax, eax
CODE:0059698D                pop    edx
CODE:0059698E                pop    ecx
CODE:0059698F                pop    ecx
CODE:00596990                mov    fs:[eax], edx
CODE:00596993                push offset loc_5969AD
CODE:00596998
CODE:00596998 loc_596998:                            ; CODE XREF: sub_596910+9Bj
CODE:00596998                lea    eax, [ebp+var_C]
CODE:0059699B                mov    edx, 3
CODE:005969A0                call @System@@LStrArrayClr$qqrpvi ; System::__linkproc__ LStrArrayClr(void *,int)
CODE:005969A5                retn
CODE:005969A6 ; ---------------------------------------------------------------------------
CODE:005969A6
CODE:005969A6 loc_5969A6:                            ; DATA XREF: sub_596910+13o
CODE:005969A6                jmp    unknown_libname_77 ; BDS 2005-2006 and Delphi6-7 Visual Component Library
CODE:005969AB ; ---------------------------------------------------------------------------
CODE:005969AB                jmp    short loc_596998
CODE:005969AD ; ---------------------------------------------------------------------------
CODE:005969AD
CODE:005969AD loc_5969AD:                            ; CODE XREF: sub_596910+95j
CODE:005969AD                                        ; DATA XREF: sub_596910+83o
CODE:005969AD                pop    edi
CODE:005969AE                pop    esi
CODE:005969AF                pop    ebx
CODE:005969B0                mov    esp, ebp
CODE:005969B2                pop    ebp
CODE:005969B3                retn
CODE:005969B3 sub_596910    endp
CODE:005969B3
CODE:005969B3 ; ---------------------------------------------------------------------------

上面我做了些注释，不知道我的理解是否正确。

阿里云助力开发者！2核2G 3M带宽不限流量！6.18限时价，开发者可享99元/年，续费同价！

收藏・0

点赞・0

打赏

分享

最新回复 (3)
ludingping 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 23 粉丝 0 关注私信	ludingping 2009-4-3 10:24 2 楼 0 各位大佬，给点意见吧。多谢了。
书呆彭雪币： 2108 活跃值： (21) 能力值： (RANK：260 ) 在线值：发帖 26 回帖 1860 粉丝 2 关注私信	书呆彭 6 2009-4-4 23:45 3 楼 0 没见你注释了什么有用的啊
mavermaver 雪币： 141 活跃值： (1125) 能力值： ( LV2，RANK：150 ) 在线值：发帖 47 回帖 360 粉丝 1 关注私信	mavermaver 3 2009-4-5 12:43 4 楼 0 关键的几行好像注释得挺好挺清楚： CODE:0059693A mov eax, [ebp+var_4] ; CODE:0059693D push eax ; CODE:0059693E lea edx, [ebp+var_8] ; CODE:00596941 mov eax, [ebx+18h] ;param0->Number18h CODE:00596944 mov ecx, [eax] ; CODE:00596946 call dword ptr [ecx+58h] ;Var4.Call58h(); CODE:00596949 mov edx, [ebp+var_8] ; CODE:0059694C pop eax CODE:0059694D call @System@@LStrCmp$qqrv ; System::__linkproc__ LStrCmp(void) ; CODE:00596952 jz short loc_596968 ;if(var_8!=var_4) 是不是说var_8==var_4就OK？
	游客登录 \| 注册方可回帖　回帖　表情雪币赚取及消费高级回复

返回

ludingping

发帖

回帖

RANK

关注

他的文章

[求助]有些不懂的地方，希望大伙一起帮我看看.谢谢

[求助]大家帮忙看一下这些代码段，有关类继承的逆向

[求助]一个简单的算法公式，有些地方不懂。请指教

看雪公众号

专注于PC、移动、智能设备安全研究及逆向工程的开发者社区