riijj 给我们的新人的一个cm,地址在这里:http://bbs.pediy.com/showthread.php?t=12136
我是断的getdlgitemtext 程序运行被断下,如下:
00401230 /$ 8B0D BC564000 mov ecx, dword ptr [4056BC]
00401236 |. 83EC 30 sub esp, 30
00401239 |. 8D4424 00 lea eax, dword ptr [esp]
0040123D |. 53 push ebx
0040123E |. 56 push esi
0040123F |. 8B35 94404000 mov esi, dword ptr [<&USER32.GetDlgI>; USER32.GetDlgItemTextA
00401245 |. 6A 10 push 10 ; /Count = 10 (16.)
00401247 |. 50 push eax ; |Buffer
00401248 |. 68 E8030000 push 3E8 ; |ControlID = 3E8 (1000.)
0040124D |. 51 push ecx ; |hWnd => 0008064E (class='#32770',parent=000A066A)
0040124E |. 33DB xor ebx, ebx ; |
00401250 |. FFD6 call esi ; \GetDlgItemTextA
00401252 |. 83F8 03 cmp eax, 3
00401255 |. 73 0B jnb short 00401262
00401257 |. 5E pop esi
00401258 |. B8 01000000 mov eax, 1
0040125D |. 5B pop ebx
0040125E |. 83C4 30 add esp, 30
00401261 |. C3 retn
然后就没搞懂了~~~
401250那一句的CALL,返回到00000010去了,请教这里什么回事啊~~`
附上CALL里面的代码:
77D6B0CC |. 8BC6 mov eax, esi ; |USER32.77D6B0CC
77D6B0CE |. 68 04100020 push 20001004 ; |InfoType = 20001004
77D6B0D3 |. 25 FFFF0000 and eax, 0FFFF ; |
77D6B0D8 |. 50 push eax ; |LocaleId
77D6B0D9 |. FF15 6813D177 call dword ptr [<&KERNEL32.GetLocaleI>; \GetLocaleInfoW
77D6B0DF |. 85C0 test eax, eax
77D6B0E1 |. 74 35 je short 77D6B118
77D6B0E3 |. 8B45 0C mov eax, dword ptr [ebp+C]
77D6B0E6 |. A3 4C1BD777 mov dword ptr [77D71B4C], eax
77D6B0EB |. 8935 481BD777 mov dword ptr [77D71B48], esi
77D6B0F1 |> 66:8365 10 00 and word ptr [ebp+10], 0
77D6B0F6 |. 6A 00 push 0 ; /pDefaultCharUsed = NULL
77D6B0F8 |. 6A 00 push 0 ; |pDefaultChar = NULL
77D6B0FA |. 6A 01 push 1 ; |MultiByteCount = 1
77D6B0FC |. 8D45 10 lea eax, dword ptr [ebp+10] ; |
77D6B0FF |. 50 push eax ; |MultiByteStr
77D6B100 |. 6A 01 push 1 ; |WideCharCount = 1
77D6B102 |. 8D45 08 lea eax, dword ptr [ebp+8] ; |
77D6B105 |. 50 push eax ; |WideCharStr
77D6B106 |. 6A 00 push 0 ; |Options = 0
77D6B108 |. FF35 4C1BD777 push dword ptr [77D71B4C] ; |CodePage = CP_ACP
77D6B10E |. FF15 6013D177 call dword ptr [<&KERNEL32.WideCharTo>; \WideCharToMultiByte
77D6B114 |. 85C0 test eax, eax
77D6B116 |. 75 04 jnz short 77D6B11C
77D6B118 |> 8365 10 00 and dword ptr [ebp+10], 0
77D6B11C |> 8B45 10 mov eax, dword ptr [ebp+10]
77D6B11F |. 5E pop esi
77D6B120 |. 5D pop ebp
77D6B121 \. C2 0C00 retn 0C
RETN 0C!!!!!!这是怎么回事啊~?
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)