-
-
[求助]反汇编引擎的问题
-
发表于:
2009-4-23 22:21
4763
-
#include <stdio.h>
#include <windows.h>
#include "disasm.h"
#pragma comment(lib,"Decode.lib")
void main(void)
{
FILE *fs;
fs =fopen("1.exe","r");
if(!fs) {printf("file error\n");return;}
char buf[176174];
fseek(fs,0x000032C0,SEEK_SET);
int read = fread(buf,176174,1,fs);
fclose(fs);
DISASSEMBLY dis;
char *Linear=buf;//Pointer to linear address
DWORD Index=0;// Index of opcoded to decode
while(Index<100)
{
memset(&dis,0,sizeof(DISASSEMBLY));
dis.Address = Index;
Decode(&dis,Linear,&Index);
printf("%08x:%s\n",dis.Address + 0x004014B0,dis.Assembly);
}
}
凡是调用API的地方都出不来。
004014b3:push -01
004014b5:push 004251F0
004014ba:push 00406804
004014bf:mov eax, Dword ptr FS:[00000000]
004014c5:push eax
004014c6:mov Dword ptr FS:[00000000],esp
004014cd:add esp, -10
004014d0:push ebx
004014d1:push esi
004014d2:push edi
004014d3:mov Dword ptr SS:[ebp-18h],esp
004014d6:
004014d7:adc eax, 0042B14C
004014dc:mov Dword ptr DS:[00428A20], eax
004014e1:mov eax, Dword ptr DS:[00428A20]
004014e6:shr eax, 08
004014e9:and eax, 000000FF
004014ee:mov Dword ptr DS:[00428A2C], eax
004014f3:mov ecx,Dword ptr DS:[00428A20]
004014f9:and ecx, 000000FF
004014ff:mov Dword ptr DS:[00428A28],ecx
00401505:mov edx,Dword ptr DS:[00428A28]
0040150b:shl edx, 08
0040150e:add edx,Dword ptr DS:[00428A2C]
看004014d6:这个地址后面,就什么都没有。郁闷死了。
希望各位帮忙看看是怎么回事了。谢谢大家来。
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课