-
-
[旧帖] [求助]:eek:帮忙看看这是何解? 0.00雪花
-
发表于: 2009-5-29 16:08
-
初试一个VB的程序,下了个消息断点
77E82775 33C0 XOR EAX,EAX
77E82777 5D POP EBP
77E82778 C2 0400 RETN 4
77E8277B 57 PUSH EDI
77E8277C 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+8]
77E8277F 8D91 80000000 LEA EDX,DWORD PTR DS:[ECX+80]
77E82785 3B3A CMP EDI,DWORD PTR DS:[EDX]
77E82787 5F POP EDI
77E82788 ^ 0F87 56FFFFFF JA RPCRT4.77E826E4
77E8278E 8361 7C 00 AND DWORD PTR DS:[ECX+7C],0
77E82792 8322 00 AND DWORD PTR DS:[EDX],0
77E82795 8BC6 MOV EAX,ESI
77E82797 ^ E9 48FFFFFF JMP RPCRT4.77E826E4
77E8279C 8BB6 A4000000 MOV ESI,DWORD PTR DS:[ESI+A4]
77E827A2 85F6 TEST ESI,ESI
77E827A4 0F85 40DF0000 JNZ RPCRT4.77E906EA
77E827AA 50 PUSH EAX
77E827AB E8 DEFCFFFF CALL RPCRT4.RpcRaiseException
77E827B0 90 NOP
77E827B1 90 NOP
77E827B2 90 NOP
77E827B3 90 NOP
77E827B4 90 NOP
77E827B5 8BFF MOV EDI,EDI
77E827B7 55 PUSH EBP
77E827B8 8BEC MOV EBP,ESP
77E827BA 53 PUSH EBX
77E827BB 56 PUSH ESI
77E827BC 8B75 08 MOV ESI,DWORD PTR SS:[EBP+8]
77E827BF 56 PUSH ESI
77E827C0 E8 AA75FDFF CALL <JMP.&ntdll.wcslen>
77E827C5 59 POP ECX
77E827C6 8D5C00 02 LEA EBX,DWORD PTR DS:[EAX+EAX+2]
77E827CA 53 PUSH EBX
77E827CB E8 45FAFFFF CALL RPCRT4.NdrRpcSsDefaultAllocate
77E827D0 85C0 TEST EAX,EAX
77E827D2 74 2D Je SHORT RPCRT4.77E82801 断在此处了,
77E827D4 57 PUSH EDI
77E827D5 8BF8 MOV EDI,EAX
77E827D7 8BCB MOV ECX,EBX
77E827D9 8BD1 MOV EDX,ECX
77E827DB C1E9 02 SHR ECX,2
77E827DE F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
77E827E0 8BCA MOV ECX,EDX
77E827E2 83E1 03 AND ECX,3
77E827E5 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>
77E827E7 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C]
77E827EA 8941 04 MOV DWORD PTR DS:[ECX+4],EAX
77E827ED 0FBFC3 MOVSX EAX,BX
77E827F0 99 CDQ
77E827F1 2BC2 SUB EAX,EDX
77E827F3 D1F8 SAR EAX,1
77E827F5 66:8901 MOV WORD PTR DS:[ECX],AX
77E827F8 33C0 XOR EAX,EAX
77E827FA 5F POP EDI
77E827FB 5E POP ESI
77E827FC 5B POP EBX
77E827FD 5D POP EBP
把上面77EB27D2 JE改为JMP,保存,怎么会是dll文件?望指点
77E827D2 EB 2D JMP SHORT RPCRT4.77E82801
77E82775 33C0 XOR EAX,EAX
77E82777 5D POP EBP
77E82778 C2 0400 RETN 4
77E8277B 57 PUSH EDI
77E8277C 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+8]
77E8277F 8D91 80000000 LEA EDX,DWORD PTR DS:[ECX+80]
77E82785 3B3A CMP EDI,DWORD PTR DS:[EDX]
77E82787 5F POP EDI
77E82788 ^ 0F87 56FFFFFF JA RPCRT4.77E826E4
77E8278E 8361 7C 00 AND DWORD PTR DS:[ECX+7C],0
77E82792 8322 00 AND DWORD PTR DS:[EDX],0
77E82795 8BC6 MOV EAX,ESI
77E82797 ^ E9 48FFFFFF JMP RPCRT4.77E826E4
77E8279C 8BB6 A4000000 MOV ESI,DWORD PTR DS:[ESI+A4]
77E827A2 85F6 TEST ESI,ESI
77E827A4 0F85 40DF0000 JNZ RPCRT4.77E906EA
77E827AA 50 PUSH EAX
77E827AB E8 DEFCFFFF CALL RPCRT4.RpcRaiseException
77E827B0 90 NOP
77E827B1 90 NOP
77E827B2 90 NOP
77E827B3 90 NOP
77E827B4 90 NOP
77E827B5 8BFF MOV EDI,EDI
77E827B7 55 PUSH EBP
77E827B8 8BEC MOV EBP,ESP
77E827BA 53 PUSH EBX
77E827BB 56 PUSH ESI
77E827BC 8B75 08 MOV ESI,DWORD PTR SS:[EBP+8]
77E827BF 56 PUSH ESI
77E827C0 E8 AA75FDFF CALL <JMP.&ntdll.wcslen>
77E827C5 59 POP ECX
77E827C6 8D5C00 02 LEA EBX,DWORD PTR DS:[EAX+EAX+2]
77E827CA 53 PUSH EBX
77E827CB E8 45FAFFFF CALL RPCRT4.NdrRpcSsDefaultAllocate
77E827D0 85C0 TEST EAX,EAX
77E827D2 74 2D Je SHORT RPCRT4.77E82801 断在此处了,
77E827D4 57 PUSH EDI
77E827D5 8BF8 MOV EDI,EAX
77E827D7 8BCB MOV ECX,EBX
77E827D9 8BD1 MOV EDX,ECX
77E827DB C1E9 02 SHR ECX,2
77E827DE F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
77E827E0 8BCA MOV ECX,EDX
77E827E2 83E1 03 AND ECX,3
77E827E5 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>
77E827E7 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C]
77E827EA 8941 04 MOV DWORD PTR DS:[ECX+4],EAX
77E827ED 0FBFC3 MOVSX EAX,BX
77E827F0 99 CDQ
77E827F1 2BC2 SUB EAX,EDX
77E827F3 D1F8 SAR EAX,1
77E827F5 66:8901 MOV WORD PTR DS:[ECX],AX
77E827F8 33C0 XOR EAX,EAX
77E827FA 5F POP EDI
77E827FB 5E POP ESI
77E827FC 5B POP EBX
77E827FD 5D POP EBP
把上面77EB27D2 JE改为JMP,保存,怎么会是dll文件?望指点
77E827D2 EB 2D JMP SHORT RPCRT4.77E82801
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
|
|
|
终于找到了出错字串,把它替换为"2222..."了,如何才能让它不跳到出错处,郁闷还是搞不定
004E3E5A . 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30] 004E3E5D . 51 PUSH ECX 004E3E5E . 8D95 F8FEFFFF LEA EDX,DWORD PTR SS:[EBP-108] 004E3E64 . 52 PUSH EDX 004E3E65 . FF15 88114000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTs>; MSVBVM60.__vbaVarTstEq 004E3E6B . 0FBFC0 MOVSX EAX,AX 004E3E6E . 85C0 TEST EAX,EAX 004E3E70 74 05 JE SHORT eqmk.004E3E77 ----这里可以理解为关键跳吗?如果不相等则跳到下面出错的"2222..." 004E3E72 . E9 610C0000 JMP eqmk.004E4AD8 004E3E77 > C745 FC 28000>MOV DWORD PTR SS:[EBP-4],28 004E3E7E . C785 00FFFFFF>MOV DWORD PTR SS:[EBP-100],eqmk.00414430 004E3E88 . C785 F8FEFFFF>MOV DWORD PTR SS:[EBP-108],8 004E3E92 . 8D95 F8FEFFFF LEA EDX,DWORD PTR SS:[EBP-108] 004E3E98 . 8D4D 88 LEA ECX,DWORD PTR SS:[EBP-78] 004E3E9B . FF15 E8124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarDu>; MSVBVM60.__vbaVarDup 004E3EA1 . 6A 00 PUSH 0 004E3EA3 . 6A FF PUSH -1 004E3EA5 . 8D4D 88 LEA ECX,DWORD PTR SS:[EBP-78] 004E3EA8 . 51 PUSH ECX 004E3EA9 . 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30] 004E3EAC . 52 PUSH EDX 004E3EAD . 8D45 A8 LEA EAX,DWORD PTR SS:[EBP-58] 004E3EB0 . 50 PUSH EAX 004E3EB1 . FF15 3C124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVa>; MSVBVM60.__vbaStrVarVal 004E3EB7 . 50 PUSH EAX 004E3EB8 . 8D8D 78FFFFFF LEA ECX,DWORD PTR SS:[EBP-88] 004E3EBE . 51 PUSH ECX 004E3EBF . FF15 F8114000 CALL DWORD PTR DS:[<&MSVBVM60.#711>] ; MSVBVM60.rtcSplit 004E3EC5 . 8D95 78FFFFFF LEA EDX,DWORD PTR SS:[EBP-88] 004E3ECB . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44] 004E3ECE . FF15 18104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarMo>; MSVBVM60.__vbaVarMove 004E3ED4 . 8D4D A8 LEA ECX,DWORD PTR SS:[EBP-58] 004E3ED7 . FF15 80134000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr 004E3EDD . 8D4D 88 LEA ECX,DWORD PTR SS:[EBP-78] 004E3EE0 . FF15 28104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVar 004E3EE6 . C745 FC 29000>MOV DWORD PTR SS:[EBP-4],29 004E3EED . C785 00FFFFFF>MOV DWORD PTR SS:[EBP-100],0 . . .省略 004E49C9 . 8B85 90FEFFFF MOV EAX,DWORD PTR SS:[EBP-170] 004E49CF . 8B08 MOV ECX,DWORD PTR DS:[EAX] 004E49D1 . 8B95 90FEFFFF MOV EDX,DWORD PTR SS:[EBP-170] 004E49D7 . 52 PUSH EDX 004E49D8 . FF91 BC010000 CALL DWORD PTR DS:[ECX+1BC] 004E49DE . DBE2 FCLEX 004E49E0 . 8985 8CFEFFFF MOV DWORD PTR SS:[EBP-174],EAX 004E49E6 . 83BD 8CFEFFFF>CMP DWORD PTR SS:[EBP-174],0 004E49ED . 7D 26 JGE SHORT eqmk.004E4A15 004E49EF . 68 BC010000 PUSH 1BC 004E49F4 . 68 944A4100 PUSH eqmk.00414A94 004E49F9 . 8B85 90FEFFFF MOV EAX,DWORD PTR SS:[EBP-170] 004E49FF . 50 PUSH EAX 004E4A00 . 8B8D 8CFEFFFF MOV ECX,DWORD PTR SS:[EBP-174] 004E4A06 . 51 PUSH ECX 004E4A07 . FF15 9C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj 004E4A0D . 8985 18FEFFFF MOV DWORD PTR SS:[EBP-1E8],EAX 004E4A13 . EB 0A JMP SHORT eqmk.004E4A1F 004E4A15 > C785 18FEFFFF>MOV DWORD PTR SS:[EBP-1E8],0 004E4A1F > C745 FC 3C000>MOV DWORD PTR SS:[EBP-4],3C 004E4A26 . 833D 00D04F00>CMP DWORD PTR DS:[4FD000],0 004E4A2D . 75 1C JNZ SHORT eqmk.004E4A4B 004E4A2F . 68 00D04F00 PUSH eqmk.004FD000 004E4A34 . 68 041F4100 PUSH eqmk.00411F04 004E4A39 . FF15 74124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaNew2>>; MSVBVM60.__vbaNew2 004E4A3F . C785 14FEFFFF>MOV DWORD PTR SS:[EBP-1EC],eqmk.004FD000 004E4A49 . EB 0A JMP SHORT eqmk.004E4A55 004E4A4B > C785 14FEFFFF>MOV DWORD PTR SS:[EBP-1EC],eqmk.004FD000 004E4A55 > 8B95 14FEFFFF MOV EDX,DWORD PTR SS:[EBP-1EC] 004E4A5B . 8B02 MOV EAX,DWORD PTR DS:[EDX] 004E4A5D . 8985 90FEFFFF MOV DWORD PTR SS:[EBP-170],EAX 004E4A63 . 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] 004E4A66 . 51 PUSH ECX 004E4A67 . 8D55 A0 LEA EDX,DWORD PTR SS:[EBP-60] 004E4A6A . 52 PUSH EDX 004E4A6B . FF15 FC104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>; MSVBVM60.__vbaObjSetAddref 004E4A71 . 50 PUSH EAX 004E4A72 . 8B85 90FEFFFF MOV EAX,DWORD PTR SS:[EBP-170] 004E4A78 . 8B08 MOV ECX,DWORD PTR DS:[EAX] 004E4A7A . 8B95 90FEFFFF MOV EDX,DWORD PTR SS:[EBP-170] 004E4A80 . 52 PUSH EDX 004E4A81 . FF51 10 CALL DWORD PTR DS:[ECX+10] 004E4A84 . DBE2 FCLEX 004E4A86 . 8985 8CFEFFFF MOV DWORD PTR SS:[EBP-174],EAX 004E4A8C . 83BD 8CFEFFFF>CMP DWORD PTR SS:[EBP-174],0 004E4A93 . 7D 23 JGE SHORT eqmk.004E4AB8 004E4A95 . 6A 10 PUSH 10 004E4A97 . 68 F01E4100 PUSH eqmk.00411EF0 004E4A9C . 8B85 90FEFFFF MOV EAX,DWORD PTR SS:[EBP-170] 004E4AA2 . 50 PUSH EAX 004E4AA3 . 8B8D 8CFEFFFF MOV ECX,DWORD PTR SS:[EBP-174] 004E4AA9 . 51 PUSH ECX 004E4AAA . FF15 9C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj 004E4AB0 . 8985 10FEFFFF MOV DWORD PTR SS:[EBP-1F0],EAX 004E4AB6 . EB 0A JMP SHORT eqmk.004E4AC2 004E4AB8 > C785 10FEFFFF>MOV DWORD PTR SS:[EBP-1F0],0 004E4AC2 > 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60] 004E4AC5 . FF15 7C134000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObj 004E4ACB . EB 02 JMP SHORT eqmk.004E4ACF 004E4ACD > EB 09 JMP SHORT eqmk.004E4AD8 004E4ACF > EB 02 JMP SHORT eqmk.004E4AD3 004E4AD1 > EB 05 JMP SHORT eqmk.004E4AD8 004E4AD3 > E9 02010000 JMP eqmk.004E4BDA 004E4AD8 > C745 FC 45000>MOV DWORD PTR SS:[EBP-4],45 004E4ADF . C785 60FFFFFF>MOV DWORD PTR SS:[EBP-A0],80020004 004E4AE9 . C785 58FFFFFF>MOV DWORD PTR SS:[EBP-A8],0A 004E4AF3 . C785 70FFFFFF>MOV DWORD PTR SS:[EBP-90],80020004 004E4AFD . C785 68FFFFFF>MOV DWORD PTR SS:[EBP-98],0A 004E4B07 . C785 F0FEFFFF>MOV DWORD PTR SS:[EBP-110],eqmk.004194D0 004E4B11 . C785 E8FEFFFF>MOV DWORD PTR SS:[EBP-118],8 004E4B1B . 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118] 004E4B21 . 8D8D 78FFFFFF LEA ECX,DWORD PTR SS:[EBP-88] 004E4B27 . FF15 E8124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarDu>; MSVBVM60.__vbaVarDup 004E4B2D . C785 00FFFFFF>MOV DWORD PTR SS:[EBP-100],eqmk.004194EC ; UNICODE "2222222222222222222" (出错字串"2222222... 004E4B37 . C785 F8FEFFFF>MOV DWORD PTR SS:[EBP-108],8 004E4B41 . 8D95 F8FEFFFF LEA EDX,DWORD PTR SS:[EBP-108] 004E4B47 . 8D4D 88 LEA ECX,DWORD PTR SS:[EBP-78] 004E4B4A . FF15 E8124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarDu>; MSVBVM60.__vbaVarDup 004E4B50 . 8D95 58FFFFFF LEA EDX,DWORD PTR SS:[EBP-A8] 004E4B56 . 52 PUSH EDX 004E4B57 . 8D85 68FFFFFF LEA EAX,DWORD PTR SS:[EBP-98] 004E4B5D . 50 PUSH EAX 004E4B5E . 8D8D 78FFFFFF LEA ECX,DWORD PTR SS:[EBP-88] 004E4B64 . 51 PUSH ECX 004E4B65 . 6A 40 PUSH 40 004E4B67 . 8D55 88 LEA EDX,DWORD PTR SS:[EBP-78] 004E4B6A . 52 PUSH EDX 004E4B6B . FF15 E0104000 CALL DWORD PTR DS:[<&MSVBVM60.#595>] ; MSVBVM60.rtcMsgBox 004E4B71 . 8D85 58FFFFFF LEA EAX,DWORD PTR SS:[EBP-A8] 004E4B77 . 50 PUSH EAX 004E4B78 . 8D8D 68FFFFFF LEA ECX,DWORD PTR SS:[EBP-98] 004E4B7E . 51 PUSH ECX 004E4B7F . 8D95 78FFFFFF LEA EDX,DWORD PTR SS:[EBP-88] 004E4B85 . 52 PUSH EDX 004E4B86 . 8D45 88 LEA EAX,DWORD PTR SS:[EBP-78] 004E4B89 . 50 PUSH EAX 004E4B8A . 6A 04 PUSH 4 004E4B8C . FF15 50104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList 004E4B92 . 83C4 14 ADD ESP,14 004E4B95 . C745 FC 46000>MOV DWORD PTR SS:[EBP-4],46 004E4B9C . 6A 00 PUSH 0 004E4B9E . 6A 12 PUSH 12 004E4BA0 . 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] 004E4BA3 . 8B11 MOV EDX,DWORD PTR DS:[ECX] 004E4BA5 . 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 004E4BA8 . 50 PUSH EAX 004E4BA9 . FF92 04030000 CALL DWORD PTR DS:[EDX+304] 004E4BAF . 50 PUSH EAX 004E4BB0 . 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60] 004E4BB3 . 51 PUSH ECX 004E4BB4 . FF15 E8104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaObjSe>; MSVBVM60.__vbaObjSet 004E4BBA . 50 PUSH EAX 004E4BBB . FF15 38104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaLateI>; MSVBVM60.__vbaLateIdCall 004E4BC1 . 83C4 0C ADD ESP,0C 004E4BC4 . 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60] 004E4BC7 . FF15 7C134000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObj 004E4BCD . C745 FC 47000>MOV DWORD PTR SS:[EBP-4],47 004E4BD4 . FF15 4C104000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaEnd>] ; MSVBVM60.__vbaEnd 004E4BDA > C745 F0 00000>MOV DWORD PTR SS:[EBP-10],0 004E4BE1 . 9B WAIT 004E4BE2 . 68 804C4E00 PUSH eqmk.004E4C80 004E4BE7 . EB 72 JMP SHORT eqmk.004E4C5B 004E4BE9 . 8D55 A4 LEA EDX,DWORD PTR SS:[EBP-5C] 004E4BEC . 52 PUSH EDX 004E4BED . 8D45 A8 LEA EAX,DWORD PTR SS:[EBP-58] |
|
|
|
|
|
看来我还没找对地方,还是跳出错误"2222..."
 004E3E6B . 0FBFC0 MOVSX EAX,AX 004E3E6E . 85C0 TEST EAX,EAX 004E3E70 74 05 JE SHORT eqmk.004E3E77 ---- 把JE改为JMP, 还是跳在错误的循环里 004E3E72 . E9 610C0000 JMP eqmk.004E4AD8 -----尝试把跳到004E4AD8的循环nop掉,没错误提示,程序启动,但几个功能模块都不见了  004E3E77 > C745 FC 28000>MOV DWORD PTR SS:[EBP-4],28 004E3E7E . C785 00FFFFFF>MOV DWORD PTR SS:[EBP-100],eqmk.00414430 |
|
|
|
|
|
终于完成了我的处女作
 爽啊,谢谢各位的指点
|
|
|
|
