我在用ollydbg1.09跟踪一个Delphi6.0 编写的一个软件时,遇到一个 call,单步越过时它竟然跳到了别的地方,而没有接着执行后续指令。
请指点一下
0042C160 /$ 55 PUSH EBP
0042C161 |. 8BEC MOV EBP,ESP
0042C163 |. 83C4 F4 ADD ESP,-0C
0042C166 |. 53 PUSH EBX
0042C167 |. 56 PUSH ESI
0042C168 |. 66:894D FD MOV WORD PTR SS:[EBP-3],CX
0042C16C |. 8855 FF MOV BYTE PTR SS:[EBP-1],DL
0042C16F |. 8B75 0C MOV ESI,DWORD PTR SS:[EBP+C]
0042C172 |. 8B5D 10 MOV EBX,DWORD PTR SS:[EBP+10]
0042C175 |. 66:8B4D FD MOV CX,WORD PTR SS:[EBP-3]
0042C179 |. 8A55 FF MOV DL,BYTE PTR SS:[EBP-1]
0042C17C |. E8 17FAFFFF CALL tv.0042BB98 //=============这里的call我明明按的是F8,但是它却没有单步执行下一条语句,
//而是跳到别的地方去了,真不明白是怎么回事,就像jmp语句一样。就算它模拟了
//jmp的功能也应该是跳到0042BB98去啊,怎么跳到了0042BF7E呢(见下面)
0042C181 |. 8945 F4 MOV DWORD PTR SS:[EBP-C],EAX
0042C184 |. 33C0 XOR EAX,EAX
0042C186 |. 55 PUSH EBP
0042C187 |. 68 FFC14200 PUSH tv.0042C1FF
0042C18C |. 64:FF30 PUSH DWORD PTR FS:[EAX]
0042C18F |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
0042C192 |. 8B55 14 MOV EDX,DWORD PTR SS:[EBP+14]
0042C195 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0042C198 |. E8 1BEA0000 CALL tv.0043ABB8
0042C19D |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0042C1A0 |. 05 3C020000 ADD EAX,23C
0042C1A5 |. 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
0042C1A8 |. E8 9B7FFDFF CALL tv.00404148
0042C1AD |. 85DB TEST EBX,EBX
0042C1AF |. 7C 0A JL SHORT tv.0042C1BB
0042C1B1 |. 8BD3 MOV EDX,EBX
0042C1B3 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0042C1B6 |. E8 05E80000 CALL tv.0043A9C0
0042C1BB |> 85F6 TEST ESI,ESI
0042C1BD |. 7C 0A JL SHORT tv.0042C1C9
0042C1BF |. 8BD6 MOV EDX,ESI
0042C1C1 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0042C1C4 |. E8 1BE80000 CALL tv.0043A9E4
0042C1C9 |> 85F6 TEST ESI,ESI
0042C1CB |. 7D 0E JGE SHORT tv.0042C1DB
0042C1CD |. 85DB TEST EBX,EBX
0042C1CF |. 7D 0A JGE SHORT tv.0042C1DB
0042C1D1 |. B2 04 MOV DL,4
0042C1D3 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0042C1D6 |. E8 3D8E0200 CALL tv.00455018
0042C1DB |> 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0042C1DE |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
0042C1E0 |. FF92 EC000000 CALL DWORD PTR DS:[EDX+EC]
0042C1E6 |. 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
0042C1E9 |. 33C0 XOR EAX,EAX
0042C1EB |. 5A POP EDX
0042C1EC |. 59 POP ECX
0042C1ED |. 59 POP ECX
0042C1EE |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
0042C1F1 |. 68 06C24200 PUSH tv.0042C206
0042C1F6 |> 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0042C1F9 |. E8 2271FDFF CALL tv.00403320
0042C1FE \. C3 RETN
==========================================================================================
跳到这里:
0042BF7E |. 8BC7 MOV EAX,EDI //光标停在这
0042BF80 |. 66:BE C8FF MOV SI,0FFC8
0042BF84 |. E8 9375FDFF CALL tv.0040351C
0042BF89 |. 84C0 TEST AL,AL
0042BF8B |. 74 11 JE SHORT tv.0042BF9E
0042BF8D |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
0042BF90 |. E8 BFEC0000 CALL tv.0043AC54
0042BF95 |. 2B45 C4 SUB EAX,DWORD PTR SS:[EBP-3C]
0042BF98 |. 2B47 48 SUB EAX,DWORD PTR DS:[EDI+48]
0042BF9B |. 8945 C4 MOV DWORD PTR SS:[EBP-3C],EAX
0042BF9E |> 8B45 A8 MOV EAX,DWORD PTR SS:[EBP-58]
0042BFA1 |. 50 PUSH EAX
0042BFA2 |. 8B45 AC MOV EAX,DWORD PTR SS:[EBP-54]
0042BFA5 |. 50 PUSH EAX
0042BFA6 |. 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
0042BFA9 |. 8B55 C4 MOV EDX,DWORD PTR SS:[EBP-3C]
0042BFAC |. 8BC7 MOV EAX,EDI
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
