77DA7842 > 8BFF mov edi,edi ; (初始化 cpu 选择状态)
77DA7844 55 push ebp
77DA7845 8BEC mov ebp,esp
77DA7847 83EC 0C sub esp,0C
77DA784A 8365 FC 00 and dword ptr ss:[ebp-4],0
77DA784E 53 push ebx
77DA784F 56 push esi
77DA7850 8B75 08 mov esi,dword ptr ss:[ebp+8]
77DA7853 81FE 04000080 cmp esi,80000004
77DA7859 57 push edi
77DA785A 0F84 DDF70100 je ADVAPI32.77DC703D
77DA7860 81FE 50000080 cmp esi,80000050
77DA7866 0F84 D1F70100 je ADVAPI32.77DC703D
77DA786C 81FE 60000080 cmp esi,80000060
77DA7872 0F84 C5F70100 je ADVAPI32.77DC703D
77DA7878 8B5D 18 mov ebx,dword ptr ss:[ebp+18]
77DA787B 85DB test ebx,ebx
77DA787D 0F84 B5EC0200 je ADVAPI32.77DD6538
77DA7883 8B7D 0C mov edi,dword ptr ss:[ebp+C]
77DA7886 85FF test edi,edi
堆栈
0012FC14 77DAEFE6 /CALL 到 RegOpenKeyExA 来自 ADVAPI32.77DAEFE1
0012FC18 80000001 |hKey = HKEY_CURRENT_USER
0012FC1C 0012FD68 |Subkey = "Software\Classes\{57AADD46-AE88-141A-DFA0-00CA676C7268}"
0012FC20 00000000 |Reserved = 0
0012FC24 02000000 |Access = 2000000
0012FC28 0012FC50 \pHandle = 0012FC50
0012FC2C /0012FE70
0012FC30 |00CE2945 返回到 00CE2945 来自 ADVAPI32.RegOpenKeyA
0012FC34 |80000001
0012FC38 |0012FD68 ASCII "Software\Classes\{57AADD46-AE88-141A-DFA0-00CA676C7268}"
0012FC3C |0012FC50
0012FC40 |00CB230C
0012FC44 |00CB21D8
0012FC48 |00CB21D8
0012FC4C |00000000
0012FC50 |00000000
0012FC54 |00000001
0012FC58 |00000003
0012FC5C |00000000
0012FC60 |4137357B
0012FC64 |34444441
0012FC68 |45412D36
0012FC6C |312D3838
0012FC70 |2D413134
0012FC74 |30414644
0012FC78 |4330302D
0012FC7C |36373641
0012FC80 |36323743
0012FC84 |77007D38
0012FC88 |77D18830 USER32.77D18830
0012FC8C |FFFFFFFF
0012FC90 |77D1882A 返回到 USER32.77D1882A 来自 USER32.77D18600
0012FC94 |77D28EA0 返回到 USER32.77D28EA0 来自 USER32.77D1875F
寄存器
EAX 80000001
ECX 0012FD68 ASCII "Software\Classes\{57AADD46-AE88-141A-DFA0-00CA676C7268}"
EDX 0012FC50
EBX 00CB21D8
ESP 0012FC14
EBP 0012FC2C
ESI 00000000
EDI 00CB21D8
EIP 77DA7842 ADVAPI32.RegOpenKeyExA
C 0 ES 0023 32位 0(FFFFFFFF)
P 1 CS 001B 32位 0(FFFFFFFF)
A 0 SS 0023 32位 0(FFFFFFFF)
Z 0 DS 0023 32位 0(FFFFFFFF)
S 0 FS 003B 32位 7FFDF000(FFF)
T 0 GS 0000 NULL
D 0
O 0 LastErr ERROR_FILE_NOT_FOUND (00000002)
EFL 00000206 (NO,NB,NE,A,NS,PE,GE,G)
ST0 empty -??? FFFF 0098AC57 008A9D4B
ST1 empty -??? FFFF 009EB259 00A7BB64
ST2 empty -??? FFFF 006B7D33 005B6E1C
ST3 empty -??? FFFF 00BCCB90 00AABA79
ST4 empty 11345.481353325641980
ST5 empty 17.843137254901961340
ST6 empty 7225.0000000000000000
ST7 empty 11345.481353325641980
3 2 1 0 E S P U O Z D I
FST 0000 Cond 0 0 0 0 Err 0 0 0 0 0 0 0 0 (GT)
FCW 027F Prec NEAR,53 掩码 1 1 1 1 1 1
[课程]Android-CTF解题方法汇总!