- 注册时间
- 2014-7-10
- 最后登录
- 1970-1-1
该用户从未签到
|
dd [[[[[0xD08DF0]+204]+8]+4]+1C]+8 这是正确的
dd [[[0xD08DF0]+204]1C]+8 我找到的是这个
0061063F CC int3
00610640 83EC 3C sub esp,0x3C -----------------------这是头部,反上去就是基址了,看了好几遍也没有 ""+8]+4]""
00610643 |. 57 push edi
00610644 |. 8BF9 mov edi,ecx ; -------------------------找 ecx
00610646 |. E8 AE418E00 call asktao.00EF47F9
0061064B \. C3 retn ; 0
0061064C . 85C0 test eax,eax
0061064E . 75 07 jnz short asktao.00610657
00610650 . 5F pop edi
00610651 . 83C4 3C add esp,0x3C
00610654 . C2 0800 retn 0x8 ; 1
00610657 > 8B87 04020000 mov eax,dword ptr ds:[edi+0x204] ;------------------------ 找 edi
0061065D . 53 push ebx
0061065E . 8D8F 00020000 lea ecx,dword ptr ds:[edi+0x200]
00610664 . 55 push ebp
00610665 . 56 push esi
00610666 . 33F6 xor esi,esi
00610668 . 8BF9 mov edi,ecx
0061066A . 8BE8 mov ebp,eax ; ---------------------找 eax
0061066C . 897424 10 mov dword ptr ss:[esp+0x10],esi
00610670 . 894C24 14 mov dword ptr ss:[esp+0x14],ecx
00610674 . 897424 34 mov dword ptr ss:[esp+0x34],esi
00610678 . 897C24 38 mov dword ptr ss:[esp+0x38],edi
0061067C . 896C24 3C mov dword ptr ss:[esp+0x3C],ebp
00610680 > 85FF test edi,edi
00610682 . 8B41 04 mov eax,dword ptr ds:[ecx+0x4]
00610685 . 8B18 mov ebx,dword ptr ds:[eax]
00610687 . 74 04 je short asktao.0061068D
00610689 . 3BF9 cmp edi,ecx
0061068B . 74 06 je short asktao.00610693
0061068D > FF15 0C27B000 call dword ptr ds:[0xB0270C] ; msvcr80._invalid_parameter_noinfo
00610693 > 3BEB cmp ebp,ebx
00610695 . 0F84 5B010000 je asktao.006107F6
0061069B . 8D4C24 20 lea ecx,dword ptr ss:[esp+0x20]
0061069F . 897C24 20 mov dword ptr ss:[esp+0x20],edi
006106A3 . 896C24 24 mov dword ptr ss:[esp+0x24],ebp ; --------------找EBP
006106A7 . E8 14050300 call asktao.00640BC0
006106AC . 8B7424 20 mov esi,dword ptr ss:[esp+0x20]
006106B0 . 85F6 test esi,esi
006106B2 . 8B1D 0C27B000 mov ebx,dword ptr ds:[0xB0270C] ; msvcr80._invalid_parameter_noinfo
006106B8 . 75 02 jnz short asktao.006106BC
006106BA . FFD3 call ebx
006106BC > 8B7C24 24 mov edi,dword ptr ss:[esp+0x24]
006106C0 . 3B7E 04 cmp edi,dword ptr ds:[esi+0x4]
006106C3 . 75 02 jnz short asktao.006106C7
006106C5 . FFD3 call ebx
006106C7 > 8B77 1C mov esi,dword ptr ds:[edi+0x1C] ; --------------找 edi 从+1C往上找
从+1C往上找,看了好几遍也没有 ""+8]+4]"" |
|