大家帮忙分析一下这个CALL 谢谢

sxpp520 · 发表于 2012-4-22 14:27:18

本帖最后由 sxpp520 于 2012-4-22 14:46 编辑

0050BA9F 6A 00          push 0x0
0050BAA1 6A 00          push 0x0
0050BAA3 53             push ebx                               ; 保存28eb860
0050BAA4 56             push esi                               ; 101  12fba0
0050BAA5 8BF2          mov esi,edx                            ; c10f60
0050BAA7 8BD8          mov ebx,eax                            ; 2deb5e0
0050BAA9 33C0          xor eax,eax
0050BAAB 55             push ebp                               ; 0002 12fb8c
0050BAAC 68 3EBB5000    push Mir3.0050BB3E                      ; 50bb3e
0050BAB1 64:FF30       push dword ptr fs:[eax]
0050BAB4 64:8920       mov dword ptr fs:[eax],esp             ; 01D72F10 12fdf4
0050BAB7 8B06          mov eax,dword ptr ds:[esi]             ; esi=00C10F60 12fba0
0050BAB9 83B8 80000000 0>cmp dword ptr ds:[eax+0x80],0x0       ; c10f60+80=2b6dd40任务ID
0050BAC0 74 61          je XMir3.0050BB23                      ; 等于0就跳
0050BAC2 8B5B 0C       mov ebx,dword ptr ds:[ebx+0xC]          ; 02DEB5E0+c=1d69530
0050BAC5 E8 52BDEFFF    call Mir3.0040781C                      ; jmp 到 kernel32.GetTickCount
0050BACA 8B93 F8000000 mov edx,dword ptr ds:[ebx+0xF8]
0050BAD0 85D2          test edx,edx
0050BAD2 74 0C          je XMir3.0050BAE0
0050BAD4 8BC8          mov ecx,eax
0050BAD6 2BCA          sub ecx,edx
0050BAD8 81F9 E8030000 cmp ecx,0x3E8
0050BADE 76 43          jbe XMir3.0050BB23
0050BAE0 8983 F8000000 mov dword ptr ds:[ebx+0xF8],eax       ; 19F818B8  =01D69530+F8
0050BAE6 8D45 FC       lea eax,dword ptr ss:[ebp-0x4]
0050BAE9 8B16          mov edx,dword ptr ds:[esi]
0050BAEB 8B92 80000000 mov edx,dword ptr ds:[edx+0x80]       ; c114b0+80选项ID
0050BAF1 E8 B295EFFF    call Mir3.004050A8
0050BAF6 8D55 F8       lea edx,dword ptr ss:[ebp-0x8]
0050BAF9 8B45 FC       mov eax,dword ptr ss:[ebp-0x4]
0050BAFC E8 6F24F0FF    call Mir3.0040DF70
0050BB01 8B55 F8       mov edx,dword ptr ss:[ebp-0x8]
0050BB04 8D45 FC       lea eax,dword ptr ss:[ebp-0x4]
0050BB07 E8 9C95EFFF    call Mir3.004050A8
0050BB0C 8B15 F0325800 mov edx,dword ptr ds:[0x5832F0]       ; Mir3.005A07D0
0050BB12 8B12          mov edx,dword ptr ds:[edx]             ; 5A07D0
0050BB14 A1 24365800    mov eax,dword ptr ds:[0x583624]
0050BB19 8B00          mov eax,dword ptr ds:[eax]             ; CA6E90
0050BB1B 8B4D FC       mov ecx,dword ptr ss:[ebp-0x4]；这是字符串CALL地址
0050BB1E E8 6D280100    call Mir3.0051E390
0050BB23 33C0          xor eax,eax
0050BB25 5A             pop edx
0050BB26 59             pop ecx
0050BB27 59             pop ecx
被调用的CALL
0051E390 55             push ebp                               ; esp+20=2
0051E391 8BEC          mov ebp,esp                            ; esp被减4 12fb68=ebp
0051E393 51             push ecx                               ; 压入选项ID@task105=ebp-4
0051E394 B9 06000000    mov ecx,0x6
0051E399 6A 00          push 0x0
0051E39B 6A 00          push 0x0
0051E39D 49             dec ecx
0051E39E  ^ 75 F9          jnz XMir3.0051E399
0051E3A0 874D FC       xchg dword ptr ss:[ebp-0x4],ecx       ; 交换ebp-4和ecx的值
0051E3A3 53             push ebx                               ; 压入1d68530到ebo-38
0051E3A4 56             push esi                               ; c10f60任务基质ebp-42 12fba0
0051E3A5 894D FC       mov dword ptr ss:[ebp-0x4],ecx          ; 将ECX 任务ID压入ebp-4
0051E3A8 8BDA          mov ebx,edx                            ; EDX38268F0
0051E3AA 8B45 FC       mov eax,dword ptr ss:[ebp-0x4]
0051E3AD E8 DE70EEFF    call Mir3.00405490
0051E3B2 33C0          xor eax,eax
0051E3B4 55             push ebp                               ; 保存EBP 12FB68
0051E3B5 68 F1E55100    push Mir3.0051E5F1
0051E3BA 64:FF30       push dword ptr fs:[eax]
0051E3BD 64:8920       mov dword ptr fs:[eax],esp
0051E3C0 8B75 FC       mov esi,dword ptr ss:[ebp-0x4]
0051E3C3 8BC6          mov eax,esi
0051E3C5 85C0          test eax,eax
0051E3C7 74 05          je XMir3.0051E3CE
0051E3C9 83E8 04       sub eax,0x4
0051E3CC 8B00          mov eax,dword ptr ds:[eax]
0051E3CE 83F8 02       cmp eax,0x2
0051E3D1 0F8C CB010000 jl Mir3.0051E5A2
0051E3D7 8D45 E0       lea eax,dword ptr ss:[ebp-0x20]
0051E3DA 50             push eax
0051E3DB B9 0A000000    mov ecx,0xA
0051E3E0 BA 01000000    mov edx,0x1
0051E3E5 8B45 FC       mov eax,dword ptr ss:[ebp-0x4]
0051E3E8 E8 1B71EEFF    call Mir3.00405508
0051E3ED 8B45 E0       mov eax,dword ptr ss:[ebp-0x20]
0051E3F0 BA 08E65100    mov edx,Mir3.0051E608                   ; ASCII "@_automove"
0051E3F5 E8 1AFBEEFF    call Mir3.0040DF14
0051E3FA 84C0          test al,al
0051E3FC 74 31          je XMir3.0051E42F
0051E3FE 8BDE          mov ebx,esi
0051E400 85DB          test ebx,ebx
0051E402 74 05          je XMir3.0051E409
0051E404 83EB 04       sub ebx,0x4
0051E407 8B1B          mov ebx,dword ptr ds:[ebx]
0051E409 8D45 DC       lea eax,dword ptr ss:[ebp-0x24]
0051E40C 50             push eax
0051E40D 8BCB          mov ecx,ebx
0051E40F 83E9 0A       sub ecx,0xA
0051E412 83E9 02       sub ecx,0x2
0051E415 BA 0C000000    mov edx,0xC
0051E41A 8B45 FC       mov eax,dword ptr ss:[ebp-0x4]
0051E41D E8 E670EEFF    call Mir3.00405508
0051E422 8B45 DC       mov eax,dword ptr ss:[ebp-0x24]
0051E425 E8 6AFDFFFF    call Mir3.0051E194
0051E42A E9 9A010000    jmp Mir3.0051E5C9
0051E42F 8D45 D8       lea eax,dword ptr ss:[ebp-0x28]
0051E432 50             push eax
0051E433 B9 05000000    mov ecx,0x5
0051E438 BA 01000000    mov edx,0x1
0051E43D 8B45 FC       mov eax,dword ptr ss:[ebp-0x4]
0051E440 E8 C370EEFF    call Mir3.00405508
0051E445 8B45 D8       mov eax,dword ptr ss:[ebp-0x28]
0051E448 BA 1CE65100    mov edx,Mir3.0051E61C                   ; ASCII "@_url"
0051E44D E8 C2FAEEFF    call Mir3.0040DF14
我在这里把字符串用CE指定了一个地址
mov edx,dword ptr ds:[edx]             ; 5A07D0
mov eax,dword ptr ds:[0x583624]
  mov eax,dword ptr ds:[eax]             ; CA6E90
mov ecx,dword ptr ss:[ebp-0x4]；这是字符串CALL地址
call 0051E390
xor eax,eax
这段CALL还是没反应，大家帮忙分析一下谢谢

果粒 · 发表于 2012-4-22 20:55:17

是不是传3的游戏？

		自动登录	找回密码
密码			注册账号