汇编 请教```
:00531164 55 push ebp:00531165 8BEC mov ebp, esp
:00531167 81C404FCFFFF add esp, FFFFFC04
:0053116D 53 push ebx
:0053116E 56 push esi
:0053116F 57 push edi
:00531170 33C9 xor ecx, ecx
:00531172 898D04FCFFFF mov dword ptr , ecx
:00531178 898D0CFCFFFF mov dword ptr , ecx
:0053117E 898D08FCFFFF mov dword ptr , ecx
:00531184 894DFC mov dword ptr , ecx
:00531187 8BF8 mov edi, eax
:00531189 33C0 xor eax, eax
:0053118B 55 push ebp
:0053118C 682C135300 push 0053132C
:00531191 64FF30 push dword ptr fs:
:00531194 648920 mov dword ptr fs:, esp
* Possible StringData Ref from Code Obj ->"c:\pagefilesz.sys"
|
:00531197 B844135300 mov eax, 00531344
:0053119C E8E386EDFF call 00409884
:005311A1 33D2 xor edx, edx
* Possible StringData Ref from Code Obj ->"c:\pagefilesz.sys"
|
:005311A3 B844135300 mov eax, 00531344
:005311A8 E84385EDFF call 004096F0
:005311AD 8BD8 mov ebx, eax
:005311AF 83FBFF cmp ebx, FFFFFFFF
:005311B2 0F8535010000 jne 005312ED ;这个跳转是关键跳转,但我始终不明白为什么?
:005311B8 8B0D00345400 mov ecx, dword ptr
:005311BE A1BC3A5400 mov eax, dword ptr
:005311C3 8B00 mov eax, dword ptr
* Possible StringData Ref from Code Obj ->"@窫"
|
:005311C5 8B15EC015300 mov edx, dword ptr
:005311CB E8C832F4FF call 00474498
:005311D0 A100345400 mov eax, dword ptr
:005311D5 8B00 mov eax, dword ptr
:005311D7 E86CFBF3FF call 00470D48
:005311DC A100345400 mov eax, dword ptr
:005311E1 8B00 mov eax, dword ptr
:005311E3 8B10 mov edx, dword ptr
:005311E5 FF92EC000000 call dword ptr
:005311EB A100345400 mov eax, dword ptr
:005311F0 8B00 mov eax, dword ptr
:005311F2 83B82C03000000 cmp dword ptr , 00000000
:005311F9 743A je 00531235
:005311FB 8D9508FCFFFF lea edx, dword ptr
:00531201 8BC7 mov eax, edi
:00531203 E84C020000 call 00531454
:00531208 8B9508FCFFFF mov edx, dword ptr
:0053120E 8D8D0CFCFFFF lea ecx, dword ptr
:00531214 8BC7 mov eax, edi
:00531216 E83D010000 call 00531358
:0053121B 8B950CFCFFFF mov edx, dword ptr
:00531221 A100345400 mov eax, dword ptr
:00531226 8B00 mov eax, dword ptr
:00531228 8B802C030000 mov eax, dword ptr
:0053122E E8C535EDFF call 004047F8
:00531233 7411 je 00531246
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005311F9(C)
|
:00531235 A1BC3A5400 mov eax, dword ptr
:0053123A 8B00 mov eax, dword ptr
:0053123C E8C333F4FF call 00474604
:00531241 E9C0000000 jmp 00531306
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00531233(C)
|
* Possible StringData Ref from Code Obj ->"c:\pagefilesz.sys"
|
:00531246 B844135300 mov eax, 00531344
:0053124B E8F884EDFF call 00409748
:00531250 8BD8 mov ebx, eax
:00531252 83FBFF cmp ebx, FFFFFFFF
:00531255 0F84AB000000 je 00531306
:0053125B 8D45FC lea eax, dword ptr
:0053125E 8B1500345400 mov edx, dword ptr
:00531264 8B12 mov edx, dword ptr
:00531266 8B922C030000 mov edx, dword ptr
:0053126C E81332EDFF call 00404484
:00531271 33F6 xor esi, esi
:00531273 EB44 jmp 005312B9
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005312BD(C)
|
:00531275 8D8504FCFFFF lea eax, dword ptr
:0053127B 50 push eax
:0053127C B901000000 mov ecx, 00000001
:00531281 BA01000000 mov edx, 00000001
:00531286 8B45FC mov eax, dword ptr
:00531289 E87E36EDFF call 0040490C
:0053128E 8B8504FCFFFF mov eax, dword ptr
:00531294 E81336EDFF call 004048AC
:00531299 8A00 mov al, byte ptr
:0053129B 88843513FCFFFF mov byte ptr , al
:005312A2 46 inc esi
:005312A3 8D45FC lea eax, dword ptr
:005312A6 50 push eax
:005312A7 B9A0860100 mov ecx, 000186A0
:005312AC BA02000000 mov edx, 00000002
:005312B1 8B45FC mov eax, dword ptr
:005312B4 E85336EDFF call 0040490C
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00531273(U)
|
:005312B9 837DFC00 cmp dword ptr , 00000000
:005312BD 75B6 jne 00531275
:005312BF 8D9513FCFFFF lea edx, dword ptr
:005312C5 8BCE mov ecx, esi
:005312C7 8BC3 mov eax, ebx
:005312C9 E8D284EDFF call 004097A0
:005312CE 8BC3 mov eax, ebx
:005312D0 E82F85EDFF call 00409804
:005312D5 8B8774030000 mov eax, dword ptr
:005312DB E810D1F5FF call 0048E3F0
:005312E0 8B8784030000 mov eax, dword ptr
:005312E6 E805D1F5FF call 0048E3F0
:005312EB EB19 jmp 00531306
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:005311B2(C)
|
:005312ED 8D9513FCFFFF lea edx, dword ptr
:005312F3 B9E8030000 mov ecx, 000003E8
:005312F8 8BC3 mov eax, ebx
:005312FA E87584EDFF call 00409774
:005312FF 8BC3 mov eax, ebx
:00531301 E8FE84EDFF call 00409804
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00531241(U), :00531255(C), :005312EB(U)
|
:00531306 33C0 xor eax, eax
:00531308 5A pop edx
:00531309 59 pop ecx
:0053130A 59 pop ecx
:0053130B 648910 mov dword ptr fs:, edx
:0053130E 6833135300 push 00531333
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00531331(U)
|
:00531313 8D8504FCFFFF lea eax, dword ptr
:00531319 BA03000000 mov edx, 00000003
:0053131E E8ED30EDFF call 00404410
:00531323 8D45FC lea eax, dword ptr
:00531326 E8C130EDFF call 004043EC
:0053132B C3 ret
为什么:005311B2 0F8535010000 jne 005312ED ;这个跳转是关键跳转,但我始终不明白为什么? 高手可以帮帮我翻译吗?
[ 本帖最后由 176443303 于 2007-7-6 09:30 编辑 ] 根据上下文来的,慢慢体一下,并按教程自己动手做几遍,光看教程是没用的
页:
[1]