- UID
- 71752
注册时间2011-2-3
阅读权限10
最后登录1970-1-1
周游历练
该用户从未签到
|
00490196 > $ E8 D8090000 CALL BestName.00490B73 //载入后停在这里
0049019B .^ E9 37FDFFFF JMP BestName.0048FED7
004901A0 8BFF MOV EDI,EDI
004901A2 /. 55 PUSH EBP
004901A3 |. 8BEC MOV EBP,ESP
004901A5 |. F645 08 02 TEST BYTE PTR SS:[EBP+8],2
004901A9 |. 57 PUSH EDI
004901AA |. 8BF9 MOV EDI,ECX
004901AC |. 74 25 JE SHORT BestName.004901D3
004901AE |. 56 PUSH ESI
004901AF |. 68 F80D4900 PUSH <JMP.&MSVCR90.?_type_info_dtor_inte>; 入口地址
004901B4 |. 8D77 FC LEA ESI,DWORD PTR DS:[EDI-4]
004901B7 |. FF36 PUSH DWORD PTR DS:[ESI]
004901B9 |. 6A 0C PUSH 0C
004901BB |. 57 PUSH EDI
004901BC |. E8 57030000 CALL BestName.00490518
004901C1 |. F645 08 01 TEST BYTE PTR SS:[EBP+8],1
004901C5 |. 74 07 JE SHORT BestName.004901CE
004901C7 |. 56 PUSH ESI
004901C8 |. E8 8DF2FFFF CALL <JMP.&mfc90u.#801>
004901CD |. 59 POP ECX
004901CE |> 8BC6 MOV EAX,ESI
004901D0 |. 5E POP ESI
004901D1 |. EB 14 JMP SHORT BestName.004901E7
004901D3 |> E8 200C0000 CALL <JMP.&MSVCR90.?_type_info_dtor_inte>
004901D8 |. F645 08 01 TEST BYTE PTR SS:[EBP+8],1
004901DC |. 74 07 JE SHORT BestName.004901E5
004901DE |. 57 PUSH EDI
004901DF |. E8 76F2FFFF CALL <JMP.&mfc90u.#801>
004901E4 |. 59 POP ECX
004901E5 |> 8BC7 MOV EAX,EDI
004901E7 |> 5F POP EDI
004901E8 |. 5D POP EBP
004901E9 \. C2 0400 RETN 4
004901EC >- FF25 48B34900 JMP DWORD PTR DS:[<&MSVCR90.__CxxFrameHa>; MSVCR90.__CxxFrameHandler3
004901F2 $ 3B0D AC3E4C00 CMP ECX,DWORD PTR DS:[4C3EAC]
004901F8 . 75 02 JNZ SHORT BestName.004901FC
004901FA . F3: PREFIX REP:
004901FB . C3 RETN
004901FC > E9 080A0000 JMP BestName.00490C09
00490201 CC INT3 //为何这里出现这么多的INT3代码
00490202 CC INT3
00490203 CC INT3
00490204 CC INT3
00490205 CC INT3
00490206 CC INT3
00490207 CC INT3
00490208 CC INT3
00490209 CC INT3
上网查了一下,好像是说“中断向量表的3号 ” |
|
IP卡
发表于 2011-2-14 10:51:55
提升卡
置顶卡
变色卡
千斤顶
显身卡
楼主