[新手]关于反汇编代码分析

2012-03-06

[新手求助]关于反汇编代码分析请教大侠：下面的代码是如何判断是在4524D0h位置还是4534D0h读写呢？新手看不

[新手求助]关于反汇编代码分析
请教大侠：下面的代码是如何判断是在4524D0h位置还是4534D0h读写呢？新手看不懂其原理。谢谢。

mov ebx, ds:dword_402098
code:00401030 push offset unk_402090
code:00401035 push 4
code:00401037 push offset dword_402094
code:0040103C push 4524D0h
code:00401041 push ebx
code:00401042 call ds:ReadProcessMemory
code:00401048 test eax, eax
code:0040104A jz loc_401000
code:0040104A
code:00401050 mov eax, ds:dword_402094
code:00401055 cmp eax, ds:dword_402008
code:0040105B jnz loc_401000
code:0040105B
code:00401061 push offset unk_402090
code:00401066 push 4
code:00401068 push offset s_sync_dll ; "sync.dll "
code:0040106D push 4524D0h
code:00401072 push ebx
code:00401073 call ds:WriteProcessMemory
code:00401079 test eax, eax
code:0040107B jz loc_401000

code:0040107B
code:00401081 jmp loc_40112D
code:00401081
code:00401086 ; ---------------------------------------
code:00401086
code:00401086 public start
code:00401086 start:
code:00401086 push offset dword_402098
code:0040108B call ds:GetStartupInfoA
code:00401091 call ds:GetCommandLineA
code:00401097 push offset dword_402098
code:0040109C push offset dword_402098
code:004010A1 xor edx, edx
code:004010A3 push edx
code:004010A4 push edx
code:004010A5 push 4
code:004010A7 push edx
code:004010A8 push edx
code:004010A9 push edx
code:004010AA push eax
code:004010AB push offset s_farm_exe ; "farm.exe "
code:004010B0 call ds:CreateProcessA
code:004010B6 test eax, eax
code:004010B8 jnz short loc_4010D6

code:004010B8
code:004010BA push 0
code:004010BC push offset s_Error ; "错误 "
code:004010C1 push offset s_CouldNotStart ; "加载失败 "
code:004010C6 push 0
code:004010C8 call ds:MessageBoxA
code:004010CE push 2
code:004010D0 call ds:ExitProcess
code:004010D0
code:004010D6
code:004010D6 loc_4010D6: ; CODE XREF: code:004010B8j
code:004010D6 mov ebx, ds:dword_402098
code:004010DC push offset unk_402090
code:004010E1 push 4
code:004010E3 push offset dword_402094
code:004010E8 push 4534D0h
code:004010ED push ebx
code:004010EE call ds:ReadProcessMemory
code:004010F4 test eax, eax
code:004010F6 jz loc_401000
code:004010F6
code:004010FC mov eax, ds:dword_402094
code:00401101 cmp eax, ds:dword_402008

code:00401107 jnz loc_40102A
code:00401107
code:0040110D push offset unk_402090
code:00401112 push 4
code:00401114 push offset s_sync_dll ; "sync.dll "
code:00401119 push 4534D0h
code:0040111E push ebx
code:0040111F call ds:WriteProcessMemory
code:00401125 test eax, eax
code:00401127 jz loc_401000
code:00401127
code:0040112D
code:0040112D loc_40112D: ; CODE XREF: code:00401081j
code:0040112D mov edi, ds:dword_40209C
code:00401133 push edi
code:00401134 call ds:ResumeThread
code:0040113A push 0
code:0040113C call ds:ExitProcess
code:0040113C

[解决办法]
...
code:004010FC mov eax, ds:dword_402094 ; 刚才读入的4534D0 处
code:00401101 cmp eax, ds:dword_402008 ; 和 dword_402008 相等?
code:00401107 jnz loc_40102A ; 不等, 转去读入 4524D0 处并进行判断, 改写
...

热点排行

汇编语言

[新手]关于反汇编代码分析