?? 【原創】ollydbg 入門系列(七)-匯編功能 - 看雪軟件安全論壇.mht
字號:
; |. 8B45 C0 &nbs=
p; |MOV EAX,DWORD PTR SS:[EBP-40] &n=
bsp; &nb=
sp; ; |<BR> 00408F3F &n=
bsp;|. 6A 00 &nb=
sp; |PUSH 0 &nbs=
p;  =
; =
;=
|hMenu =3D NULL<BR> 00408F41 |.&nbs=
p; 03C6 &=
nbsp; |ADD EAX,ESI &nb=
sp; &nbs=
p;  =
; ; |<BR> 00408F43&nbs=
p; |. FF75 08 &nb=
sp; |PUSH DWORD PTR SS:[EBP+8]  =
; =
; |hParent<BR>=
00408F46 |. FF75 D0 &nb=
sp; |PUSH DWORD PTR SS:=
[EBP-30]  =
; =
; |Height<BR> 00408F49 |. 57 &=
nbsp; &n=
bsp;|PUSH EDI &=
nbsp; &n=
bsp; &nb=
sp; ; |Width<BR>  =
;00408F4A |. 50 =
|PUSH EAX  =
; =
&=
nbsp; &n=
bsp; ; |Y<BR> 00408F4B |. &nbs=
p;FF75 BC |PUSH=
DWORD PTR SS:[EBP-44] =
&=
nbsp; ; |X<BR> 00408F4E  =
;|. FF75 EC &nbs=
p; |PUSH DWORD PTR SS:[EBP-14]  =
; =
; |Style<BR> 00=
408F51 |. 68 80DE4000 &=
nbsp;|PUSH myuninst.0040DE80 &nbs=
p;  =
; ; |WindowName =
=3D ""<BR> 00408F56 |. 68 DCD9=
4000 |PUSH myuninst.0040D9DC  =
; =
&=
nbsp;; |Class =3D "STATIC"<BR> 00408F5B &n=
bsp;|. FF75 D4 &=
nbsp; |PUSH DWORD PTR SS:[EBP-2C] &n=
bsp; &nb=
sp; ; |ExtStyle<BR> &n=
bsp;00408F5E |. FF15 98B24000  =
;|CALL DWORD PTR DS:[<&USER32.CreateWindowExA>]&=
nbsp; ; \=E6=96=AD=E5=9C=A8=E8=BF=99=E9=87=8C<BR>&n=
bsp; 00408F64 | 6A 00 &n=
bsp; |PUSH 0 &nb=
sp; &nbs=
p;  =
; =
; =E7=AC=AC=E4=B8=80=E5=A4=84=E8=
=A6=81=E4=BF=AE=E6=94=B9=E7=9A=84=E5=9C=B0=E6=96=B9<BR> 00408F=
66 | 8945 F4 &nbs=
p; |MOV DWORD PTR SS:[EBP-C],EAX<BR=
> 00408F69 |. E8 A098FFFF &nbs=
p; |CALL <myuninst.sub_40280E><BR>  =
;00408F6E |. 50 =
|PUSH EAX  =
; =
&=
nbsp; &n=
bsp; ; |hInst<BR> 00408F6F |. =
8B45 DC |=
MOV EAX,DWORD PTR SS:[EBP-24]  =
; =
; |<BR> 00408F72 |. &nb=
sp;6A 00 =
|PUSH 0 &=
nbsp; &n=
bsp; &nb=
sp; ; |hMenu&nb=
sp;=3D NULL<BR> 00408F74 |. 03F0&nb=
sp; |ADD=
ESI,EAX =
&=
nbsp; &n=
bsp; ; |<BR> 00408F76 |. =
; FF75 08 =
|PUSH DWORD PTR SS:[EBP+8] &n=
bsp; &nb=
sp; ; |hParent<BR> 004=
08F79 |. FF75 CC =
|PUSH DWORD PTR SS:[EBP-34] &=
nbsp; &n=
bsp; ; |Height<=
BR> 00408F7C |. 53 &nbs=
p; |PUSH =
EBX &nbs=
p;  =
; =
; |Width<BR> 00408F7D =
|. 56 &nb=
sp; |PUSH ESI &n=
bsp; &nb=
sp; &nbs=
p;  =
;; |Y<BR> 00408F7E |. FF75 D8&=
nbsp; |PUSH DWORD&nbs=
p;PTR SS:[EBP-28] &nb=
sp; &nbs=
p; ; |X<BR> 00408F81 |. =
FF75 E8 |PUSH&n=
bsp;DWORD PTR SS:[EBP-18] &n=
bsp; &nb=
sp; ; |Style<BR> 00408F84 &nb=
sp;|. 68 80DE4000 |PUSH =
;myuninst.0040DE80 &=
nbsp; &n=
bsp; ; |WindowName =3D ""<BR>=
00408F89 |. 68 D4D94000  =
; |PUSH myuninst.0040D9D4 &n=
bsp; &nb=
sp; ; |Cl=
ass =3D "EDIT"<BR> 00408F8E |.  =
;FF75 B8 |PUSH&=
nbsp;DWORD PTR SS:[EBP-48] &=
nbsp; &n=
bsp; ; |ExtStyle<BR> 00408F91 =
; |. FF15 98B24000 |CALL DWORD=
PTR DS:[<&USER32.CreateWindowExA>] =
; \CreateWindowExA<BR> 00408F97 | &=
nbsp; 8945 F0 &n=
bsp;|MOV DWORD PTR SS:[EBP-10],EAX =
&=
nbsp; ; =E7=AC=AC=E4=BA=8C=E5=A4=84=E8=A6=81=E4=
=BF=AE=E6=94=B9=E7=9A=84=E5=9C=B0=E6=96=B9<BR> 00408F9A &=
nbsp;| 8B45 F8 &=
nbsp; |MOV EAX,DWORD PTR SS:[EBP-8]<BR> &n=
bsp;00408F9D |. FF30 &=
nbsp; |PUSH DWORD PTR D=
S:[EAX] =
&=
nbsp; ; /<%s><BR> 00408F9F |.=
8D85 B0FEFFFF |LEA EAX,DWORD =
PTR SS:[EBP-150] &nbs=
p; ; |<BR=
> 00408FA5 |. 68 D0D94000 &nbs=
p; |PUSH myuninst.0040D9D0 &=
nbsp; &n=
bsp; ; |f=
ormat =3D "%s:"<BR> 00408FAA |. &nbs=
p;50 &nb=
sp; |PUSH EAX &n=
bsp; &nb=
sp; &nbs=
p; ; |s<BR>&nbs=
p; 00408FAB |. FF15 90B14000 &=
nbsp;|CALL DWORD PTR DS:[<&MSVCRT.sprintf>] =
; ; =
;\sprintf<BR> 00408FB1 |. 8B35 84B2=
4000 |MOV ESI,DWORD PTR DS:[<&USER=
32.SetWindowTextA>] ; USER32.SetWindowTextA<BR>&=
nbsp; 00408FB7 |. 83C4 0C &nbs=
p; |ADD ESP,0C<BR> 004=
08FBA |. 8D85 B0FEFFFF |LEA&n=
bsp;EAX,DWORD PTR SS:[EBP-150]<BR> 00408FC0 &nb=
sp;|. 50 =
|PUSH EAX  =
; =
&=
nbsp; ;&=
nbsp;/Text<BR> 00408FC1 |. FF75 F4&=
nbsp; |PUSH DWORD&nbs=
p;PTR SS:[EBP-C] &nbs=
p;  =
; ; |hWnd<BR> 00408FC4 |.&nbs=
p; FFD6 &=
nbsp; |CALL ESI =
&=
nbsp; &n=
bsp; ; \SetWindowText=
A<BR> 00408FC6 |. 8D85 ACFAFFFF&nbs=
p; |LEA EAX,DWORD PTR SS:[EBP-554]<BR> &nb=
sp;00408FCC |. 50 &nbs=
p; |PUSH EAX &nb=
sp; &nbs=
p;  =
; =
; /Arg3<BR> 00408FCD |. =
; FF75 FC =
|PUSH DWORD PTR SS:[EBP-4] &n=
bsp; &nb=
sp; ; |Arg2<BR> 00408F=
D0 |. FF35 00EF4000 |PUSH&nbs=
p;DWORD PTR DS:[40EF00] &nbs=
p;  =
; ; |Arg1 =3D 00BEADCC<BR> &nb=
sp;00408FD6 |. E8 1884FFFF &n=
bsp; |CALL <myuninst.sub_4013F3> &=
nbsp; &n=
bsp; ; \sub_4013F3<BR>  =
;00408FDB |. 83C4 0C &n=
bsp; |ADD ESP,0C<BR> 00408FDE =
; |. 50 &n=
bsp; |PUSH EAX<BR> 00408FDF&=
nbsp; |. FF75 F0 =
|PUSH DWORD PTR SS:[EBP-10]<BR> &nb=
sp;00408FE2 |. FFD6 &n=
bsp; |CALL ESI<BR> 004=
08FE4 |. FF45 FC =
|INC DWORD PTR SS:[EBP-4]<BR> =
; 00408FE7 |. 8345 F8 14 =
|ADD DWORD PTR SS:[EBP-8],14<BR>&n=
bsp; 00408FEB |. 837D FC 0F &nb=
sp; |CMP DWORD PTR SS:[EBP-4],0F<BR=
> 00408FEF |.^ 0F8C 32FFFFFF &=
nbsp;\JL <myuninst.loc_408F27><BR> 00408FF5 &n=
bsp;|. 5F  =
; POP EDI<BR> 00408FF6 =
|. 5E &nb=
sp; POP ESI<BR> 00408FF7&nbs=
p; |. 5B &=
nbsp; POP EBX<BR> 00408FF8&n=
bsp; |. C9  =
; LEAVE<BR> 00408FF9 &=
nbsp;\. C3 &nbs=
p; RETN<BR>=E3=80=80<BR><BR>=E6=88=91=E6=83=B3=
=E4=B8=8A=E9=9D=A2=E7=9A=84=E4=BB=A3=E7=A0=81=E6=88=91=E4=B8=8D=E9=9C=80=E5=
=A4=9A=E5=81=9A=E8=A7=A3=E9=87=8A=EF=BC=8COllyDBG =E8=87=AA=E5=8A=A8=
=E7=BB=99=E5=87=BA=E7=9A=84=E6=B3=A8=E9=87=8A=E5=B7=B2=E7=BB=8F=E5=A4=9F=E6=
=B8=85=E6=A5=9A=E7=9A=84=E4=BA=86=E3=80=82=E6=88=91=E4=BB=AC=E5=8F=8C=E5=87=
=BB MyUninstaller =E5=88=97=E8=A1=A8=E6=A1=86=E4=B8=AD=E7=9A=84=
=E7=9A=84=E6=9F=90=E9=A1=B9=E6=9F=A5=E7=9C=8B=E5=B1=9E=E6=80=A7=E6=97=B6=EF=
=BC=8C=E5=BC=B9=E5=87=BA=E7=9A=84=E5=B1=9E=E6=80=A7=E7=AA=97=E5=8F=A3=E4=B8=
=8A=E7=9A=84 STATIC =E6=8E=A7=E4=BB=B6=E5=92=8C EDIT =
=E6=8E=A7=E4=BB=B6=E9=83=BD=E6=98=AF=E7=94=B1 CreateWindowExA =E5=
=87=BD=E6=95=B0=E5=88=9B=E5=BB=BA=E7=9A=84=EF=BC=8C=E7=84=B6=E5=90=8E=E5=86=
=8D=E8=B0=83=E7=94=A8 SetWindowTextA =E6=9D=A5=E8=AE=BE=E7=BD=AE=
=E6=96=87=E6=9C=AC=EF=BC=8C=E6=A0=B9=E6=9C=AC=E6=B2=A1=E8=80=83=E8=99=91=E6=
=8E=A7=E4=BB=B6=E4=B8=8A=E5=AD=97=E4=BD=93=E6=98=BE=E7=A4=BA=E7=9A=84=E9=97=
=AE=E9=A2=98=EF=BC=8C=E6=89=80=E4=BB=A5=E6=88=91=E4=BB=AC=E7=9C=8B=E5=88=B0=
=E7=9A=84=E9=83=BD=E6=98=AF=E7=B3=BB=E7=BB=9F=E9=BB=98=E8=AE=A4=E7=9A=84=E5=
=AD=97=E4=BD=93=E3=80=82=E6=88=91=E4=BB=AC=E8=A6=81=E8=AE=BE=E7=BD=AE=E6=8E=
=A7=E4=BB=B6=E4=B8=8A=E7=9A=84=E5=AD=97=E4=BD=93=EF=BC=8C=E5=8F=AF=E4=BB=A5=
=E8=80=83=E8=99=91=E5=9C=A8 CreateWindowExA =E5=88=9B=E5=BB=BA=E5=
=AE=8C=E6=8E=A7=E4=BB=B6=E5=90=8E=EF=BC=8C=E5=9C=A8=E4=BD=BF=E7=94=A8&nbs=
p;SetWindowTextA =E5=87=BD=E6=95=B0=E8=AE=BE=E7=BD=AE=E6=96=87=E6=9C=
=AC=E4=B9=8B=E5=89=8D=E8=B0=83=E7=94=A8=E7=9B=B8=E5=85=B3=E5=AD=97=E4=BD=93=
=E5=88=9B=E5=BB=BA=E5=87=BD=E6=95=B0=E6=9D=A5=E9=80=89=E6=8B=A9=E5=AD=97=E4=
=BD=93=EF=BC=8C=E5=86=8D=E8=B0=83=E7=94=A8 SendMessageA =E5=87=BD=
=E6=95=B0=E5=8F=91=E9=80=81 WM_SETFONT =E6=B6=88=E6=81=AF=E6=9D=
=A5=E8=AE=BE=E7=BD=AE=E6=8E=A7=E4=BB=B6=E5=AD=97=E4=BD=93=E3=80=82=E6=80=9D=
=E8=B7=AF=E5=AE=9A=E4=B8=8B=E6=9D=A5=E5=90=8E=EF=BC=8C=E6=88=91=E4=BB=AC=E5=
=B0=B1=E5=BC=80=E5=A7=8B=E6=9D=A5=E5=AE=9E=E6=96=BD=E3=80=82=E9=A6=96=E5=85=
=88=E6=88=91=E4=BB=AC=E7=9C=8B=E4=B8=80=E4=B8=8B=E8=BF=99=E4=B8=AA=E7=A8=8B=
=E5=BA=8F=E4=B8=AD=E7=9A=84=E5=AF=BC=E5=85=A5=E5=87=BD=E6=95=B0=EF=BC=8CC=
reateFontIndirectA =E8=BF=99=E4=B8=AA=E5=AD=97=E4=BD=93=E5=88=9B=E5=BB=
=BA=E5=87=BD=E6=95=B0=E5=B7=B2=E7=BB=8F=E6=9C=89=E4=BA=86=EF=BC=8C=E5=86=8D=
=E7=9C=8B=E7=9C=8B SendMessageA=EF=BC=8C=E5=91=B5=E5=91=B5=EF=BC=8C=E4=
=B8=8D=E9=94=99=EF=BC=8C=E5=8E=9F=E7=A8=8B=E5=BA=8F=E4=B9=9F=E6=9C=89=E8=BF=
=99=E4=B8=AA=E5=87=BD=E6=95=B0=E3=80=82=E8=BF=99=E6=A0=B7=E6=88=91=E4=BB=AC=
=E5=B0=B1=E7=9C=81=E4=BA=8B=E4=BA=86=E3=80=82=E6=9C=89=E4=BA=BA=E5=8F=AF=E8=
=83=BD=E8=A6=81=E9=97=AE=EF=BC=8C=E5=A6=82=E6=9E=9C=E5=8E=9F=E6=9D=A5=E5=B9=
=B6=E6=B2=A1=E6=9C=89=E8=BF=99=E4=B8=A4=E4=B8=AA=E5=AF=BC=E5=85=A5=E5=87=BD=
=E6=95=B0=EF=BC=8C=E9=82=A3=E6=80=8E=E4=B9=88=E5=8A=9E=E5=91=A2=EF=BC=9F=E5=
=85=B6=E5=AE=9E=E8=BF=99=E4=B9=9F=E5=BE=88=E7=AE=80=E5=8D=95=EF=BC=8C=E6=88=
=91=E4=BB=AC=E5=8F=AF=E4=BB=A5=E7=9B=B4=E6=8E=A5=E7=94=A8 LordPE&nbs=
p;=E6=9D=A5=E5=9C=A8=E7=A8=8B=E5=BA=8F=E4=B8=AD=E6=B7=BB=E5=8A=A0=E6=88=91=
=E4=BB=AC=E9=9C=80=E8=A6=81=E7=9A=84=E5=AF=BC=E5=85=A5=E5=87=BD=E6=95=B0=E3=
=80=82=E6=88=91=E8=BF=99=E9=87=8C=E7=94=A8=E4=B8=AA=E5=BE=88=E5=B0=8F=E7=9A=
=84 PE =E5=B7=A5=E5=85=B7 zeroadd =E6=9D=A5=E7=A4=BA=E8=
=8C=83=E4=B8=80=E4=B8=8B=EF=BC=8C=E8=BF=99=E4=B8=AA=E7=A8=8B=E5=BA=8F=E9=87=
=8C=E9=9D=A2=E6=B2=A1=E6=9C=89 CreateFontIndirectA =E5=92=8C&nb=
sp;SendMessageA =E5=87=BD=E6=95=B0=EF=BC=88=E8=BF=99=E9=87=8C=E8=BF=98=
=E6=9C=89=E4=B8=AA=E9=97=AE=E9=A2=98=E8=AF=B4=E4=B8=80=E4=B8=8B=EF=BC=8C=E5=
=85=B6=E5=AE=9E=E6=88=91=E4=BB=AC=E7=BC=96=E7=A8=8B=E6=97=B6=E8=B0=83=E7=94=
=A8=E8=BF=99=E4=B8=A4=E4=B8=AA=E5=87=BD=E6=95=B0=E6=97=B6=E9=83=BD=E6=98=AF=
=E7=9B=B4=E6=8E=A5=E5=86=99 CreateFontIndirect =E5=8F=8A S=
endMessage=EF=BC=8C=E4=B8=80=E8=88=AC=E4=B8=8D=E9=9C=80=E6=8C=87=E5=AE=9A=
=E3=80=82=E4=BD=86=E5=9C=A8=E7=A8=8B=E5=BA=8F=E4=B8=AD=E5=86=99=E8=A1=A5=E4=
=B8=81=E4=BB=A3=E7=A0=81=E6=97=B6=E6=88=91=E4=BB=AC=E8=A6=81=E6=8C=87=E5=AE=
=9A=E8=BF=99=E6=98=AF=E4=BB=80=E4=B9=88=E7=B1=BB=E5=9E=8B=E7=9A=84=E5=87=BD=
=E6=95=B0=E3=80=82=E8=BF=99=E9=87=8C=E5=9C=A8=E5=87=BD=E6=95=B0=E5=90=8E=E9=
=9D=A2=E5=8A=A0=E4=B8=AA=E2=80=9CA=E2=80=9D=E8=A1=A8=E7=A4=BA=E8=BF=99=E6=
=98=AF ASCII =E7=89=88=E6=9C=AC=EF=BC=8C=E5=90=8C=E6=A0=B7 =
;UNICODE =E7=89=88=E6=9C=AC=E5=9C=A8=E5=90=8E=E9=9D=A2=E5=8A=A0=E4=B8=
=AA=E2=80=9?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -