<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"></SPAN> </P>" P$ o% P9 ]6 o. @- B1 @
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">有时如果你对<SPAN lang=EN-US>SICE,TRW或者其他调试器显示的信息有所怀疑的话,你可以用seh显示一些信息作为简单的调试手段,当然,单步跟踪的用途远不止于此.首先回忆一下我们以前了解的单步的概念,当EFLAGS的TF位为1的话执行完某条指令后CPU将产生单步异常,与执行软指令int1类似.注意产生单步陷阱后eip已经指向下一条指令.但进入单步异常处理程序后cpu自动清除TF,以便下条指令正常执行.</SPAN></SPAN></P>
) L0 X; o% D$ y$ W. n5 F5 S2 g5 x: H<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>: w( A: X( r& f6 V6 w0 d. Z/ ]8 W5 h
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 30pt; mso-char-indent-count: 3.0; mso-char-indent-size: 10.0pt"><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">我们要作的就是在<SPAN lang=EN-US>seh例程中继续置TF位为1,以便下一条指令执行完毕后继续产生单步陷阱实现跟踪功能,直到遇到popfd指令为止,当然你也可以随便检测其他指令或者用记数器来终止单步.</SPAN></SPAN></P>
' w0 a) V+ I0 Z<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"></SPAN> </P>1 g, ], J5 m9 z+ b
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">下面例子中如果没有单步跟踪<SPAN lang=EN-US>eax的最后结果是3,由于有了单步自跟踪,在seh处理例程中我们每中断一次要加1,所以最后的结果是7,呵呵.请看下面的例子.</SPAN></SPAN></P>4 U) _" p! Z1 x! z
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">;-----------------------------------------</SPAN></P>/ _: t0 }( _1 L0 x/ K7 b' B
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">;Ex7,演示利用seh单步自跟踪 by Hume,2002</SPAN></P>& p* |& n% `% f+ w$ L' N$ I
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">;humewen@21cn.com </SPAN></P>9 _% g* F% d }, ?
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">;hume.longcity.net</SPAN></P>
+ b( d0 {' Q8 l<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">;-----------------------------------------</SPAN></P>
+ g# X* j5 T; c* Y. `<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">.586</SPAN></P>, T2 v5 W7 t# `# I: R/ f, |
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">.model flat, stdcall</SPAN></P>
8 `' K9 |4 E) l* N# h6 F<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">option casemap :none<SPAN style="mso-spacerun: yes"> </SPAN>; case sensitive</SPAN></P>
$ {& w) r/ e/ W% Y( b+ @0 J<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">include hd.h</SPAN></P>
9 S! t5 T; D; b' f3 f6 }) W<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">include mac.h</SPAN></P>
0 i. ?+ A# N. m<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"></SPAN> </P>* U, c' j; H" d5 S" [" `; P
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">singlestep_xHandler<SPAN style="mso-tab-count: 1"> </SPAN><SPAN style="mso-tab-count: 1"> </SPAN>proto C :DWORD,:DWORD,:DWORD,:DWORD</SPAN></P>
/ d8 i5 N$ @1 }/ `. ]) @( E<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">;;--------------</SPAN></P># [7 u! U) w1 j: u7 f' ]4 b0 e
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">.data</SPAN></P>
# @( u9 r# x3 k0 [<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">count<SPAN style="mso-spacerun: yes"> </SPAN>dd<SPAN style="mso-spacerun: yes"> </SPAN>0</SPAN></P> s+ v* }6 c' @: o3 I
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">Msg0<SPAN style="mso-spacerun: yes"> </SPAN>db<SPAN style="mso-spacerun: yes"> </SPAN>"Eax=="</SPAN></P>5 M9 L; N4 P: z) I4 Y* E
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">DispEAX dd<SPAN style="mso-spacerun: yes"> </SPAN><SPAN style="mso-spacerun: yes"> </SPAN>0,0</SPAN></P>
. m6 \! l# s# x6 j<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">;;-----------------------------------------</SPAN></P>
$ [9 W5 h9 f: l6 R4 W* l$ x<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">.CODE</SPAN></P>/ K% c$ a+ A) l8 y" o! _: L
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">_Start:</SPAN></P>
, j V) E/ Q5 ]8 z<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>assume fs:nothing</SPAN></P>9 I( J. y f3 \5 ~
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">push<SPAN style="mso-spacerun: yes"> </SPAN>offset singlestep_xHandler</SPAN></P>4 ^( G* |1 y) [
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>push<SPAN style="mso-spacerun: yes"> </SPAN>fs:[0]</SPAN></P>
9 A$ f& }7 R* D" u$ n( T/ C# N<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>mov<SPAN style="mso-spacerun: yes"> </SPAN>fs:[0],esp</SPAN></P>
; I1 w; v3 T( p; k<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>;------------------</SPAN></P>, j4 T( r# I* W1 @4 ^! J$ Z
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>xor<SPAN style="mso-spacerun: yes"> </SPAN>eax,eax</SPAN></P>: F5 \% I* a {( S" Y: N3 B; a9 K+ P
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>pushfd</SPAN></P>
* C& T" v6 ^& Z8 n<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>pushfd</SPAN></P>
4 _2 ~ C- m' W$ [ F5 S8 F<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN><SPAN style="mso-spacerun: yes"> </SPAN>or<SPAN style="mso-spacerun: yes"> </SPAN>dword ptr[esp],100h<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>" I. C4 }+ M, V3 c" [7 q/ D) A- J! m! _
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>popfd<SPAN style="mso-spacerun: yes"> </SPAN>;置TF标志进入单步状态</SPAN></P>
' k+ f0 v5 q5 V8 ~ e6 h$ W8 g; O<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"></SPAN> </P>
. S, f3 Z' F! S) W8 m<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>nop<SPAN style="mso-spacerun: yes"> </SPAN>; nop执行完后单步异常引发<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>& `/ j3 V1 l6 N7 ]5 C0 p4 Z
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>inc<SPAN style="mso-spacerun: yes"> </SPAN>eax<SPAN style="mso-spacerun: yes"> </SPAN>; eip指向,nop后面的指令,就是这里</SPAN></P>
1 i& x& K# \# t4 a. [<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>inc<SPAN style="mso-spacerun: yes"> </SPAN>eax<SPAN style="mso-spacerun: yes"> </SPAN><SPAN style="mso-spacerun: yes"> </SPAN>; 单步执行</SPAN></P>
3 [4 ?$ ~; z: |$ N8 f* w0 t/ c<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>inc<SPAN style="mso-spacerun: yes"> </SPAN>eax<SPAN style="mso-spacerun: yes"> </SPAN>; normal eax==3,but infact eax==7</SPAN></P># o- k$ r+ l$ k. U Y1 t
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"></SPAN> </P>0 l" W1 p/ c' o, y7 O' W
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>popfd</SPAN></P>2 N& C) c. G( o) P! c9 Q
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>;------------------ </SPAN></P>3 z/ c m+ S- d' w: F W9 H5 u
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>add<SPAN style="mso-spacerun: yes"> </SPAN>eax,30h<SPAN style="mso-spacerun: yes"> </SPAN>;convert to ASCIIZ</SPAN></P>+ G; P- Z7 i" F3 b3 K
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>mov<SPAN style="mso-spacerun: yes"> </SPAN>DispEAX,eax</SPAN></P>) A5 t' w1 Z5 h1 D$ Q
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>invoke<SPAN style="mso-tab-count: 1"> </SPAN>MessageBox,0,addr Msg0,ddd("The Eax equal to..."),0</SPAN></P>
* S; u' t9 u8 W5 i* M<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>
& H3 y# H. j4 B. z. \/ X+ k6 I! {<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>pop<SPAN style="mso-spacerun: yes"> </SPAN>fs:[0]</SPAN></P>
0 E+ D, J _; `, g1 ?& K# \# W<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>add<SPAN style="mso-spacerun: yes"> </SPAN>esp,4</SPAN></P>
' P! Y# r6 u/ R$ w8 M% ~/ x<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>invoke<SPAN style="mso-tab-count: 1"> </SPAN>ExitProcess,0</SPAN></P>
; L; L8 F9 ~8 p8 l. V<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">;-----------------------------------------</SPAN></P>
|& }$ d2 n9 T% `4 R<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">singlestep_xHandler PROC C pExcept:DWORD,pFrame:DWORD,pContext:DWORD,pDispatch:DWORD</SPAN></P>
, f* r% y& D! B: ?1 |<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>pushad<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>, h5 K l3 q1 M& s# w: w
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">assume<SPAN style="mso-spacerun: yes"> </SPAN>edi:ptr CONTEXT</SPAN></P>
* C; C% n, O- W ^, t$ s<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">assume<SPAN style="mso-spacerun: yes"> </SPAN>esi:ptr EXCEPTION_RECORD</SPAN></P>" N% n1 ]& D1 X$ D V: W$ `/ [
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>2 n' {( k, p& ^
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>mov<SPAN style="mso-spacerun: yes"> </SPAN>esi,pExcept</SPAN></P>% i4 c2 w2 S! z1 b. h6 C' x
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>mov<SPAN style="mso-spacerun: yes"> </SPAN>edi,pContext<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>
4 K2 U: K! j5 u2 m b<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>
5 r2 K3 A9 t% W- p8 |$ B ^<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>test<SPAN style="mso-spacerun: yes"> </SPAN>dword ptr[esi+4],1<SPAN style="mso-spacerun: yes"> </SPAN>;Exception flags test common stuff</SPAN></P>% V6 y* I& Z) B/ F$ Z9 I
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>jnz<SPAN style="mso-spacerun: yes"> </SPAN>@f<SPAN style="mso-spacerun: yes"> </SPAN><SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>
7 J5 Z, q' F+ a7 E) X<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>test<SPAN style="mso-spacerun: yes"> </SPAN>dword ptr[esi+4],6</SPAN></P>
7 E0 F9 k9 ^: Z5 R<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>jnz<SPAN style="mso-spacerun: yes"> </SPAN>@f</SPAN></P>
7 Y; I" J5 b0 e2 v: N. L7 D( @<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>cmp<SPAN style="mso-spacerun: yes"> </SPAN>dword ptr[esi],80000004h<SPAN style="mso-spacerun: yes"> </SPAN>;是否为单步异常标志</SPAN></P>
) K& y! \' |- Q# I+ y. m<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>jnz<SPAN style="mso-spacerun: yes"> </SPAN>@f</SPAN></P>8 t5 ~# {7 z! m1 Z
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"></SPAN> </P>
1 F1 J" S% {0 t) b4 a<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>inc<SPAN style="mso-spacerun: yes"> </SPAN>[edi].regEax </SPAN></P>
8 M8 D) B0 `5 W<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>mov<SPAN style="mso-spacerun: yes"> </SPAN>ebx,[edi].regEip</SPAN></P>4 F a/ \3 X0 S2 Z- ^* M7 s
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>cmp<SPAN style="mso-spacerun: yes"> </SPAN>byte ptr[ebx],9Dh<SPAN style="mso-spacerun: yes"> </SPAN>;是否是popfd,因为目的是取消</SPAN></P>+ x l2 p5 \! q
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>jz<SPAN style="mso-spacerun: yes"> </SPAN>@finish_singlestep<SPAN style="mso-spacerun: yes"> </SPAN>;单步状态,所以这时就不应该重置TF</SPAN></P>4 f# p! m" V% o0 e0 {
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>or<SPAN style="mso-spacerun: yes"> </SPAN>[edi].regFlag,100h<SPAN style="mso-spacerun: yes"> </SPAN>;否则,重置TF<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>8 v# g9 q- ?1 s7 p/ B" v# Y
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>;每单步中断一次,eax加1</SPAN></P>+ l) Q9 H4 d2 D3 `$ q
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>;所以eax最后不等于3,而是</SPAN></P>
+ H! i; e: O$ \, b' V" X<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>;中断4次后,eax==7<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>% l0 e7 d# S6 [. c. ], O( ~; }
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">@finish_singlestep:<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>
7 e# m) A. s* ]<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>0 }- F6 a5 H/ ^, z: h e
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>mov<SPAN style="mso-spacerun: yes"> </SPAN>dword ptr[esp+7*4],0<SPAN style="mso-spacerun: yes"> </SPAN>;eax==0<SPAN style="mso-spacerun: yes"> </SPAN>hehe...</SPAN></P>4 v0 e. l, |! U+ B9 i& V1 o
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>popad<SPAN style="mso-spacerun: yes"> </SPAN>;研究一下pushad指令就明白了</SPAN></P>
8 w4 g: C" W! o& V5 ], ]<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>ret</SPAN></P>1 f0 \/ o/ \! d% t3 j' U+ n! Z3 |
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">@@:</SPAN></P># T& G4 z$ b7 ^: c
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>mov<SPAN style="mso-spacerun: yes"> </SPAN>dword ptr[esp+7*4],1<SPAN style="mso-spacerun: yes"> </SPAN>;eax==1</SPAN></P>: ]5 R- h: u+ P$ A- y
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>popad<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>2 }! V7 K( d) [7 F3 [0 X* T- V
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>ret</SPAN></P>
2 n% X, t* l( J& R3 s<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"></SPAN> </P>
J2 e8 f7 i0 T# C7 c<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">singlestep_xHandler ENDP</SPAN></P>6 F4 z7 `0 v. d$ q0 S( c
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">;-----------------------------------------</SPAN></P>
# e3 G% M- c, }, I7 P/ Y+ n; o<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">END<SPAN style="mso-tab-count: 1"> </SPAN>_Start</SPAN></P> |
|本地广告联系: QQ:905790666 TEL:13176190456|Archiver|手机版|小黑屋|汶上信息港
( 鲁ICP备19052200号-1 )
发表于 2008-9-28 16:36:42
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡