<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"></SPAN> </P>
0 G/ @4 R) ^/ ~, R, Z8 F<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">有时如果你对<SPAN lang=EN-US>SICE,TRW或者其他调试器显示的信息有所怀疑的话,你可以用seh显示一些信息作为简单的调试手段,当然,单步跟踪的用途远不止于此.首先回忆一下我们以前了解的单步的概念,当EFLAGS的TF位为1的话执行完某条指令后CPU将产生单步异常,与执行软指令int1类似.注意产生单步陷阱后eip已经指向下一条指令.但进入单步异常处理程序后cpu自动清除TF,以便下条指令正常执行.</SPAN></SPAN></P>6 a+ ?+ m4 y) M2 V
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>( f$ b, }2 z3 W, e% f
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 30pt; mso-char-indent-count: 3.0; mso-char-indent-size: 10.0pt"><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">我们要作的就是在<SPAN lang=EN-US>seh例程中继续置TF位为1,以便下一条指令执行完毕后继续产生单步陷阱实现跟踪功能,直到遇到popfd指令为止,当然你也可以随便检测其他指令或者用记数器来终止单步.</SPAN></SPAN></P>
2 E7 E1 `- X% h<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"></SPAN> </P>
$ ^- p- r, S+ J2 f5 M1 e! |<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">下面例子中如果没有单步跟踪<SPAN lang=EN-US>eax的最后结果是3,由于有了单步自跟踪,在seh处理例程中我们每中断一次要加1,所以最后的结果是7,呵呵.请看下面的例子.</SPAN></SPAN></P>
5 f7 ^( r0 v1 U3 v<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">;-----------------------------------------</SPAN></P>
7 o" P# z# A G! H9 {+ J0 E' y* ]<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">;Ex7,演示利用seh单步自跟踪 by Hume,2002</SPAN></P>* u7 D4 I& [% P& m' g" \' X
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">;humewen@21cn.com </SPAN></P>$ J* J6 f0 Q. E% d2 X1 [6 m' x
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">;hume.longcity.net</SPAN></P>4 ]% w5 I: C+ \' q; `" @7 S$ Z
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">;-----------------------------------------</SPAN></P>
2 t& \, p1 F, |* D6 B<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">.586</SPAN></P>
2 F! M/ w) w/ _! j! D* l<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">.model flat, stdcall</SPAN></P>- S& R" j1 w( S3 e: X5 q3 B
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">option casemap :none<SPAN style="mso-spacerun: yes"> </SPAN>; case sensitive</SPAN></P>
/ I1 V2 z+ ~* G; T8 i% k<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">include hd.h</SPAN></P>4 P1 w) t8 o* o0 a9 Q( ]
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">include mac.h</SPAN></P>
" y$ P6 b0 t; G5 L) a) H<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"></SPAN> </P>
2 W! i. O7 |/ q7 i9 X$ x<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">singlestep_xHandler<SPAN style="mso-tab-count: 1"> </SPAN><SPAN style="mso-tab-count: 1"> </SPAN>proto C :DWORD,:DWORD,:DWORD,:DWORD</SPAN></P>1 Z c4 e& i: A1 g+ ?$ z
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">;;--------------</SPAN></P>5 P: ^0 b5 w. x, E; D5 J$ G
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">.data</SPAN></P>' H) r" y" @- ?! B8 e
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">count<SPAN style="mso-spacerun: yes"> </SPAN>dd<SPAN style="mso-spacerun: yes"> </SPAN>0</SPAN></P>
. B( Z' x+ ]& o G9 T0 R<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">Msg0<SPAN style="mso-spacerun: yes"> </SPAN>db<SPAN style="mso-spacerun: yes"> </SPAN>"Eax=="</SPAN></P>( x+ |0 J) F: r: x8 E! D( U S" w
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">DispEAX dd<SPAN style="mso-spacerun: yes"> </SPAN><SPAN style="mso-spacerun: yes"> </SPAN>0,0</SPAN></P>
$ A3 U2 a. W( |. d( D: {1 z1 w<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">;;-----------------------------------------</SPAN></P>5 y# \/ m! s+ a+ g0 f. z0 H1 W
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">.CODE</SPAN></P>
/ b" N2 U7 X T$ _- H+ D* \0 \& _<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">_Start:</SPAN></P>
0 k i7 w8 g& |) b<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>assume fs:nothing</SPAN></P>+ d }2 m- C+ d% \& M
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">push<SPAN style="mso-spacerun: yes"> </SPAN>offset singlestep_xHandler</SPAN></P>
1 ^* L) n- F& c' k: }8 V8 E<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>push<SPAN style="mso-spacerun: yes"> </SPAN>fs:[0]</SPAN></P>
& m4 I" R6 @8 Y8 Z6 J; A<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>mov<SPAN style="mso-spacerun: yes"> </SPAN>fs:[0],esp</SPAN></P>
7 b& u, W* i7 c5 W<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>;------------------</SPAN></P>
$ P( P$ t: s, z- q/ `' [<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>xor<SPAN style="mso-spacerun: yes"> </SPAN>eax,eax</SPAN></P># b2 F+ ?6 S& h$ j7 E9 f
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>pushfd</SPAN></P>
& w- f9 C7 G6 w0 l+ _. G<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>pushfd</SPAN></P>+ s( w% p' ~4 X. O
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN><SPAN style="mso-spacerun: yes"> </SPAN>or<SPAN style="mso-spacerun: yes"> </SPAN>dword ptr[esp],100h<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>
3 D2 g7 [1 n4 `, B# b* Z<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>popfd<SPAN style="mso-spacerun: yes"> </SPAN>;置TF标志进入单步状态</SPAN></P>1 }: p2 y1 `- y' \3 d8 K
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"></SPAN> </P>' O) s R# }# t- I# C! A5 c6 n
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>nop<SPAN style="mso-spacerun: yes"> </SPAN>; nop执行完后单步异常引发<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>) \% q/ L1 ~* f: u
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>inc<SPAN style="mso-spacerun: yes"> </SPAN>eax<SPAN style="mso-spacerun: yes"> </SPAN>; eip指向,nop后面的指令,就是这里</SPAN></P>
* t# q# h; }+ R* G% R<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>inc<SPAN style="mso-spacerun: yes"> </SPAN>eax<SPAN style="mso-spacerun: yes"> </SPAN><SPAN style="mso-spacerun: yes"> </SPAN>; 单步执行</SPAN></P>5 u+ L( V! W. w% _, N
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>inc<SPAN style="mso-spacerun: yes"> </SPAN>eax<SPAN style="mso-spacerun: yes"> </SPAN>; normal eax==3,but infact eax==7</SPAN></P>
9 O9 b5 ^$ ~3 f<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"></SPAN> </P>
1 n$ E- @ K; T. p. v. N4 m<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>popfd</SPAN></P>/ K" X- C9 U% I$ f% Q
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>;------------------ </SPAN></P>$ [, _7 Q+ \6 D/ M
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>add<SPAN style="mso-spacerun: yes"> </SPAN>eax,30h<SPAN style="mso-spacerun: yes"> </SPAN>;convert to ASCIIZ</SPAN></P>$ s/ {7 l2 D+ ?3 o! S6 C7 n
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>mov<SPAN style="mso-spacerun: yes"> </SPAN>DispEAX,eax</SPAN></P>/ W { n* ^! S0 H! X2 i& I
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>invoke<SPAN style="mso-tab-count: 1"> </SPAN>MessageBox,0,addr Msg0,ddd("The Eax equal to..."),0</SPAN></P>
& P; c0 o6 R z, |$ ~! l( A<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>3 i& Y) n: Y3 @# f9 c
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>pop<SPAN style="mso-spacerun: yes"> </SPAN>fs:[0]</SPAN></P># |( h H; T( h& [
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>add<SPAN style="mso-spacerun: yes"> </SPAN>esp,4</SPAN></P>: Q V1 f v* u0 _
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>invoke<SPAN style="mso-tab-count: 1"> </SPAN>ExitProcess,0</SPAN></P>* ?. _/ A$ A1 T' r8 j$ F x* `# ^, c
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">;-----------------------------------------</SPAN></P>
5 P8 S2 a+ Q( {! K; F9 f+ ?4 }<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">singlestep_xHandler PROC C pExcept:DWORD,pFrame:DWORD,pContext:DWORD,pDispatch:DWORD</SPAN></P>
9 |; B6 ]* j1 w0 k/ e<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>pushad<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>" x0 E5 d! p2 p$ S3 X5 z
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">assume<SPAN style="mso-spacerun: yes"> </SPAN>edi:ptr CONTEXT</SPAN></P>
5 B% X$ E" T- {% W<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">assume<SPAN style="mso-spacerun: yes"> </SPAN>esi:ptr EXCEPTION_RECORD</SPAN></P>. u) k/ R0 G7 a. n! d
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>9 w) l; Q& S8 v: e, U5 ]
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>mov<SPAN style="mso-spacerun: yes"> </SPAN>esi,pExcept</SPAN></P>
: ^; ?* w5 }& X: y, w<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>mov<SPAN style="mso-spacerun: yes"> </SPAN>edi,pContext<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>
& z5 P' r% f- A+ N# O; B4 G6 m E* z<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>
* g) H& v7 O0 p( \<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>test<SPAN style="mso-spacerun: yes"> </SPAN>dword ptr[esi+4],1<SPAN style="mso-spacerun: yes"> </SPAN>;Exception flags test common stuff</SPAN></P>% r( z8 u6 ? x9 D) s) I
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>jnz<SPAN style="mso-spacerun: yes"> </SPAN>@f<SPAN style="mso-spacerun: yes"> </SPAN><SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>; O( A2 ~$ q4 \, h
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>test<SPAN style="mso-spacerun: yes"> </SPAN>dword ptr[esi+4],6</SPAN></P>
! Y7 [4 z# y6 L. M3 W<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>jnz<SPAN style="mso-spacerun: yes"> </SPAN>@f</SPAN></P>' \4 x3 g& M9 ?& n
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>cmp<SPAN style="mso-spacerun: yes"> </SPAN>dword ptr[esi],80000004h<SPAN style="mso-spacerun: yes"> </SPAN>;是否为单步异常标志</SPAN></P>7 H) c3 R$ j; Z3 w) b8 B. Y
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>jnz<SPAN style="mso-spacerun: yes"> </SPAN>@f</SPAN></P>- B" Z8 P. Z% V2 O' D$ L/ q
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"></SPAN> </P>! K% E( }6 \# I4 A. d
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>inc<SPAN style="mso-spacerun: yes"> </SPAN>[edi].regEax </SPAN></P>- P% ~( e* M( k9 g# `
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>mov<SPAN style="mso-spacerun: yes"> </SPAN>ebx,[edi].regEip</SPAN></P>8 v1 Y0 V! W' \' Y- j* I" e
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>cmp<SPAN style="mso-spacerun: yes"> </SPAN>byte ptr[ebx],9Dh<SPAN style="mso-spacerun: yes"> </SPAN>;是否是popfd,因为目的是取消</SPAN></P>
% f/ N0 ?/ B6 }# p: x<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>jz<SPAN style="mso-spacerun: yes"> </SPAN>@finish_singlestep<SPAN style="mso-spacerun: yes"> </SPAN>;单步状态,所以这时就不应该重置TF</SPAN></P>
% f1 L' U9 R' ^. X<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>or<SPAN style="mso-spacerun: yes"> </SPAN>[edi].regFlag,100h<SPAN style="mso-spacerun: yes"> </SPAN>;否则,重置TF<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>. E; g y4 [ |$ p" T
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>;每单步中断一次,eax加1</SPAN></P> L5 U+ b, C9 Z% n Q) ?
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>;所以eax最后不等于3,而是</SPAN></P>. J$ t5 Q. C" S D
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>;中断4次后,eax==7<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>
* g& L0 U, l, m! K<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">@finish_singlestep:<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>
0 F; m# ?1 T* o3 l6 C2 ~/ W2 Z<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>
" f! u2 ~3 H. C" z<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>mov<SPAN style="mso-spacerun: yes"> </SPAN>dword ptr[esp+7*4],0<SPAN style="mso-spacerun: yes"> </SPAN>;eax==0<SPAN style="mso-spacerun: yes"> </SPAN>hehe...</SPAN></P>5 S+ s. g* D7 ~% [
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>popad<SPAN style="mso-spacerun: yes"> </SPAN>;研究一下pushad指令就明白了</SPAN></P>1 k( d2 {9 m. G4 m$ H m
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>ret</SPAN></P>
( v- M! I1 u& P6 F9 G2 D7 H<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">@@:</SPAN></P>* p# C0 u9 k$ f0 ~
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>mov<SPAN style="mso-spacerun: yes"> </SPAN>dword ptr[esp+7*4],1<SPAN style="mso-spacerun: yes"> </SPAN>;eax==1</SPAN></P>
' g& `# D! x" s- @+ N" z' v<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>popad<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>: g) R( k& O% D; V
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>ret</SPAN></P>6 _, W. Y2 T9 p# K! e
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt"></SPAN> </P>
+ `) G7 b% S& G& q% p$ R<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">singlestep_xHandler ENDP</SPAN></P>
5 F% `. y' U- j" ]0 K<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">;-----------------------------------------</SPAN></P>1 ]! Q9 j) q" \, A
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt">END<SPAN style="mso-tab-count: 1"> </SPAN>_Start</SPAN></P> |
|本地广告联系: QQ:905790666 TEL:13176190456|Archiver|手机版|小黑屋|汶上信息港
( 鲁ICP备19052200号-1 )
发表于 2008-9-28 16:36:42
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡