首先,cmp指令是比较指令,,比较第一个参数和第二个参数的大小 现在第一个参数是 dword ptr[esp]dword ptr表示这是一个双字指针,即所要寻址的数据是一个双字(4字节)而这个数据的在内存中的地址偏移量是esp这个寄存器所存储的内容。。它所在的段是堆栈段,SS.第二个数据,应该是00577224H吧,,...
CMP DWORD PTR SS:[EBP-28],0F //要忽略?JG SHORT xyd00.004C3835//要忽略?CMP DWORD PTR SS:[EBP-24],0F//要忽略?00JLE SHORT xyd00.004C3862//要忽略?MOV EDX,DWORD PTR SS:[EBP-34]PUSH EDX 可以赋值 MOV EAX,DWORD PTR SS:[EBP-30]PUSH EAX可以赋值CALL xyd00.00566740 pushadadd esp,...
jmp NoKeepSelf @@9: jmp dword ptr cs:oldInt2F_addr CallInt9: ret newINT9_2: mov cs:NoFlag, 1 pushf db 9ah ; call far ptr oldint9_addr oldInt9_Addr2 dw 0, 0 jmp newINT9_proc newINT9: pushf db 9ah ; call far ptr oldint9_addr oldInt9_Addr dw 0, 0 cmp cs:NoFlag, ...
DWORD PTR SS:[EBP-4] ;3-4cmp eax,[ebp-4]00401021|.740E JE SHORT JNE_JNZ.0040103100401023|.68FC204000 PUSH JNE_JNZ.004020FC ; /format ="未跳转"00401028|. FF15 A4204000 CALL DWORD PTR DS:[<&MSVCR90.printf
0040100F|. 83C404ADD ESP,400401012|. C745 FC04000>MOV DWORD PTR SS:[EBP-4],4; a=400401019|. B803000000MOV EAX,3; eax=30040101E|. 2B45 FC SUB EAX,DWORD PTR SS:[EBP-4] ;3-4cmp eax,[ebp-4]00401021|.740E JE SHORT JNE_JNZ.0040103100401023|.68FC204000 PUSH JNE_JNZ.004020FC...