<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN> </P>1 ^; [1 b+ |& v7 o! _$ L; X; Z
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">有時如果你對<SPAN lang=EN-US>SICE,TRW或者其他調(diào)試器顯示的信息有所懷疑的話,你可以用seh顯示一些信息作為簡單的調(diào)試手段,當然,單步跟蹤的用途遠不止于此.首先回憶一下我們以前了解的單步的概念,當EFLAGS的TF位為1的話執(zhí)行完某條指令后CPU將產(chǎn)生單步異常,與執(zhí)行軟指令int1類似.注意產(chǎn)生單步陷阱后eip已經(jīng)指向下一條指令.但進入單步異常處理程序后cpu自動清除TF,以便下條指令正常執(zhí)行.</SPAN></SPAN></P>
0 P Y0 ]) {1 e& r<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>( b4 g% m; A- D* \9 `4 N5 o* i( }
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 30pt; mso-char-indent-count: 3.0; mso-char-indent-size: 10.0pt"><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">我們要作的就是在<SPAN lang=EN-US>seh例程中繼續(xù)置TF位為1,以便下一條指令執(zhí)行完畢后繼續(xù)產(chǎn)生單步陷阱實現(xiàn)跟蹤功能,直到遇到popfd指令為止,當然你也可以隨便檢測其他指令或者用記數(shù)器來終止單步.</SPAN></SPAN></P>! c8 T: a$ o* b5 i& r
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN> </P>( w3 R" I4 G$ Y+ V
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">下面例子中如果沒有單步跟蹤<SPAN lang=EN-US>eax的最后結(jié)果是3,由于有了單步自跟蹤,在seh處理例程中我們每中斷一次要加1,所以最后的結(jié)果是7,呵呵.請看下面的例子.</SPAN></SPAN></P>
( k! V- |0 u% y* l6 Y+ S1 @6 S: i<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;-----------------------------------------</SPAN></P>
9 p4 k" h# t5 j( y4 Q<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;Ex7,演示利用seh單步自跟蹤 by Hume,2002</SPAN></P>8 x. w9 H! h! \6 i3 {8 I6 d
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;humewen@21cn.com </SPAN></P>, P' ?" C, p- j( n! D* q
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;hume.longcity.net</SPAN></P>$ K- o1 U7 a5 r( F. h! S+ P
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;-----------------------------------------</SPAN></P>& M6 o5 y% V& C+ V; p+ m. K4 x+ w
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">.586</SPAN></P>
/ G1 u' C; u+ r<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">.model flat, stdcall</SPAN></P>& P: x1 I4 y' K" x$ ]! K
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">option casemap :none<SPAN style="mso-spacerun: yes"> </SPAN>; case sensitive</SPAN></P>* I3 y% @1 w9 n
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">include hd.h</SPAN></P>
! A" ~7 X0 x5 q$ G F" R' Q- a2 w<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">include mac.h</SPAN></P>% [! \/ @0 m( O! _
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN> </P>
6 r: V2 |0 B& q<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">singlestep_xHandler<SPAN style="mso-tab-count: 1"> </SPAN><SPAN style="mso-tab-count: 1"> </SPAN>proto C :DWORD,:DWORD,:DWORD,:DWORD</SPAN></P>
( @) M( m- K1 h( v; F- N<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;;--------------</SPAN></P>
) ]( }, l/ ?' b<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">.data</SPAN></P>
1 `- ]6 i8 E( u/ y2 R+ O" e5 R+ i<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">count<SPAN style="mso-spacerun: yes"> </SPAN>dd<SPAN style="mso-spacerun: yes"> </SPAN>0</SPAN></P>
9 G ~4 }/ u7 K( |<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">Msg0<SPAN style="mso-spacerun: yes"> </SPAN>db<SPAN style="mso-spacerun: yes"> </SPAN>"Eax=="</SPAN></P>
# I# w; t* {+ M% n( f<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">DispEAX dd<SPAN style="mso-spacerun: yes"> </SPAN><SPAN style="mso-spacerun: yes"> </SPAN>0,0</SPAN></P>
/ R; z" ]4 U; j V. u<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;;-----------------------------------------</SPAN></P>
" O# T9 O6 r' l% Q8 f3 ?& b<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">.CODE</SPAN></P>5 W& K( D: W/ e* T" t( _
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">_Start:</SPAN></P>
' e$ V w' S; h! |, w- `7 [- ?! y: |<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>assume fs:nothing</SPAN></P>2 S, G5 w1 w/ |4 d! E4 U
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">push<SPAN style="mso-spacerun: yes"> </SPAN>offset singlestep_xHandler</SPAN></P>
* Y" l. x) m' f9 |3 w/ ~6 n3 m* B<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>push<SPAN style="mso-spacerun: yes"> </SPAN>fs:[0]</SPAN></P>
) M2 o. ^4 r0 D) Y<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>mov<SPAN style="mso-spacerun: yes"> </SPAN>fs:[0],esp</SPAN></P>. g7 c6 h N6 _9 a* A2 I- q0 u
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>;------------------</SPAN></P>
4 _! N d- V4 s& Q" i<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>xor<SPAN style="mso-spacerun: yes"> </SPAN>eax,eax</SPAN></P>
/ K: j) D/ D' b6 r# C<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>pushfd</SPAN></P>7 ~# F, a: i0 k3 i" B4 e
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>pushfd</SPAN></P>- V0 @: u# F" T. D# R4 D
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN><SPAN style="mso-spacerun: yes"> </SPAN>or<SPAN style="mso-spacerun: yes"> </SPAN>dword ptr[esp],100h<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>. {6 Z- @$ [! s
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>popfd<SPAN style="mso-spacerun: yes"> </SPAN>;置TF標志進入單步狀態(tài)</SPAN></P>3 w" Y- J* N- g/ i' F/ \& D
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN> </P>
. F! X1 G9 [7 A( k5 w4 t% O/ I<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>nop<SPAN style="mso-spacerun: yes"> </SPAN>; nop執(zhí)行完后單步異常引發(fā)<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>4 U$ H6 A& k. _. P
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>inc<SPAN style="mso-spacerun: yes"> </SPAN>eax<SPAN style="mso-spacerun: yes"> </SPAN>; eip指向,nop后面的指令,就是這里</SPAN></P>
5 T; ?- U* r6 D$ \! N<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>inc<SPAN style="mso-spacerun: yes"> </SPAN>eax<SPAN style="mso-spacerun: yes"> </SPAN><SPAN style="mso-spacerun: yes"> </SPAN>; 單步執(zhí)行</SPAN></P>
: w# m4 _, C: o" c<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>inc<SPAN style="mso-spacerun: yes"> </SPAN>eax<SPAN style="mso-spacerun: yes"> </SPAN>; normal eax==3,but infact eax==7</SPAN></P>3 D9 S- O& c1 \( Z* M5 ~; @
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN> </P>8 s! r& {* _4 `7 i
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>popfd</SPAN></P>
" h% Z! {4 {8 _0 o! T5 c<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>;------------------ </SPAN></P>( U3 K Q7 \1 i' C5 T4 L
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>add<SPAN style="mso-spacerun: yes"> </SPAN>eax,30h<SPAN style="mso-spacerun: yes"> </SPAN>;convert to ASCIIZ</SPAN></P>
; b$ o$ k6 w- V! {% K<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>mov<SPAN style="mso-spacerun: yes"> </SPAN>DispEAX,eax</SPAN></P>
& N' Y! k9 G5 w2 m<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>invoke<SPAN style="mso-tab-count: 1"> </SPAN>MessageBox,0,addr Msg0,ddd("The Eax equal to..."),0</SPAN></P>3 l y! z' l' [, p& x$ ]
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>1 O: B7 X' V) M$ n7 Y
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>pop<SPAN style="mso-spacerun: yes"> </SPAN>fs:[0]</SPAN></P>
0 J9 Z" b5 k' q3 Z @<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>add<SPAN style="mso-spacerun: yes"> </SPAN>esp,4</SPAN></P>
6 b; x: |3 B0 \( _; _0 c! @<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>invoke<SPAN style="mso-tab-count: 1"> </SPAN>ExitProcess,0</SPAN></P>3 B5 c7 ]9 G1 e
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;-----------------------------------------</SPAN></P>
& c$ d" ]( I. x- T. \$ D<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">singlestep_xHandler PROC C pExcept:DWORD,pFrame:DWORD,pContext:DWORD,pDispatch:DWORD</SPAN></P>, R" d# J0 c& k0 K3 f! c
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>pushad<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>' I+ h( z) ]. C) \
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">assume<SPAN style="mso-spacerun: yes"> </SPAN>edi:ptr CONTEXT</SPAN></P>
* B5 W( T9 B7 Z<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">assume<SPAN style="mso-spacerun: yes"> </SPAN>esi:ptr EXCEPTION_RECORD</SPAN></P>. \" V/ e1 Y- n: O. S
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>
4 d) o& j% m5 f" Z# L<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>mov<SPAN style="mso-spacerun: yes"> </SPAN>esi,pExcept</SPAN></P>5 M/ C0 m7 Q0 B, b# G; s2 a/ H
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>mov<SPAN style="mso-spacerun: yes"> </SPAN>edi,pContext<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>
& q# _2 `0 ]8 p" t<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>* e& X1 D6 u/ z) h- }
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>test<SPAN style="mso-spacerun: yes"> </SPAN>dword ptr[esi+4],1<SPAN style="mso-spacerun: yes"> </SPAN>;Exception flags test common stuff</SPAN></P>5 o8 U u$ ^7 }0 M- F2 \
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>jnz<SPAN style="mso-spacerun: yes"> </SPAN>@f<SPAN style="mso-spacerun: yes"> </SPAN><SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>" e4 B* S+ A. b* p3 y4 ?% u$ h
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>test<SPAN style="mso-spacerun: yes"> </SPAN>dword ptr[esi+4],6</SPAN></P>
; W" O9 R; B5 w3 v U9 I/ K<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>jnz<SPAN style="mso-spacerun: yes"> </SPAN>@f</SPAN></P>( M+ |/ t/ c( l
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>cmp<SPAN style="mso-spacerun: yes"> </SPAN>dword ptr[esi],80000004h<SPAN style="mso-spacerun: yes"> </SPAN>;是否為單步異常標志</SPAN></P>
& ]* m: r6 ^/ R0 q6 b<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>jnz<SPAN style="mso-spacerun: yes"> </SPAN>@f</SPAN></P>
& s/ u& ?4 p: e9 A$ d7 v- ^; X<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN> </P>7 _6 R' z; B5 O3 i9 r
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>inc<SPAN style="mso-spacerun: yes"> </SPAN>[edi].regEax </SPAN></P>
- M2 M2 T* j# D7 N: ?<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>mov<SPAN style="mso-spacerun: yes"> </SPAN>ebx,[edi].regEip</SPAN></P>
/ ]! G9 L4 g2 T3 e$ B<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>cmp<SPAN style="mso-spacerun: yes"> </SPAN>byte ptr[ebx],9Dh<SPAN style="mso-spacerun: yes"> </SPAN>;是否是popfd,因為目的是取消</SPAN></P>
9 y! p r/ z3 e& Q" n4 X! `; N<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>jz<SPAN style="mso-spacerun: yes"> </SPAN>@finish_singlestep<SPAN style="mso-spacerun: yes"> </SPAN>;單步狀態(tài),所以這時就不應(yīng)該重置TF</SPAN></P>+ {9 I! g" y o( f, T! L3 J) T
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>or<SPAN style="mso-spacerun: yes"> </SPAN>[edi].regFlag,100h<SPAN style="mso-spacerun: yes"> </SPAN>;否則,重置TF<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>
8 ]+ V! f- U9 O) ?2 @/ z<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>;每單步中斷一次,eax加1</SPAN></P># }& H: ^+ I# l/ Q" N$ y' X5 W; d# g
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>;所以eax最后不等于3,而是</SPAN></P>
; K2 n* |( D7 _0 f5 t A, h1 E<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>;中斷4次后,eax==7<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>4 s- U: B3 @/ X
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">@finish_singlestep:<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>! S6 i2 V6 u) Z, c) u
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>/ q/ [3 G: t- \% V6 T/ {
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>mov<SPAN style="mso-spacerun: yes"> </SPAN>dword ptr[esp+7*4],0<SPAN style="mso-spacerun: yes"> </SPAN>;eax==0<SPAN style="mso-spacerun: yes"> </SPAN>hehe...</SPAN></P> }" N2 V# S. M, A9 T
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>popad<SPAN style="mso-spacerun: yes"> </SPAN>;研究一下pushad指令就明白了</SPAN></P>
) @% S* F) D" T- s% _1 r<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>ret</SPAN></P>
* ^ n/ I# C8 X0 _) I/ ^<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">@@:</SPAN></P>1 s, n9 H& @% R n
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>mov<SPAN style="mso-spacerun: yes"> </SPAN>dword ptr[esp+7*4],1<SPAN style="mso-spacerun: yes"> </SPAN>;eax==1</SPAN></P>
" e: [% _9 U, C<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>popad<SPAN style="mso-spacerun: yes"> </SPAN></SPAN></P>: F6 J4 }2 [' d8 P# U' i# l- b" J
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> </SPAN>ret</SPAN></P>. o- _& W" p0 W) j6 w0 J* W
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN> </P>; ^3 R+ g+ h, ~: I' g* u
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">singlestep_xHandler ENDP</SPAN></P>5 b6 ~0 Z" e, n( n2 r' x @2 C$ v; x: z
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;-----------------------------------------</SPAN></P>
# P8 W: x* P, u8 m( h% y( d* U<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">END<SPAN style="mso-tab-count: 1"> </SPAN>_Start</SPAN></P> |
|本地廣告聯(lián)系: QQ:905790666 TEL:13176190456|Archiver|手機版|小黑屋|汶上信息港
( 魯ICP備19052200號-1 )
發(fā)表于 2008-9-28 16:36:42
QQ好友和群
QQ空間
提升卡
置頂卡
沉默卡
喧囂卡
變色卡
顯身卡