这是一个delphi的demo组件
效果还是不错的,目录+表格展示
但是有个闪退的坑儿。
试过OllyDbg 批量下断(退出进程等一系列api 函数)
以及api monitor
还有x32dbg都没有找到关键位置
查看了一下调用堆栈
和调试跟踪
经常异常了
也查看过SEH窗口下断,断不到。
下面的地方很可疑,并在第3+次数点击时能断到,不久就会触发闪退。
[Asm] 纯文本查看 复制代码 00642692 | 81CE 00001000 | or esi,100000 | 100000:"H"==&L"DINS~1.EXE"
0064259A | E8 95010000 | call advanced.642734
006426B2 | 8945 F4 | mov dword ptr ss:[ebp-C],eax |
006426B5 | 33C0 | xor eax,eax |
006426B7 | 5A | pop edx |
006426B8 | 59 | pop ecx |
006426B9 | 59 | pop ecx |
006426BA | 64:8910 | mov dword ptr fs:[eax],edx | eax:"nterfaceList>.TKeyCollection;"
006427D4 | E8 DBFDFFFF | call advanced.6425B4 |
006427D9 | 33C0 | xor eax,eax |
006427DB | 5A | pop edx |
006427DC | 59 | pop ecx |
006427DD | 59 | pop ecx |
006427DE | 64:8910 | mov dword ptr fs:[eax],edx | eax:"nterfaceList>.TKeyCollection;"
006427E1 | 68 FD276400 | push advanced.6427FD |
00642620 | E8 47CFEFFF | call <JMP.&GetMonitorInfoW>
===================================
00 | 76FA2C5C | C3 | ret | eax: 9120E-> 28425E0 ebx: 0-> 287D7D8 ecx: 0-> 28 | 0019FED8: 642F0A-> FFFFFFFE |
01 | 006427D4 | E8 DBFDFFFF | call advanced.6425B4 | esp: A2954-> A2950 | 000A2950: 287D67C-> 6427D9 |
02 | 006425B4 | 55 | push ebp | esp: A2950-> A294C | 000A294C: 6427CF-> A297C |
03 | 006425B5 | 8BEC | mov ebp,esp | ebp: A297C-> A294C | |
04 | 006425B7 | 83C4 A8 | add esp,FFFFFFA8 | esp: A294C-> A28F4 | |
05 | 006425BA | 53 | push ebx | esp: A28F4-> A28F0 | 000A28F0: AA0000-> 287D7D8 |
06 | 006425BB | 56 | push esi | esp: A28F0-> A28EC | 000A28EC: 0-> 287D7D8 |
07 | 006425BC | 57 | push edi | esp: A28EC-> A28E8 | 000A28E8: 2C-> 28425E0 |
08 | 006425BD | 894D F8 | mov dword ptr ss:[ebp-8],ecx | | 000A2944: 40AF7C-> 287D67C |
09 | 006425C0 | 8BFA | mov edi,edx | edi: 28425E0-> 288254C | |
0A | 006425C2 | 8945 FC | mov dword ptr ss:[ebp-4],eax | | 000A2948: 287D7D8-> 28425E0 |
0B | 006425C5 | 8B75 08 | mov esi,dword ptr ss:[ebp+8] | esi: 287D7D8-> 10 | 000A2954: 10-> 10 |
0C | 006425C8 | 8B45 FC | mov eax,dword ptr ss:[ebp-4] | | 000A2948: 28425E0-> 28425E0 |
0D | 006425CB | E8 CC160000 | call advanced.643C9C | eax: 28425E0-> 131288 ecx: 287D67C-> 77AA1CBC edx | 000A28E4: 0-> 6425D0 |
0E | 006425D0 | 8945 F0 | mov dword ptr ss:[ebp-10],eax | | 000A293C: 642810-> 131288 |
0F | 006425D3 | 837D F0 00 | cmp dword ptr ss:[ebp-10],0 | | 000A293C: 131288-> 131288 |
10 | 006425D7 | 75 0B | jne advanced.6425E4 | | |
11 | 006425E4 | 8B5D F0 | mov ebx,dword ptr ss:[ebp-10] | ebx: 287D7D8-> 131288 | 000A293C: 131288-> 131288 |
12 | 006425E7 | 6A 02 | push 2 | esp: A28E8-> A28E4 | 000A28E4: 6425D0-> 2 |
13 | 006425E9 | 8B45 F0 | mov eax,dword ptr ss:[ebp-10] | | 000A293C: 131288-> 131288 |
14 | 006425EC | 50 | push eax | esp: A28E4-> A28E0 | 000A28E0: 287D7D8-> 131288 |
15 | 006425ED | E8 62CFEFFF | call <JMP.&MonitorFromWindow> | eax: 131288-> 10001 ecx: 77AA1CBC-> 8824DAC0 edx: | 000A28DC: 131288-> 6425F2 |
16 | 006425F2 | 8945 EC | mov dword ptr ss:[ebp-14],eax | | 000A2938: E-> 10001 |
17 | 006425F5 | 6A 02 | push 2 | esp: A28E8-> A28E4 | 000A28E4: 2-> 2 |
18 | 006425F7 | 8B45 FC | mov eax,dword ptr ss:[ebp-4] | eax: 10001-> 28425E0 | 000A2948: 28425E0-> 28425E0 |
19 | 006425FA | 8B80 88010000 | mov eax,dword ptr ds:[eax+188] | eax: 28425E0-> 45129A | 02842768: 45129A-> 45129A |
1A | 00642600 | 50 | push eax | esp: A28E4-> A28E0 | 000A28E0: 131288-> 45129A |
1B | 00642601 | E8 4ECFEFFF | call <JMP.&MonitorFromWindow> | eax: 45129A-> 10001 esp: A28E0-> A28E8 | 000A28DC: 6425F2-> 642606 |
1C | 00642606 | 8945 E8 | mov dword ptr ss:[ebp-18],eax | | 000A2934: 40AF34-> 10001 |
1D | 00642609 | 8B45 EC | mov eax,dword ptr ss:[ebp-14] | | 000A2938: 10001-> 10001 |
1E | 0064260C | 3B45 E8 | cmp eax,dword ptr ss:[ebp-18] | | 000A2934: 10001-> 10001 |
1F | 0064260F | 74 62 | je advanced.642673 | | |
20 | 00642673 | 8B45 F0 | mov eax,dword ptr ss:[ebp-10] | eax: 10001-> 131288 | 000A293C: 131288-> 131288 |
21 | 00642676 | E8 B122FFFF | call advanced.63492C | eax: 131288-> 2868B60 ecx: 8824DAC0-> A28E0 edx: | 000A28E4: 2-> 64267B |
22 | 0064267B | 8945 E0 | mov dword ptr ss:[ebp-20],eax | | 000A292C: 409F93-> 2868B60 |
23 | 0064267E | E8 FD20FFFF | call advanced.634780 | eax: 2868B60-> 7 | 000A28E4: 64267B-> 642683 |
24 | 00642683 | 8945 E4 | mov dword ptr ss:[ebp-1C],eax | | 000A2930: F-> 7 |
25 | 00642686 | 8B45 FC | mov eax,dword ptr ss:[ebp-4] | eax: 7-> 28425E0 | 000A2948: 28425E0-> 28425E0 |
26 | 00642689 | E8 E6E6FFFF | call advanced.640D74 | eax: 28425E0-> 0 edx: A2958-> 70C708 | 000A28E4: 642683-> 64268E |
27 | 0064268E | 84C0 | test al,al | | |
28 | 00642690 | 74 06 | je advanced.642698 | | |
29 | 00642698 | 33C9 | xor ecx,ecx | ecx: A28E0-> 0 | |
2A | 0064269A | 55 | push ebp | esp: A28E8-> A28E4 | 000A28E4: 64268E-> A294C |
2B | 0064269B | 68 21276400 | push advanced.642721 | esp: A28E4-> A28E0 | 000A28E0: A294C-> 642721 |
2C | 006426A0 | 64:FF31 | push dword ptr fs:[ecx] | esp: A28E0-> A28DC | 003A9000: A2958-> A2958 000A28DC: 2868B60-> A2958 |
2D | 006426A3 | 64:8921 | mov dword ptr fs:[ecx],esp | | 003A9000: A2958-> A28DC |
2E | 006426A6 | 56 | push esi | esp: A28DC-> A28D8 | 000A28D8: 1112BA-> 10 |
2F | 006426A7 | 8B45 F8 | mov eax,dword ptr ss:[ebp-8] | eax: 0-> 287D67C | 000A2944: 287D67C-> 287D67C |
30 | 006426AA | 50 | push eax | esp: A28D8-> A28D4 | 000A28D4: 0-> 287D67C |
31 | 006426AB | 57 | push edi | esp: A28D4-> A28D0 | 000A28D0: 131288-> 288254C |
32 | 006426AC | 53 | push ebx | | 000A28CC: 10-> 131288 |
https://wwi.lanzoui.com/i175Zp9gi4h | 
发表于 2021-5-19 11:46
|
发表于 2021-5-19 16:12
