好友
阅读权限20
听众
最后登录1970-1-1
|
本帖最后由 xujidejia 于 2024-5-31 00:21 编辑
各位大神,今天调试一个程序,找到有用信息,但是跟踪不到跳转来的地址,请大神分析下,怎么可以把程序段在按钮按下触发的时候。下图是找到的有用信息。但是在00007FFEE5FCF59C | 7E 6F | jle acbasewidget141.7FFEE5FCF60D |
按钮时间
然后来到了上一层,这里信息见下图,找不到有用信息。
在上图00007FFEE5FCD6FF | E8 5751F9FF | call <acbasewidget141.public: static int __cdecl WeMessageBox:: |处,弹出了错误对话框。向上回溯也没有地方能够跳过这个信息框,我进去这个里面看了,两个跳转都无法跳开这个错误提示框。这个CALL的代码如下:
[Patch] 纯文本查看 复制代码 00007FFEE5FCD1C0 | 4C:894C24 20 | mov qword ptr ss:[rsp+20],r9 |
00007FFEE5FCD1C5 | 44:894424 18 | mov dword ptr ss:[rsp+18],r8d |
00007FFEE5FCD1CA | 48:895424 10 | mov qword ptr ss:[rsp+10],rdx |
00007FFEE5FCD1CF | 48:894C24 08 | mov qword ptr ss:[rsp+8],rcx | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD1D4 | 57 | push rdi |
00007FFEE5FCD1D5 | 48:81EC 50010000 | sub rsp,150 |
00007FFEE5FCD1DC | 48:C78424 F8000000 FEFFF | mov qword ptr ss:[rsp+F8],FFFFFFFFFFFFFFFE |
00007FFEE5FCD1E8 | FF15 42411D00 | call qword ptr ds:[<class IAcUserModule * __cdecl GetOrCreateAc |
00007FFEE5FCD1EE | 48:894424 50 | mov qword ptr ss:[rsp+50],rax | [rsp+50]:"@"
00007FFEE5FCD1F3 | 48:837C24 50 00 | cmp qword ptr ss:[rsp+50],0 | [rsp+50]:"@"
00007FFEE5FCD1F9 | 0F84 5F010000 | je acbasewidget141.7FFEE5FCD35E |
00007FFEE5FCD1FF | 48:8D4424 40 | lea rax,qword ptr ss:[rsp+40] |
00007FFEE5FCD204 | 48:8BF8 | mov rdi,rax | rax:"@"
00007FFEE5FCD207 | 33C0 | xor eax,eax |
00007FFEE5FCD209 | B9 01000000 | mov ecx,1 |
00007FFEE5FCD20E | F3:AA | rep stosb |
00007FFEE5FCD210 | 48:8D8424 00010000 | lea rax,qword ptr ss:[rsp+100] | [rsp+100]:public: static struct QMetaObject const DLgPromptBox::staticMetaObject+4D210
00007FFEE5FCD218 | 48:894424 68 | mov qword ptr ss:[rsp+68],rax | [rsp+68]:public: virtual bool __cdecl TreeModel::removeRows(int, int, class QModelIndex const &)+603DB
00007FFEE5FCD21D | 48:8D4424 41 | lea rax,qword ptr ss:[rsp+41] |
00007FFEE5FCD222 | 48:8BF8 | mov rdi,rax | rax:"@"
00007FFEE5FCD225 | 33C0 | xor eax,eax |
00007FFEE5FCD227 | B9 01000000 | mov ecx,1 |
00007FFEE5FCD22C | F3:AA | rep stosb |
00007FFEE5FCD22E | 48:8D9424 A0000000 | lea rdx,qword ptr ss:[rsp+A0] |
00007FFEE5FCD236 | 48:8D4C24 40 | lea rcx,qword ptr ss:[rsp+40] | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD23B | E8 201E0000 | call acbasewidget141.7FFEE5FCF060 |
00007FFEE5FCD240 | 48:894424 58 | mov qword ptr ss:[rsp+58],rax | [rsp+58]:public: static struct QListData::Data const QListData::shared_null+10
00007FFEE5FCD245 | 48:8B4424 58 | mov rax,qword ptr ss:[rsp+58] | [rsp+58]:public: static struct QListData::Data const QListData::shared_null+10
00007FFEE5FCD24A | 48:894424 78 | mov qword ptr ss:[rsp+78],rax |
00007FFEE5FCD24F | 48:8B4424 50 | mov rax,qword ptr ss:[rsp+50] | [rsp+50]:"@"
00007FFEE5FCD254 | 48:8B00 | mov rax,qword ptr ds:[rax] | rax:"@", [rax]:const IAcUserModuleObserver::`vftable'+30
00007FFEE5FCD257 | 48:8D9424 10010000 | lea rdx,qword ptr ss:[rsp+110] |
00007FFEE5FCD25F | 48:8B4C24 50 | mov rcx,qword ptr ss:[rsp+50] | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170, [rsp+50]:"@"
00007FFEE5FCD264 | FF90 B0010000 | call qword ptr ds:[rax+1B0] |
00007FFEE5FCD26A | 48:894424 60 | mov qword ptr ss:[rsp+60],rax | [rsp+60]:public: static struct QListData::Data const QListData::shared_null
00007FFEE5FCD26F | 48:8B4424 60 | mov rax,qword ptr ss:[rsp+60] | [rsp+60]:public: static struct QListData::Data const QListData::shared_null
00007FFEE5FCD274 | 48:898424 80000000 | mov qword ptr ss:[rsp+80],rax |
00007FFEE5FCD27C | 48:8B9424 78010000 | mov rdx,qword ptr ss:[rsp+178] |
00007FFEE5FCD284 | 48:8B4C24 68 | mov rcx,qword ptr ss:[rsp+68] | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170, [rsp+68]:public: virtual bool __cdecl TreeModel::removeRows(int, int, class QModelIndex const &)+603DB
00007FFEE5FCD289 | E8 B252F9FF | call acbasewidget141.7FFEE5F62540 |
00007FFEE5FCD28E | 48:898424 88000000 | mov qword ptr ss:[rsp+88],rax | [rsp+88]:public: virtual bool __cdecl TreeModel::removeRows(int, int, class QModelIndex const &)+61955
00007FFEE5FCD296 | 48:8D9424 98000000 | lea rdx,qword ptr ss:[rsp+98] | [rsp+98]:public: virtual bool __cdecl TreeModel::removeRows(int, int, class QModelIndex const &)+6149C
00007FFEE5FCD29E | 48:8D4C24 41 | lea rcx,qword ptr ss:[rsp+41] | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD2A3 | E8 F8240000 | call acbasewidget141.7FFEE5FCF7A0 |
00007FFEE5FCD2A8 | 48:894424 70 | mov qword ptr ss:[rsp+70],rax |
00007FFEE5FCD2AD | 48:8B4424 70 | mov rax,qword ptr ss:[rsp+70] |
00007FFEE5FCD2B2 | 48:898424 90000000 | mov qword ptr ss:[rsp+90],rax |
00007FFEE5FCD2BA | 48:8B4424 78 | mov rax,qword ptr ss:[rsp+78] |
00007FFEE5FCD2BF | 48:894424 30 | mov qword ptr ss:[rsp+30],rax |
00007FFEE5FCD2C4 | 48:8B8424 80000000 | mov rax,qword ptr ss:[rsp+80] |
00007FFEE5FCD2CC | 48:894424 28 | mov qword ptr ss:[rsp+28],rax |
00007FFEE5FCD2D1 | 48:8B8424 88000000 | mov rax,qword ptr ss:[rsp+88] | [rsp+88]:public: virtual bool __cdecl TreeModel::removeRows(int, int, class QModelIndex const &)+61955
00007FFEE5FCD2D9 | 48:894424 20 | mov qword ptr ss:[rsp+20],rax |
00007FFEE5FCD2DE | 44:8B8C24 70010000 | mov r9d,dword ptr ss:[rsp+170] |
00007FFEE5FCD2E6 | 4C:8B8424 68010000 | mov r8,qword ptr ss:[rsp+168] |
00007FFEE5FCD2EE | 48:8B9424 90000000 | mov rdx,qword ptr ss:[rsp+90] |
00007FFEE5FCD2F6 | 48:8B8C24 60010000 | mov rcx,qword ptr ss:[rsp+160] | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD2FE | E8 7B41F9FF | call <acbasewidget141.public: static int __cdecl CMessageBox::i |
00007FFEE5FCD303 | 894424 44 | mov dword ptr ss:[rsp+44],eax |
00007FFEE5FCD307 | 48:8D8C24 98000000 | lea rcx,qword ptr ss:[rsp+98] | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170, [rsp+98]:public: virtual bool __cdecl TreeModel::removeRows(int, int, class QModelIndex const &)+6149C
00007FFEE5FCD30F | FF15 534E1D00 | call qword ptr ds:[<public: __cdecl QString::~QString(void)>] |
00007FFEE5FCD315 | 90 | nop |
00007FFEE5FCD316 | 48:8D8C24 10010000 | lea rcx,qword ptr ss:[rsp+110] | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD31E | FF15 DC561D00 | call qword ptr ds:[<public: virtual __cdecl QPixmap::~QPixmap(v |
00007FFEE5FCD324 | 90 | nop |
00007FFEE5FCD325 | 48:8D8C24 A0000000 | lea rcx,qword ptr ss:[rsp+A0] | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD32D | FF15 354E1D00 | call qword ptr ds:[<public: __cdecl QString::~QString(void)>] |
00007FFEE5FCD333 | 90 | nop |
00007FFEE5FCD334 | 48:8B8C24 68010000 | mov rcx,qword ptr ss:[rsp+168] | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD33C | FF15 264E1D00 | call qword ptr ds:[<public: __cdecl QString::~QString(void)>] |
00007FFEE5FCD342 | 90 | nop |
00007FFEE5FCD343 | 48:8B8C24 78010000 | mov rcx,qword ptr ss:[rsp+178] | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD34B | E8 A565F9FF | call acbasewidget141.7FFEE5F638F5 |
00007FFEE5FCD350 | 8B4424 44 | mov eax,dword ptr ss:[rsp+44] |
00007FFEE5FCD354 | E9 74010000 | jmp acbasewidget141.7FFEE5FCD4CD |
00007FFEE5FCD359 | E9 53010000 | jmp acbasewidget141.7FFEE5FCD4B1 |
00007FFEE5FCD35E | 48:8D8424 08010000 | lea rax,qword ptr ss:[rsp+108] | [rsp+108]:public: virtual bool __cdecl TreeModel::removeRows(int, int, class QModelIndex const &)+69F9D
00007FFEE5FCD366 | 48:898424 B8000000 | mov qword ptr ss:[rsp+B8],rax |
00007FFEE5FCD36E | 48:8D4424 42 | lea rax,qword ptr ss:[rsp+42] |
00007FFEE5FCD373 | 48:8BF8 | mov rdi,rax | rax:"@"
00007FFEE5FCD376 | 33C0 | xor eax,eax |
00007FFEE5FCD378 | B9 01000000 | mov ecx,1 |
00007FFEE5FCD37D | F3:AA | rep stosb |
00007FFEE5FCD37F | 48:8D8C24 F0000000 | lea rcx,qword ptr ss:[rsp+F0] | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD387 | FF15 934B1D00 | call qword ptr ds:[<public: __cdecl QString::QString(void)>] |
00007FFEE5FCD38D | 48:898424 A8000000 | mov qword ptr ss:[rsp+A8],rax |
00007FFEE5FCD395 | 48:8B8424 A8000000 | mov rax,qword ptr ss:[rsp+A8] |
00007FFEE5FCD39D | 48:898424 C8000000 | mov qword ptr ss:[rsp+C8],rax | [rsp+C8]:public: virtual bool __cdecl TreeModel::removeRows(int, int, class QModelIndex const &)+6199F
00007FFEE5FCD3A5 | 48:8D8C24 30010000 | lea rcx,qword ptr ss:[rsp+130] | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD3AD | FF15 AD551D00 | call qword ptr ds:[<public: __cdecl QPixmap::QPixmap(void)>] |
00007FFEE5FCD3B3 | 48:898424 B0000000 | mov qword ptr ss:[rsp+B0],rax |
00007FFEE5FCD3BB | 48:8B8424 B0000000 | mov rax,qword ptr ss:[rsp+B0] |
00007FFEE5FCD3C3 | 48:898424 D0000000 | mov qword ptr ss:[rsp+D0],rax |
00007FFEE5FCD3CB | 48:8B9424 78010000 | mov rdx,qword ptr ss:[rsp+178] |
00007FFEE5FCD3D3 | 48:8B8C24 B8000000 | mov rcx,qword ptr ss:[rsp+B8] | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD3DB | E8 6051F9FF | call acbasewidget141.7FFEE5F62540 |
00007FFEE5FCD3E0 | 48:898424 D8000000 | mov qword ptr ss:[rsp+D8],rax |
00007FFEE5FCD3E8 | 48:8D9424 E8000000 | lea rdx,qword ptr ss:[rsp+E8] | [rsp+E8]:public: virtual bool __cdecl TreeModel::removeRows(int, int, class QModelIndex const &)+69874
00007FFEE5FCD3F0 | 48:8D4C24 42 | lea rcx,qword ptr ss:[rsp+42] | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD3F5 | E8 E6240000 | call acbasewidget141.7FFEE5FCF8E0 |
00007FFEE5FCD3FA | 48:898424 C0000000 | mov qword ptr ss:[rsp+C0],rax |
00007FFEE5FCD402 | 48:8B8424 C0000000 | mov rax,qword ptr ss:[rsp+C0] |
00007FFEE5FCD40A | 48:898424 E0000000 | mov qword ptr ss:[rsp+E0],rax |
00007FFEE5FCD412 | 48:8B8424 C8000000 | mov rax,qword ptr ss:[rsp+C8] | [rsp+C8]:public: virtual bool __cdecl TreeModel::removeRows(int, int, class QModelIndex const &)+6199F
00007FFEE5FCD41A | 48:894424 30 | mov qword ptr ss:[rsp+30],rax |
00007FFEE5FCD41F | 48:8B8424 D0000000 | mov rax,qword ptr ss:[rsp+D0] |
00007FFEE5FCD427 | 48:894424 28 | mov qword ptr ss:[rsp+28],rax |
00007FFEE5FCD42C | 48:8B8424 D8000000 | mov rax,qword ptr ss:[rsp+D8] |
00007FFEE5FCD434 | 48:894424 20 | mov qword ptr ss:[rsp+20],rax |
00007FFEE5FCD439 | 44:8B8C24 70010000 | mov r9d,dword ptr ss:[rsp+170] |
00007FFEE5FCD441 | 4C:8B8424 68010000 | mov r8,qword ptr ss:[rsp+168] |
00007FFEE5FCD449 | 48:8B9424 E0000000 | mov rdx,qword ptr ss:[rsp+E0] |
00007FFEE5FCD451 | 48:8B8C24 60010000 | mov rcx,qword ptr ss:[rsp+160] | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD459 | E8 2040F9FF | call <acbasewidget141.public: static int __cdecl CMessageBox::i |
00007FFEE5FCD45E | 894424 48 | mov dword ptr ss:[rsp+48],eax |
00007FFEE5FCD462 | 48:8D8C24 E8000000 | lea rcx,qword ptr ss:[rsp+E8] | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170, [rsp+E8]:public: virtual bool __cdecl TreeModel::removeRows(int, int, class QModelIndex const &)+69874
00007FFEE5FCD46A | FF15 F84C1D00 | call qword ptr ds:[<public: __cdecl QString::~QString(void)>] |
00007FFEE5FCD470 | 90 | nop |
00007FFEE5FCD471 | 48:8D8C24 30010000 | lea rcx,qword ptr ss:[rsp+130] | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD479 | FF15 81551D00 | call qword ptr ds:[<public: virtual __cdecl QPixmap::~QPixmap(v |
00007FFEE5FCD47F | 90 | nop |
00007FFEE5FCD480 | 48:8D8C24 F0000000 | lea rcx,qword ptr ss:[rsp+F0] | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD488 | FF15 DA4C1D00 | call qword ptr ds:[<public: __cdecl QString::~QString(void)>] |
00007FFEE5FCD48E | 90 | nop |
00007FFEE5FCD48F | 48:8B8C24 68010000 | mov rcx,qword ptr ss:[rsp+168] | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD497 | FF15 CB4C1D00 | call qword ptr ds:[<public: __cdecl QString::~QString(void)>] |
00007FFEE5FCD49D | 90 | nop |
00007FFEE5FCD49E | 48:8B8C24 78010000 | mov rcx,qword ptr ss:[rsp+178] | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD4A6 | E8 4A64F9FF | call acbasewidget141.7FFEE5F638F5 |
00007FFEE5FCD4AB | 8B4424 48 | mov eax,dword ptr ss:[rsp+48] |
00007FFEE5FCD4AF | EB 1C | jmp acbasewidget141.7FFEE5FCD4CD |
00007FFEE5FCD4B1 | 48:8B8C24 68010000 | mov rcx,qword ptr ss:[rsp+168] | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD4B9 | FF15 A94C1D00 | call qword ptr ds:[<public: __cdecl QString::~QString(void)>] |
00007FFEE5FCD4BF | 48:8B8C24 78010000 | mov rcx,qword ptr ss:[rsp+178] | rcx:enum E_RIVERMAP_SOFTWARE_TYPE G_N_RIVERMAP_SOFTWARE_TYPE+170
00007FFEE5FCD4C7 | E8 2964F9FF | call acbasewidget141.7FFEE5F638F5 |
00007FFEE5FCD4CC | 90 | nop |
00007FFEE5FCD4CD | 48:81C4 50010000 | add rsp,150 |
00007FFEE5FCD4D4 | 5F | pop rdi |
00007FFEE5FCD4D5 | C3 | ret |
发现不了有用信息,我就继续ret出去看看,出去又回到了程序等待状态。帮忙分析下如何才能正确下段
经过我不断尝试,在点击确认后被我断下,但是接下来的代码是一窍不通,用注册用户和未注册用户我去跟踪流程,都没有找到有用信息,随时跟丢。请大神们帮帮分析分析》
[Asm] 纯文本查看 复制代码 00007FFFC5639E5A | 56 | push rsi |
00007FFFC5639E5B | 9C | pushfq |
00007FFFC5639E5C | 48:BE 85308123052D6F31 | mov rsi,316F2D0523813085 |
00007FFFC5639E66 | 55 | push rbp |
00007FFFC5639E67 | 48:BD D93A0F6F94137E12 | mov rbp,127E13946F0F3AD9 | 确认按钮断点
00007FFFC5639E71 | 40:2AF5 | sub sil,bpl |
00007FFFC5639E74 | E8 6004EBFF | call acdownloadwidget141.7FFFC54EA2D9 |
00007FFFC5639E79 | 37 | ??? |
00007FFFC5639E7A | E8 50EFEAFF | call acdownloadwidget141.7FFFC54E8DCF |
00007FFFC5639E7F | 1D 41559C49 | sbb eax,499C5541 |
00007FFFC5639E84 | BD 2A21D05C | mov ebp,5CD0212A |
00007FFFC5639E89 | 011C49 | add dword ptr ds:[rcx+rcx*2],ebx |
00007FFFC5639E8C | 72 4E | jb acdownloadwidget141.7FFFC5639EDC |
00007FFFC5639E8E | 8D2CED 19459066 | lea ebp,qword ptr ds:[rbp*8+66904519] |
00007FFFC5639E95 | 6641:BD C13C | mov r13w,3CC1 |
00007FFFC5639E9A | 41:81ED 812AE66E | sub r13d,libaprutil-1.6EE62A81 |
00007FFFC5639EA1 | E8 AFFAEAFF | call acdownloadwidget141.7FFFC54E9955 |
00007FFFC5639EA6 | 27 | ??? |
00007FFFC5639EA7 | E8 8F13EBFF | call acdownloadwidget141.7FFFC54EB23B |
00007FFFC5639EAC | A0 E8F7F0EAFF774153 | mov al,byte ptr ds:[534177FFEAF0F7E8] |
00007FFFC5639EB5 | 9C | pushfq |
00007FFFC5639EB6 | 49:BB BD663414A6264E2A | mov r11,2A4E26A6143466BD |
00007FFFC5639EC0 | 41:80CB 22 | or r11b,22 |
00007FFFC5639EC4 | E8 2D0CEBFF | call acdownloadwidget141.7FFFC54EAAF6 |
00007FFFC5639EC9 | E1 68 | loope acdownloadwidget141.7FFFC5639F33 |
00007FFFC5639ECB | B2 02 | mov dl,2 |
00007FFFC5639ECD | 16 | ??? |
00007FFFC5639ECE | 54 | push rsp |
00007FFFC5639ECF | 9C | pushfq |
00007FFFC5639ED0 | 807C24 08 70 | cmp byte ptr ss:[rsp+8],70 | 70:'p'
00007FFFC5639ED5 | 0F8D 13000000 | jge acdownloadwidget141.7FFFC5639EEE |
00007FFFC5639EDB | 66:F75424 08 | not word ptr ss:[rsp+8] |
00007FFFC5639EE0 | 48:C74424 08 8469BF7C | mov qword ptr ss:[rsp+8],7CBF6984 |
00007FFFC5639EE9 | FF7424 00 | push qword ptr ss:[rsp] |
00007FFFC5639EED | 9D | popfq |
00007FFFC5639EEE | 48:8D6424 08 | lea rsp,qword ptr ss:[rsp+8] |
00007FFFC5639EF3 | E8 F20CFFFF | call acdownloadwidget141.7FFFC562ABEA |
00007FFFC5639EF8 | EF | out dx,eax |
00007FFFC5639EF9 | 41:54 | push r12 |
00007FFFC5639EFB | 49:BC DA1F506A930F3060 | mov r12,60300F936A501FDA |
00007FFFC5639F05 | E8 5010EBFF | call acdownloadwidget141.7FFFC54EAF5A |
00007FFFC5639F0A | 76 E8 | jbe acdownloadwidget141.7FFFC5639EF4 |
00007FFFC5639F0C | 72 D7 | jb acdownloadwidget141.7FFFC5639EE5 |
00007FFFC5639F0E | EA | ??? |
00007FFFC5639F0F | FFC0 | inc eax |
00007FFFC5639F11 | 41:55 | push r13 |
00007FFFC5639F13 | E8 10E6EAFF | call acdownloadwidget141.7FFFC54E8528 |
00007FFFC5639F18 | 7F 57 | jg acdownloadwidget141.7FFFC5639F71 |
00007FFFC5639F1A | 48:BF 1C66073FA2753841 | mov rdi,413875A23F07661C |
00007FFFC5639F24 | 56 | push rsi |
00007FFFC5639F25 | 41:54 | push r12 |
00007FFFC5639F27 | 49:BC B14C1C11800E8F4B | mov r12,4B8F0E80111C4CB1 |
00007FFFC5639F31 | E8 2AD4EAFF | call acdownloadwidget141.7FFFC54E7360 |
00007FFFC5639F36 | 1141 54 | adc dword ptr ds:[rcx+54],eax |
00007FFFC5639F39 | 9C | pushfq |
00007FFFC5639F3A | 49:BC AB710C6CBA711965 | mov r12,651971BA6C0C71AB |
00007FFFC5639F44 | 41:81CC CF05144C | or r12d,4C1405CF |
00007FFFC5639F4B | 0F8E E6FFFFFF | jle acdownloadwidget141.7FFFC5639F37 |
00007FFFC5639F51 | 45:0FBEE4 | movsx r12d,r12b |
00007FFFC5639F55 | 4C:8B6424 08 | mov r12,qword ptr ss:[rsp+8] |
00007FFFC5639F5A | 48:C74424 08 ACE49A78 | mov qword ptr ss:[rsp+8],789AE4AC |
00007FFFC5639F63 | FF7424 00 | push qword ptr ss:[rsp] |
00007FFFC5639F67 | 9D | popfq |
00007FFFC5639F68 | 48:8D6424 08 | lea rsp,qword ptr ss:[rsp+8] |
00007FFFC5639F6D | E8 D1E8F1FF | call acdownloadwidget141.7FFFC5558843 |
00007FFFC5639F72 | 36:E8 1FFEEAFF | call acdownloadwidget141.7FFFC54E9D97 |
后续我看了下流程图,吓死我了,这是真么一个流程呢?
流程图
|
|
发表于 2024-5-30 00:10
|
发表于 2024-5-30 08:12
