加入扬帆共创

40909  不知道年底会不会分红~~
阅读更多

●望大家加入共创CHINA.ASM●

07-06

我试图反汇编masm.exe,然后对masm.exe进行修改,方法:(1)先用-u反汇编出来,(2)再用t跟踪修改。rn反汇编masm.exe发现程序并不长,没有《汇编原理》所说的10000到100000行那么多.rnW32asm无极版反汇编可解决debug -u行被隐藏的问题;但用debug 的t跟踪时发现无法跟踪masm.exe,因为当t=0 9999时发现cx仍=0c70h,rn即还要循环3187次,而且是在程序的前面部分不断重运行.下面是反汇编masm.exe的前面部分,超10000次的循环也是发生在这部分,t=0 10000rnrn时超过9999已无法用t跟踪.rn 我正在试图用W32asm无极版把反汇编的代码全部抄出来,望大家加入共创CHINA.ASM.rnrnrn;每-u一次分一段rnrnassume cs:coderncode segmentrnstart:rnrnrnrnmov ax,esrnadd ax,0010hrnpush csrnpop dsrnmov ds:[0004h],axrnadd ax,ds:[000ch]rnmov es,axrnmov cx,ds:[0006h];●不加ds上就汇编失败,t跟踪表明确是dsrnmov di,cxrndec dirnmov si,dirnstdrn;repz;●看来很难全部抄出来,此句不注释掉就汇编失败rnmovsb;跟踪masm.exe发现repz与movsb合成一步。但不断重复,cx=0671来要走完才会执行下一步。rnpush axrnmov ax,0032hrnrnrnrnpush ax;第2次-urnretfrnmov bx,esrnmov ax,dsrndec axrnmov ds,axrnmov es,axrnmov di,000fhrnmov cx,0010hrnmov al,0ffhrn;repzrnscasbrninc dirnmov si,dirnmov ax,bxrndec axrnmov es,axrnmov di,000fhrnrnrnrnrna5:mov cl,04h;第3次-u,跟踪masm.exe,它的repz没注释掉,t=0 700刚好运行至此。rnmov ax,sirnnot axrnshr ax,clrnjz a1rnmov dx,dsrnsub dx,axrnmov ds,dxrnor si,-10;●它的repz没注释掉,t=0 1320刚好运行至此。rna1:mov ax,dirnnot axrnshr ax,clrnjz a2rnmov dx,esrnsub dx,axrnmov es,dxrnrnrnor di,-10;第4次-urna2:lodsbrnmov dl,alrndec sirnlodswrnmov cx,axrninc sirnmov al,dlrnand al,0fehrncmp al,0b0hrnjnz a3rnlodsbrn;repzrnstosbrnjmp a4rnnoprna3:cmp al,0b2hrnjne a12rn;repzrnmovsbrna4:mov al,dlrnrnrntest al,01;第5次-u,●t=0 1347刚好运行至此。rnjz a5;●●t=0 4724运行至此●!!!!!!!!!不断在此以上循环!当t=0 9999看cx=0c70h=3184d,t达到10000就错了,这是个什么鬼汇编rnmov si,0125 ;程序?但此时按g很快就可结束了。rnpush csrnpop dsrnmov bx,[0004h]rncldrnxor dx,dxrna9:lodswrnmov cx,axrnjcxz a7rnmov ax,dxrnadd ax,bxrnmov es,axrna6:lodswrnmov di,axrncmp di,-01rnrnrnrnjz a8;第6次-urnes:rnadd [di],bxrna10:loop a6rna7:cmp dx,0f000hrnjz a11rnadd dx,1000rnjmp a9rna8:mov ax,esrninc axrnmov es,axrnsub di,+10rnes:rnadd [di],bxrndec axrnmov es,axrnrnrnjmp a10;第7次-urna11:mov ax,bxrnmov di,ds:[0008h];●不加上就汇编失败rnmov si,ds:[000ah]rnadd si,axrnadd ds:[0002h],ax;●不加上就汇编失败rnsub ax,0010hrnmov ds,axrnmov es,axrnmov bx,0000hrnclirnmov ss,sirnmov sp,dirnrnrnrnsti;第8次-urncs:rn;jmp far[bx];●●●●●●●●●●●●●●●●以上除个别注释掉的外汇编成功rna12:mov ah,40rn;mov bx,0002hrn;mov cx,0016hrn;mov dx,csrn;mov ds,dxrn;mov dx,010fhrn;int 21hrn;push axrn;db 61hrn;db 63hrn;db 6bhrn;db 65hrn;db 64hrnrnrnrnand [bp+69],ah;第9次-urn;db 6chrn;db 65hrnand [bx+di+73h],chrnand [bp+di+6fh],ahrn;jb 0194rn;jnz 0194rn;jz 0179;●我怀疑debug具有隐藏功能,2c75:0194,0195,0179三行全不见了!!!!!!!!!!!!!!!!!!!!!!!!!!rn;add di,ax ;W32asm无极版里有显示!!!!!!!!!!!!!!!!!!!!!!!!!!rn;add ds:[si+6400h],ahrn;add ds:[bp+di],chrn;add ds:[0500h],dlrn;add ds:[bx+di],sprn;add si,ds:[si+03h];●解除注释运行会出错rnrnrn;db 61;第10次-urn;add di,ds:[bx+0af03h]rn;add bx,ds:[bp+di+1603h]rn;add ax,05c6hrn;inc axrn;push esrn;sbb ds:[06d5h],alrn;cmp ds:[bx],alrn;es:rn;pop esrn;xchg al,ds:[bx]rn;jbe 0158rn;db 62rn;pop esrn;xor cx,ds:[bx+si]rn;add cl,ds:[bx+di]rnrnrn;esc 39h,ds:[bx+si];tbyte ptr ds:[bx+si];●怪!第11次-urn;jbe 0167rnnot word ptr [bp+si]rn;db 66rn;adc ax,155ehrn;db 67rn;sbb [bp+si],chrn;sbb dl,clrn;sbb [bx+9b1ah],sprn;sbb dl,[bx+di+0d01ah]rnsbb al,alrn;db c1rn;and [bp+di+7020h],dhrnrnrn;and [bx+di+20h],ah;第12次-urn;xchg si,axrn;and [bx+5521h],axrn;and al,43hrn;and al,0e9hrn;and al,0dahrn;and al,43hrn;and ax,2686hrn;retf 0bc26hrn;es:rn;cbwrn;es:rn;stirn;es:rn;mov [9327h],alrn;daarn;jns 01c0hrnrncode endsrnend startrnrn

没有更多推荐了,返回首页