这个问题是关于x86汇编语言中的一条指令,MOV EAX,DWORD PTR DS:ESI。这条指令的作用是将ESI寄存器指向的内存地址中的32位值(DWORD)复制到EAX寄存器中。具体来说,这条指令的各个部分的含义如下:
因此,这条指令的意义是将ESI寄存器指向的内存地址中的32位值复制到EAX寄存器中。这是一个典型的汇编语言指令,用于实现程序中的数据传输和处理。
xor ebx,ebx 02ED7FBE |. 8BFF mov edi,edi 02ED7FC0 |> 8B86 78030000 /mov eax,dword ptr ds...02ED7FCE |. 8B8E 7C030000 |mov ecx,dword ptr ds:[esi+0x37C] 02ED7FD4 |. 2BC8 |sub ecx,eax..._invalid_parameter_noinfo 02ED8020 |> 8B86 78030000 |mov eax,dword ptr ds:[esi+0x378] 02ED8026 |....但最后的返回值eax却是固定的来自这几行代码: 02ED805D |> 8B96 78030000 mov edx,dword ptr ds:[esi+0x378] 02ED8063 |. 8D0CFD...8B2D 444AF902 mov ebp,dword ptr ds:[<&MSVCR80.
ptr ds:[count] lea esi,dword ptr ds:[MyArray] mov ebx,dword ptr ds:[esi + eax * 4] cmp ebx...; max_result = Array[x]; L3: mov ebx,dword ptr ds:[esi + eax * 4] cmp ebx,dword ptr ds:[...mov ebx,dword ptr ds:[esi + eax * 4] ; 获取 SrcArray[index] mov ecx,dword ptr ds:[esi...ptr ds:[Array + esi * 4] ; Array[y] mov edx,dword ptr ds:[Array + esi * 4 - 4] ; Array...],eax L5: mov eax,dword ptr ds:[Temporary] cmp eax,10 jge L6 lea esi,dword ptr ds:[Array
,dword ptr ds:[MyArray] ; 得到数组基地址 L2: mov eax,dword ptr ds:[esi] cmp eax,dword...+ eax * 4],20 ; Array[index + 1] <= 20 jg L2 mov esi,dword ptr ds:[MyArray + eax *...esi,dword ptr ds:[x] mov edi,dword ptr ds:[y] invoke crt_printf,addr szFmt,esi,edi mov ecx,...; 开始在框架中搞事情 mov eax,dword ptr ds:[x] cmp eax,dword ptr ds:[z] je L6 mov eax,dword ptr ds:...eax,1 mov dword ptr ds:[mid],eax ; edx = value[mid] mov esi,dword ptr ds:[mid] shl esi
mov esi,dword ptr ds:[ebx] 0099A230 8B43 20 mov eax,dword ptr ds:[ebx+0x20] 0099A233 03C2...mov dword ptr ds:[ebx+0x20],ecx 0099A23A 8B43 1C mov eax,dword ptr ds:[ebx+0x1C] 0099A23D ...mov esi,eax 0099A25D 8B46 FC mov eax,dword ptr ds:[esi-0x4] 0099A260 83C0 04 add...eax,0x4 0099A263 2BF0 sub esi,eax 0099A265 8956 08 mov dword ptr ds:[esi+0x8...mov eax,dword ptr ds:[eax] 到这里就是抓取内存镜像和修复IAT了。
mov ecx,dword ptr ds:[NameSize] mov esi,0 S2: pop eax mov byte ptr ds:[MyString + esi],al inc...ds:[esi],10 mov dword ptr ds:[esi + 4],20 mov dword ptr ds:[esi + 8],30 ; 填充数组方式2 mov var_array...,dword ptr ds:[PtrA] mov eax,(MyPoint ptr ds:[esi]).pos_x mov ebx,(MyPoint ptr ds:[esi]).pos_y...,dword ptr ds:[PtrA] mov eax,(MyPoint ptr ds:[esi]).pos_x ; 获取第一个结构X mov eax,(MyPoint ptr...,dword ptr ds:[PtrA] mov eax,(MyPoint ptr ds:[esi]).pos_x ; 获取第一个结构X mov eax,(MyPoint ptr
ds:[count] lea esi,dword ptr ds:[MyArray] mov ebx,dword ptr ds:[esi + eax * 4] cmp ebx,dword...:[count] lea esi,dword ptr ds:[MyArray] mov ebx,dword ptr ds:[esi + eax * 4] cmp ebx,dword ptr...mov ebx,dword ptr ds:[esi + eax * 4] ; 获取 SrcArray[index] mov ecx,dword ptr ds:[esi +...,dword ptr ds:[MyArray] ; 得到数组基地址 L2: mov eax,dword ptr ds:[esi] cmp eax,dword ptr ds:[esi +...dword ptr ds:[mid],eax ; edx = value[mid] mov esi,dword ptr ds:[mid] shl esi,2 mov edx,[ebx
727A92AE 8B0F mov ecx,dword ptr ds:[edi] 727A92B0 3BC8 cmp ecx,eax 727A92B2...push eax 727A930C 8D86 D4010000 lea eax,dword ptr ds:[esi+0x1D4] 727A9312 50 push...eax 727A9322 8D86 50020000 lea eax,dword ptr ds:[esi+0x250] 727A9328 50 push...dword ptr ds:[esi],eax 727A9339 8B1B mov ebx,dword ptr ds:[ebx] 727A933B ^ EB 97 ...jmp XIPHLPAPI.727A92D4 727A933D 8907 mov dword ptr ds:[edi],eax 727A933F 6A 6F
,dword ptr ds:[MyArray] ; 得到数组基地址 L2: mov eax,dword ptr ds:[esi] cmp eax,dword...mov esi,dword ptr ds:[MyArray + eax * 4 - 4] ; esi = Array[index] mov edi,dword ptr ds:[MyArray...循环过程执行(存放循环过程代码) mov esi,dword ptr ds:[x] mov edi,dword ptr ds:[y] invoke crt_printf,addr...eax,dword ptr ds:[x] cmp eax,dword ptr ds:[y] je L6 mov eax,dword ptr ds:[y] cmp eax...ptr ds:[first] shr eax,1 mov dword ptr ds:[mid],eax ; edx = value[mid] mov esi,
10110404 8930 mov dword ptr ds:[eax],esi 10110406 E8 B4490000 call...8B70 F4 mov esi,dword ptr ds:[eax-0xC] 1000677F 32C9 xor cl,cl 10006781...mov eax,dword ptr ds:[ebx] 100067DA 3B70 F8 cmp esi,dword ptr ds:[eax-0x8] 100067DD...ds:[eax-0xC],esi 100067E2 8B03 mov eax,dword ptr ds:[ebx] 100067E4...eax,dword ptr ds:[eax] 4.比较注册码,如下图 ?
] mov dword ptr ds:[esi],10 mov dword ptr ds:[esi + 4],20 mov dword ptr ds:[esi + 8],30...,dword ptr ds:[PtrA] mov eax,(MyPoint ptr ds:[esi]).pos_x mov ebx,(MyPoint ptr ds:[esi]).pos_y...,dword ptr ds:[PtrA] mov eax,(MyPoint ptr ds:[esi]).pos_x ; 获取第一个结构X mov eax,(MyPoint...,dword ptr ds:[PtrA] mov eax,(MyPoint ptr ds:[esi]).pos_x ; 获取第一个结构X mov eax,(MyPoint...,dword ptr ds:[PointB] mov eax,dword ptr ds:[PointB] ; 定位第一个MyPoint mov eax,dword ptr
+ 1] <= 20jg L2mov esi,dword ptr ds:[MyArray + eax * 4 - 4] ; esi = Array[index]mov edi,dword ptr...ptr ds:[esi + eax * 4] ; 获取 SrcArray[index]mov ecx,dword ptr ds:[esi + eax * 4 + 40] ; 获取...; y--mov dword ptr ds:[y],eaxL3:mov eax,dword ptr ds:[y]cmp eax,dword ptr ds:[x]jle L2mov esi,dword ptr...ds:[y]mov ebx,dword ptr ds:[Array + esi * 4] ; Array[y]mov edx,dword ptr ds:[Array + esi * 4...last]add eax,dword ptr ds:[first]shr eax,1mov dword ptr ds:[mid],eax; edx = value[mid]mov esi,dword ptr
mov eax,dword ptr ds:[count] ; 获取循环次数,当作因子 lea esi,dword ptr ds:[MyArray] ; 取数组基地址...mov eax,dword ptr ds:[count] lea esi,dword ptr ds:[MyArray] mov ebx,dword ptr ds:[esi...mov ebx,dword ptr ds:[esi + eax * 4] ; 获取 SrcArray[index] mov ecx,dword ptr ds:...-1的位置 mov esi,dword ptr ds:[y] mov ebx,dword ptr ds:[Array + esi * 4] ; Array[y]...; 取数组基地址 mov esi,dword ptr ds:[Array + eax * 4] ; 比例因子寻址 invoke crt_printf,addr szFmt,esi
ptr ds:[source + esi]mov byte ptr ds:[target + esi],aldec esiinc ebxloop L2lea eax,dword ptr ds:[target...ptr ds:[var_dword],3; 填充数组方式1lea esi,dword ptr ds:[var_array]mov dword ptr ds:[esi],10mov dword ptr...,dword ptr ds:[PtrA]mov eax,(MyPoint ptr ds:[esi]).pos_xmov ebx,(MyPoint ptr ds:[esi]).pos_ymov ecx,(...(MyPoint ptr ds:[esi]).pos_y,20mov (MyPoint ptr ds:[esi]).pos_z,30; 直接获取结构中的数据mov eax,dword ptr ds:[...],100mov dword ptr ds:[PointA.Right.pos_y],200; 通过地址定位lea esi,dword ptr ds:[PointB]mov eax,dword ptr
然后查看改写这个地址的代码是: 00C9B75C |. 8B4C90 58 mov ecx,dword ptr ds:[eax+edx*4+0x58] ; 再往前找: 00C9B755... |. 8B43 7C mov eax,dword ptr ds:[ebx+0x7C] ; 然后再按照这种方法找就找不出什么准确的内容了。...然后按CTRL+F9运行到返回,然后找到这个代码块的call地址,再进入这个call看看开头,发现给EBX赋值的是:mov ebx,dword ptr ss:[ebp+0x8],ebp+0x8也就是这个...ecx,dword ptr ds:[eax] ECX的值是来自[eax],再记录一下关系,免得一会步数太多,记不清了。...lea esi,dword ptr ds:[edi-0x4] 00C8403F |. 8B7E 10 mov edi,dword ptr ds:[esi+0x10] 注意这是从下到上的顺序
mov eax,dword ptr [ebp+8] 000a002e 8945f8 mov dword ptr [ebp-8],eax 000a0031 8b45f8...mov eax,dword ptr [ebp-8] 000a0034 833800 cmp dword ptr [eax],0 000a0037 7504...call dword ptr ds:[424788h] 000a0059 3bf4 cmp esi,esp 000a005b e8c0bbffff...ecx 000a007c ff1504474200 call dword ptr ds:[424704h] 000a0082 3bf4 cmp esi,esp...esi,esp 000a0098 8b45f8 mov eax,dword ptr [ebp-8] 000a009b 8b8850020000 mov ecx,dword
: mov eax,dword ptr ds:[esi] ; 间接寻址 add esi,4 ; 每次递增4 loop...; 每次递增4 mov edx,dword ptr ds:[esi + eax] ; 定位到内层循环元素 loop s2 pop eax pop ecx add eax...mov ebx,0 mov ecx,5 s2: mov esi,dword ptr ds:[ArrayA + ebx] add esi,dword ptr ds:[ArrayB...: mov esi,dword ptr ds:[PtrA] ; 将指针指向PtrA mov ax,word ptr ds:[esi + ebx * 2] ; 每次递增2...字节 mov esi,dword ptr ds:[PtrB] ; 将指针指向PtrB mov eax,dword ptr cs:[esi + ebx * 4] ;
; 反向弹出字符串 mov ecx,dword ptr ds:[NameSize] mov esi,0 S2: pop eax mov byte ptr ds:[MyString +...mov dword ptr ds:[esi],10 mov dword ptr ds:[esi + 4],20 mov dword ptr ds:[esi + 8],30 ;...,dword ptr ds:[PtrA] mov eax,(MyPoint ptr ds:[esi]).pos_x mov ebx,(MyPoint ptr ds:[esi]).pos_y...,dword ptr ds:[PtrA] mov eax,(MyPoint ptr ds:[esi]).pos_x ; 获取第一个结构X mov eax,(MyPoint...,dword ptr ds:[PtrA] mov eax,(MyPoint ptr ds:[esi]).pos_x ; 获取第一个结构X mov eax,(MyPoint
eax,dword ptr ds:[0x3EF050] 003E44D8 33C9 xor ecx,ecx 003E44DA 894C24 12 mov...33C4 xor eax,esp 003E44E4 894C24 1A mov dword ptr ss:[esp+0x1A],ecx 003E44E8 ...],eax 003E44F0 8B4424 34 mov eax,dword ptr ss:[esp+0x34] 003E44F4 8D5424 10 lea edx...20 lea esi,dword ptr ss:[esp+esi*4+0x20] 003E4553 8D7C24 14 lea edi,dword ptr ss:[esp...] 003E4560 8B17 mov edx,dword ptr ds:[edi] 003E4562 6A 00 push 0x0 003E4564
/BYTE) mov eax,dword ptr ds:[DwordVar2] ; eax = 12345678h xor eax,eax mov ax,word ptr ds:[DwordVar2...mov eax,dword ptr ds:[esi] ; 间接寻址 add esi,4 ; 每次递增4 loop...ebx,0 mov ecx,5 s2: mov esi,dword ptr ds:[ArrayA + ebx] add esi,dword ptr ds:[ArrayB + ebx]...: mov esi,dword ptr ds:[PtrA] ; 将指针指向PtrA mov ax,word ptr ds:[esi + ebx * 2] ; 每次递增2字节...mov esi,dword ptr ds:[PtrB] ; 将指针指向PtrB mov eax,dword ptr cs:[esi + ebx * 4] ; 每次递增4
; 获取到首地址 mov eax,0 mov ebx,0 mov eax,dword ptr ds:[esi] ; 找到第一个元素 mov ebx,dword...dword ptr ds:[Rval],eax mov ebx,dword ptr ds:[Yval] add ebx,dword ptr ds:[Zval] sub dword...eax,dword ptr ds:[Xval] add eax,dword ptr ds:[Yval] mov ebx,dword ptr ds:[Yval] add ebx,dword...mov eax,dword ptr ds:[var1] add eax,dword ptr ds:[var2] ; 计算前半部分 mov ebx,dword ptr ds:[var3...ptr ds:[y],3 mov eax,dword ptr ds:[x] mov ebx,dword ptr ds:[y] lea eax,dword ptr ds:[eax +
领取专属 10元无门槛券
手把手带您无忧上云