| 网站首页 | 业界新闻 | 小组 | 威客 | 人才 | 下载频道 | 博客 | 代码贴 | 在线编程 | 编程论坛
欢迎加入我们,一同切磋技术
用户名:   
 
密 码:  
共有 682 人关注过本帖
标题:找出库文件wininet.dll中的函数InternetDial ()第3个参数
只看楼主 加入收藏
nbm7628800
Rank: 1
等 级:新手上路
帖 子:1
专家分:0
注 册:2013-11-26
结帖率:0
收藏
已结贴  问题点数:20 回复次数:1 
找出库文件wininet.dll中的函数InternetDial ()第3个参数
本人菜鸟,请教高手怎么查找函数InternetDial ()中的第3参数


地址         十六进制          反汇编                                    
--------------------------------------------------------------------------
766C38AA     8BFF              MOV EDI,EDI                                
766C38AC     55                PUSH EBP                                   
766C38AD     8BEC              MOV EBP,ESP                                
766C38AF     81EC 08020000     SUB ESP,208                                
766C38B5     A1 50BA7076       MOV EAX,DS:[7670BA50]                     
766C38BA     53                PUSH EBX                                   
766C38BB     8B5D 14           MOV EBX,SS:[EBP+14]                        
766C38BE     56                PUSH ESI                                   
766C38BF     8B75 0C           MOV ESI,SS:[EBP+C]                        
766C38C2     8945 FC           MOV SS:[EBP-4],EAX                        
766C38C5     33C0              XOR EAX,EAX                                
766C38C7     85F6              TEST ESI,ESI                              
766C38C9     57                PUSH EDI                                   
766C38CA     8B7D 08           MOV EDI,SS:[EBP+8]                        
766C38CD     74 3C             JE SHORT 766C390B                          
766C38CF     68 01010000       PUSH 101                                   
766C38D4     56                PUSH ESI                                   
766C38D5     FF15 94116876     CALL DS:[<&KERNEL32.IsBadStringPtrA>]      
766C38DB     85C0              TEST EAX,EAX                              
766C38DD     74 05             JE SHORT 766C38E4                          
766C38DF     6A 57             PUSH 57                                    
766C38E1     58                POP EAX                                    
766C38E2     EB 35             JMP SHORT 766C3919                        
766C38E4     68 00010000       PUSH 100                                   
766C38E9     8D85 F8FDFFFF     LEA EAX,SS:[EBP-208]                       
766C38EF     50                PUSH EAX                                   
766C38F0     6A FF             PUSH -1                                    
766C38F2     56                PUSH ESI                                   
766C38F3     33F6              XOR ESI,ESI                                
766C38F5     56                PUSH ESI                                   
766C38F6     56                PUSH ESI                                   
766C38F7     FF15 9C126876     CALL DS:[<&KERNEL32.MultiByteToWideChar>]  
766C38FD     85C0              TEST EAX,EAX                              
766C38FF     75 04             JNZ SHORT 766C3905                        
766C3901     66:8975 F8        MOV SS:[EBP-8],SI                          
766C3905     8D85 F8FDFFFF     LEA EAX,SS:[EBP-208]                       
766C390B     FF75 18           PUSH DWORD PTR SS:[EBP+18]                 
766C390E     53                PUSH EBX                                   
766C390F     FF75 10           PUSH DWORD PTR SS:[EBP+10]                 
766C3912     50                PUSH EAX                                   
766C3913     57                PUSH EDI                                   
766C3914     E8 3EFAFFFF       CALL wininet.InternetDialW                 
766C3919     8B4D FC           MOV ECX,SS:[EBP-4]                        
766C391C     5F                POP EDI                                    
766C391D     5E                POP ESI                                    
766C391E     5B                POP EBX                                    
766C391F     E8 A2DDFBFF       CALL 766816C6                              
766C3924     C9                LEAVE                                      
766C3925     C2 1400           RETN 14                                    
 
搜索更多相关主题的帖子: 十六进制 
2013-11-27 12:41
zklhp
Rank: 20Rank: 20Rank: 20Rank: 20Rank: 20
来 自:china
等 级:贵宾
威 望:254
帖 子:11485
专家分:33241
注 册:2007-7-10
收藏
得分:20 
                                    
...|第二参数|第一参数|返回值|ebp|局部变量....
                            ^
                            之后的ebp都等于这个地址 [ebp+4]是返回值 [ebp+8]是第一参数 以此类推
766C38AD     8BEC              MOV EBP,ESP

在这条指令后 ebp == esp 就是压栈ebp后的地址 也就是我上面画的位置

你应该知道答案了
2013-11-27 13:58
快速回复:找出库文件wininet.dll中的函数InternetDial ()第3个参数
数据加载中...
 
   



关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.017376 second(s), 9 queries.
Copyright©2004-2024, BCCN.NET, All Rights Reserved