SEH 结构化异常处理(2)
2007-01-14 16:44:41 来源:WEB开发网核心提示: 77F75913>B820000000moveax,2077F75918BA0003FE7Fmovedx,7FFE030077F7591DFFD2calledx//f7,到代码[8]77F7591FC20800retn8代码[8]7FFE03008BD4movedx,esp7FFE0
77F75913> B820000000 moveax,20
77F75918 BA0003FE7F movedx,7FFE0300
77F7591D FFD2 calledx//f7,到代码[8]
77F7591F C20800 retn8代码[8]
7FFE0300 8BD4 movedx,esp
7FFE0302 0F34 sysenter
7FFE0304 C3 retn//返回到代码[9]代码[9]
0040102F |. 6800304000 pushseh2.00403000 ;|Title="SEH"
00401034 |. 6804304000 pushseh2.00403004 ;|Text="Hello,SEH!"
00401039 |. 6A00 push0 ;|hOwner=NULL
0040103B |. E844000000 call<jmp.&USER32.MessageBoxA> ;MessageBoxA
00401040 |. 64:8F0500000>popdwordptrfs:[0]
00401047 |. 83C404 addesp,4
0040104A |. 6A00 push0 ;/ExitCode=0
0040104C . E839000000 call<jmp.&KERNEL32.ExitProcess> ;ExitProcess//f7,进入,到代码[10]代码[10]-----这段代码,任何程序只要执行了exitprocess都会看到!留个印象吧!
77E598FD> 55 pushebp
77E598FE 8BEC movebp,esp
77E59900 6AFF push-1
77E59902 68B0F3E877 pushkernel32.77E8F3B0
77E59907 FF7508 pushdwordptrss:[ebp+8]
77E5990A E886FFFFFF callkernel32.77E59895//结束了应用程序的生命!
77E5990F ^E9A47DFEFF jmpkernel32.TerminateProcess
77E59914 -FF25F413E477 jmpdwordptrds:[<&ntdll.LdrShutdownProcess>] ;ntdll.LdrShutdownProcess
77E5991A 391DA470EB77 cmpdwordptrds:[77EB70A4],ebx
77E59920 0F8499150000 jekernel32.77E5AEBF
77E59926 53 pushebx
77E59927 53 pushebx
77E59928 53 pushebx
77E59929 E8D2F4FEFF callkernel32.WriteProfileStringW
77E5992E E98C150000 jmpkernel32.77E5AEBF
77E59933> 837C240400 cmpdwordptrss:[esp+4],0
77E59938 0F84C4730200 jekernel32.77E80D02
77E5993E FF742408 pushdwordptrss:[esp+8]
77E59942 FF742408 pushdwordptrss:[esp+8]
77E59946 FF156814E477 calldwordptrds:[<&ntdll.NtTerminateThread>] ;ntdll.ZwTerminateThread
77E5994C 85C0 testeax,eax
77E5994E 0F8CB7730200 jlkernel32.77E80D0B
77E59954 33C0 xoreax,eax
77E59956 40 inceax
77E59957 C20800 retn8
***************************************************************源代码下载
中查找“SEH 结构化异常处理(2)”更多相关内容
中查找“SEH 结构化异常处理(2)”更多相关内容更多精彩
赞助商链接
