久久综合伊人噜噜色,日本三级香港三级人妇电影精品,亚洲中文色资源,国产高清一区二区三区人妖

      <small id="r7w9x"></small>

          <td id="r7w9x"></td><sub id="r7w9x"><menu id="r7w9x"><samp id="r7w9x"></samp></menu></sub>
        2. 

          4. <th id="r7w9x"></th>
          1. 

            



    
            
    
    
    



            

            

            


            

            


            

            

            

            

            


            

            

            



 找回密碼

            

            



 注冊

            

            




            


            

            QQ登錄
            

            只需一步,快速開始
            

            

            

            

            



            

            



            

            



            







            

            


            



            

            

            


            





            

            

            


            




            

            
seh實現(xiàn)單步自跟蹤.

            

[復(fù)制鏈接]

            		

            

            



            

            



            

            

            
 

            

            




            


1#


            

            

            

            

發(fā)表于 2008-9-28 16:36:42
|
只看該作者

|倒序瀏覽
|閱讀模式

            

            

            
 

            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN>&nbsp;</P>9 x, W; n! f9 {( M; E
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">有時如果你對<SPAN lang=EN-US>SICE,TRW或者其他調(diào)試器顯示的信息有所懷疑的話,你可以用seh顯示一些信息作為簡單的調(diào)試手段,當(dāng)然,單步跟蹤的用途遠(yuǎn)不止于此.首先回憶一下我們以前了解的單步的概念,當(dāng)EFLAGS的TF位為1的話執(zhí)行完某條指令后CPU將產(chǎn)生單步異常,與執(zhí)行軟指令int1類似.注意產(chǎn)生單步陷阱后eip已經(jīng)指向下一條指令.但進(jìn)入單步異常處理程序后cpu自動清除TF,以便下條指令正常執(zhí)行.</SPAN></SPAN></P>
            
( l% p! w: A! ?9 g; B2 Q: A<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp; </SPAN></SPAN></P>- l% J3 @* q. _- v7 m
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 30pt; mso-char-indent-count: 3.0; mso-char-indent-size: 10.0pt"><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">我們要作的就是在<SPAN lang=EN-US>seh例程中繼續(xù)置TF位為1,以便下一條指令執(zhí)行完畢后繼續(xù)產(chǎn)生單步陷阱實現(xiàn)跟蹤功能,直到遇到popfd指令為止,當(dāng)然你也可以隨便檢測其他指令或者用記數(shù)器來終止單步.</SPAN></SPAN></P>, A  D' q2 ]  G4 _( s. r
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN>&nbsp;</P>; K" A' ^! ~9 j, C$ [% x  Q: Y
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">下面例子中如果沒有單步跟蹤<SPAN lang=EN-US>eax的最后結(jié)果是3,由于有了單步自跟蹤,在seh處理例程中我們每中斷一次要加1,所以最后的結(jié)果是7,呵呵.請看下面的例子.</SPAN></SPAN></P>4 K, `; h! G$ Z. A  G6 V
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;-----------------------------------------</SPAN></P>
            
4 `( ^* B. F/ w7 k! T( `<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;Ex7,演示利用seh單步自跟蹤 by Hume,2002</SPAN></P>
            
% {, f' G; }9 h! M$ e! I" r. d! K<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;humewen@21cn.com </SPAN></P>
            
$ c- G  N+ G3 C$ O* W- x<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;hume.longcity.net</SPAN></P>1 O# M' B# k& _1 D! `  a
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;-----------------------------------------</SPAN></P>
            
7 ]: H6 _  M  X' l; x% A<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">.586</SPAN></P>
            
- G* i) z- Q2 P- X% y9 O0 C<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">.model flat, stdcall</SPAN></P>
            
: V. y  w5 K  d3 Y: ~+ z2 |) H! U/ s: N6 m<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">option casemap :none<SPAN style="mso-spacerun: yes">&nbsp;&nbsp; </SPAN>; case sensitive</SPAN></P># h# |0 l1 U# A# x0 b+ U
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">include hd.h</SPAN></P>+ ^3 W" a9 `0 R
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">include mac.h</SPAN></P>+ y# h3 Q! u" Q5 K
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN>&nbsp;</P>1 `: k& [# J. ^6 \( G  O8 m3 B2 e/ E, \
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">singlestep_xHandler<SPAN style="mso-tab-count: 1">&nbsp; </SPAN><SPAN style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp; </SPAN>proto C :DWORD,:DWORD,:DWORD,:DWORD</SPAN></P>
            
" f/ m' ]1 y& l: g( V# t: y# W9 x<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;;--------------</SPAN></P>" \3 ~% x0 u/ P
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">.data</SPAN></P>
            
' a1 y5 X6 o8 h8 L2 y<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">count<SPAN style="mso-spacerun: yes">&nbsp;&nbsp; </SPAN>dd<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>0</SPAN></P>7 r  V8 R9 |& i9 O
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">Msg0<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>db<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>"Eax=="</SPAN></P>
            
; x7 P* l$ U) T/ g& q<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">DispEAX dd<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;</SPAN>0,0</SPAN></P>; H; w+ K* i% g  P) u" P1 x
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;;-----------------------------------------</SPAN></P>
            
6 ~: u, r. _* ]; I; q0 c<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">.CODE</SPAN></P>
            
- ~. s: |# `# t) ^+ O<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">_Start:</SPAN></P>
            
, U' x+ j8 u, z. |. B<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp; </SPAN>assume fs:nothing</SPAN></P>/ T) K  R6 f8 N
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">push<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>offset singlestep_xHandler</SPAN></P>& C# i/ l0 x; }
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>push<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>fs:[0]</SPAN></P>
            
4 v: f! [3 G2 x( _% G<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>fs:[0],esp</SPAN></P>* h! k7 C" \) Y) }0 u' a
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;------------------</SPAN></P>
            
# {5 [7 X. T+ W5 C8 Z<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>xor<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>eax,eax</SPAN></P>; m! t: {6 s/ V! h: |
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>pushfd</SPAN></P>( O+ |. r! j( e' p6 j8 o) |
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>pushfd</SPAN></P>
            
7 f: m& o" A1 O% d- _, V. @2 F3 M/ n- \<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;</SPAN>or<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>dword ptr[esp],100h<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P>
            
5 [' r: R" ?( |/ s% }! G/ f. z& A<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>popfd<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;置TF標(biāo)志進(jìn)入單步狀態(tài)</SPAN></P>
            
8 f) g9 @) w, c<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN>&nbsp;</P>
            
+ |0 N8 P: u' T, X3 v/ {5 B<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>nop<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>; nop執(zhí)行完后單步異常引發(fā)<SPAN style="mso-spacerun: yes">&nbsp; </SPAN></SPAN></P>
            
4 D8 T" v& O( k) W, V% C, [! n- m  [1 L<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>inc<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>eax<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>; eip指向,nop后面的指令,就是這里</SPAN></P>% i. f) S; `! Q1 y; v1 M6 l
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>inc<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>eax<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN>; 單步執(zhí)行</SPAN></P>2 A0 I4 B! X7 Z6 k. p* M) K7 P
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>inc<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>eax<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>; normal eax==3,but infact eax==7</SPAN></P>! n5 M9 S0 ^2 G8 g" W) q+ Y0 n
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN>&nbsp;</P>
            
- j$ q, \  E7 m<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>popfd</SPAN></P>
            
* x- V; Z$ e! j<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;------------------ </SPAN></P>" R1 {+ ~* W  _: L* F" V8 x
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>add<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>eax,30h<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;convert to ASCIIZ</SPAN></P>
            
( R8 M5 ^1 B/ E( \+ [3 T<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>DispEAX,eax</SPAN></P>: z, R, b/ I0 P- V$ V
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>invoke<SPAN style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp; </SPAN>MessageBox,0,addr Msg0,ddd("The Eax equal to..."),0</SPAN></P>1 l2 c* {- [9 {8 t) K: }9 y# ]! ]
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P>
            
9 B) Y4 R" P* n( p* C$ i<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>pop<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>fs:[0]</SPAN></P>
            
) H; `9 ~5 U! q7 y<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>add<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>esp,4</SPAN></P>
            
; H# d6 O0 m& v* @<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>invoke<SPAN style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp; </SPAN>ExitProcess,0</SPAN></P>
            
/ d5 [4 ?# R  Z1 |<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;-----------------------------------------</SPAN></P>1 v8 J. Z5 N0 `( o" ^
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">singlestep_xHandler PROC C pExcept:DWORD,pFrame:DWORD,pContext:DWORD,pDispatch:DWORD</SPAN></P>) ]8 C- z" b: g" {
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>pushad<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P>
            
, @3 D! j+ E& m+ @$ Y6 I! v<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">assume<SPAN style="mso-spacerun: yes">&nbsp; </SPAN>edi:ptr CONTEXT</SPAN></P>
            
- N1 B4 R. @' R& @! v: c<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">assume<SPAN style="mso-spacerun: yes">&nbsp; </SPAN>esi:ptr EXCEPTION_RECORD</SPAN></P>
            
; k: ]$ c# s8 [! S& A$ z$ m<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P>6 Y& O$ }( V* P  L, v; v+ ]. i  W5 h( k
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>esi,pExcept</SPAN></P>  K2 u+ m. `! g1 ]+ t  k& E
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>edi,pContext<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P>
            
- Z' d% D* M. B+ S4 }<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P>( P2 `; k; ^9 W6 _
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>test<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>dword ptr[esi+4],1<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;Exception flags test common stuff</SPAN></P>, {4 D& a- [5 N- H) m/ u
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>jnz<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>@f<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;</SPAN></SPAN></P>2 ?( _5 v: y1 K& n6 `( t
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>test<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>dword ptr[esi+4],6</SPAN></P>3 [6 f/ s# K! s3 l: H6 g
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>jnz<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>@f</SPAN></P>
            
% K* A* x/ Z2 F# F4 I9 G$ }. v<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>cmp<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN>dword ptr[esi],80000004h<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;是否為單步異常標(biāo)志</SPAN></P>. U6 {0 S! E* V0 j  x7 U$ o
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>jnz<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>@f</SPAN></P>
            
, `9 g. U6 j9 r; V* o<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN>&nbsp;</P>5 J+ ?' f( c4 l8 Q
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>inc<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>[edi].regEax </SPAN></P>
            
8 B) w. m( A& m<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>ebx,[edi].regEip</SPAN></P>
            
7 P" J! ?8 g# U" P- a<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>cmp<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>byte ptr[ebx],9Dh<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;是否是popfd,因為目的是取消</SPAN></P>
            
3 y) ~$ G  ?8 K7 G7 v<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>jz<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>@finish_singlestep<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;單步狀態(tài),所以這時就不應(yīng)該重置TF</SPAN></P>- {" l) O7 l3 S, k" B$ L3 F+ U
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>or<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>[edi].regFlag,100h<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;否則,重置TF<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P>
            
% _; E% H, L8 K" G1 Y6 N0 E" q<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;每單步中斷一次,eax加1</SPAN></P>
            
4 @$ \6 G7 X* w) E" a, R1 `; [<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;所以eax最后不等于3,而是</SPAN></P>
            
" D' m4 ]5 A( H9 }) n+ d<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;中斷4次后,eax==7<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P>1 y7 i1 V2 F5 P+ ]4 F
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">@finish_singlestep:<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P>
            
0 [1 H8 N6 N5 R7 `<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P>
            
0 w, o( h8 A4 E# ]2 j1 @* h% H% X6 t$ [<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>dword ptr[esp+7*4],0<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;eax==0<SPAN style="mso-spacerun: yes">&nbsp; </SPAN>hehe...</SPAN></P>0 K' |# K# h* ~* x
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>popad<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;研究一下pushad指令就明白了</SPAN></P>
            
' g& ~! K" D8 l2 u) {<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>ret</SPAN></P>
            
: V$ z$ U6 [- b7 H8 l; \<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">@@:</SPAN></P>
            
  l* h' z4 f% ?  \5 r+ z4 a! T" a* K<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>mov<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>dword ptr[esp+7*4],1<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>;eax==1</SPAN></P>
            
; u$ \4 R& w+ ?% q' Y<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>popad<SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P>$ F3 d, ^" A: C1 J, ]7 h% {! h. J- z
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN>ret</SPAN></P># b; {8 g- j9 n2 _/ A5 m  G
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt"></SPAN>&nbsp;</P>4 E6 W( h$ V( @+ K2 E
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">singlestep_xHandler ENDP</SPAN></P>
            
. Z& D6 k6 W2 T( E- Y# ], Y/ O<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">;-----------------------------------------</SPAN></P>/ a3 {, \$ c1 e1 [. C! t4 A) h& k
            
<P class=MsoNormal style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 20pt; mso-char-indent-count: 2.0; mso-char-indent-size: 10.0pt"><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: 宋體; mso-bidi-font-size: 12.0pt">END<SPAN style="mso-tab-count: 1">&nbsp;&nbsp;&nbsp; </SPAN>_Start</SPAN></P>
            


            

            

            


            

            

            


            

            


            
    
            
    
    
    
            		

            

            

            




            

            



            

            

            

            



            






            






            



            

            

            

            








            

            

            


            

            
您需要登錄后才可以回帖 登錄 | 注冊





            

            

            

            

            

            

            






            
本版積分規(guī)則





            
            		

            

            

            

            




            


            

            

            

	
            

            

            

            
QQ|本地廣告聯(lián)系: QQ:905790666 TEL:13176190456|Archiver|手機版|小黑屋|汶上信息港
( 魯ICP備19052200號-1 )

            

            
GMT+8, 2025-5-20 17:02


            

            

            

            Powered by Discuz! X3.5
            

            © 2001-2025 Discuz! Team.
            

            



            
快速回復(fù)
返回頂部

返回列表