Discover edi x12, include the articles, news, trends, analysis and practical advice about edi x12 on alibabacloud.com
push edi 00402099 lea edi, [ebp-40h] 0040209C mov ecx, 10 h 004020A1 mov eax, 0 CCCCCCCCh 004020A6 rep stos dword ptr [edi] 252: return 0; 004020A8 xor eax, eax 253 :} 004020AA pop edi 004020AB pop esi 004020AC pop ebx 004020AD mov esp, ebp 004020AF pop ebp 004020B0 ret 250: static int process () 251 :{ 00402090 push
.686p. Model Flat,stdcallOption Casemap:noneInclude Windows.incInclude Kernel32.incInclude Masm32.incIncludelib "D:\vs\msvcrt.lib"Includelib Masm32.libIncludelib Kernel32.libprintf PROTO C:dword,:varargscanf PROTO C:dword,:vararg. DataHello db ' Hello ', 0A DWORD 5,4,30,2,1P byte '%s ', 0ahHint1 byte "Please enter 5 numbers:", 0ah,0Hint2 byte "like 5 2 3 1 4,", 0ah,0FMT byte "%d%d%d%d%d", 0ah,0Lin byte "function:%d", 0ah,0Edii byte "Before exchanging eax:%d,ebx:%d", 0ah,0Edia byte "After exchang
PUSH; Gptr00404120 FFD0 call EAX; Request 800 bytes00404122 8905 CA404000 MOV DWORD PTR ds:[4040ca],eax00404128 89c7 MOV Edi,eax0040412A be 00104000 MOV esi,ahpack.004010000040412F Pushad; start Aplib00404130 FC CLD00404131 B2 MOV dl,8000404133 31DB XOR ebx,ebx00404135 A4 MOVS BYTE ptr es:[edi],byte ptr Ds:[esi]00404136 B3 MOV bl,200404138 E8 6d000000 call AHPACK.004041AA0040413D ^ F6 JNB short ahpack.0040
It turns out that there have been checksum-related cracking on the internet. I will interview the checksum compilation code and the vb version for cracking.Currently, I am using the checksum code of vb.Assembly Code of checksum:GOOGLECHECK proc nearVar_8 = dword ptr-8Var_4 = dword ptr-4Url_offset = dword ptr 8Url_length = dword ptr 0ChMagic_dword = dword ptr 10 hPush ebpMov ebp, espPush ecxPush ecxMov eax, [ebp + url_length]Cmp eax, 0ChPush ebxPush esiMov esi, [ebp + magic_dword]; = 0xE6359A60Pu
1.GetcurrentdirectoryGet Current Directory 2.GetmodulefilenameObtain the complete path+ PathremovefilespecSeparate pure path . 386 . ModelFlat, stdcall Option Casemap: None IncludeWindows. inc IncludeKernel32.inc IncludeUser32.inc IncludelibKernel32.lib IncludelibUser32.lib IncludeShlwapi. inc; PathremovefilespecUse IncludelibShlwapi. Lib . Data HinstanceDd? SzprofilenameDBMax_path DUP (?) SzfilenameDB'/Test. ini', 0;The file name is prefixed./ . Code Start:InvokeGetmodulehandle, null MoVHins
CCBE push EBX. Text: 0045 CCBF push ESI. Text: 0045ccc0 mov [EBP + var_4], eax; set the last 4 bytes of the variable to [005fbf64] And a random value.. Text: 0045ccc3 push EDI. Text: 0045ccc4 Lea eax, [EBP + widecharstr]. Text: 0045 ccca push eax. Text: 0045 cccb mov ECx, offset a_htm; ". htm". Text: 0045ccd0 mov edX, 80000000 H. Text: 0045ccd5 call sub_45c9f0. Text: 0045 ccda test eax, eax. Text: 0045 CCDC jnz loc_45cdce. Text: 0045cce2 mov EBX, DS:
to the string lengthAdd ECx, Len // Add the character LengthINC ECxAdd ECx, 4 // Add the original entry RVA ValueAdd ECx, 4 // Add four bytes of the getmodulhand addressMoV dword ptr [ESI + 28 h], ECxLea ESI, ChaoMoV EDI, dword ptr [eax + 14 H]Add EDI, imagebaseMoV ECx, LenINC ECxClDRep movs byte PTR [EDI], byte PTR [esi]Lea ESI, address // address for writing g
temporary base address in the item bar where the person involved is located.0dd97468, search for this address to get several codes to monitor the access respectively. Move the mouse to change the person's character to get the code:0076b9d1-3B 3D 64811003-cmp edi, [03108164]0076b9d7-75 2a-JNE 0076ba030076b9d9-8B 84 B7 04040000-mov eax, [EDI + ESI * 4 + 00000404]Obviously [
Tags: OS SP Div code BS as method simple functionSTOs includes stosb stosw stosd. The registers involved are eax and EDI. The functions are as follows: stosb copies values in Al to byte ptr es: [EDI, at the same time, EDI ++ stosw copies the value in ax to word ptr es: [EDI], and E
by axis 2007-03-28 http://www.ph4nt0m.org Simplified Chinese Windows Universal Jump Address: (2K/XP/2K3) 0X7FFA45F3 jmp ecx \xff\xe1 0x7ffa4967 jmp EBP \xff\xe5 0X7FFA4A1B jmp ebx \xff\xe3 0x7ffa6773 push Ebx,retn \x53\xc3 (0x7ffa6772 is pop edx) 0x7ffd1769--0x7ffd1779 jmp eax \xff\xe0 0x7ffc01b0 Pop Esi,retn \x5e\xc3 0X7FFA54CF 0x7ffaf780 jmp edx \xff\xe2 7ffa1571 POP EAX 7ffa1572 BF 58c058c2 MOV edi,c258c058 7ffa1577 POP EAX 7ffa1578 C3 RETN KR
in the operation, such as Movl $foo,%eax equivalent to Intel's mov eax, word ptr foo Long jumps and calls are different in format, att for ljmp $section, $offset, while Intel is JMP Section:offset The main difference is these, the other details are many, here is a concrete example to illustrate #cpuid. S Sample Program . Section. Data Output . ASCII "The processor vendor ID is ' xxxxxxxxxxxx '/n ' . section. Text . globl _start _start: MOVL $,%eax Cpuid MOVL $output,%
ptr [ebp-4]14.013b1059 Add Eax,esi15.013b105b Add Eax,edx16.013B105D mov edx,dword ptr [__imp_std::endl (13B204CH)]17.013b1063 Add Ecx,eax//The top 3 Add instructions add Ebx,ecx,edx,edi to ECX, that is, the ECX is the cumulative result Visible compiler generated code is the best code, eliminate the intermediate variable i, reduce the number of cycles, eliminate the CPU can not be disorderly execution of the factors. BTW: One might have a question: i
loadRetDllentry ENDP To convert the value in Edx:eax to a decimal output form string, which is familiar, as in the previous example!OUTEDXEAX proc \; For example: edx=0,eax=01234567h, the converted string is:Uses ebx esi edi,lpstring; -> ' 19088743 ', 0mov edi,lpstring; point to address where results are storedMOV esi,lpstring mov ecx,10; convert to Decimal. While eax!=0 | | Edx!=0Push EAXMOV Eax,edxXOR
1 parameter passing (default calling convention) Use VC6.0 to create a new empty console application, create a new source file Main.c, write the following code, pay attention to debug compile, do not use release, lest the code by VC optimization, disassembly does not correspond. int addint (int a, int b) { int c = a+b; return c; } int main () { int x = AddInt (1, 3); return 0; } In the main function into the braces down, press F5 run, the program is broken, then press the combination of
this limit//run: Run.exe automatically compiles pm16.c and pm32.c and then generates an IMG and calls Bochs to run the program// Hint: Please first compile run.c file with yc09, generate Run.exe Program//After modify PM16.C and pm32.c code, can run Run.exe view effect directly, click Enter again compile run//author: Miao//Time: 2010-2-8 #define Ycbit 32//Tell the compiler to compile the program in 32-bit format #define ycorg 0x0//This value generates an address base offset for variable function
Assembly language: Movsb,movsw,movsdTransferred from: http://blog.csdn.net/zhenyongyuan123/article/details/8364011Currently, the 80386 series of processors provide several sets of instructions for handling byte, Word, and double-word values, although these directives become basic string directives, but their usage is not limited to character arrays.Instructions:MOVSB, MOVSW, Movsd Describe:Moves the string data, copying the data at the memory address addressed by the ESI register to the memory a
Paste the source code first#include Another example#include Another one.#include Disassembly analysis1:void Main () 2: {00401010 push ebp00401011 mov ebp,esp00401013 sub esp,68h00401016 p Ush ebx00401017 push esi00401018 push edi00401019 Lea EDI,[EBP-68H]0040101C mov ECX,1AH00401021 mov eax,0cccccccch00401026 rep stos dword ptr [Edi]3:int narray[5] = {1, 2, 3 , 4, 5};00401028 mov dword ptr [ebp-14h]
1111 //Program Description: Output multi-line content, the content is as follows2 /*3 *4 ***5 *****6 *******7 *****8 ***9 *Ten */ One#include A using namespacestd; - intMain () - { thecout " *"Endl; -cout " ***"Endl; -cout " *****"Endl; -cout "*******"Endl; +cout " *****"Endl; -cout " ***"Endl; +cout " *"Endl; ASystem"Pause"); at return 0; -}Debug version of Disassembly codeintMain () {00f55e70 push ebp //Enter function after first thing, save stack bottom pointer ebp, Exi
by http://tmdnet.nothave.com NtGodModex.exe http://www.xfocus.net/tools/200804/1272.html NtGodMode.exe 9.00 KB (9,216 bytes) UPX shell, directly with ollydbg shelling, the process slightly Ntgodmode~.exe mb (123,392 bytes) view with PE tool, Delphi write 00403220 > PUSH EBP 00403221 8BEC MOV Ebp,esp 00403223 B9 0d000000 MOV ecx,0d 00403228 6A PUSH 0 0040322A 6A PUSH 0 0040322C DEC ECX 0040322D ^ F9 jnz short ntgodmod.00403228 0040322F I PUSH ECX 00403230 PUSH EBX 00403231 PUSH ESI 00403232 PUS
))LSet L = bIp2long = L.valEnd Function It's good and powerful to copy mybytes type variables to MyLong type variables with LSet. Look at the generated assembly code: Copy Code code as follows: 00401A0E Lea eax, DWORD ptr [ebp-0x20]; Address of variable B 00401A11 push EAX 00401a12 Lea eax, DWORD ptr [ebp-0x14]; The address of the variable L 00401A15 push EAX 00401A16 Push 0x4 00401a18 call __vbacopybytes; JMP to Msvbvm60.__vbacopybytes Called is the __v
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
