BlogJava-VIRGIN FOREST OF JAVA-文章分类-ASM-MACRO

BlogJava-VIRGIN FOREST OF JAVA-文章分类-ASM-MACROhttp://www.blogjava.net/RR00/category/31982.html不要埋头苦干，要学习，学习，再学习。。。。。 <br> powered by <font color='orange'>R.Zeus</font>zh-cnMon, 11 Aug 2008 23:56:44 GMTMon, 11 Aug 2008 23:56:44 GMT60Exploit codehttp://www.blogjava.net/RR00/articles/220137.htmlR.ZeusR.ZeusTue, 05 Aug 2008 05:10:00 GMThttp://www.blogjava.net/RR00/articles/220137.htmlhttp://www.blogjava.net/RR00/comments/220137.htmlhttp://www.blogjava.net/RR00/articles/220137.html#Feedback0http://www.blogjava.net/RR00/comments/commentRss/220137.htmlhttp://www.blogjava.net/RR00/services/trackbacks/220137.html we should use registers which store the useful information in code.

jmp eax,ecx,esi,edi...

lea ebp,dowrd ptr[esp+XX] to restore stack.

mov ecx,0040xxx
jmp ecx

the same as:
push 0040xxx
ret

mov [0040xx],xxx

R.Zeus 2008-08-05 13:10 发表评论

]]>crack processhttp://www.blogjava.net/RR00/articles/219088.htmlR.ZeusR.ZeusThu, 31 Jul 2008 08:26:00 GMThttp://www.blogjava.net/RR00/articles/219088.htmlhttp://www.blogjava.net/RR00/comments/219088.htmlhttp://www.blogjava.net/RR00/articles/219088.html#Feedback0http://www.blogjava.net/RR00/comments/commentRss/219088.htmlhttp://www.blogjava.net/RR00/services/trackbacks/219088.html MessageBox
getDlgText
getWindowText

2.search inputed strings in memory.

3.button track.

R.Zeus 2008-07-31 16:26 发表评论

]]>idahttp://www.blogjava.net/RR00/articles/218069.htmlR.ZeusR.ZeusMon, 28 Jul 2008 07:04:00 GMThttp://www.blogjava.net/RR00/articles/218069.htmlhttp://www.blogjava.net/RR00/comments/218069.htmlhttp://www.blogjava.net/RR00/articles/218069.html#Feedback0http://www.blogjava.net/RR00/comments/commentRss/218069.htmlhttp://www.blogjava.net/RR00/services/trackbacks/218069.html use stud_pe to view what is it ida adds.

the sys's entry is gsEntry??what is that ?

R.Zeus 2008-07-28 15:04 发表评论

]]> SoftICE ollydbg hot keyhttp://www.blogjava.net/RR00/articles/217158.htmlR.ZeusR.ZeusThu, 24 Jul 2008 04:52:00 GMThttp://www.blogjava.net/RR00/articles/217158.htmlhttp://www.blogjava.net/RR00/comments/217158.htmlhttp://www.blogjava.net/RR00/articles/217158.html#Feedback0http://www.blogjava.net/RR00/comments/commentRss/217158.htmlhttp://www.blogjava.net/RR00/services/trackbacks/217158.html
F8：单步步过。每按一次这个键执行一条反汇编窗口中的一条指令，遇到 CALL 等子程序不进入其代码。（相当于 SoftICE 中的 F10）

F7：单步步入。功能同单步步过(F8)类似，区别是遇到 CALL 等子程序时会进入其中，进入后首先会停留在子程序的第一条指令上。（相当于 SoftICE 中的 F8）

F4：运行到选定位置。作用就是直接运行到光标所在位置处暂停。（相当于 SoftICE 中的 F7）

F9：运行。按下这个键如果没有设置相应断点的话，被调试的程序将直接开始运行。（相当于 SoftICE 中的 F5）

CTR+F9：执行到返回。此命令在执行到一个 ret (返回指令)指令时暂停，常用于从系统领空返回到我们调试的程序领空。（相当于 SoftICE 中的 F12）

ALT+F9：执行到用户代码。可用于从系统领空快速返回到我们调试的程序领空。（相当于 SoftICE 中的 F11）

R.Zeus 2008-07-24 12:52 发表评论

]]>pushz "hello.txt"http://www.blogjava.net/RR00/articles/206125.htmlR.ZeusR.ZeusThu, 05 Jun 2008 10:16:00 GMThttp://www.blogjava.net/RR00/articles/206125.htmlhttp://www.blogjava.net/RR00/comments/206125.htmlhttp://www.blogjava.net/RR00/articles/206125.html#Feedback0http://www.blogjava.net/RR00/comments/commentRss/206125.htmlhttp://www.blogjava.net/RR00/services/trackbacks/206125.html    local   nexti
   call   nexti
   db szText,00h
nexti:
endm

//db szText,00h the "db" directive will make the "szText" as opcode next to the "call   nexti" when expand the macro.
after invoke this macro,the esp will point to the szText opcode because of the call mechanism.

call = put eip+1 to esp,jump to call method.

usage: pushz "hello.txt"

//dw is the same as db,but I don't know what is the dd do.

R.Zeus 2008-06-05 18:16 发表评论

]]>