windbg断点脚本
来源:互联网 发布:tensorflow 小说生成 编辑:程序博客网 时间:2024/05/16 04:50
形如:bp Address "j (Condition) 'OptionalCommands'; 'gc' "
bp kernel32!readfile "j poi(esp+4) != 0x67c 'dc esp'; 'gc'"
执行脚本http://www.pediy.com/kssd/pediy10/83946.html
$$><C:\script.txt
ReadFile (00000678 08d837b8 0000154b 0012f50c 00000000);
0012f4f0 09a0dca7 kernel32!ReadFile fn0()
WARNING: Stack unwind information not available. Following frames may be wrong.
0012f510 09a0dd86 Toolkit!CPhotoTextTip::InitXaml+0x136e fn1()
0012f55c 09a09844 Toolkit!CPhotoTextTip::InitXaml+0x144d fn2()
fn0(){
09a0dca7 85c0 test eax,eax
09a0dca9 7507 jne Toolkit!CPhotoTextTip::InitXaml+0x1379 (09a0dcb2)(发
生跳转)
09a0dcab e8e2030000 call Toolkit!CPhotoTextTip::InitXaml+0x1759 (09a0e092)
09a0dcb0 eb0f jmp Toolkit!CPhotoTextTip::InitXaml+0x1388 (09a0dcc1)
09a0dcb2 8b45fc mov eax,dword ptr [ebp-4]
09a0dcb5 2b4510 sub eax,dword ptr [ebp+10h]
09a0dcb8 f7d8 neg eax
09a0dcba 1bc0 sbb eax,eax
09a0dcbc 2526000780 and eax,80070026h
09a0dcc1 c9 leave
09a0dcc2 c20c00 ret 0Ch
}
fn1(){
Toolkit!CPhotoTextTip::InitXaml+0x144d:
09a0dd86 3bc3 cmp eax,ebx(eax =0 ebx = 0)
09a0dd88 7c1f jl(小于/不大于等于时转移) Toolkit!
CPhotoTextTip::InitXaml+0x1470 (09a0dda9)
09a0dd8a 3bf3 cmp esi,ebx(esi=08d837b8 ebx=0)
09a0dd8c 7427 je(相等跳转) Toolkit!CPhotoTextTip::InitXaml+0x147c
(09a0ddb5)
09a0dd8e 8b45e0 mov eax,dword ptr [ebp-20h](eax=0x154b)
09a0dd91 3bc3 cmp eax,ebx(eax=154b,ebx=0)
09a0dd93 7414 je Toolkit!CPhotoTextTip::InitXaml+0x1470 (09a0dda9)
09a0dd95 ff7508 push dword ptr [ebp+8]//12f588入栈
09a0dd98 8b4f04 mov ecx,dword ptr [edi+4]//ecx=0
09a0dd9b 56 push esi//esi=08d837b8
09a0dd9c 03c6 add eax,esi//eax=08d84d03
09a0dd9e 51 push ecx//ecx = 0
09a0dd9f 8bf7 mov esi,edi//esi=0012f588
09a0dda1 e81c010000 call Toolkit!CPhotoTextTip::InitXaml+0x1589 (09a0dec2)
09a0dda6 8b75ec mov esi,dword ptr [ebp-14h]//esi=08d837b8
09a0dda9 3bf3 cmp esi,ebx//ebx=0 esi=08d837b8
09a0ddab 7408 je Toolkit!CPhotoTextTip::InitXaml+0x147c (09a0ddb5)
09a0ddad 56 push esi//esi=08d837b8
09a0ddae ff154c22a109 call dword ptr [Toolkit!CPhotoTextTip::InitXaml+0x5913
(09a1224c)]
09a0ddb4 59 pop ecx//ecx=08d837b8
09a0ddb5 395dd8 cmp dword ptr [ebp-28h],ebx//00678,0
09a0ddb8 7409 je Toolkit!CPhotoTextTip::InitXaml+0x148a (09a0ddc3)
09a0ddba ff75d8 push dword ptr [ebp-28h]//00678
09a0ddbd ff157020a109 call dword ptr [Toolkit!CPhotoTextTip::InitXaml+0x5737
(09a12070)]
09a0ddc3 8bc7 mov eax,edi//eax=0012f588
09a0ddc5 e81f200000 call Toolkit!CPhotoTextTip::InitXaml+0x34b0 (09a0fde9)
09a0ddca c3 ret
}
fn2()
{
Toolkit!Uninit+0x1a30:
09a09844 59 pop ecx
09a09845 59 pop ecx//ecx=001aa608
09a09846 8d44241c lea eax,[esp+1Ch]//eax=0012f588
09a0984a 8d5c2430 lea ebx,[esp+30h]//ebx=0012f59c
09a0984e c684248003000001 mov byte ptr [esp+380h],1
09a09856 e801460000 call Toolkit!CPhotoTextTip::InitXaml+0x1523 (09a0de5c)
09a0985b 8bd8 mov ebx,eax//ebx=0012f59c
09a0985d 8d44241c lea eax,[esp+1Ch]//eax=0012f588
09a09861 3bc3 cmp eax,ebx
09a09863 7427 je Toolkit!Uninit+0x1a78 (09a0988c)
09a09865 8bf0 mov esi,eax//esi=0012f588
09a09867 e88a8affff call Toolkit+0x22f6 (09a022f6)
09a0986c 8b03 mov eax,dword ptr [ebx]//eax=08d86288
09a0986e 8944241c mov dword ptr [esp+1Ch],eax
09a09872 8b4304 mov eax,dword ptr [ebx+4]//eax=08d877d3
09a09875 89442420 mov dword ptr [esp+20h],eax
09a09879 8b4308 mov eax,dword ptr [ebx+8]//eax=08d877d3
09a0987c 33ff xor edi,edi
09a0987e 89442424 mov dword ptr [esp+24h],eax
09a09882 893b mov dword ptr [ebx],edi//edi=0
09a09884 897b04 mov dword ptr [ebx+4],edi
09a09887 897b08 mov dword ptr [ebx+8],edi
09a0988a eb02 jmp Toolkit!Uninit+0x1a7a (09a0988e)
09a0988c 33ff xor edi,edi
09a0988e 8b1d1c22a109 mov ebx,dword ptr [Toolkit!
CPhotoTextTip::InitXaml+0x58e3 (09a1221c)]//ebx=78ab0174 (delete)
09a09894 397c2430 cmp dword ptr [esp+30h],edi(0,0)
09a09898 7407 je Toolkit!Uninit+0x1a8d (09a098a1)
09a0989a ff742430 push dword ptr [esp+30h]
09a0989e ffd3 call ebx
09a098a0 59 pop ecx
09a098a1 8b442420 mov eax,dword ptr [esp+20h]//eax=08d877d3
09a098a5 2b44241c sub eax,dword ptr [esp+1Ch]//eax=0000154b
09a098a9 6a00 push 0
09a098ab 58 pop eax//eax=0
09a098ac c744245407000000 mov dword ptr [esp+54h],7
09a098b4 897c2450 mov dword ptr [esp+50h],edi//edi=0
09a098b8 6689442440 mov word ptr [esp+40h],ax//ax=0
09a098bd c684248003000003 mov byte ptr [esp+380h],3
09a098c5 0f84f3000000 je Toolkit!Uninit+0x1baa (09a099be)//没有跳转
09a098cb 88442413 mov byte ptr [esp+13h],al//al=0
09a098cf 8d442413 lea eax,[esp+13h]
09a098d3 8d74241c lea esi,[esp+1Ch]//eax=0012f57f esi=0012f588
09a098d7 e89588ffff call Toolkit+0x2171 (09a02171)
09a098dc 8d442413 lea eax,[esp+13h]//eax=0012f57f
09a098e0 c644241300 mov byte ptr [esp+13h],0
09a098e5 e88788ffff call Toolkit+0x2171 (09a02171)
09a098ea 68e9fd0000 push 0FDE9h
09a098ef ff742420 push dword ptr [esp+20h]//08d837b8入栈
09a098f3 8d442468 lea eax,[esp+68h]//eax=0012f5cc
09a098f7 89442464 mov dword ptr [esp+64h],eax
09a098fb 8d442464 lea eax,[esp+64h]//eax=0012f5c8
09a098ff 50 push eax
09a09900 e80b8affff call Toolkit+0x2310 (09a02310)
09a09905 c684248003000004 mov byte ptr [esp+380h],4
09a0990d 8b44245c mov eax,dword ptr [esp+5Ch]//eax=08d857c0
09a09911 8d4802 lea ecx,[eax+2]//ecx=08d857c2
09a09914 668b10 mov dx,word ptr [eax]//dx=0x5b
09a09917 83c002 add eax,2//eax=08d857c2
09a0991a 663bd7 cmp dx,di//5b,0
09a0991d 75f5 jne Toolkit!Uninit+0x1b00 (09a09914)
dc eax:
0:000> du eax
08d857c2 "MoloAndroid]..URL_FEEDBACK=http:"
08d85802 "//m2.app.qq.com/feedback/report."
08d85842 "htm..;feedback..URL_AUTOFEEDBACK"
08d85882 "=http://agent.sj.qq.com/sblquery"
08d858c2 ".do..;autofeedback..URL_CONNECTW"
08d85902 "IZARD_HELP=http://androidpc.app."
08d85942 "qq.com/app1/vertis.do?id=2013082"
08d85982 "30002..;connect debugmode select"
08d859c2 " view on clicked help btn..URL_"
08d85a02 "SHELLAPP_ANDROIDPCAPP=http://and"
08d85a42 "roidpc.app.qq.com/..;?..URL_DIM_"
08d85a82 "GET=http://m4.qq.com/login/getTw"
09a0991f 2bc1 sub eax,ecx
09a09921 d1f8 sar eax,1
09a09923 50 push eax
09a09924 8b442460 mov eax,dword ptr [esp+60h]
09a09928 8d4c2444 lea ecx,[esp+44h]
09a0992c e8dac7ffff call Toolkit+0x610b (09a0610b)
09a09931 8d442460 lea eax,[esp+60h]
09a09935 c684248003000003 mov byte ptr [esp+380h],3
09a0993d 3944245c cmp dword ptr [esp+5Ch],eax
09a09941 740b je Toolkit!Uninit+0x1b3a (09a0994e)
09a09943 ff74245c push dword ptr [esp+5Ch]
09a09947 ff152c22a109 call dword ptr [Toolkit!CPhotoTextTip::InitXaml+0x58f3
(09a1222c)]
09a0994d 59 pop ecx
09a0994e 6a10 push 10h
09a09950 ff153422a109 call dword ptr [Toolkit!CPhotoTextTip::InitXaml+0x58fb
(09a12234)]
09a09956 8bf0 mov esi,eax
09a09958 59 pop ecx
09a09959 89742418 mov dword ptr [esp+18h],esi
09a0995d c684248003000005 mov byte ptr [esp+380h],5
09a09965 3bf7 cmp esi,edi
09a09967 7429 je Toolkit!Uninit+0x1b7e (09a09992)
09a09969 897e08 mov dword ptr [esi+8],edi
09a0996c e8010e0000 call Toolkit!Uninit+0x295e (09a0a772)
09a09971 894604 mov dword ptr [esi+4],eax
09a09974 8900 mov dword ptr [eax],eax
09a09976 8b4604 mov eax,dword ptr [esi+4]
09a09979 894004 mov dword ptr [eax+4],eax
09a0997c 8b4604 mov eax,dword ptr [esi+4]
09a0997f 894008 mov dword ptr [eax+8],eax
09a09982 8b4604 mov eax,dword ptr [esi+4]
09a09985 c6403801 mov byte ptr [eax+38h],1
09a09989 8b4604 mov eax,dword ptr [esi+4]
09a0998c c6403901 mov byte ptr [eax+39h],1
09a09990 eb02 jmp Toolkit!Uninit+0x1b80 (09a09994)
09a09992 33f6 xor esi,esi
09a09994 8b7c242c mov edi,dword ptr [esp+2Ch]
09a09998 83ec1c sub esp,1Ch
09a0999b 8d4c245c lea ecx,[esp+5Ch]
09a0999f 8bc4 mov eax,esp
09a099a1 89642448 mov dword ptr [esp+48h],esp
09a099a5 c684249c03000003 mov byte ptr [esp+39Ch],3
09a099ad 51 push ecx
09a099ae 897714 mov dword ptr [edi+14h],esi
09a099b1 e8b51c0000 call Toolkit!Uninit+0x3857 (09a0b66b)
09a099b6 8b4f14 mov ecx,dword ptr [edi+14h]
09a099b9 e84a010000 call Toolkit!Uninit+0x1cf4 (09a09b08)
09a099be 6a01 push 1
09a099c0 33ff xor edi,edi
09a099c2 8d742444 lea esi,[esp+44h]
09a099c6 e8bdc6ffff call Toolkit+0x6088 (09a06088)
09a099cb 33f6 xor esi,esi
09a099cd 3974241c cmp dword ptr [esp+1Ch],esi
09a099d1 7407 je Toolkit!Uninit+0x1bc6 (09a099da)
09a099d3 ff74241c push dword ptr [esp+1Ch]
09a099d7 ffd3 call ebx
09a099d9 59 pop ecx
09a099da 8b442414 mov eax,dword ptr [esp+14h]
09a099de 83c0f0 add eax,0FFFFFFF0h
09a099e1 8974241c mov dword ptr [esp+1Ch],esi
09a099e5 89742420 mov dword ptr [esp+20h],esi
09a099e9 89742424 mov dword ptr [esp+24h],esi
09a099ed e8f67affff call Toolkit+0x14e8 (09a014e8)
09a099f2 8b8c2478030000 mov ecx,dword ptr [esp+378h]
09a099f9 64890d00000000 mov dword ptr fs:[0],ecx
09a09a00 59 pop ecx
09a09a01 5f pop edi
09a09a02 5e pop esi
09a09a03 5b pop ebx
09a09a04 8b8c2460030000 mov ecx,dword ptr [esp+360h]
09a09a0b 33cc xor ecx,esp
09a09a0d e8a25d0000 call Toolkit!CPhotoTextTip::InitXaml+0x2e7b (09a0f7b4)
09a09a12 8be5 mov esp,ebp
09a09a14 5d pop ebp
09a09a15 c20400 ret 4
}
bp kernel32!readfile "j poi(esp+4) != 0x67c 'dc esp'; 'gc'"
执行脚本http://www.pediy.com/kssd/pediy10/83946.html
$$><C:\script.txt
ReadFile (00000678 08d837b8 0000154b 0012f50c 00000000);
0012f4f0 09a0dca7 kernel32!ReadFile fn0()
WARNING: Stack unwind information not available. Following frames may be wrong.
0012f510 09a0dd86 Toolkit!CPhotoTextTip::InitXaml+0x136e fn1()
0012f55c 09a09844 Toolkit!CPhotoTextTip::InitXaml+0x144d fn2()
fn0(){
09a0dca7 85c0 test eax,eax
09a0dca9 7507 jne Toolkit!CPhotoTextTip::InitXaml+0x1379 (09a0dcb2)(发
生跳转)
09a0dcab e8e2030000 call Toolkit!CPhotoTextTip::InitXaml+0x1759 (09a0e092)
09a0dcb0 eb0f jmp Toolkit!CPhotoTextTip::InitXaml+0x1388 (09a0dcc1)
09a0dcb2 8b45fc mov eax,dword ptr [ebp-4]
09a0dcb5 2b4510 sub eax,dword ptr [ebp+10h]
09a0dcb8 f7d8 neg eax
09a0dcba 1bc0 sbb eax,eax
09a0dcbc 2526000780 and eax,80070026h
09a0dcc1 c9 leave
09a0dcc2 c20c00 ret 0Ch
}
fn1(){
Toolkit!CPhotoTextTip::InitXaml+0x144d:
09a0dd86 3bc3 cmp eax,ebx(eax =0 ebx = 0)
09a0dd88 7c1f jl(小于/不大于等于时转移) Toolkit!
CPhotoTextTip::InitXaml+0x1470 (09a0dda9)
09a0dd8a 3bf3 cmp esi,ebx(esi=08d837b8 ebx=0)
09a0dd8c 7427 je(相等跳转) Toolkit!CPhotoTextTip::InitXaml+0x147c
(09a0ddb5)
09a0dd8e 8b45e0 mov eax,dword ptr [ebp-20h](eax=0x154b)
09a0dd91 3bc3 cmp eax,ebx(eax=154b,ebx=0)
09a0dd93 7414 je Toolkit!CPhotoTextTip::InitXaml+0x1470 (09a0dda9)
09a0dd95 ff7508 push dword ptr [ebp+8]//12f588入栈
09a0dd98 8b4f04 mov ecx,dword ptr [edi+4]//ecx=0
09a0dd9b 56 push esi//esi=08d837b8
09a0dd9c 03c6 add eax,esi//eax=08d84d03
09a0dd9e 51 push ecx//ecx = 0
09a0dd9f 8bf7 mov esi,edi//esi=0012f588
09a0dda1 e81c010000 call Toolkit!CPhotoTextTip::InitXaml+0x1589 (09a0dec2)
09a0dda6 8b75ec mov esi,dword ptr [ebp-14h]//esi=08d837b8
09a0dda9 3bf3 cmp esi,ebx//ebx=0 esi=08d837b8
09a0ddab 7408 je Toolkit!CPhotoTextTip::InitXaml+0x147c (09a0ddb5)
09a0ddad 56 push esi//esi=08d837b8
09a0ddae ff154c22a109 call dword ptr [Toolkit!CPhotoTextTip::InitXaml+0x5913
(09a1224c)]
09a0ddb4 59 pop ecx//ecx=08d837b8
09a0ddb5 395dd8 cmp dword ptr [ebp-28h],ebx//00678,0
09a0ddb8 7409 je Toolkit!CPhotoTextTip::InitXaml+0x148a (09a0ddc3)
09a0ddba ff75d8 push dword ptr [ebp-28h]//00678
09a0ddbd ff157020a109 call dword ptr [Toolkit!CPhotoTextTip::InitXaml+0x5737
(09a12070)]
09a0ddc3 8bc7 mov eax,edi//eax=0012f588
09a0ddc5 e81f200000 call Toolkit!CPhotoTextTip::InitXaml+0x34b0 (09a0fde9)
09a0ddca c3 ret
}
fn2()
{
Toolkit!Uninit+0x1a30:
09a09844 59 pop ecx
09a09845 59 pop ecx//ecx=001aa608
09a09846 8d44241c lea eax,[esp+1Ch]//eax=0012f588
09a0984a 8d5c2430 lea ebx,[esp+30h]//ebx=0012f59c
09a0984e c684248003000001 mov byte ptr [esp+380h],1
09a09856 e801460000 call Toolkit!CPhotoTextTip::InitXaml+0x1523 (09a0de5c)
09a0985b 8bd8 mov ebx,eax//ebx=0012f59c
09a0985d 8d44241c lea eax,[esp+1Ch]//eax=0012f588
09a09861 3bc3 cmp eax,ebx
09a09863 7427 je Toolkit!Uninit+0x1a78 (09a0988c)
09a09865 8bf0 mov esi,eax//esi=0012f588
09a09867 e88a8affff call Toolkit+0x22f6 (09a022f6)
09a0986c 8b03 mov eax,dword ptr [ebx]//eax=08d86288
09a0986e 8944241c mov dword ptr [esp+1Ch],eax
09a09872 8b4304 mov eax,dword ptr [ebx+4]//eax=08d877d3
09a09875 89442420 mov dword ptr [esp+20h],eax
09a09879 8b4308 mov eax,dword ptr [ebx+8]//eax=08d877d3
09a0987c 33ff xor edi,edi
09a0987e 89442424 mov dword ptr [esp+24h],eax
09a09882 893b mov dword ptr [ebx],edi//edi=0
09a09884 897b04 mov dword ptr [ebx+4],edi
09a09887 897b08 mov dword ptr [ebx+8],edi
09a0988a eb02 jmp Toolkit!Uninit+0x1a7a (09a0988e)
09a0988c 33ff xor edi,edi
09a0988e 8b1d1c22a109 mov ebx,dword ptr [Toolkit!
CPhotoTextTip::InitXaml+0x58e3 (09a1221c)]//ebx=78ab0174 (delete)
09a09894 397c2430 cmp dword ptr [esp+30h],edi(0,0)
09a09898 7407 je Toolkit!Uninit+0x1a8d (09a098a1)
09a0989a ff742430 push dword ptr [esp+30h]
09a0989e ffd3 call ebx
09a098a0 59 pop ecx
09a098a1 8b442420 mov eax,dword ptr [esp+20h]//eax=08d877d3
09a098a5 2b44241c sub eax,dword ptr [esp+1Ch]//eax=0000154b
09a098a9 6a00 push 0
09a098ab 58 pop eax//eax=0
09a098ac c744245407000000 mov dword ptr [esp+54h],7
09a098b4 897c2450 mov dword ptr [esp+50h],edi//edi=0
09a098b8 6689442440 mov word ptr [esp+40h],ax//ax=0
09a098bd c684248003000003 mov byte ptr [esp+380h],3
09a098c5 0f84f3000000 je Toolkit!Uninit+0x1baa (09a099be)//没有跳转
09a098cb 88442413 mov byte ptr [esp+13h],al//al=0
09a098cf 8d442413 lea eax,[esp+13h]
09a098d3 8d74241c lea esi,[esp+1Ch]//eax=0012f57f esi=0012f588
09a098d7 e89588ffff call Toolkit+0x2171 (09a02171)
09a098dc 8d442413 lea eax,[esp+13h]//eax=0012f57f
09a098e0 c644241300 mov byte ptr [esp+13h],0
09a098e5 e88788ffff call Toolkit+0x2171 (09a02171)
09a098ea 68e9fd0000 push 0FDE9h
09a098ef ff742420 push dword ptr [esp+20h]//08d837b8入栈
09a098f3 8d442468 lea eax,[esp+68h]//eax=0012f5cc
09a098f7 89442464 mov dword ptr [esp+64h],eax
09a098fb 8d442464 lea eax,[esp+64h]//eax=0012f5c8
09a098ff 50 push eax
09a09900 e80b8affff call Toolkit+0x2310 (09a02310)
09a09905 c684248003000004 mov byte ptr [esp+380h],4
09a0990d 8b44245c mov eax,dword ptr [esp+5Ch]//eax=08d857c0
09a09911 8d4802 lea ecx,[eax+2]//ecx=08d857c2
09a09914 668b10 mov dx,word ptr [eax]//dx=0x5b
09a09917 83c002 add eax,2//eax=08d857c2
09a0991a 663bd7 cmp dx,di//5b,0
09a0991d 75f5 jne Toolkit!Uninit+0x1b00 (09a09914)
dc eax:
0:000> du eax
08d857c2 "MoloAndroid]..URL_FEEDBACK=http:"
08d85802 "//m2.app.qq.com/feedback/report."
08d85842 "htm..;feedback..URL_AUTOFEEDBACK"
08d85882 "=http://agent.sj.qq.com/sblquery"
08d858c2 ".do..;autofeedback..URL_CONNECTW"
08d85902 "IZARD_HELP=http://androidpc.app."
08d85942 "qq.com/app1/vertis.do?id=2013082"
08d85982 "30002..;connect debugmode select"
08d859c2 " view on clicked help btn..URL_"
08d85a02 "SHELLAPP_ANDROIDPCAPP=http://and"
08d85a42 "roidpc.app.qq.com/..;?..URL_DIM_"
08d85a82 "GET=http://m4.qq.com/login/getTw"
09a0991f 2bc1 sub eax,ecx
09a09921 d1f8 sar eax,1
09a09923 50 push eax
09a09924 8b442460 mov eax,dword ptr [esp+60h]
09a09928 8d4c2444 lea ecx,[esp+44h]
09a0992c e8dac7ffff call Toolkit+0x610b (09a0610b)
09a09931 8d442460 lea eax,[esp+60h]
09a09935 c684248003000003 mov byte ptr [esp+380h],3
09a0993d 3944245c cmp dword ptr [esp+5Ch],eax
09a09941 740b je Toolkit!Uninit+0x1b3a (09a0994e)
09a09943 ff74245c push dword ptr [esp+5Ch]
09a09947 ff152c22a109 call dword ptr [Toolkit!CPhotoTextTip::InitXaml+0x58f3
(09a1222c)]
09a0994d 59 pop ecx
09a0994e 6a10 push 10h
09a09950 ff153422a109 call dword ptr [Toolkit!CPhotoTextTip::InitXaml+0x58fb
(09a12234)]
09a09956 8bf0 mov esi,eax
09a09958 59 pop ecx
09a09959 89742418 mov dword ptr [esp+18h],esi
09a0995d c684248003000005 mov byte ptr [esp+380h],5
09a09965 3bf7 cmp esi,edi
09a09967 7429 je Toolkit!Uninit+0x1b7e (09a09992)
09a09969 897e08 mov dword ptr [esi+8],edi
09a0996c e8010e0000 call Toolkit!Uninit+0x295e (09a0a772)
09a09971 894604 mov dword ptr [esi+4],eax
09a09974 8900 mov dword ptr [eax],eax
09a09976 8b4604 mov eax,dword ptr [esi+4]
09a09979 894004 mov dword ptr [eax+4],eax
09a0997c 8b4604 mov eax,dword ptr [esi+4]
09a0997f 894008 mov dword ptr [eax+8],eax
09a09982 8b4604 mov eax,dword ptr [esi+4]
09a09985 c6403801 mov byte ptr [eax+38h],1
09a09989 8b4604 mov eax,dword ptr [esi+4]
09a0998c c6403901 mov byte ptr [eax+39h],1
09a09990 eb02 jmp Toolkit!Uninit+0x1b80 (09a09994)
09a09992 33f6 xor esi,esi
09a09994 8b7c242c mov edi,dword ptr [esp+2Ch]
09a09998 83ec1c sub esp,1Ch
09a0999b 8d4c245c lea ecx,[esp+5Ch]
09a0999f 8bc4 mov eax,esp
09a099a1 89642448 mov dword ptr [esp+48h],esp
09a099a5 c684249c03000003 mov byte ptr [esp+39Ch],3
09a099ad 51 push ecx
09a099ae 897714 mov dword ptr [edi+14h],esi
09a099b1 e8b51c0000 call Toolkit!Uninit+0x3857 (09a0b66b)
09a099b6 8b4f14 mov ecx,dword ptr [edi+14h]
09a099b9 e84a010000 call Toolkit!Uninit+0x1cf4 (09a09b08)
09a099be 6a01 push 1
09a099c0 33ff xor edi,edi
09a099c2 8d742444 lea esi,[esp+44h]
09a099c6 e8bdc6ffff call Toolkit+0x6088 (09a06088)
09a099cb 33f6 xor esi,esi
09a099cd 3974241c cmp dword ptr [esp+1Ch],esi
09a099d1 7407 je Toolkit!Uninit+0x1bc6 (09a099da)
09a099d3 ff74241c push dword ptr [esp+1Ch]
09a099d7 ffd3 call ebx
09a099d9 59 pop ecx
09a099da 8b442414 mov eax,dword ptr [esp+14h]
09a099de 83c0f0 add eax,0FFFFFFF0h
09a099e1 8974241c mov dword ptr [esp+1Ch],esi
09a099e5 89742420 mov dword ptr [esp+20h],esi
09a099e9 89742424 mov dword ptr [esp+24h],esi
09a099ed e8f67affff call Toolkit+0x14e8 (09a014e8)
09a099f2 8b8c2478030000 mov ecx,dword ptr [esp+378h]
09a099f9 64890d00000000 mov dword ptr fs:[0],ecx
09a09a00 59 pop ecx
09a09a01 5f pop edi
09a09a02 5e pop esi
09a09a03 5b pop ebx
09a09a04 8b8c2460030000 mov ecx,dword ptr [esp+360h]
09a09a0b 33cc xor ecx,esp
09a09a0d e8a25d0000 call Toolkit!CPhotoTextTip::InitXaml+0x2e7b (09a0f7b4)
09a09a12 8be5 mov esp,ebp
09a09a14 5d pop ebp
09a09a15 c20400 ret 4
}
0 0
- windbg断点脚本
- 用Windbg+脚本,设置消息断点
- windbg断点
- windbg调试-----断点设置
- windbg条件断点
- WinDBG常用断点命令
- Windbg 常用断点
- WinDbg 设置断点
- Windbg设置条件断点
- Windbg断点 dt命令
- windbg 调试断点设置
- Windbg断点命令
- Windbg断点命令
- WinDBG条件断点
- windbg 断点 未完
- windbg常用断点 (zz)
- windbg断点相关
- windbg断点相关
- os开发之如何添加多媒体文件(音频,视频)
- R语言与数据分析之二:绘图
- 【星座】十二星座会因为什么变穷
- 根据exception 异常堆栈信息
- BloomFilter 简介及在 Hadoop reduce side join 中的应用
- windbg断点脚本
- Android Android自带的Base64知识总结
- 在Mac下搭建Docker并共享文件
- mondrian schema文件:中文读取乱码并出错 的解决
- Android 视频深入解析
- 网页登录时密码如何传输?
- not using the 2- or 3-argument View constructors
- 解决ubuntu强制关机后root登录用户消失,只能访客登录问题
- windows oid 利用SNMP获得主机信息
