SEH 结构化异常处理(2)
http://tech.ddvip.com 2007年01月14日 社区交流 收藏本文
本文详细介绍SEH 结构化异常处理(2)
77F79B46 BAB89BF777 movedx,ntdll.77F79BB8
77F79B4B EB07 jmpshortntdll.77F79B54
77F79B4D BADF9BF777 movedx,ntdll.77F79BDF
77F79B52 8D09 leaecx,dwordptrds:[ecx]
77F79B54 53 pushebx
77F79B55 56 pushesi
77F79B56 57 pushedi
77F79B57 33C0 xoreax,eax
77F79B59 33DB xorebx,ebx
77F79B5B 33F6 xoresi,esi
77F79B5D 33FF xoredi,edi
77F79B5F FF742420 pushdwordptrss:[esp+20]
77F79B63 FF742420 pushdwordptrss:[esp+20]
77F79B67 FF742420 pushdwordptrss:[esp+20]
77F79B6B FF742420 pushdwordptrss:[esp+20]
77F79B6F FF742420 pushdwordptrss:[esp+20]
77F79B73 E806000000 callntdll.77F79B7E////F4下,F7进入,来到代码[4]
77F79B78 5F popedi
77F79B79 5E popesi
77F79B7A 5B popebx
77F79B7B C21400 retn14代码[4]
77F79B7E 55 pushebp
77F79B7F 8BEC movebp,esp
77F79B81 FF750C pushdwordptrss:[ebp+C]
77F79B84 52 pushedx
77F79B85 64:FF350000000>pushdwordptrfs:[0]
77F79B8C 64:89250000000>movdwordptrfs:[0],esp
77F79B93 FF7514 pushdwordptrss:[ebp+14]
77F79B96 FF7510 pushdwordptrss:[ebp+10]
77F79B99 FF750C pushdwordptrss:[ebp+C]
77F79B9C FF7508 pushdwordptrss:[ebp+8]
77F79B9F 8B4D18 movecx,dwordptrss:[ebp+18]
77F79BA2 FFD1 callecx //这就是异常处理回调函数!
77F79BA4 64:8B250000000>movesp,dwordptrfs:[0]
77F79BAB 64:8F050000000>popdwordptrfs:[0]
77F79BB2 8BE5 movesp,ebp
77F79BB4 5D popebp
77F79BB5 C21400 retn14//返回后继续跟,回到代码[5]处代码[6]
来源:bbs.pediy.com 作者:ytcswb 责编:豆豆技术应用
正在加载评论...