[求助]MessageBox分析-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [求助]MessageBox分析 0.00雪花

发表于: 2007-12-20 19:04 3594

[旧帖] [求助]MessageBox分析 0.00雪花

stonerhes

2007-12-20 19:04

3594

我跟进了messagebox这个函数想分析一下windows的实现。但是到调用MessageBoxTimeoutA里时，里面有就搞不懂了，尤其是调用了两次的MBToWCSEx这。本人是个菜菜，大大们帮一下。
77305731 8BFF          MOV EDI,EDI
77305733 55             PUSH EBP
77305734 8BEC       MOV EBP,ESP
77305736 51             PUSH ECX
77305737 51             PUSH ECX
77305738 53             PUSH EBX
77305739 56             PUSH ESI
7730573A 33DB       XOR EBX,EBX
7730573C 57             PUSH EDI
7730573D 33FF          XOR EDI,EDI
7730573F 43             INC EBX
77305740 83CE FF    OR ESI,FFFFFFFF
77305743 397D 0C    CMP DWORD PTR SS:[EBP+C],EDI
77305746 897D FC    MOV DWORD PTR SS:[EBP-4],EDI
77305749 897D F8    MOV DWORD PTR SS:[EBP-8],EDI
7730574C 74 18       JE SHORT user32.77305766
7730574E 53             PUSH EBX
7730574F 56             PUSH ESI
77305750 8D45 FC    LEA EAX,DWORD PTR SS:[EBP-4]
77305753 50             PUSH EAX
77305754 56             PUSH ESI
77305755 FF75 0C    PUSH DWORD PTR SS:[EBP+C]
77305758 57             PUSH EDI
77305759 E8 B67CFEFF    CALL user32.MBToWCSEx
7730575E 85C0          TEST EAX,EAX
77305760 0F84 02610200 JE user32.7732B868
------------------------------------------------------------------------------------------------------
77305766 397D 10       CMP DWORD PTR SS:[EBP+10],EDI
77305769 74 18          JE SHORT user32.77305783
7730576B 53             PUSH EBX
7730576C 56             PUSH ESI
7730576D 8D45 F8       LEA EAX,DWORD PTR SS:[EBP-8]
77305770 50             PUSH EAX
77305771 56             PUSH ESI
77305772 FF75 10       PUSH DWORD PTR SS:[EBP+10]
77305775 57             PUSH EDI
77305776 E8 997CFEFF    CALL user32.MBToWCSEx
7730577B 85C0          TEST EAX,EAX
7730577D 0F84 EC600200 JE user32.7732B86F
-------------------------------------------------------------------------------------------------------
77305783 393D B0AC3477 CMP DWORD PTR DS:[7734ACB0],EDI
77305789 0F85 F2600200 JNZ user32.7732B881
7730578F FF75 1C       PUSH DWORD PTR SS:[EBP+1C]
77305792 FF75 18       PUSH DWORD PTR SS:[EBP+18]
77305795 FF75 14       PUSH DWORD PTR SS:[EBP+14]
77305798 FF75 F8       PUSH DWORD PTR SS:[EBP-8]
7730579B FF75 FC       PUSH DWORD PTR SS:[EBP-4]
7730579E FF75 08       PUSH DWORD PTR SS:[EBP+8]
773057A1 E8 33000000    CALLuser32.MessageBoxTimeoutW
773057A6 FF75 FC       PUSH DWORD PTR SS:[EBP-4]
773057A9 8B35 24112E77 MOV ESI,DWORD PTR D    [<&ntdll.RtlFreeHeap>]                   ; ntdll.RtlFreeHeap
773057AF 57             PUSH EDI
773057B0 FF35 98A03477 PUSH DWORD PTR DS:[7734A098]
773057B6 8BD8          MOV EBX,EAX
773057B8 FFD6          CALL ESI
773057BA 397D F8       CMP DWORD PTR SS:[EBP-8],EDI
773057BD 74 0C          JE SHORT user32.773057CB
773057BF FF75 F8       PUSH DWORD PTR SS:[EBP-8]
773057C2 57             PUSH EDI
773057C3 FF35 98A03477 PUSH DWORD PTR DS:[7734A098]
773057C9 FFD6          CALL ESI
773057CB 8BC3          MOV EAX,EBX
773057CD 5F             POP EDI
773057CE 5E             POP ESI
773057CF 5B             POP EBX
773057D0 C9             LEAVE
773057D1 C2 1800       RETN 18

[培训]科锐逆向工程师培训第53期2025年7月8日开班！

收藏・0

免费・0

支持