流沙团
基址查找测试
2018-1-18 流沙团


简单测试基址







1 ---

EAX=0000000B

EBX=00097E68

ECX=00000000

EDX=0000000B

ESI=00058338

EDI=005DF300

EBP=0160F768

ESP=0160F730

EIP=00425EBF



Probable base pointer =00058338



00425EB2 - mov eax,00000FA0

00425EB7 - call Tutorial-i386.exe+E6F0

---------00425EBC - mov [esi+18],eax

00425EBF - lea edx,[ebp-2C]

00425EC2 - call Tutorial-i386.exe+39D10





00425EBC - mov [[[[[005FC660]+0C]+14]]+18],eax





2 --

EAX=00005B92

EBX=00097E68

ECX=00000000

EDX=0000B095

ESI=00058338

EDI=005DF300

EBP=0160F768

ESP=0160F730

EIP=00425E81



Probable base pointer =00058338



00425E7A - cmp dword ptr [esi],00

00425E7D - je Tutorial-i386.exe+25ED5

-----------00425E7F - mov esi,[esi]

00425E81 - mov edx,[esi+04]

00425E84 - mov eax,[esi]





00425E7F - mov esi,[[[[005FC660]+0C]+14]]



3 --

EAX=00007EE2

EBX=00097E68

ECX=00000000

EDX=000128E8

ESI=00061650

EDI=005DF300

EBP=0160F768

ESP=0160F730

EIP=00425E48



Probable base pointer =00061650



00425E3B - cmp dword ptr [esi+14],00

00425E3F - je Tutorial-i386.exe+25ED5

-------------00425E45 - mov esi,[esi+14]

00425E48 - mov edx,[esi+08]

00425E4B - mov eax,[esi+04]





00425E45 - mov esi,[[[005FC660]+0C]+14]







4 --------

EAX=0000B1CE

EBX=00097E68

ECX=00000000

EDX=0000283D

ESI=00061610

EDI=005DF300

EBP=0160F768

ESP=0160F730

EIP=00425E07



Probable base pointer =00061610



00425DFA - cmp dword ptr [esi+0C],00

00425DFE - je Tutorial-i386.exe+25ED5

--------00425E04 - mov esi,[esi+0C]

00425E07 - mov edx,[esi+04]

00425E0A - mov eax,[esi]





00425E04 - mov esi,[[005FC660]+0C]





5 -------

EAX=00000000

EBX=00097E68

ECX=00000000

EDX=0160F894

ESI=0010C960

EDI=005DF300

EBP=0160F768

ESP=0160F730

EIP=00425DC6



Probable base pointer =001FC660



00425DB8 - test eax,eax

00425DBA - jne Tutorial-i386.exe+25ED5

---------00425DC0 - mov esi,[Tutorial-i386.exe+1FC660]

00425DC6 - mov edx,[esi+04]

00425DC9 - mov eax,[esi]





mov esi,[005FC660]



00425DC0 - mov esi,[Tutorial-i386.exe+1FC660]







mov [[[[[005FC660]+0C]+14]]+18],eax

发表评论:
昵称

邮件地址 (选填)

个人主页 (选填)

内容