ret
sEh1 endp
;Release assume
Assume esi:Nothing,edi:Nothing
;-----------------------------------------
;FOR debug purpose,Rubbish,....you can del it!
.data
fmt db "The Cur EIP IS: %08X Cur Excpt NUM is: %08X",0dh,0ah
db "The Ecpt FLAGS VALUE in HEX: %X",0dh,0ah
db "Common REG DUMP:",0dh,0ah
db "EAX: %08X EBX: %08X",0dh,0ah
db "ECX: %08X EDX: %08X",0dh,0ah
db "ESI: %08X EDI: %08X",0dh,0ah
.code
;DUMP THREAD CONTEXTS Need esi:pt Excpt_Record
;edi: pt Context
dP proc
local buf[256]:byte
pushad
mov eax,(EXCEPTION_RECORD ptr [esi]).ExceptionFlags
INVOKE wsprintf,addr buf,offset fmt,(CONTEXT PTR [edi]).regEip,(dword ptr [esi]),eax,\
(CONTEXT PTR [edi]).regEax,(CONTEXT PTR [edi]).regEbx,\
(CONTEXT PTR [edi]).regEcx,(CONTEXT PTR [edi]).regEdx,\
(CONTEXT PTR [edi]).regEsi,(CONTEXT PTR [edi]).regEdi
INVOKE MessageBox,0,addr buf,CTEXT("VEH Detector...debug purpose...Hume"),0
popad
ret
dP endp
END __Start
;==============================================================
下面附例子用到的几个宏:
CTEXT,相信诸位见过多次了,不多说.
sWin32:相当于push syntax call label
rd: 数据定义DWORD
m2m: 相当于push syn1 pop syn2
JEAXZ :eax=0,jmp des
$incoke():inline coding
详细请下载在我主页上的最新头文件
revargs MACRO args:VARARG
LOCAL target
target TEXTEQU <>
IFNB <args>
FOR arg,<args>
IFNB <arg>
target CATSTR <arg>,<!,>,target
ENDIF
ENDM
target SUBSTR target,1,@SizeStr(%target)-1
ENDIF
EXITM target
ENDM
sWin32 Macro label:REQ,args:VARARG ;Which allow no protos discalaiming
% FOR pxx,<revargs(args)> ;But you need to guarantee the
IFNB <pxx> ;the syntax yourself
push pxx
ENDIF
ENDM
call label
ENDM
m2m MACRO M1, M2 ;mov is too boring!
push M2
pop M1
ENDM
$invoke Macro fun:REQ,args:VARARG
IFNB <args>
invoke fun,&args
ELSE
invoke fun
ENDIF
EXITM <eax>
ENDM
rd Macro label:REQ,count
IFNB <count>
label dd &count dup(?)
ELSE
label dd ?
ENDIF
EndM
JEAXZ MACRO Destination ;Like JECXZ,for Convinient
test eax,eax
je Destination
ENDM
The way OF Hume,2002.7
humewen@21cn.com
humeasm.yeah.net
上一页 1 2 |
安全中国首页 > 文章中心 > 编释语言