x86调用机器代码

时间:2015-03-31 07:22:50

标签: x86 disassembly machine-code

它说,我查阅了英特尔的文件 enter image description here

在近距离的绝对间接呼叫中," FF / 2"这" / 2"意味着什么? 2个字节还是其他? 我想知道关于"调用proc"的整个列表。机密码,例如:

1: e8 xx xx xx xx --> near call relative
2: ff 15 xx xx xx xx --> near call absolute
3: ff 50 xx --> near call by reg

最诚挚的问候!非常感谢!

1 个答案:

答案 0 :(得分:-1)

我使用distorm来显示结果,编写一个循环来创建像:ff 01 xx xx xx xx - ff ff xx xx xx xx

这样的机密代码 
ff1012344500 (0L, 2L, 'CALL DWORD [EAX]', 'ff10')
ff1112344500 (0L, 2L, 'CALL DWORD [ECX]', 'ff11')
ff1212344500 (0L, 2L, 'CALL DWORD [EDX]', 'ff12')
ff1312344500 (0L, 2L, 'CALL DWORD [EBX]', 'ff13')
ff1412344500 (0L, 3L, 'CALL DWORD [EDX+EDX]', 'ff1412')
ff1512344500 (0L, 6L, 'CALL DWORD [0x453412]', 'ff1512344500')
ff1612344500 (0L, 2L, 'CALL DWORD [ESI]', 'ff16')
ff1712344500 (0L, 2L, 'CALL DWORD [EDI]', 'ff17')

ff5012344500 (0L, 3L, 'CALL DWORD [EAX+0x12]', 'ff5012')
ff5112344500 (0L, 3L, 'CALL DWORD [ECX+0x12]', 'ff5112')
ff5212344500 (0L, 3L, 'CALL DWORD [EDX+0x12]', 'ff5212')
ff5312344500 (0L, 3L, 'CALL DWORD [EBX+0x12]', 'ff5312')
ff5412344500 (0L, 4L, 'CALL DWORD [EDX+EDX+0x34]', 'ff541234')
ff5512344500 (0L, 3L, 'CALL DWORD [EBP+0x12]', 'ff5512')
ff5612344500 (0L, 3L, 'CALL DWORD [ESI+0x12]', 'ff5612')
ff5712344500 (0L, 3L, 'CALL DWORD [EDI+0x12]', 'ff5712')

ff9012344500 (0L, 6L, 'CALL DWORD [EAX+0x453412]', 'ff9012344500')
ff9112344500 (0L, 6L, 'CALL DWORD [ECX+0x453412]', 'ff9112344500')
ff9212344500 (0L, 6L, 'CALL DWORD [EDX+0x453412]', 'ff9212344500')
ff9312344500 (0L, 6L, 'CALL DWORD [EBX+0x453412]', 'ff9312344500')
ff9412344500 (0L, 1L, 'DB 0xff', 'ff')
ff9512344500 (0L, 6L, 'CALL DWORD [EBP+0x453412]', 'ff9512344500')
ff9612344500 (0L, 6L, 'CALL DWORD [ESI+0x453412]', 'ff9612344500')
ff9712344500 (0L, 6L, 'CALL DWORD [EDI+0x453412]', 'ff9712344500')

ffd012344500 (0L, 2L, 'CALL EAX', 'ffd0')
ffd112344500 (0L, 2L, 'CALL ECX', 'ffd1')
ffd212344500 (0L, 2L, 'CALL EDX', 'ffd2')
ffd312344500 (0L, 2L, 'CALL EBX', 'ffd3')
ffd412344500 (0L, 2L, 'CALL ESP', 'ffd4')
ffd512344500 (0L, 2L, 'CALL EBP', 'ffd5')
ffd612344500 (0L, 2L, 'CALL ESI', 'ffd6')
ffd712344500 (0L, 2L, 'CALL EDI', 'ffd7')

上面的结果列表是绝对近距离通话,相对近距离通话是e8 xx xx xx xx,在win32我不在乎远程通话

相关问题
最新问题