生活随笔
收集整理的這篇文章主要介紹了
OD 调试带启动参数的程序
小編覺得挺不錯的,現(xiàn)在分享給大家,幫大家做個參考.
看到有這樣一個問題:?
怎么調(diào)試需要命令行啟動的軟件??沒有命令行啟動程序就自動關(guān)閉,命令行不是固定的,用od怎么調(diào)試這種軟件?
帶參數(shù)程序的調(diào)試
模擬一個需要命令行的Demo
[cpp]?view plaincopy
?? ?? ?? #include?"stdafx.h"?? ?? ?? int?_tmain(int?argc,?_TCHAR*?argv[])?? {?? ????_tprintf(L"argc?=?%d\r\n",?argc);?? ?? ?????? ????if?(argc?<?2)?? ????{?? ????????_tprintf(L"parameter?not?enough,?sorry?:(\r\n");?? ????????return?-1;?? ????}?? ?? ????_tprintf(L"do?something\r\n");?? ?? ????_tprintf(L"END,?press?any?key?to?quit\r\n");?? ????return?0;?? }??
直接打開OD, 找到該程序, 填寫命令行參數(shù), 運(yùn)行.
F8往下走, 到main函數(shù)
[cpp]?view plaincopy
00F21187???>?\A1?1C30F200???mov?????eax,?dword?ptr?[F2301C]?? 00F2118C???.??8B0D?8020F200?mov?????ecx,?dword?ptr?[<&MSVCR90.__wini>;??MSVCR90.__winitenv?? 00F21192???.??8901??????????mov?????dword?ptr?[ecx],?eax?? 00F21194???.??FF35?1C30F200?push????dword?ptr?[F2301C]?? 00F2119A???.??FF35?2030F200?push????dword?ptr?[F23020]?? 00F211A0???.??FF35?1830F200?push????dword?ptr?[F23018]?? 00F211A6???.??E8?55FEFFFF???call????00F21000?????????????????????????;??main函數(shù)?? 00F211AB???.??83C4?0C???????add?????esp,?0C?? 00F211AE???.??A3?3030F200???mov?????dword?ptr?[F23030],?eax?? 00F211B3???.??391D?2430F200?cmp?????dword?ptr?[F23024],?ebx?? 00F211B9???.??75?37?????????jnz?????short?00F211F2?? 00F211BB???.??50????????????push????eax??????????????????????????????;?/status?? 00F211BC???.??FF15?8420F200?call????dword?ptr?[<&MSVCR90.exit>]??????;?\exit??
F7進(jìn)入main函數(shù), 可以看到參數(shù)檢測, argc = 3
[cpp]?view plaincopy
00F21000??/$??56????????????push????esi?? 00F21001??|.??8B35?A020F200?mov?????esi,?dword?ptr?[<&MSVCR90.wprint>;??MSVCR90.wprintf?? 00F21007??|.??57????????????push????edi?? 00F21008??|.??8B7C24?0C?????mov?????edi,?dword?ptr?[esp+C]???????????;??參數(shù)數(shù)量為3?? 00F2100C??|.??57????????????push????edi??????????????????????????????;?|?? 00F2100D??|.??68?F420F200???push????00F220F4?????????????????????????;?|format?=?"argc?=?%d.."?? 00F21012??|.??FFD6??????????call????esi??????????????????????????????;?\wprintf?? 00F21014??|.??83C4?08???????add?????esp,?8?? 00F21017??|.??83FF?02???????cmp?????edi,?2?? 00F2101A??|.??7D?10?????????jge?????short?00F2102C???????????????????;??入?yún)z測,?要求至少帶一個參數(shù)?? 00F2101C??|.??68?1021F200???push????00F22110?????????????????????????;??UNICODE?"parameter?not?enough,?sorry?:(",CR,LF?? 00F21021??|.??FFD6??????????call????esi?? 00F21023??|.??83C4?04???????add?????esp,?4?? 00F21026??|.??5F????????????pop?????edi?? 00F21027??|.??83C8?FF???????or??????eax,?FFFFFFFF?? 00F2102A??|.??5E????????????pop?????esi?? 00F2102B??|.??C3????????????retn?? 00F2102C??|>??68?5421F200???push????00F22154?????????????????????????;??UNICODE?"do?something",CR,LF?? 00F21031??|.??FFD6??????????call????esi?? 00F21033??|.??68?7421F200???push????00F22174?????????????????????????;??UNICODE?"END,?press?any?key?to?quit",CR,LF?? 00F21038??|.??FFD6??????????call????esi?? 00F2103A??|.??83C4?08???????add?????esp,?8?? 00F2103D??|.??5F????????????pop?????edi?? 00F2103E??|.??33C0??????????xor?????eax,?eax?? 00F21040??|.??5E????????????pop?????esi?? 00F21041??\.??C3????????????retn??
當(dāng)命令行不是固定的, 如何捕獲參數(shù)
如果目標(biāo)程序是帶參數(shù)自己啟動, 可以用OD帶參數(shù)調(diào)試目標(biāo)程序, 在目標(biāo)程序參數(shù)檢測邏輯中分析參數(shù)要求.
如果目標(biāo)程序是有父進(jìn)程給定參數(shù)啟動, 用OD調(diào)試該父進(jìn)程, 找出應(yīng)給定目標(biāo)程序什么參數(shù).
然后再用OD給定該參數(shù), 調(diào)試目標(biāo)程序.
總結(jié)
以上是生活随笔為你收集整理的OD 调试带启动参数的程序的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
如果覺得生活随笔網(wǎng)站內(nèi)容還不錯,歡迎將生活随笔推薦給好友。
