生活随笔
收集整理的這篇文章主要介紹了
OD 调试带启动参数的程序
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
看到有這樣一個問題:?
怎么調試需要命令行啟動的軟件??沒有命令行啟動程序就自動關閉,命令行不是固定的,用od怎么調試這種軟件?
帶參數程序的調試
模擬一個需要命令行的Demo
[cpp]?view plaincopy
?? ?? ?? #include?"stdafx.h"?? ?? ?? int?_tmain(int?argc,?_TCHAR*?argv[])?? {?? ????_tprintf(L"argc?=?%d\r\n",?argc);?? ?? ?????? ????if?(argc?<?2)?? ????{?? ????????_tprintf(L"parameter?not?enough,?sorry?:(\r\n");?? ????????return?-1;?? ????}?? ?? ????_tprintf(L"do?something\r\n");?? ?? ????_tprintf(L"END,?press?any?key?to?quit\r\n");?? ????return?0;?? }??
直接打開OD, 找到該程序, 填寫命令行參數, 運行.
F8往下走, 到main函數
[cpp]?view plaincopy
00F21187???>?\A1?1C30F200???mov?????eax,?dword?ptr?[F2301C]?? 00F2118C???.??8B0D?8020F200?mov?????ecx,?dword?ptr?[<&MSVCR90.__wini>;??MSVCR90.__winitenv?? 00F21192???.??8901??????????mov?????dword?ptr?[ecx],?eax?? 00F21194???.??FF35?1C30F200?push????dword?ptr?[F2301C]?? 00F2119A???.??FF35?2030F200?push????dword?ptr?[F23020]?? 00F211A0???.??FF35?1830F200?push????dword?ptr?[F23018]?? 00F211A6???.??E8?55FEFFFF???call????00F21000?????????????????????????;??main函數?? 00F211AB???.??83C4?0C???????add?????esp,?0C?? 00F211AE???.??A3?3030F200???mov?????dword?ptr?[F23030],?eax?? 00F211B3???.??391D?2430F200?cmp?????dword?ptr?[F23024],?ebx?? 00F211B9???.??75?37?????????jnz?????short?00F211F2?? 00F211BB???.??50????????????push????eax??????????????????????????????;?/status?? 00F211BC???.??FF15?8420F200?call????dword?ptr?[<&MSVCR90.exit>]??????;?\exit??
F7進入main函數, 可以看到參數檢測, argc = 3
[cpp]?view plaincopy
00F21000??/$??56????????????push????esi?? 00F21001??|.??8B35?A020F200?mov?????esi,?dword?ptr?[<&MSVCR90.wprint>;??MSVCR90.wprintf?? 00F21007??|.??57????????????push????edi?? 00F21008??|.??8B7C24?0C?????mov?????edi,?dword?ptr?[esp+C]???????????;??參數數量為3?? 00F2100C??|.??57????????????push????edi??????????????????????????????;?|?? 00F2100D??|.??68?F420F200???push????00F220F4?????????????????????????;?|format?=?"argc?=?%d.."?? 00F21012??|.??FFD6??????????call????esi??????????????????????????????;?\wprintf?? 00F21014??|.??83C4?08???????add?????esp,?8?? 00F21017??|.??83FF?02???????cmp?????edi,?2?? 00F2101A??|.??7D?10?????????jge?????short?00F2102C???????????????????;??入參檢測,?要求至少帶一個參數?? 00F2101C??|.??68?1021F200???push????00F22110?????????????????????????;??UNICODE?"parameter?not?enough,?sorry?:(",CR,LF?? 00F21021??|.??FFD6??????????call????esi?? 00F21023??|.??83C4?04???????add?????esp,?4?? 00F21026??|.??5F????????????pop?????edi?? 00F21027??|.??83C8?FF???????or??????eax,?FFFFFFFF?? 00F2102A??|.??5E????????????pop?????esi?? 00F2102B??|.??C3????????????retn?? 00F2102C??|>??68?5421F200???push????00F22154?????????????????????????;??UNICODE?"do?something",CR,LF?? 00F21031??|.??FFD6??????????call????esi?? 00F21033??|.??68?7421F200???push????00F22174?????????????????????????;??UNICODE?"END,?press?any?key?to?quit",CR,LF?? 00F21038??|.??FFD6??????????call????esi?? 00F2103A??|.??83C4?08???????add?????esp,?8?? 00F2103D??|.??5F????????????pop?????edi?? 00F2103E??|.??33C0??????????xor?????eax,?eax?? 00F21040??|.??5E????????????pop?????esi?? 00F21041??\.??C3????????????retn??
當命令行不是固定的, 如何捕獲參數
如果目標程序是帶參數自己啟動, 可以用OD帶參數調試目標程序, 在目標程序參數檢測邏輯中分析參數要求.
如果目標程序是有父進程給定參數啟動, 用OD調試該父進程, 找出應給定目標程序什么參數.
然后再用OD給定該參數, 調試目標程序.
總結
以上是生活随笔為你收集整理的OD 调试带启动参数的程序的全部內容,希望文章能夠幫你解決所遇到的問題。
如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。
