📄 chap8-3-4.htm.primary
字号:
<font face="宋体" color="#000000">功能</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> </font>
<font face="宋体" color="#000000">在当前内存位置设置一个断点。</font> </span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000">6) BPX</font>
<font face="宋体" color="#000000">功能</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> </font>
<font face="宋体" color="#000000">在指定的位置设置断点。这个位置与程序开始位置有关。</font> </span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="宋体" color="#000000">例:</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> </font>
<font face="宋体" color="#000000">如果程序的开始位置在</font> <font face="Times New Roman" color="#000000">RVA 66000h,BPX 2672</font>
<font face="宋体" color="#000000">就会在</font> <font face="Times New Roman" color="#000000">RVA 68672</font>
<font face="宋体" color="#000000">设置断点。</font> </span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000">7) BPF</font>
<font face="宋体" color="#000000">功能(用标志位设断)</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> </font>
<font face="宋体" color="#000000">这个功能会检查每一次断点发生时的标志位的值是否为你所设定的值。断点的位置为</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="宋体" color="#000000">当前内存地址。</font>
</span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000">Unset/Set</font>
<font face="宋体" color="#000000">的内容</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> *******************</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> C * C * </font>
<font face="宋体" color="#000000">进位标志。</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> P * P * </font>
<font face="宋体" color="#000000">奇偶标志。</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> A * A * </font>
<font face="宋体" color="#000000">辅助进位标志。</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> Z * Z * </font>
<font face="宋体" color="#000000">零标志。</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> S * S * </font>
<font face="宋体" color="#000000">正负号标志。</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> D * D * </font>
<font face="宋体" color="#000000">方向标志。</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> O * O * </font>
<font face="宋体" color="#000000">溢出标志。</font> </span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="宋体" color="#000000">你可以单独测试</font>
<font face="Times New Roman" color="#000000">ONE</font> <font face="宋体" color="#000000">旗标。</font>
</span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000">8) BPC</font>
<font face="宋体" color="#000000">功能</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> </font>
<font face="宋体" color="#000000">当经过当前位置的次数达到设定值时发生中断。</font> </span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="宋体" color="#000000">例:</font>
<font face="Times New Roman" color="#000000"> </font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> BPC 15 (</font>
<font face="宋体" color="#000000">在第</font> <font face="Times New Roman" color="#000000">21(15h)</font>
<font face="宋体" color="#000000">次经过当前位置时中断</font> <font face="Times New Roman" color="#000000">)</font>
</span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000">9) BPV</font>
<font face="宋体" color="#000000">功能</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> </font>
<font face="宋体" color="#000000">当如果寄存器的值到达了你设定的值时中断。</font> </span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="宋体" color="#000000">例:</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> BPV EAX=5 (</font>
<font face="宋体" color="#000000">当特定位置的</font> <font face="Times New Roman" color="#000000">EAX=5</font>
<font face="宋体" color="#000000">时中断</font> <font face="Times New Roman" color="#000000">)</font>
<font face="宋体" color="#000000">。</font> </span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000">10) MOVE</font>
<font face="宋体" color="#000000">功能</font> </span></span></p>
<span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> </font>
<font face="宋体" color="#000000">设置当前</font> <font face="Times New Roman" color="#000000">EIP</font>
<font face="宋体" color="#000000">。加一个参数值给当前</font> <font face="Times New Roman" color="#000000">EIP</font>
<font face="宋体" color="#000000">。但请小心使用它。其实它对于程序没有做到</font> </span></span> <span class="p9"><span class="p9"><font face="宋体" color="#000000">什么,只是当你要跳过一些</font>
<font face="Times New Roman" color="#000000">CRC</font> <font face="宋体" color="#000000">检查时,就要用到它了,它相当于代替一连串的</font>
<font face="Times New Roman" color="#000000">NOP</font> <font face="宋体" color="#000000">指令。</font>
</span></span>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="宋体" color="#000000">例:</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> MOVE 14 </font>
<font face="宋体" color="#000000">就会把当前</font> <font face="Times New Roman" color="#000000">EIP</font>
<font face="宋体" color="#000000">变为</font> <font face="Times New Roman" color="#000000">EIP+14h</font>
<font face="宋体" color="#000000">。</font> </span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000">11) POS</font>
<font face="宋体" color="#000000">功能</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> </font>
<font face="宋体" color="#000000">为所有的功能设置当前内存地址,这个位置与程序开始位置有关。</font> </span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000">12) STEP</font>
<font face="宋体" color="#000000">功能</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> </font>
<font face="宋体" color="#000000">这个功能是设置一步一步的进行分析。它通常是用于完成跟踪</font> <font face="Times New Roman" color="#000000">dump</font>
<font face="宋体" color="#000000">过程的。</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> </font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="宋体" color="#000000">注意:单步模式就意味着每一行代码它都进行测试</font>
<font face="Times New Roman" color="#000000">-></font> <font face="宋体" color="#000000">慢!!所以设置单步模式一般</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> </font>
<font face="宋体" color="#000000">都放在最后。</font> </span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000">13) OBJR</font>
<font face="宋体" color="#000000">功能</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> </font>
<font face="宋体" color="#000000">这个功能是设置以基始内存地址为开始进行扫描。对于</font> <font face="Times New Roman" color="#000000">LOOK</font>
<font face="宋体" color="#000000">命令有影响。</font> </span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000">14) BPREG</font>
<font face="宋体" color="#000000">功能</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> </font>
<font face="宋体" color="#000000">以通过寄存器的值来设置断点。</font> </span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000">15) WALK</font>
<font face="宋体" color="#000000">功能</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> </font>
<font face="宋体" color="#000000">执行下一条指令后把控件权交还</font> <font face="Times New Roman" color="#000000">ProcDump32</font>
<font face="宋体" color="#000000">。</font> </span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000">16) EIP</font>
<font face="宋体" color="#000000">功能</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> </font>
<font face="宋体" color="#000000">设置下一个</font> <font face="Times New Roman" color="#000000">EIP</font>
<font face="宋体" color="#000000">为原来程序的最初进入点。</font> </span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="宋体" color="#000000">注意:</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> </font>
<font face="宋体" color="#000000">在断点之后,下一个</font> <font face="Times New Roman" color="#000000">EIP</font>
<font face="宋体" color="#000000">就是断点地址本身。</font> </span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000">17) </font>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -