📄 lesson5013.htm
字号:
<html>
<head>
<title>看雪学苑</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css">
<!--
.p8 { font-size: 8pt}
.p9 { font-size: 9pt}
a:hover { color: #00FF00}
a { text-decoration: none}
.p12 { font-size: 12pt; font-weight: bold; color: #FF3333}
-->
</style>
</head>
<body bgcolor="#FFFFFF" vlink="#000000">
<table width="80%" border="1" cellspacing="0" cellpadding="0" align="center" bgcolor="#99CCFF" bordercolorlight="#99CCFF" bordercolordark="#99CCFF">
<tr>
<td width="72%" class="p9"><a href="javascript:if(confirm('http://toye.yeah.net/ \n\n这个文件不能通过 Teleport Pro 取回, 因为 它被访问于一个域或在它的起始地址边界外部的路径上. \n\n你想从服务器打开它吗?'))window.location='http://toye.yeah.net/'" tppabs="http://toye.yeah.net/">看雪教学</a></td>
<td width="10%" class="p9"> </td>
<td width="10%"><a href="index.htm" tppabs="http://toye.dihou.org/index.htm" class="p9">返回<br>
首页 <br>
</a></td>
<td width="8%"><a href="molu.htm" tppabs="http://toye.dihou.org/molu.htm" class="p9">返回<br>
目录 </a></td>
</tr>
</table>
<table width="80%" cellspacing="0" cellpadding="0" align="center">
<tr bgcolor="#FFFF33">
<td>
<div align="center" class="p12">第五课 动态跟踪分析入门</div>
</td>
</tr>
</table>
<table width="80%" cellspacing="0" align="center">
<tr class="p9">
<td width="24%" bgcolor="#CCFFFF">
<div align="center"><font color="#000000"><a href="lesson5.htm" tppabs="http://toye.dihou.org/lesson5.htm">SOFTICE与TRW安装</a></font></div>
</td>
<td width="27%" bgcolor="#FFFFFF">
<div align="center"><font color="#CCCCFF"><font color="#FF3333">基本操作和概念</font></font></div>
</td>
<td width="24%" bgcolor="#CCFFFF">
<div align="center"><font color="#000000"><a href="lesson503.htm" tppabs="http://toye.dihou.org/lesson503.htm">拆解教程 </a></font></div>
</td>
<td width="25%" bgcolor="#CCFFFF">
<div align="center"><a href="lesson504.htm" tppabs="http://toye.dihou.org/lesson504.htm">习题</a></div>
</td>
</tr>
</table>
<p align="center" class="p9">【<font color="#000000"><a href="lesson501.htm" tppabs="http://toye.dihou.org/lesson501.htm">SOFTICE基本操作</a></font>】 【<font color="#000000"><a href="lesson5012.htm" tppabs="http://toye.dihou.org/lesson5012.htm">基本概念</a></font>】 【<font color="#FF3333">SOFTICE起步</font>】</p>
<p><font face="Times New Roman" color="#000000"><span class="p9">Soft-ICE</span></font>
<span class="p9"><font face="宋体" color="#000000">实例起步(</font> <font face="Times New Roman" color="#000000">Windows</font>
<font face="宋体" color="#000000">版)</font> </span></p>
<p> <span class="p9"><font face="宋体" color="#000000">●</font> <font face="Times New Roman" color="#000000"> </font>
<font face="宋体" color="#000000">文</font> <font face="Times New Roman" color="#000000"> / Jiang Hong</font>
</span></p>
<p> </p>
<p> <span class="p9"><font face="宋体" color="#000000"> 为了以后说话方便</font> <font face="Times New Roman" color="#000000">, </font>
<font face="宋体" color="#000000">这里把</font> <font face="Times New Roman" color="#000000"> Soft-ICE </font>
<font face="宋体" color="#000000">的一些简单使用方法说一下</font> <font face="Times New Roman" color="#000000">, </font>
<font face="宋体" color="#000000">以免不通</font> <font face="Times New Roman" color="#000000"> E </font>
<font face="宋体" color="#000000">文的同志们找不到中文的</font> <font face="Times New Roman" color="#000000"> Soft-ICE </font>
<font face="宋体" color="#000000">说明而抓瞎</font> <font face="Times New Roman" color="#000000">.</font>
</span></p>
<p> <span class="p9"><font face="宋体" color="#000000"> </font> <font face="Times New Roman" color="#000000">Soft-ICE </font>
<font face="宋体" color="#000000">由三部分</font> <font face="Times New Roman" color="#000000"> (</font>
<font face="宋体" color="#000000">以后说的</font> <font face="Times New Roman" color="#000000"> Soft-ICE, </font>
<font face="宋体" color="#000000">如果不加特殊说明</font> <font face="Times New Roman" color="#000000">, </font>
<font face="宋体" color="#000000">均指</font> <font face="Times New Roman" color="#000000"> Soft-ICE for Windows 95 </font>
<font face="宋体" color="#000000">的</font> <font face="Times New Roman" color="#000000"> 2.0 </font>
<font face="宋体" color="#000000">版本以上</font> <font face="Times New Roman" color="#000000">) </font>
<font face="宋体" color="#000000">组成</font> <font face="Times New Roman" color="#000000">: WINICE.EXE, WLDR.EXE (</font>
<font face="宋体" color="#000000">在</font> <font face="Times New Roman" color="#000000"> 3.0 </font>
<font face="宋体" color="#000000">中这个文件叫做</font> <font face="Times New Roman" color="#000000"> LOADER32.EXE) </font>
<font face="宋体" color="#000000">和显示驱动程序</font> <font face="Times New Roman" color="#000000"> SIWVID.386.</font>
</span></p>
<p> <span class="p9"><font face="宋体" color="#000000"> 另外</font> <font face="Times New Roman" color="#000000">, Soft-ICE </font>
<font face="宋体" color="#000000">在启动的时候要装入一些</font> <font face="Times New Roman" color="#000000"> DLL/EXE </font>
<font face="宋体" color="#000000">的函数名信息</font> <font face="Times New Roman" color="#000000">, </font>
<font face="宋体" color="#000000">你必须手工指定这些</font> <font face="Times New Roman" color="#000000"> DLL, </font>
<font face="宋体" color="#000000">按照</font> <font face="Times New Roman" color="#000000">:</font>
</span></p>
<p> <span class="p9"><font face="宋体" color="#000000"> </font> <font face="Times New Roman" color="#000000">exp=d:\path\name.ext</font>
</span></p>
<p> <span class="p9"><font face="宋体" color="#000000"> 的格式写在</font> <font face="Times New Roman" color="#000000"> WINICE.DAT </font>
<font face="宋体" color="#000000">文件里</font> <font face="Times New Roman" color="#000000">. </font>
<font face="宋体" color="#000000">本文附录里面有俺用的</font> <font face="Times New Roman" color="#000000"> WINICE.DAT, </font>
<font face="宋体" color="#000000">你可以直接用起来</font> <font face="Times New Roman" color="#000000">, </font>
<font face="宋体" color="#000000">省得自己写那么多行了</font> <font face="Times New Roman" color="#000000">. </font>
<font face="宋体" color="#000000">注意</font> <font face="Times New Roman" color="#000000">, </font>
<font face="宋体" color="#000000">一定要把下面几行包括进去</font> <font face="Times New Roman" color="#000000">, </font>
<font face="宋体" color="#000000">否则</font> <font face="Times New Roman" color="#000000"> WINICE </font>
<font face="宋体" color="#000000">可能什么东东也拦不到</font> <font face="Times New Roman" color="#000000">:</font>
</span></p>
<p> <span class="p9"><font face="宋体" color="#000000"> </font> <font face="Times New Roman" color="#000000">exp=c:\win95\system\kernel32.dll</font>
</span></p>
<p> <span class="p9"><font face="宋体" color="#000000"> </font> <font face="Times New Roman" color="#000000">exp=c:\win95\system\user32.dll</font>
</span></p>
<p> <span class="p9"><font face="宋体" color="#000000"> </font> <font face="Times New Roman" color="#000000">exp=c:\win95\system\gdi32.dll</font>
</span></p>
<p> <span class="p9"><font face="宋体" color="#000000"> </font> <font face="Times New Roman" color="#000000">exp=c:\win95\system\comctl32.dll</font>
</span></p>
<p> <span class="p9"><font face="宋体" color="#000000"> 一般我们使用</font> <font face="Times New Roman" color="#000000"> WLDR (</font>
<font face="宋体" color="#000000">以后把</font> <font face="Times New Roman" color="#000000"> LOADER32 </font>
<font face="宋体" color="#000000">也称为</font> <font face="Times New Roman" color="#000000"> WLDR) </font>
<font face="宋体" color="#000000">来装入一个</font> <font face="Times New Roman" color="#000000"> EXE </font>
<font face="宋体" color="#000000">文件或者一个</font> <font face="Times New Roman" color="#000000"> DLL </font>
<font face="宋体" color="#000000">文件</font> <font face="Times New Roman" color="#000000">, </font>
<font face="宋体" color="#000000">大多数的时候</font> <font face="Times New Roman" color="#000000">, </font>
<font face="宋体" color="#000000">我们也可以直接执行</font> <font face="Times New Roman" color="#000000"> EXE </font>
<font face="宋体" color="#000000">文件</font> <font face="Times New Roman" color="#000000">, </font>
<font face="宋体" color="#000000">通过跟踪它的各种消息来找到它</font> <font face="Times New Roman" color="#000000">. </font>
<font face="宋体" color="#000000">启动</font> <font face="Times New Roman" color="#000000"> WINICE </font>
<font face="宋体" color="#000000">的热键是</font> <font face="Times New Roman" color="#000000"> Ctrl+D. </font>
<font face="宋体" color="#000000">先介绍常规的办法</font> <font face="Times New Roman" color="#000000">:</font>
</span></p>
<p> <span class="p9"><font face="宋体" color="#000000"> 启动</font> <font face="Times New Roman" color="#000000"> WLDR, </font>
<font face="宋体" color="#000000">然后选择你要跟的程序</font> <font face="Times New Roman" color="#000000">, </font>
<font face="宋体" color="#000000">单击</font> <font face="Times New Roman" color="#000000"> Load </font>
<font face="宋体" color="#000000">按钮</font> <font face="Times New Roman" color="#000000">, </font>
<font face="宋体" color="#000000">屏幕上一阵乱闪后就进入了文本模式</font> <font face="Times New Roman" color="#000000">, </font>
<font face="宋体" color="#000000">这就是</font> <font face="Times New Roman" color="#000000"> Soft-ICE </font>
<font face="宋体" color="#000000">的跟踪界面</font> <font face="Times New Roman" color="#000000">, </font>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -