这个。。。我们为啥还要用汇编呢?……--~~~~
.386
.model flat, stdcall 32 bit memory model
option casemap :none case sensitive
include XXXXXXXXXXc
include XXXXXXXXXXXc
include XXXXXXXXXc
includelib XXXXXXXXXXXb
includelib XXXXXXXXXb
DlgProc PROTO :HWND,:UINT,:WPARAM,[s:10]PARAM
.data?
hInstance dd ?
hTimer dd ?
.code
DllEntry proc _hInstance,_dwReason,_dwReserved
.if _dwReason==DLL_PROCESS_ATTACH
invoke GetModuleHandle,NULL
push _hInstance
pop hInstance
invoke DialogBoxParam,hInstance,101,NULL,addr DlgProc,NULL
.endif
mov eax,TRUE
ret
DllEntry endp
DlgProc proc hWin:HWND,uMsg:UINT,wParam:WPARAM,lParam[s:10]PARAM
mov eax,uMsg
.if eax==WM_INITDIALOG ;初始化,设定1秒的计时器
invoke SetTimer,hWin,1,1000,NULL
mov hTimer,eax
.elseif eax==WM_CLOSE
invoke EndDialog,hWin,NULL
.elseif eax==WM_TIMER ;时间到,取消计时器,关闭对话框,返回 DllEntry
invoke KillTimer,hTimer,1
invoke EndDialog,hWin,NULL
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
DlgProc endp
End DllEntry
0100739D PUSH 70
0100739F PUSH 01001898
0100739D JMP 01008750
010073A2 NOP
010073A3 NOP
010073A4 . CALL NOTEPAD.01007568
01008750 PUSH 70
01008752 PUSH NOTEPAD.01001898
01008750 PUSH 70
01008752 PUSH NOTEPAD.01001898
01008757 JMP SHORT NOTEPAD.01008764 ;留一个字节,做字符串结束用
01008759 DEC ESI
0100875A JA SHORT NOTEPAD.010087A1 多余的前缀
0100875D INS BYTE PTR ES:[EDI],DX ; I/O 命令
0100875E INS BYTE PTR ES:[EDI],DX ; I/O 命令
0100875F PREFIX CS: ; 多余的前缀
01008760 INS BYTE PTR ES:[EDI],DX ; I/O 命令
01008762 INS BYTE PTR ES:[EDI],DX ; I/O 命令
01008764 PUSH NOTEPAD.01008759 ASCII "NewDll.dll"
01008769 MOV EAX,DWORD PTR [10010C8]
0100876E CALL EAX
01008770 JMP NOTEPAD.010073A2
时段 | 个数 |
---|---|
{{f.startingTime}}点 - {{f.endTime}}点 | {{f.fileCount}} |
200字以内,仅用于支线交流,主线讨论请采用回复功能。