先来看看OD上的样子
代码:
00401000 $ 55 push ebp 00401001 . 8BEC mov ebp, esp 00401003 . 83C4 E4 add esp, -1C 00401006 . B9 07000000 mov ecx, 7 0040100B . 33C0 xor eax, eax 0040100D . 57 push edi 0040100E . 8D7D E4 lea edi, dword ptr [ebp-1C] 00401011 . F3:AB rep stos dword ptr es:[edi] 00401013 . 5F pop edi 00401014 . C745 E8 00000>mov dword ptr [ebp-18], 0 ; (initial cpu selection) 0040101B . C745 FC 04000>mov dword ptr [ebp-4], 4 00401022 . C745 F4 00304>mov dword ptr [ebp-C], 00403000 ; 信息框测试!--------123456 00401029 . C745 F8 1A304>mov dword ptr [ebp-8], 0040301A ; 信息框标题! 00401030 . C745 E4 3D104>mov dword ptr [ebp-1C], 0040103D 00401037 . 68 64104000 push <jmp.&kernel32.GetModuleHandleA> 0040103C . C3 retn ; RET 用作跳转到 00401064 0040103D . C745 EC 4A104>mov dword ptr [ebp-14], 0040104A 00401044 . 68 58104000 push <jmp.&user32.MessageBoxA> 00401049 . C3 retn 0040104A . C9 leave 0040104B . C3 retn 0040104C >/$ E8 AFFFFFFF call 00401000 00401051 |. 6A 00 push 0 ; /ExitCode = 0 00401053 \. E8 06000000 call <jmp.&kernel32.ExitProcess> ; \ExitProcess 00401058 .- FF25 0C204000 jmp dword ptr [<&user32.MessageBoxA>>; user32.MessageBoxA 0040105E .- FF25 04204000 jmp dword ptr [<&kernel32.ExitProces>; kernel32.ExitProcess 00401064 >- FF25 00204000 jmp dword ptr [<&kernel32.GetModuleH>; kernel32.GetModuleHandleA
代码:
.386 .model flat, stdcall option casemap :none ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ; Include 文件定义 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> include windows.inc include user32.inc includelib user32.lib include kernel32.inc includelib kernel32.lib ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ; 代码段 .data str1 db '信息框测试!--------123456',0 str2 db '信息框标题!',0 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> .code _NewCallAPI proc ;此构造缺点是,你不能随便申请一个与CALL无关的局部变量 local utype,lpcption,lptext,hwnd,MessageBoxret ;申请API局部变量参数要倒着来,返回地址写最后 local lpModuleHandle,GetModuleHandleret mov ecx,7;局部变量个数,必需是DD类的 xor eax,eax push edi lea edi,GetModuleHandleret rep stosd ;初始化局部变量值 pop edi mov lpModuleHandle,0 mov utype,MB_YESNO mov lptext,offset str1 mov lpcption,offset str2 mov GetModuleHandleret,$+13 push GetModuleHandle retn mov MessageBoxret,$+13 push MessageBox retn ;push ExitProcess ;retn leave retn _NewCallAPI endp start: invoke _NewCallAPI invoke ExitProcess,NULL end start