魔鬼作坊第一部实践----第十课

MOV DWORD PTR DS:[EAX+EDI*4],ECX    edi=0   !!!

MOV EAX,DWORD PTR DS:[ESI+C] ！！！

004C6166 8BF1 MOV ESI,ECX

0051A46C 8BCE MOV ECX,ESI

——————————————————

0051A43E E8 5DBE1100 CALL ELEMENTC.006362A0   ’进入 里面就是来源 
0051A443 83C4 04 ADD ESP,4
0051A446 4D DEC EBP
0051A447 8BCE MOV ECX,ESI
0051A449 8BF8 MOV EDI,EAX
0051A44B 6A 01 PUSH 1
0051A44D 55 PUSH EBP
0051A44E E8 2D2DF9FF CALL ELEMENTC.004AD180
0051A453 894424 4C MOV DWORD PTR SS:[ESP+4C],EAX
0051A457 8B4424 20 MOV EAX,DWORD PTR SS:[ESP+20]
0051A45B 48 DEC EAX
0051A45C 6A 01 PUSH 1
0051A45E 50 PUSH EAX
0051A45F 8BCF MOV ECX,EDI
0051A461 894424 28 MOV DWORD PTR SS:[ESP+28],EAX
0051A465 E8 162DF9FF CALL ELEMENTC.004AD180
0051A46A 50 PUSH EAX
0051A46B 55 PUSH EBP
0051A46C 8BCE MOV ECX,ESI

 ————————————————————

00636308 8B8483 F00B0000 MOV EAX,DWORD PTR DS:[EBX+EAX*4+BF0]

00636328 8B8483 F00B0000 MOV EAX,DWORD PTR DS:[EBX+EAX*4+BF0]

——————————

00636325 51 PUSH ECX
00636326 FFD5 CALL EBP
00636328 8B8483 F00B0000 MOV EAX,DWORD PTR DS:[EBX+EAX*4+BF0]   eax=1  !!!

继续找 ebx 

006362B3 8B59 28 MOV EBX,DWORD PTR DS:[ECX+28]!!!!

 找ecx 

006362A8 8B48 1C MOV ECX,DWORD PTR DS:[EAX+1C]!!!!

 找 eax 

006362A0 A1 08A4BB00 MOV EAX,DWORD PTR DS:[BBA408]!!!

——————————

所以得：[[[[[BBA408]+1c]+28]+1*4+bf0]+0c]+0*4