paip.ollydbg 设置c++ qt API断点总结
作者Attilax , EMAIL:1466519819@qq.com
来源:attilax的专栏
地址:http://blog.csdn.net/attilax
c++ source code
QString Dllmsg::methodProcessPara1(QString para1Ext){
return this->para1+para1Ext;
}
/导出函数表
但是生成dll后.哪个depends一看....bindump一看,一样.都是c版本接口
_ZN6Dllmsg18methodProcessPara1E7QString
_ZN6DllmsgC1Ev
/ollydbg调试.下断点..
view>exec module>*.exe>>rightkey---show name---[xxx] //show all api invokeed
>>type(tab) import>>select "_ZN6Dllmsg18methodProcessPara1E7QString" and "_ZN6DllmsgC1Ev"...>>>ritkey >>find tsekao..>>jwedao asm (auto)>F2 ( ha breakpoint)>>
CPU Disasm
地址 十六进制 转存 命令 备注
0040160C |. A1 F8C14000 MOV EAX,DWORD PTR DS:[<&dllmsg._ZN6Dllms
00401611 |. FFD0 CALL EAX ; [_ZN6DllmsgC2Ev
00401613 |. 8D45 D8 LEA EAX,[LOCAL.11]
00401616 |. C70424 8C9040 MOV DWORD PTR SS:[LOCAL.19],OFFSET 00409 ; /Arg1 => ASCII "para1txt"
0040161D |. 89C1 MOV ECX,EAX ; |
0040161F |. E8 20640000 CALL 00407A44 ; \dllmsgTEST.00407A44
00401624 |. 83EC 04 SUB ESP,4
00401627 |. 8D45 DC LEA EAX,[LOCAL.10]
0040162A |. C70424 959040 MOV DWORD PTR SS:[LOCAL.19],OFFSET 00409 ; /Arg1 => ASCII "exxx"
00401631 |. 89C1 MOV ECX,EAX ; |
00401633 |. E8 A4630000 CALL 004079DC ; \dllmsgTEST.004079DC
00401638 |. 83EC 04 SUB ESP,4
0040163B |. 8D45 D4 LEA EAX,[LOCAL.12]
0040163E |. 8D55 DC LEA EDX,[LOCAL.10]
00401641 |. 895424 04 MOV DWORD PTR SS:[LOCAL.18],EDX ; /Arg2 => OFFSET LOCAL.10
00401645 |. 8D55 D8 LEA EDX,[LOCAL.11] ; |
00401648 |. 891424 MOV DWORD PTR SS:[LOCAL.19],EDX ; |Arg1 => OFFSET LOCAL.11
0040164B |. 89C1 MOV ECX,EAX ; |
0040164D |. A1 F4C14000 MOV EAX,DWORD PTR DS:[<&dllmsg._ZN6Dllms ; |
00401652 |. FFD0 CALL EAX ; \_ZN6Dllmsg18methodProcessPara1E7QString
00401654 |. 83EC 08 SUB ESP,8
00401657 |. 8D45 DC LEA EAX,[LOCAL.10]