一个问题难倒了好几天。。。终于解决了。[code]反汇编by win32dsm+++++++++++++++++++ ASSEMBLY CODE LISTING ++++++++++++++++++//********************** Start of Code in Object .text **************Program Entry Point = 00401014 (test.exe File Offset:00001239)
:00401000 6A40 push 00000040:00401002 6A00 push 00000000:00401004 6A00 push 00000000:00401006 6A00 push 00000000:00401008 E801000000 call 0040100E:0040100D C3 ret
* Referenced by a CALL at Address:|:00401008 |:0040100E FF2500204000 jmp dword ptr [00402000]
这里:00401008 E801000000 call 0040100E,E8代表call,但是01000000,怎么也对应不到0040100E上。问题解答:01000000 是数据内部存储的 Byte 格式, 作为一个表示偏移的 dword 来说, 其值为 00000010. 该偏移是 call 指令的目标地址和当前 call 指令的下一条指令首地址间的偏移. call 指令的下一条指令是 ret, 其地址为 0040100D. 所以, 目标地址就是 0040100D+00000001=0040100E 了
