The code below
Void CGame1Dlg: : OnOK ()
{
//TODO: Add extra validation here
HP=HP - 10;//have been assigned values on HP=5000
Cstrings LHP.
LHP. The Format (" % d ", HP);
SetDlgItemText (IDC_HP, LHP);
}
///the disassembly code
00401 c90 push ebp
00401 c91 mov ebp, esp
00401 c93 push 0 FFH
00401 c95 push offset __ehhandler $? OnOK @ CGame1Dlg @ @ MAEXXZ (004035 f9)
00401 c9a mov eax, fs: [00000000]
00401 ca0 push eax
00401 ca1 mov dword PTR fs: [0], esp
00401 ca8 sub esp, 48 h
00401 cab push ebx
00401 cac push esi
00401 cad push edi
00401 cae push ecx
00401 caf lea edi, [ebp - 54 h]
00401 cb2 mov ecx, 12 h
00401 cb7 mov eax, 0 CCCCCCCCH
00401 CBC rep stos dword PTR (edi)
00401 the cbe pop ecx
00401 CBF mov dword PTR [ebp - 10 h], ecx
175://TODO: Add extra validation here
176:
177: HP=HP - 10;
00401 cc2 mov eax,/HP (004166 a8)
Ah 00401 cc7 sub eax, 0
00401 cca mov [HP (004166 a8)], eax
178: cstrings LHP.
00401 CCF lea ecx, [ebp - 14 h]
00401 cd2 call cstrings: : cstrings (00401 faa)
00401 cd7 mov dword PTR [ebp - 4], 0
179: LHP. The Format (" % d ", HP);
00401 cde mov ecx, dword PTR/HP (004166 a8)
00401 ce4 push ecx
00401 ce5 push offset string "% d" (004153 d4)
00401 the cea lea edx, [ebp - 14 h]
00401 ced push edx
00401 cee call cstrings: : Format (00402004)
00401 cf3 add esp, 0 ch
180:
181: SetDlgItemText (IDC_HP, LHP);
00401 cf6 lea ecx, [ebp - 14 h]
00401 cf9 call cstrings: : operator char const * (00401 f92)
00401 cfe push eax
00401 CFF push 3 e8h
00401 d04 mov ecx, dword PTR [ebp - 10 h]
00401 00401 d07 call CWnd: : SetDlgItemTextA (ffe)
182:}
Code, VB Call
Private Function CallRemote (ByVal Address As Long)
Dim Tmp As String
Dim As Long I
'Dim n As Integer
Dim RThwnd As Long
Dim NewAddress As Long
'Dim AddCode () As Byte
Tmp="60 b8" & amp; Int2Hex (Address, 8) & amp; "FFD061C3"///Int2He is the swap a sequence, such as & amp; H00401C90 - & gt; 90 1 c 40 00
MsgBox Tmp
'n=Len (Tmp)
ReDim AddCode (Len (Tmp)/2-1) As Byte
For I=0 To UBound (AddCode)
AddCode (I)=CByte (" & amp; H "& amp; Mid (Tmp, I * 2 + 1, 2))
Next I
HProcess=OpenProcess (PROCESS_ALL_ACCESS, 0, Combo1 ItemData (Combo1. ListIndex))
If hProcess=0 Then
The Exit Function
End the If
NewAddress=VirtualAllocEx (hProcess, ByVal 0 & amp; , UBound (AddCode) + 1, MEM_COMMIT, PAGE_EXECUTE_READWRITE)
WriteProcessMemory hProcess, ByVal NewAddress, ByVal VarPtr (AddCode (0)), UBound (AddCode) + 1, ByVal 0 & amp;
RThwnd=CreateRemoteThread (hProcess, ByVal 0 & amp; , 0, ByVal NewAddress, ByVal 0 & amp; , ByVal 0 & amp; , ByVal 0 & amp;)
VirtualFreeEx hProcess, NewAddress, UBound (AddCode) + 1, MEM_RELEASE
The CloseHandle RThwnd
The CloseHandle hProcess
End the Function
The
CallRemote & amp; Always collapse after H401C90 'call
I don't know if I have a problem of c + + program (my food, I wish a great god appoint one)
CodePudding user response:
Collapsed in the pop-up dialog box, press the corresponding button to enter debugging press Alt + 7 key to view the Call Stack, namely "the Call Stack" from the inside to the following out of from the inner to outer function Call history, double-click a row to the cursor to the Call of the source code or assembly instruction, double-click on the next line when don't understand, until can understand,CodePudding user response:
But I do with other EXE experiments can be successful!
, the error is my 
, this is not some EXECodePudding user response:
This assembly foundation also make shellcode?You know have any parameter of your thread function is directly c3 stack you say
CodePudding user response:
And you haven't completed the remote thread code you to release the memory can not collapse is also good luckCodePudding user response:
I don't release the same effect, according to the method call others also is this effect, the above process is to write directly in the command button, and not by the command ordered to call other functions, and I look at the others do EXE,Then write a process called by the command commands success
CGame1Dlg: : OnOK
{
SubHp ();
}
Void subHp ()
{
HP -=50;
}
CodePudding user response:
Understand first what is the balance of stack to say again, some do not collapse may be there is a error handling program