DUMPڿݼ

-------------------------------------------------------------------------------------------
1DUMPڰCTRL + ˫ʾASMʾѡеĵһֽڿʼַĴ
0040399D  89 0D 78 6E 42 00 C1 E1 08 03 CA 89 0D 74 6E 42  ..xnB...?.tnB
004039AD  00 C1 E8 10 A3 70 6E 42 00 6A 01 E8 8B 48 00 00  ..pnB.j.?H..
004039BD  59 85 C0 75 08 6A 1C E8 C3 00 00 00 59 E8 9D 2F  Y.u.j....Y/

CTRL + ˫ASMʾ
0040399D  |.  890D 786E4200 mov     [426E78], ecx
004039A3  |.  C1E1 08       shl     ecx, 8
004039A6  |.  03CA          add     ecx, edx     
004039A8  |.  890D 746E4200 mov     [426E74], ecx
004039AE  |.  C1E8 10       shr     eax, 10
004039B1  |.  A3 706E4200   mov     [426E70], eax
-------------------------------------------------------------------------------------------
2DUMPڰCTRL +ENTERʾѡеĵһֽڿʼDWORDֵ6E780D89

0040399D  89 0D 78 6E 42 00 C1 E1 08 03 CA 89 0D 74 6E 42  ..xnB...?.tnB
004039AD  00 C1 E8 10 A3 70 6E 42 00 6A 01 E8 8B 48 00 00  ..pnB.j.?H..
004039BD  59 85 C0 75 08 6A 1C E8 C3 00 00 00 59 E8 9D 2F  Y.u.j....Y/
-------------------------------------------------------------------------------------------

3DUMPڰENTERʱʾDUMPѡеĵһֽڿʼDWORDֵ

0041C214  C1 B6 80 7C C0 AD 80 7C 18 9C 80 7C F4 A0 80 7C  ?.|?.|.?|?.|
0041C224  D6 BD 80 7C 9A 97 80 7C 86 97 80 7C A2 FE 80 7C  ?.|?.|...|.?|
0041C234  4F FC 80 7C B7 CC 80 7C A9 BE 80 7C D5 9F 80 7C  O?|.?|.|՟.|

0041C214ENTERDUMPʾ

7C80B6C1 >8B FF 55 8B EC 83 7D 08 00 74 18 FF 75 08 E8 C0  ..U.?}..t..u.
7C80B6D1  29 00 00 85 C0 74 08 FF 70 04 E8 7D 2D 00 00 5D  )...t..p.}-..]
7C80B6E1  C2 04 00 64 A1 18 00 00 00 8B 40 30 8B 40 08 EB  ?.d......@0.@.
-------------------------------------------------------------------------------------------

4ESCڰС̵ļš-ʾһַ
5~ڰС̵ļš+ʾһַ
-------------------------------------------------------------------------------------------

6INSERTڰDUMPѡедΪ00
7DELETEڰDUMPѡедΪ90
-------------------------------------------------------------------------------------------

8Shift+CѡеĶƴ븴ƵУֽ֮һո
   C1 B6 80 7C C0 AD 80 7C 18 9C 80 7C F4 A0 80 7C 

9Shift+XѡеĶƴ븴ƵУֽ֮޿ո
   C1B6807CC0AD807C189C807CF4A0807C

10Shift+VѼеĶƴճָʼַУֻҪѡʼַɣ
-------------------------------------------------------------------------------------------

11Ctrl+XѡеĵһֽڵĵַƵ

0041C214  C1 B6 80 7C C0 AD 80 7C 18 9C 80 7C F4 A0 80 7C  ?.|?.|.?|?.|
0041C224  D6 BD 80 7C 9A 97 80 7C 86 97 80 7C A2 FE 80 7C  ?.|?.|...|.?|

Ctrl+X7C80B6C1Ƶ
-------------------------------------------------------------------------------------------

12TASMиѡеĵһֽڿʼDWORDֵȻDUMPڹƶһDWORD

0041C000 >E7 EB DA 77 F4 EA DA 77 1B C4 DC 77 1B 76 DA 77  ww.w.vw
0041C010 >4A CF DB 77 F0 6B DA 77 00 00 00 00 CF 65 17 5D  Jwkw....e.]
0041C020  00 00 00 00 36 8B EF 77 70 8A EF 77 70 5B EF 77  ....6.wpwp[w

TASMпݣԶ0041C000ƶ0041C004

77DAEBE7 >  6A 2C           push    2C
77DAEBE9    68 28EDDA77     push    77DAED28
77DAEBEE    E8 267DFFFF     call    77DA6919
77DAEBF3    33DB            xor     ebx, ebx
77DAEBF5    895D E4         mov     [ebp-1C], ebx
77DAEBF8    817D 08 0400008>cmp     dword ptr [ebp+8], 80000004
-------------------------------------------------------------------------------------------

13 alt+1 ~ alt+5Ӧڴ洰ڵĿл
14DUMPƶʱOLLYDBGϢʾʾDUMPѡϢ StartEndSizeValue
-------------------------------------------------------------------------------------------

15Shift + ENTERASMиѡеĵһֽڿʼDWORDֵ

0041C000 >E7 EB DA 77 F4 EA DA 77 1B C4 DC 77 1B 76 DA 77  ww.w.vw
0041C010 >4A CF DB 77 F0 6B DA 77 00 00 00 00 CF 65 17 5D  Jwkw....e.]
0041C020  00 00 00 00 36 8B EF 77 70 8A EF 77 70 5B EF 77  ....6.wpwp[w

Shift + ENTERASMп

77DAEBE7 >  6A 2C           push    2C
77DAEBE9    68 28EDDA77     push    77DAED28
77DAEBEE    E8 267DFFFF     call    77DA6919
77DAEBF3    33DB            xor     ebx, ebx
77DAEBF5    895D E4         mov     [ebp-1C], ebx
77DAEBF8    817D 08 0400008>cmp     dword ptr [ebp+8], 80000004
-------------------------------------------------------------------------------------------









Asmڿݼ
-------------------------------------------------------------------------------------------
1ASMڰCTRL + ˫ߡCTRL + ENTERʾDUMPʾѡеĵһֽڿʼַĴ

0040399D  |.  890D 786E4200 mov     [426E78], ecx
004039A3  |.  C1E1 08       shl     ecx, 8
004039A6  |.  03CA          add     ecx, edx     
004039A8  |.  890D 746E4200 mov     [426E74], ecx
004039AE  |.  C1E8 10       shr     eax, 10
004039B1  |.  A3 706E4200   mov     [426E70], eax

CTRL + ˫ߡCTRL + ENTERDUMPʾ

0040399D  89 0D 78 6E 42 00 C1 E1 08 03 CA 89 0D 74 6E 42  ..xnB...?.tnB
004039AD  00 C1 E8 10 A3 70 6E 42 00 6A 01 E8 8B 48 00 00  ..pnB.j.?H..
004039BD  59 85 C0 75 08 6A 1C E8 C3 00 00 00 59 E8 9D 2F  Y.u.j....Y/
-------------------------------------------------------------------------------------------

2ASMڰ ENTERѡ

һֻмĴڴַָУDUMPʾڴַ

004039B1  |.  A3 706E4200   mov     [426E70], eax    //а ENTER

DUMPʾ

00426E70  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00426E80  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00426E90  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................



ڴַͬʱڵָУDUMPڸ

0040399D      C705 786E4200>mov     dword ptr [426E78], 00421234    //а ENTER

DUMPʾ

00421234  72 73 74 46 69 6C 65 41 00 00 63 00 44 75 70 6C  rstFileA..c.Dupl
00421244  69 63 61 74 65 48 61 6E 64 6C 65 00 F7 00 47 65  icateHandle...Ge
00421254  74 43 75 72 72 65 6E 74 50 72 6F 63 65 73 73 00  tCurrentProcess.


ע⣺ڴַһڴݲڵĻENTERѡһDUMPڸ


0040399D      C705 786E4200>mov     dword ptr [426E78], 123    //а ENTER

Ϊ[123]ڴݲڣⰴENTERstrongODܵѡ[426E78]

00426E78  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00426E88  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00426E98  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

-------------------------------------------------------------------------------------------

3ASMڰALT + ENTER2ѡ

һΪתָjmp, call,retnʱDUMP浽Ŀĵַ

004039C0  |. /75 08         jnz     short 004039CA   //аALT + ENTER

DUMPʾ
004039CA  E8 9D 2F 00 00 85 C0 75 08 6A 10 E8 B2 00 00 00  /...u.j.?...
004039DA  59 33 F6 89 75 FC E8 A7 46 00 00 FF 15 DC C0 41  Y3?uF....A
004039EA  00 A3 98 85 42 00 E8 65 45 00 00 A3 60 6E 42 00  .?.B.eE..`nB.



ڴַͬʱڵָУDUMPڸڴַ

004039A7      C705 746E4200>mov     dword ptr [426E74], 00411200   //аALT + ENTER

DUMPʾ
00426E74  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00426E84  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00426E94  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................


-------------------------------------------------------------------------------------------

4ASMڰShift + ENTER3ѡ

һΪתָjmp, call,retnʱASMڸ浽תĿĵַ

004039B8      E8 8B480000   call    00408248   //аShift + ENTER

ASMʾ
00408248  /$  33C0          xor     eax, eax
0040824A  |.  6A 00         push    0            
0040824C  |.  394424 08     cmp     [esp+8], eax 
00408250  |.  68 00100000   push    1000         



ֻڴַеһڵָASMڸڴַ

00408261  |.  A3 5C824200   mov     [42825C], eax   //аShift + ENTER
00408266      B8 5C824200   mov     eax, 0042825C   //аShift + ENTER

ASMʾ
0042825C    0000            add     [eax], al
0042825E    0000            add     [eax], al
00428260    0000            add     [eax], al
00428262    0000            add     [eax], al



ڴַͬʱڵָASMڸ

00408261      C705 5C824200>mov     dword ptr [42825C], 00421680   //аShift + ENTER

ASMʾ
00421680    0000            add     [eax], al
00421682    F0:0047 65      lock add [edi+65], al
00421686    74 43           je      short 004216CB
00421688    6C              ins     byte ptr es:[edi], dx
-------------------------------------------------------------------------------------------

5ESCڰС̵ļš-ʾһַ
6~ڰС̵ļš+ʾһַ
-------------------------------------------------------------------------------------------

7INSERTڰASMѡедΪ00
8DELETEڰASMѡедΪ90
-------------------------------------------------------------------------------------------

9Shift+CѡеĶƴ븴ƵУֽ֮һո
   C1 B6 80 7C C0 AD 80 7C 18 9C 80 7C F4 A0 80 7C 

10Shift+XѡеĶƴ븴ƵУֽ֮޿ո
   C1B6807CC0AD807C189C807CF4A0807C

11Shift+VѼеĶƴճָʼַУֻҪѡʼַɣ
-------------------------------------------------------------------------------------------

12Ctrl+XѡеĵһֽڵĵַƵ

1000481A mov dword ptr ds:[10001000],40304C  //аCtrl+X

Ctrl+Xַ01000481A Ƶ
-------------------------------------------------------------------------------------------

13ּ1--9ѡеذӦĸġ0x90

0040397F      53            push    ebx
00403980      56            push    esi    //ѡУ2
00403981      57            push    edi                            
00403982      8965 E8       mov     [ebp-18], esp

ASMеõ

0040397F      53            push    ebx
00403980      90            nop
00403981      90            nop
00403982      8965 E8       mov     [ebp-18], esp
-------------------------------------------------------------------------------------------








STACKڿݼ

-------------------------------------------------------------------------------------------
1ESCSTACKڸ浽ESPָ봦
2~STACKڸ浽ESPָ봦

3STACKڰCTRL +ENTERASMڸѡеһֽڵַ

0012FFC4   7C816FF7   //аCTRL +ENTER
0012FFC8   7C930738 
0012FFCC   FFFFFFFF

ASMڵõ
0012FFC4    F76F 81         imul    dword ptr [edi-7F]
0012FFC7  - 7C 38           jl      short 00130001
0012FFC9    07              pop     es
-------------------------------------------------------------------------------------------

4STACKڰALT +ENTERDUMPڸѡеһֽڵַ

0012FFC4   7C816FF7   //аALT +ENTER
0012FFC8   7C930738 
0012FFCC   FFFFFFFF

DUMPڵõ

0012FFC4  F7 6F 81 7C 38 07 93 7C FF FF FF FF 00 50 FD 7F  .o.|8..|.....P?
0012FFD4  B8 C5 54 80 C8 FF 12 00 08 D6 72 81 FF FF FF FF  .T.?...r.....
0012FFE4  30 9A 83 7C 00 70 81 7C 00 00 00 00 00 00 00 00  0?|.p.|........
-------------------------------------------------------------------------------------------

5STACKڰShift +ENTERDUMPѡеĵһֽڿʼDWORDֵ

0012FFC4   7C816FF7   //аShift +ENTER
0012FFC8   7C930738 
0012FFCC   FFFFFFFF

DUMPڵõ
7C816FF7  50 E8 7B 50 FF FF 90 90 90 FF FF FF FF B2 37 84  P{P..........7.
7C817007  7C C8 37 84 7C 90 90 90 90 90 8B FF 55 8B EC 81  |?.|.......U.?
7C817017  EC C8 00 00 00 A1 CC 46 88 7C 53 56 8B 75 0C 57  ....F.|SV.u.W
-------------------------------------------------------------------------------------------

6STACKڰENTERASMѡеĵһֽڿʼDWORDֵ

0012FFC4   7C816FF7   //аShift +ENTER
0012FFC8   7C930738 
0012FFCC   FFFFFFFF

ASMڵõ
7C816FF7    50              push    eax
7C816FF8    E8 7B50FFFF     call    ExitThread
7C816FFD    90              nop
7C816FFE    90              nop
-------------------------------------------------------------------------------------------

7STACKڰ alt +1STACKڸ浽ESPָ봦
8STACKڰ alt +2STACKڸ浽EBPָ봦
9STACKڰ alt +3STACKڸ浽NONEָ봦
-------------------------------------------------------------------------------------------










CPU REGڿݼ

1ESC͡`ʵView FPU,View MMX,View 3D Now!,View DebugĿл.
2SHIFT+ּ18(ֱӦEAX,ECX,EDX,EBX,ESP,EBP,ESI,EDI)ʾCPUASM
3CTRL+ּ18(ֱӦEAX,ECX,EDX,EBX,ESP,EBP,ESI,EDI)ʾCPUDUMP
-------------------------------------------------------------------------------------------

