我正在尝试了解 IIS 5.0(在 Win2K 服务器上运行)如何与 OllyDbg v1.10 配合使用。我将 Olly 附加到 inetinfo.exe,这是 IIS 5.0 的进程。Olly 然后在 ntdll 中暂停。见这里。我的计划是:我向IIS发送一个请求,然后观察调用了哪些函数。所以我知道 IIS 如何处理请求。但我不想手动完成。有没有记录附加进程的函数调用?
操作系统:Win2K SP1
OllyDbg:如何记录附加进程的所有函数调用
逆向工程
ollydbg
调试
2021-06-28 23:58:25
1个回答
ollydbg 版本 2.01
c:\> ollydbg calc
alt + e (executable modules)
ctrl+ p (set protocol)
select radio button call destination first
then select add range
in the start enter (alt+e-> your Module base)
int the end enter (alt+e -> Your module base + size)
并使用 ctrl+f11 (trace in ) 开始跟踪 ollydbg 应该向您显示所有这样的调用
结果
main calc.__security_init_cookie
main calc._SEH_prolog4
main calc._initterm_e
main calc.000B3942
main calc._get_image_app_type
main calc.RtlpImageNtHeader
main calc._SEH_prolog4
main calc._SEH_epilog4
main calc.CCalculatorDialog::GetDlgProc
main calc._setdefaultprecision
main calc.__CxxSetUnhandledExceptionFilter
main calc.CScaledResourceFactory::_LoadUsingWIC
main calc.CreateDecoderFromResource
main calc.FindRawResource
main calc.CScaledResourceFactory::_SelectFrameByDPI
main calc.CScaledResourceFactory::_ScaleSource
main calc.GetPixelFormatInfo
main calc.WICFormatToBpp
main calc.__security_check_cookie
main calc.WICBitmapToHBITMAP
main calc.GetPixelFormatInfo
main calc.WICFormatToBpp
main calc.__security_check_cookie
main calc.CreateHBITMAP
main calc.CScaledResourceFactory::Release
main calc.CScaledResourceFactory::`scalar
main calc.CScaledResourceFactory::~CScaledResourceFactory
main calc.operator
main calc.CCalcHelper::LoadImageScaledX
main calc.LoadImageScaled
main calc.CScaledResourceFactory::s_CreateInstance
main calc.operator
其它你可能感兴趣的问题