mengxp杂谈

原本想做个注入dll式的单步跟踪软件，记录某个线程的执行记录
现在看来这想法太离谱了，现在引擎做出来了，发现跟踪30000行指令需要10秒，加上记录也是10秒左右
想想我准备调试的那些可怕的程序，运行起来的话。。这。。。太扯了 :<

还是改做调试器吧 :>

00401343: push 00402169h
00401348: push 00402162h
0040134D: call 004012C5h
004012C5: push ebp
004012C6: mov ebp , esp
004012C8: add esp , F4h
004012CB: lea eax , dword ptr [ebp-04h]
004012CE: push eax
004012CF: push 04h
004012D1: push 00h
004012D3: push dword ptr [ebp+08h]
004012D6: push 80000002h
004012DB: call RegOpenKeyExA (advapi32.dll)
004013B4: jmp RegOpenKeyExA (advapi32.dll)
……..: Out of watch limit, wait for ret …………
004012E0: or eax , eax
004012E2: jne 00401322h
004012E4: push dword ptr [ebp+0Ch]
004012E7: push dword ptr [ebp-04h]
004012EA: call RegDeleteKeyA (advapi32.dll)
004013A8: jmp RegDeleteKeyA (advapi32.dll)
……..: Out of watch limit, wait for ret …………
004012EF: lea eax , dword ptr [ebp-0Ch]
004012F2: push eax
004012F3: lea eax , dword ptr [ebp-08h]
004012F6: push eax
004012F7: push 00h
004012F9: push 00h
004012FB: push 01h
004012FD: push 00h
004012FF: push 00h
00401301: push dword ptr [ebp+0Ch]
00401304: push dword ptr [ebp-04h]
00401307: call RegCreateKeyExA (advapi32.dll)
004013A2: jmp RegCreateKeyExA (advapi32.dll)
……..: Out of watch limit, wait for ret …………
0040130C: push dword ptr [ebp-04h]
0040130F: call RegCloseKey (advapi32.dll)
0040139C: jmp RegCloseKey (advapi32.dll)
……..: Out of watch limit, wait for ret …………
00401314: cmp dword ptr [ebp-0Ch] , 02h
00401318: je 004012E4h
0040131A: push dword ptr [ebp-08h]
0040131D: call RegCloseKey (advapi32.dll)
0040139C: jmp RegCloseKey (advapi32.dll)
……..: Out of watch limit, wait for ret …………
00401322: leave
00401323: retn 0008h
00401352: push 40h
00401354: push 00402184h
00401359: push 00402171h
0040135E: push 00h
00401360: call MessageBoxA (user32.dll)
00401378: jmp MessageBoxA (user32.dll)
……..: Out of watch limit, wait for ret …………
00401365: push 00h
00401367: call ExitProcess (kernel32.dll)
0040137E: jmp ExitProcess (kernel32.dll)
……..: Out of watch limit, wait for ret …………