1001CA36 |. A1 9CEC1110 MOV EAX,DWORD PTR DS:[1011EC9C]
1001CA3B |. 33C4 XOR EAX,ESP
1001CA3D |. 898424 200300>MOV DWORD PTR SS:[ESP+320],EAX
1001CA44 |. 53 PUSH EBX
1001CA45 |. 8B9C24 380300>MOV EBX,DWORD PTR SS:[ESP+338]
1001CA4C |. 55 PUSH EBP
1001CA4D |. 8BAC24 380300>MOV EBP,DWORD PTR SS:[ESP+338]
1001CA54 |. 56 PUSH ESI
1001CA55 |. 8BB424 340300>MOV ESI,DWORD PTR SS:[ESP+334]
1001CA5C |. 57 PUSH EDI
1001CA5D |. 8BBC24 3C0300>MOV EDI,DWORD PTR SS:[ESP+33C]
1001CA64 |. 68 04010000 PUSH 104 ; /n = 104 (260.)
1001CA69 |. 8D4424 1D LEA EAX,DWORD PTR SS:[ESP+1D] ; |
1001CA6D |. 6A 00 PUSH 0 ; |c = 00
1001CA6F |. 50 PUSH EAX ; |s
1001CA70 |. C74424 1C 000>MOV DWORD PTR SS:[ESP+1C],0 ; |
1001CA78 |. C64424 24 00 MOV BYTE PTR SS:[ESP+24],0 ; |
1001CA7D |. E8 3EAA0900 CALL <JMP.&MSVCR80.memset> ; \memset
1001CA82 |. 68 04010000 PUSH 104 ; /n = 104 (260.)
1001CA87 |. 8D8C24 390200>LEA ECX,DWORD PTR SS:[ESP+239] ; |
1001CA8E |. 6A 00 PUSH 0 ; |c = 00
1001CA90 |. 51 PUSH ECX ; |s
1001CA91 |. C68424 400200>MOV BYTE PTR SS:[ESP+240],0 ; |
1001CA99 |. E8 22AA0900 CALL <JMP.&MSVCR80.memset> ; \memset
1001CA9E |. 68 04010000 PUSH 104 ; /n = 104 (260.)
1001CAA3 |. 8D9424 3D0100>LEA EDX,DWORD PTR SS:[ESP+13D] ; |
1001CAAA |. 6A 00 PUSH 0 ; |c = 00
1001CAAC |. 52 PUSH EDX ; |s
1001CAAD |. C68424 440100>MOV BYTE PTR SS:[ESP+144],0 ; |
1001CAB5 |. E8 06AA0900 CALL <JMP.&MSVCR80.memset> ; \memset
1001CABA |. 83C4 24 ADD ESP,24
1001CABD |. 85F6 TEST ESI,ESI
1001CABF |. 75 24 JNZ SHORT iTunesMo.1001CAE5
1001CAC1 |. 68 544C0D10 PUSH iTunesMo.100D4C54 ; ASCII "No device"
1001CAC6 |. FF15 30320D10 CALL DWORD PTR DS:[<&CoreFoundation.__CF>; CoreFoun.__CFStringMakeConstantString
1001CACC |. 50 PUSH EAX
1001CACD |. 68 64530D10 PUSH iTunesMo.100D5364 ; ASCII "AMDeviceSetValue"
1001CAD2 |. 56 PUSH ESI
1001CAD3 |. E8 F8340000 CALL iTunesMo.1001FFD0
1001CAD8 |. 83C4 10 ADD ESP,10
1001CADB |. B8 010000E8 MOV EAX,E8000001
1001CAE0 |. E9 07010000 JMP iTunesMo.1001CBEC
1001CAE5 |> 8D46 34 LEA EAX,DWORD PTR DS:[ESI+34]
1001CAE8 |. 50 PUSH EAX
1001CAE9 |. 894424 18 MOV DWORD PTR SS:[ESP+18],EAX
1001CAED |. E8 BE360000 CALL iTunesMo.100201B0
1001CAF2 |. 8B76 2C MOV ESI,DWORD PTR DS:[ESI+2C]
1001CAF5 |. 83C4 04 ADD ESP,4
1001CAF8 |. 85F6 TEST ESI,ESI
1001CAFA |. 75 24 JNZ SHORT iTunesMo.1001CB20
1001CAFC |. 68 DC4C0D10 PUSH iTunesMo.100D4CDC ; ASCII "No connection wrapper thingy"
1001CB01 |. FF15 30320D10 CALL DWORD PTR DS:[<&CoreFoundation.__CF>; CoreFoun.__CFStringMakeConstantString
1001CB07 |. 50 PUSH EAX
1001CB08 |. 68 64530D10 PUSH iTunesMo.100D5364 ; ASCII "AMDeviceSetValue"
1001CB0D |. 56 PUSH ESI
1001CB0E |. E8 BD340000 CALL iTunesMo.1001FFD0
1001CB13 |. 83C4 10 ADD ESP,10
1001CB16 |. BE 0B0000E8 MOV ESI,E800000B
1001CB1B |. E9 BD000000 JMP iTunesMo.1001CBDD
1001CB20 |> 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+10]
1001CB24 |. 50 PUSH EAX
1001CB25 |. 53 PUSH EBX
1001CB26 |. 55 PUSH EBP
1001CB27 |. 57 PUSH EDI
1001CB28 |. 56 PUSH ESI
1001CB29 |. E8 82C7FFFF CALL iTunesMo.100192B0
1001CB2E |. 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+24]
1001CB32 |. 83C4 14 ADD ESP,14
1001CB35 |. 85C0 TEST EAX,EAX
1001CB37 |. 0F84 9E000000 JE iTunesMo.1001CBDB
1001CB3D |. 8B35 CC300D10 MOV ESI,DWORD PTR DS:[<&CoreFoundation.C>; CoreFoun.CFStringGetCString
1001CB43 |. 68 00010008 PUSH 8000100
1001CB48 |. 68 04010000 PUSH 104
1001CB4D |. 8D4C24 20 LEA ECX,DWORD PTR SS:[ESP+20]
1001CB51 |. 51 PUSH ECX
1001CB52 |. 50 PUSH EAX
1001CB53 |. FFD6 CALL ESI ; <&CoreFoundation.CFStringGetCString>
1001CB55 |. 83C4 10 ADD ESP,10
1001CB58 |. 85FF TEST EDI,EDI
1001CB5A |. 74 18 JE SHORT iTunesMo.1001CB74
1001CB5C |. 68 00010008 PUSH 8000100
1001CB61 |. 68 04010000 PUSH 104
1001CB66 |. 8D9424 300200>LEA EDX,DWORD PTR SS:[ESP+230]
1001CB6D |. 52 PUSH EDX
1001CB6E |. 57 PUSH EDI
1001CB6F |. FFD6 CALL ESI
1001CB71 |. 83C4 10 ADD ESP,10
1001CB74 |> 85ED TEST EBP,EBP
1001CB76 |. 74 18 JE SHORT iTunesMo.1001CB90
1001CB78 |. 68 00010008 PUSH 8000100
1001CB7D |. 68 04010000 PUSH 104
1001CB82 |. 8D8424 280100>LEA EAX,DWORD PTR SS:[ESP+128]
1001CB89 |. 50 PUSH EAX
1001CB8A |. 55 PUSH EBP
1001CB8B |. FFD6 CALL ESI
1001CB8D |. 83C4 10 ADD ESP,10
1001CB90 |> 8B7424 10 MOV ESI,DWORD PTR SS:[ESP+10]
1001CB94 |. E8 D7F3FFFF CALL iTunesMo.1001BF70
1001CB99 |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
1001CB9D |. 51 PUSH ECX
1001CB9E |. 8D9424 240100>LEA EDX,DWORD PTR SS:[ESP+124]
1001CBA5 |. 8BF0 MOV ESI,EAX
1001CBA7 |. 52 PUSH EDX
1001CBA8 |. 8D8424 300200>LEA EAX,DWORD PTR SS:[ESP+230]
1001CBAF |. 50 PUSH EAX
1001CBB0 |. 68 3C530D10 PUSH iTunesMo.100D533C ; ASCII "Could not set value for [%s]:[%s] %s"
1001CBB5 |. FF15 30320D10 CALL DWORD PTR DS:[<&CoreFoundation.__CF>; CoreFoun.__CFStringMakeConstantString
1001CBBB |. 83C4 04 ADD ESP,4
1001CBBE |. 50 PUSH EAX
1001CBBF |. 68 64530D10 PUSH iTunesMo.100D5364 ; ASCII "AMDeviceSetValue"
1001CBC4 |. 6A 00 PUSH 0
1001CBC6 |. E8 05340000 CALL iTunesMo.1001FFD0
1001CBCB |. 8B4C24 28 MOV ECX,DWORD PTR SS:[ESP+28]
1001CBCF |. 51 PUSH ECX
1001CBD0 |. FF15 34320D10 CALL DWORD PTR DS:[<&CoreFoundation.CFRe>; CoreFoun.CFRelease
1001CBD6 |. 83C4 1C ADD ESP,1C
1001CBD9 |. EB 02 JMP SHORT iTunesMo.1001CBDD
1001CBDB |> 33F6 XOR ESI,ESI
1001CBDD |> 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+14]
1001CBE1 |. 52 PUSH EDX
1001CBE2 |. E8 D9350000 CALL iTunesMo.100201C0
1001CBE7 |. 83C4 04 ADD ESP,4
1001CBEA |. 8BC6 MOV EAX,ESI
1001CBEC |> 8B8C24 300300>MOV ECX,DWORD PTR SS:[ESP+330]
1001CBF3 |. 5F POP EDI
1001CBF4 |. 5E POP ESI
1001CBF5 |. 5D POP EBP
1001CBF6 |. 5B POP EBX
1001CBF7 |. 33CC XOR ECX,ESP
1001CBF9 |. E8 B2A80900 CALL iTunesMo.100B74B0
1001CBFE |. 81C4 24030000 ADD ESP,324
1001CC04 \. C3 RETN
=======================================函数的名称是AMDeviceSetValue
7 个解决方案
#1
已知GetValue的原型,可以参考下:
CFStringRef AMDeviceCopyValue(
am_device device,
uint32_t mbz,
CFStringRef key);
CFStringRef AMDeviceCopyValue(
am_device device,
uint32_t mbz,
CFStringRef key);
#2
要分析啥啊,不会是每句都要分析吧?编译器编译的东西,处理局部变量和参数不用EBP,直接用ESP,看着很累啊
#3
你的函数原型确认是正确的吗?根据代码貌似会有4个参数吧?
#4
1001CA30 >/$ 81EC 24030000 SUB ESP,324
1001CA36 |. A1 9CEC1110 MOV EAX,DWORD PTR DS:[1011EC9C]
1001CA3B |. 33C4 XOR EAX,ESP
1001CA3D |. 898424 200300>MOV DWORD PTR SS:[ESP+320],EAX
1001CA44 |. 53 PUSH EBX
1001CA45 |. 8B9C24 380300>MOV EBX,DWORD PTR SS:[ESP+338]//取key保存在ebx
1001CA4C |. 55 PUSH EBP
1001CA4D |. 8BAC24 380300>MOV EBP,DWORD PTR SS:[ESP+338]//取mbz保存在ebp
1001CA54 |. 56 PUSH ESI
1001CA55 |. 8BB424 340300>MOV ESI,DWORD PTR SS:[ESP+334]//取device结构保存在esi
1001CA5C |. 57 PUSH EDI
1001CA5D |. 8BBC24 3C0300>MOV EDI,DWORD PTR SS:[ESP+33C]//未知参数(第2个)
1001CA64 |. 68 04010000 PUSH 104 ; /n = 104 (260.)
1001CA69 |. 8D4424 1D LEA EAX,DWORD PTR SS:[ESP+1D] ; |
1001CA6D |. 6A 00 PUSH 0 ; |c = 00
1001CA6F |. 50 PUSH EAX ; |s
1001CA70 |. C74424 1C 000>MOV DWORD PTR SS:[ESP+1C],0 ; |
1001CA78 |. C64424 24 00 MOV BYTE PTR SS:[ESP+24],0 ; |
1001CA7D |. E8 3EAA0900 CALL <JMP.&MSVCR80.memset> ; \memset//本次及后2次都清空0x104大小的局部变量作为缓冲区(设为LOCAL01~03)
1001CA82 |. 68 04010000 PUSH 104 ; /n = 104 (260.)
1001CA87 |. 8D8C24 390200>LEA ECX,DWORD PTR SS:[ESP+239] ; |
1001CA8E |. 6A 00 PUSH 0 ; |c = 00
1001CA90 |. 51 PUSH ECX ; |s
1001CA91 |. C68424 400200>MOV BYTE PTR SS:[ESP+240],0 ; |
1001CA99 |. E8 22AA0900 CALL <JMP.&MSVCR80.memset> ; \memset
1001CA9E |. 68 04010000 PUSH 104 ; /n = 104 (260.)
1001CAA3 |. 8D9424 3D0100>LEA EDX,DWORD PTR SS:[ESP+13D] ; |
1001CAAA |. 6A 00 PUSH 0 ; |c = 00
1001CAAC |. 52 PUSH EDX ; |s
1001CAAD |. C68424 440100>MOV BYTE PTR SS:[ESP+144],0 ; |
1001CAB5 |. E8 06AA0900 CALL <JMP.&MSVCR80.memset> ; \memset
1001CABA |. 83C4 24 ADD ESP,24
1001CABD |. 85F6 TEST ESI,ESI
1001CABF |. 75 24 JNZ SHORT iTunesMo.1001CAE5//如果device为NULL则输出无设备的错误,否则继续处理
1001CAC1 |. 68 544C0D10 PUSH iTunesMo.100D4C54 ; ASCII "No device"
1001CAC6 |. FF15 30320D10 CALL DWORD PTR DS:[<&CoreFoundation.__CF>; CoreFoun.__CFStringMakeConstantString
1001CACC |. 50 PUSH EAX
1001CACD |. 68 64530D10 PUSH iTunesMo.100D5364 ; ASCII "AMDeviceSetValue"
1001CAD2 |. 56 PUSH ESI
1001CAD3 |. E8 F8340000 CALL iTunesMo.1001FFD0//输出错误信息
1001CAD8 |. 83C4 10 ADD ESP,10
1001CADB |. B8 010000E8 MOV EAX,E8000001
1001CAE0 |. E9 07010000 JMP iTunesMo.1001CBEC
1001CAE5 |> 8D46 34 LEA EAX,DWORD PTR DS:[ESI+34]//device[34]成员地址作为参数压栈调用自定义函数
1001CAE8 |. 50 PUSH EAX
1001CAE9 |. 894424 18 MOV DWORD PTR SS:[ESP+18],EAX
1001CAED |. E8 BE360000 CALL iTunesMo.100201B0
1001CAF2 |. 8B76 2C MOV ESI,DWORD PTR DS:[ESI+2C]//查看device[2C]成员是否为NULL,如为空输出错误
1001CAF5 |. 83C4 04 ADD ESP,4
1001CAF8 |. 85F6 TEST ESI,ESI
1001CAFA |. 75 24 JNZ SHORT iTunesMo.1001CB20
1001CAFC |. 68 DC4C0D10 PUSH iTunesMo.100D4CDC ; ASCII "No connection wrapper thingy"
1001CB01 |. FF15 30320D10 CALL DWORD PTR DS:[<&CoreFoundation.__CF>; CoreFoun.__CFStringMakeConstantString
1001CB07 |. 50 PUSH EAX
1001CB08 |. 68 64530D10 PUSH iTunesMo.100D5364 ; ASCII "AMDeviceSetValue"
1001CB0D |. 56 PUSH ESI
1001CB0E |. E8 BD340000 CALL iTunesMo.1001FFD0
1001CB13 |. 83C4 10 ADD ESP,10
1001CB16 |. BE 0B0000E8 MOV ESI,E800000B
1001CB1B |. E9 BD000000 JMP iTunesMo.1001CBDD
1001CB20 |> 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+10]//某局部变量首地址(设为LOCAL01)
1001CB24 |. 50 PUSH EAX
1001CB25 |. 53 PUSH EBX//key
1001CB26 |. 55 PUSH EBP//mbz
1001CB27 |. 57 PUSH EDI//未知参数(第2个)
1001CB28 |. 56 PUSH ESI//device
1001CB29 |. E8 82C7FFFF CALL iTunesMo.100192B0
1001CB2E |. 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+24]//检验LOCAL01变量某成员
1001CB32 |. 83C4 14 ADD ESP,14
1001CB35 |. 85C0 TEST EAX,EAX
1001CB37 |. 0F84 9E000000 JE iTunesMo.1001CBDB//如果为0转返回前(是设置value成功了吗?)
1001CB3D |. 8B35 CC300D10 MOV ESI,DWORD PTR DS:[<&CoreFoundation.C>; CoreFoun.CFStringGetCString
1001CB43 |. 68 00010008 PUSH 8000100
1001CB48 |. 68 04010000 PUSH 104
1001CB4D |. 8D4C24 20 LEA ECX,DWORD PTR SS:[ESP+20]//LOCAL01变量某成员作为参数被CFStringGetCString调用
1001CB51 |. 51 PUSH ECX
1001CB52 |. 50 PUSH EAX
1001CB53 |. FFD6 CALL ESI ; <&CoreFoundation.CFStringGetCString>
1001CB55 |. 83C4 10 ADD ESP,10
1001CB58 |. 85FF TEST EDI,EDI
1001CB5A |. 74 18 JE SHORT iTunesMo.1001CB74//第2个参数为0则检验mbz是否为空
1001CB5C |. 68 00010008 PUSH 8000100
1001CB61 |. 68 04010000 PUSH 104
1001CB66 |. 8D9424 300200>LEA EDX,DWORD PTR SS:[ESP+230]//某局部变量首地址(设为LOCAL02)
1001CB6D |. 52 PUSH EDX
1001CB6E |. 57 PUSH EDI
1001CB6F |. FFD6 CALL ESI//LOCAL02变量作为参数被CFStringGetCString调用
1001CB71 |. 83C4 10 ADD ESP,10
1001CB74 |> 85ED TEST EBP,EBP//mbz是否为0
1001CB76 |. 74 18 JE SHORT iTunesMo.1001CB90
1001CB78 |. 68 00010008 PUSH 8000100
1001CB7D |. 68 04010000 PUSH 104
1001CB82 |. 8D8424 280100>LEA EAX,DWORD PTR SS:[ESP+128]//某局部变量首地址(设为LOCAL03
1001CB89 |. 50 PUSH EAX
1001CB8A |. 55 PUSH EBP
1001CB8B |. FFD6 CALL ESI//LOCAL03变量作为参数被CFStringGetCString调
1001CB8D |. 83C4 10 ADD ESP,10
1001CB90 |> 8B7424 10 MOV ESI,DWORD PTR SS:[ESP+10]
1001CB94 |. E8 D7F3FFFF CALL iTunesMo.1001BF70
1001CB99 |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
1001CB9D |. 51 PUSH ECX
1001CB9E |. 8D9424 240100>LEA EDX,DWORD PTR SS:[ESP+124]
1001CBA5 |. 8BF0 MOV ESI,EAX
1001CBA7 |. 52 PUSH EDX
1001CBA8 |. 8D8424 300200>LEA EAX,DWORD PTR SS:[ESP+230]
1001CBAF |. 50 PUSH EAX
1001CBB0 |. 68 3C530D10 PUSH iTunesMo.100D533C ; ASCII "Could not set value for [%s]:[%s] %s"
1001CBB5 |. FF15 30320D10 CALL DWORD PTR DS:[<&CoreFoundation.__CF>; CoreFoun.__CFStringMakeConstantString
1001CBBB |. 83C4 04 ADD ESP,4
1001CBBE |. 50 PUSH EAX
1001CBBF |. 68 64530D10 PUSH iTunesMo.100D5364 ; ASCII "AMDeviceSetValue"
1001CBC4 |. 6A 00 PUSH 0
1001CBC6 |. E8 05340000 CALL iTunesMo.1001FFD0//输出错误详细信息
1001CBCB |. 8B4C24 28 MOV ECX,DWORD PTR SS:[ESP+28]
1001CBCF |. 51 PUSH ECX
1001CBD0 |. FF15 34320D10 CALL DWORD PTR DS:[<&CoreFoundation.CFRe>; CoreFoun.CFRelease
1001CBD6 |. 83C4 1C ADD ESP,1C
1001CBD9 |. EB 02 JMP SHORT iTunesMo.1001CBDD
1001CBDB |> 33F6 XOR ESI,ESI//这里是成功了?
1001CBDD |> 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+14]
1001CBE1 |. 52 PUSH EDX
1001CBE2 |. E8 D9350000 CALL iTunesMo.100201C0
1001CBE7 |. 83C4 04 ADD ESP,4
1001CBEA |. 8BC6 MOV EAX,ESI
1001CBEC |> 8B8C24 300300>MOV ECX,DWORD PTR SS:[ESP+330]
1001CBF3 |. 5F POP EDI
1001CBF4 |. 5E POP ESI
1001CBF5 |. 5D POP EBP
1001CBF6 |. 5B POP EBX
1001CBF7 |. 33CC XOR ECX,ESP
1001CBF9 |. E8 B2A80900 CALL iTunesMo.100B74B0
1001CBFE |. 81C4 24030000 ADD ESP,324
1001CC04 \. C3 RETN
=======================================函数的名称是AMDeviceSetValue
1001CA36 |. A1 9CEC1110 MOV EAX,DWORD PTR DS:[1011EC9C]
1001CA3B |. 33C4 XOR EAX,ESP
1001CA3D |. 898424 200300>MOV DWORD PTR SS:[ESP+320],EAX
1001CA44 |. 53 PUSH EBX
1001CA45 |. 8B9C24 380300>MOV EBX,DWORD PTR SS:[ESP+338]//取key保存在ebx
1001CA4C |. 55 PUSH EBP
1001CA4D |. 8BAC24 380300>MOV EBP,DWORD PTR SS:[ESP+338]//取mbz保存在ebp
1001CA54 |. 56 PUSH ESI
1001CA55 |. 8BB424 340300>MOV ESI,DWORD PTR SS:[ESP+334]//取device结构保存在esi
1001CA5C |. 57 PUSH EDI
1001CA5D |. 8BBC24 3C0300>MOV EDI,DWORD PTR SS:[ESP+33C]//未知参数(第2个)
1001CA64 |. 68 04010000 PUSH 104 ; /n = 104 (260.)
1001CA69 |. 8D4424 1D LEA EAX,DWORD PTR SS:[ESP+1D] ; |
1001CA6D |. 6A 00 PUSH 0 ; |c = 00
1001CA6F |. 50 PUSH EAX ; |s
1001CA70 |. C74424 1C 000>MOV DWORD PTR SS:[ESP+1C],0 ; |
1001CA78 |. C64424 24 00 MOV BYTE PTR SS:[ESP+24],0 ; |
1001CA7D |. E8 3EAA0900 CALL <JMP.&MSVCR80.memset> ; \memset//本次及后2次都清空0x104大小的局部变量作为缓冲区(设为LOCAL01~03)
1001CA82 |. 68 04010000 PUSH 104 ; /n = 104 (260.)
1001CA87 |. 8D8C24 390200>LEA ECX,DWORD PTR SS:[ESP+239] ; |
1001CA8E |. 6A 00 PUSH 0 ; |c = 00
1001CA90 |. 51 PUSH ECX ; |s
1001CA91 |. C68424 400200>MOV BYTE PTR SS:[ESP+240],0 ; |
1001CA99 |. E8 22AA0900 CALL <JMP.&MSVCR80.memset> ; \memset
1001CA9E |. 68 04010000 PUSH 104 ; /n = 104 (260.)
1001CAA3 |. 8D9424 3D0100>LEA EDX,DWORD PTR SS:[ESP+13D] ; |
1001CAAA |. 6A 00 PUSH 0 ; |c = 00
1001CAAC |. 52 PUSH EDX ; |s
1001CAAD |. C68424 440100>MOV BYTE PTR SS:[ESP+144],0 ; |
1001CAB5 |. E8 06AA0900 CALL <JMP.&MSVCR80.memset> ; \memset
1001CABA |. 83C4 24 ADD ESP,24
1001CABD |. 85F6 TEST ESI,ESI
1001CABF |. 75 24 JNZ SHORT iTunesMo.1001CAE5//如果device为NULL则输出无设备的错误,否则继续处理
1001CAC1 |. 68 544C0D10 PUSH iTunesMo.100D4C54 ; ASCII "No device"
1001CAC6 |. FF15 30320D10 CALL DWORD PTR DS:[<&CoreFoundation.__CF>; CoreFoun.__CFStringMakeConstantString
1001CACC |. 50 PUSH EAX
1001CACD |. 68 64530D10 PUSH iTunesMo.100D5364 ; ASCII "AMDeviceSetValue"
1001CAD2 |. 56 PUSH ESI
1001CAD3 |. E8 F8340000 CALL iTunesMo.1001FFD0//输出错误信息
1001CAD8 |. 83C4 10 ADD ESP,10
1001CADB |. B8 010000E8 MOV EAX,E8000001
1001CAE0 |. E9 07010000 JMP iTunesMo.1001CBEC
1001CAE5 |> 8D46 34 LEA EAX,DWORD PTR DS:[ESI+34]//device[34]成员地址作为参数压栈调用自定义函数
1001CAE8 |. 50 PUSH EAX
1001CAE9 |. 894424 18 MOV DWORD PTR SS:[ESP+18],EAX
1001CAED |. E8 BE360000 CALL iTunesMo.100201B0
1001CAF2 |. 8B76 2C MOV ESI,DWORD PTR DS:[ESI+2C]//查看device[2C]成员是否为NULL,如为空输出错误
1001CAF5 |. 83C4 04 ADD ESP,4
1001CAF8 |. 85F6 TEST ESI,ESI
1001CAFA |. 75 24 JNZ SHORT iTunesMo.1001CB20
1001CAFC |. 68 DC4C0D10 PUSH iTunesMo.100D4CDC ; ASCII "No connection wrapper thingy"
1001CB01 |. FF15 30320D10 CALL DWORD PTR DS:[<&CoreFoundation.__CF>; CoreFoun.__CFStringMakeConstantString
1001CB07 |. 50 PUSH EAX
1001CB08 |. 68 64530D10 PUSH iTunesMo.100D5364 ; ASCII "AMDeviceSetValue"
1001CB0D |. 56 PUSH ESI
1001CB0E |. E8 BD340000 CALL iTunesMo.1001FFD0
1001CB13 |. 83C4 10 ADD ESP,10
1001CB16 |. BE 0B0000E8 MOV ESI,E800000B
1001CB1B |. E9 BD000000 JMP iTunesMo.1001CBDD
1001CB20 |> 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+10]//某局部变量首地址(设为LOCAL01)
1001CB24 |. 50 PUSH EAX
1001CB25 |. 53 PUSH EBX//key
1001CB26 |. 55 PUSH EBP//mbz
1001CB27 |. 57 PUSH EDI//未知参数(第2个)
1001CB28 |. 56 PUSH ESI//device
1001CB29 |. E8 82C7FFFF CALL iTunesMo.100192B0
1001CB2E |. 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+24]//检验LOCAL01变量某成员
1001CB32 |. 83C4 14 ADD ESP,14
1001CB35 |. 85C0 TEST EAX,EAX
1001CB37 |. 0F84 9E000000 JE iTunesMo.1001CBDB//如果为0转返回前(是设置value成功了吗?)
1001CB3D |. 8B35 CC300D10 MOV ESI,DWORD PTR DS:[<&CoreFoundation.C>; CoreFoun.CFStringGetCString
1001CB43 |. 68 00010008 PUSH 8000100
1001CB48 |. 68 04010000 PUSH 104
1001CB4D |. 8D4C24 20 LEA ECX,DWORD PTR SS:[ESP+20]//LOCAL01变量某成员作为参数被CFStringGetCString调用
1001CB51 |. 51 PUSH ECX
1001CB52 |. 50 PUSH EAX
1001CB53 |. FFD6 CALL ESI ; <&CoreFoundation.CFStringGetCString>
1001CB55 |. 83C4 10 ADD ESP,10
1001CB58 |. 85FF TEST EDI,EDI
1001CB5A |. 74 18 JE SHORT iTunesMo.1001CB74//第2个参数为0则检验mbz是否为空
1001CB5C |. 68 00010008 PUSH 8000100
1001CB61 |. 68 04010000 PUSH 104
1001CB66 |. 8D9424 300200>LEA EDX,DWORD PTR SS:[ESP+230]//某局部变量首地址(设为LOCAL02)
1001CB6D |. 52 PUSH EDX
1001CB6E |. 57 PUSH EDI
1001CB6F |. FFD6 CALL ESI//LOCAL02变量作为参数被CFStringGetCString调用
1001CB71 |. 83C4 10 ADD ESP,10
1001CB74 |> 85ED TEST EBP,EBP//mbz是否为0
1001CB76 |. 74 18 JE SHORT iTunesMo.1001CB90
1001CB78 |. 68 00010008 PUSH 8000100
1001CB7D |. 68 04010000 PUSH 104
1001CB82 |. 8D8424 280100>LEA EAX,DWORD PTR SS:[ESP+128]//某局部变量首地址(设为LOCAL03
1001CB89 |. 50 PUSH EAX
1001CB8A |. 55 PUSH EBP
1001CB8B |. FFD6 CALL ESI//LOCAL03变量作为参数被CFStringGetCString调
1001CB8D |. 83C4 10 ADD ESP,10
1001CB90 |> 8B7424 10 MOV ESI,DWORD PTR SS:[ESP+10]
1001CB94 |. E8 D7F3FFFF CALL iTunesMo.1001BF70
1001CB99 |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
1001CB9D |. 51 PUSH ECX
1001CB9E |. 8D9424 240100>LEA EDX,DWORD PTR SS:[ESP+124]
1001CBA5 |. 8BF0 MOV ESI,EAX
1001CBA7 |. 52 PUSH EDX
1001CBA8 |. 8D8424 300200>LEA EAX,DWORD PTR SS:[ESP+230]
1001CBAF |. 50 PUSH EAX
1001CBB0 |. 68 3C530D10 PUSH iTunesMo.100D533C ; ASCII "Could not set value for [%s]:[%s] %s"
1001CBB5 |. FF15 30320D10 CALL DWORD PTR DS:[<&CoreFoundation.__CF>; CoreFoun.__CFStringMakeConstantString
1001CBBB |. 83C4 04 ADD ESP,4
1001CBBE |. 50 PUSH EAX
1001CBBF |. 68 64530D10 PUSH iTunesMo.100D5364 ; ASCII "AMDeviceSetValue"
1001CBC4 |. 6A 00 PUSH 0
1001CBC6 |. E8 05340000 CALL iTunesMo.1001FFD0//输出错误详细信息
1001CBCB |. 8B4C24 28 MOV ECX,DWORD PTR SS:[ESP+28]
1001CBCF |. 51 PUSH ECX
1001CBD0 |. FF15 34320D10 CALL DWORD PTR DS:[<&CoreFoundation.CFRe>; CoreFoun.CFRelease
1001CBD6 |. 83C4 1C ADD ESP,1C
1001CBD9 |. EB 02 JMP SHORT iTunesMo.1001CBDD
1001CBDB |> 33F6 XOR ESI,ESI//这里是成功了?
1001CBDD |> 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+14]
1001CBE1 |. 52 PUSH EDX
1001CBE2 |. E8 D9350000 CALL iTunesMo.100201C0
1001CBE7 |. 83C4 04 ADD ESP,4
1001CBEA |. 8BC6 MOV EAX,ESI
1001CBEC |> 8B8C24 300300>MOV ECX,DWORD PTR SS:[ESP+330]
1001CBF3 |. 5F POP EDI
1001CBF4 |. 5E POP ESI
1001CBF5 |. 5D POP EBP
1001CBF6 |. 5B POP EBX
1001CBF7 |. 33CC XOR ECX,ESP
1001CBF9 |. E8 B2A80900 CALL iTunesMo.100B74B0
1001CBFE |. 81C4 24030000 ADD ESP,324
1001CC04 \. C3 RETN
=======================================函数的名称是AMDeviceSetValue
#5
谢谢,结贴
#6
那么到底是几个参数啊?3个还是4个?
#7
uint AMDeviceSetValue(
am_device device,
uint32_t mbz,
CFStringRef key,CFStringRef Name);
am_device device,
uint32_t mbz,
CFStringRef key,CFStringRef Name);
#1
已知GetValue的原型,可以参考下:
CFStringRef AMDeviceCopyValue(
am_device device,
uint32_t mbz,
CFStringRef key);
CFStringRef AMDeviceCopyValue(
am_device device,
uint32_t mbz,
CFStringRef key);
#2
要分析啥啊,不会是每句都要分析吧?编译器编译的东西,处理局部变量和参数不用EBP,直接用ESP,看着很累啊
#3
你的函数原型确认是正确的吗?根据代码貌似会有4个参数吧?
#4
1001CA30 >/$ 81EC 24030000 SUB ESP,324
1001CA36 |. A1 9CEC1110 MOV EAX,DWORD PTR DS:[1011EC9C]
1001CA3B |. 33C4 XOR EAX,ESP
1001CA3D |. 898424 200300>MOV DWORD PTR SS:[ESP+320],EAX
1001CA44 |. 53 PUSH EBX
1001CA45 |. 8B9C24 380300>MOV EBX,DWORD PTR SS:[ESP+338]//取key保存在ebx
1001CA4C |. 55 PUSH EBP
1001CA4D |. 8BAC24 380300>MOV EBP,DWORD PTR SS:[ESP+338]//取mbz保存在ebp
1001CA54 |. 56 PUSH ESI
1001CA55 |. 8BB424 340300>MOV ESI,DWORD PTR SS:[ESP+334]//取device结构保存在esi
1001CA5C |. 57 PUSH EDI
1001CA5D |. 8BBC24 3C0300>MOV EDI,DWORD PTR SS:[ESP+33C]//未知参数(第2个)
1001CA64 |. 68 04010000 PUSH 104 ; /n = 104 (260.)
1001CA69 |. 8D4424 1D LEA EAX,DWORD PTR SS:[ESP+1D] ; |
1001CA6D |. 6A 00 PUSH 0 ; |c = 00
1001CA6F |. 50 PUSH EAX ; |s
1001CA70 |. C74424 1C 000>MOV DWORD PTR SS:[ESP+1C],0 ; |
1001CA78 |. C64424 24 00 MOV BYTE PTR SS:[ESP+24],0 ; |
1001CA7D |. E8 3EAA0900 CALL <JMP.&MSVCR80.memset> ; \memset//本次及后2次都清空0x104大小的局部变量作为缓冲区(设为LOCAL01~03)
1001CA82 |. 68 04010000 PUSH 104 ; /n = 104 (260.)
1001CA87 |. 8D8C24 390200>LEA ECX,DWORD PTR SS:[ESP+239] ; |
1001CA8E |. 6A 00 PUSH 0 ; |c = 00
1001CA90 |. 51 PUSH ECX ; |s
1001CA91 |. C68424 400200>MOV BYTE PTR SS:[ESP+240],0 ; |
1001CA99 |. E8 22AA0900 CALL <JMP.&MSVCR80.memset> ; \memset
1001CA9E |. 68 04010000 PUSH 104 ; /n = 104 (260.)
1001CAA3 |. 8D9424 3D0100>LEA EDX,DWORD PTR SS:[ESP+13D] ; |
1001CAAA |. 6A 00 PUSH 0 ; |c = 00
1001CAAC |. 52 PUSH EDX ; |s
1001CAAD |. C68424 440100>MOV BYTE PTR SS:[ESP+144],0 ; |
1001CAB5 |. E8 06AA0900 CALL <JMP.&MSVCR80.memset> ; \memset
1001CABA |. 83C4 24 ADD ESP,24
1001CABD |. 85F6 TEST ESI,ESI
1001CABF |. 75 24 JNZ SHORT iTunesMo.1001CAE5//如果device为NULL则输出无设备的错误,否则继续处理
1001CAC1 |. 68 544C0D10 PUSH iTunesMo.100D4C54 ; ASCII "No device"
1001CAC6 |. FF15 30320D10 CALL DWORD PTR DS:[<&CoreFoundation.__CF>; CoreFoun.__CFStringMakeConstantString
1001CACC |. 50 PUSH EAX
1001CACD |. 68 64530D10 PUSH iTunesMo.100D5364 ; ASCII "AMDeviceSetValue"
1001CAD2 |. 56 PUSH ESI
1001CAD3 |. E8 F8340000 CALL iTunesMo.1001FFD0//输出错误信息
1001CAD8 |. 83C4 10 ADD ESP,10
1001CADB |. B8 010000E8 MOV EAX,E8000001
1001CAE0 |. E9 07010000 JMP iTunesMo.1001CBEC
1001CAE5 |> 8D46 34 LEA EAX,DWORD PTR DS:[ESI+34]//device[34]成员地址作为参数压栈调用自定义函数
1001CAE8 |. 50 PUSH EAX
1001CAE9 |. 894424 18 MOV DWORD PTR SS:[ESP+18],EAX
1001CAED |. E8 BE360000 CALL iTunesMo.100201B0
1001CAF2 |. 8B76 2C MOV ESI,DWORD PTR DS:[ESI+2C]//查看device[2C]成员是否为NULL,如为空输出错误
1001CAF5 |. 83C4 04 ADD ESP,4
1001CAF8 |. 85F6 TEST ESI,ESI
1001CAFA |. 75 24 JNZ SHORT iTunesMo.1001CB20
1001CAFC |. 68 DC4C0D10 PUSH iTunesMo.100D4CDC ; ASCII "No connection wrapper thingy"
1001CB01 |. FF15 30320D10 CALL DWORD PTR DS:[<&CoreFoundation.__CF>; CoreFoun.__CFStringMakeConstantString
1001CB07 |. 50 PUSH EAX
1001CB08 |. 68 64530D10 PUSH iTunesMo.100D5364 ; ASCII "AMDeviceSetValue"
1001CB0D |. 56 PUSH ESI
1001CB0E |. E8 BD340000 CALL iTunesMo.1001FFD0
1001CB13 |. 83C4 10 ADD ESP,10
1001CB16 |. BE 0B0000E8 MOV ESI,E800000B
1001CB1B |. E9 BD000000 JMP iTunesMo.1001CBDD
1001CB20 |> 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+10]//某局部变量首地址(设为LOCAL01)
1001CB24 |. 50 PUSH EAX
1001CB25 |. 53 PUSH EBX//key
1001CB26 |. 55 PUSH EBP//mbz
1001CB27 |. 57 PUSH EDI//未知参数(第2个)
1001CB28 |. 56 PUSH ESI//device
1001CB29 |. E8 82C7FFFF CALL iTunesMo.100192B0
1001CB2E |. 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+24]//检验LOCAL01变量某成员
1001CB32 |. 83C4 14 ADD ESP,14
1001CB35 |. 85C0 TEST EAX,EAX
1001CB37 |. 0F84 9E000000 JE iTunesMo.1001CBDB//如果为0转返回前(是设置value成功了吗?)
1001CB3D |. 8B35 CC300D10 MOV ESI,DWORD PTR DS:[<&CoreFoundation.C>; CoreFoun.CFStringGetCString
1001CB43 |. 68 00010008 PUSH 8000100
1001CB48 |. 68 04010000 PUSH 104
1001CB4D |. 8D4C24 20 LEA ECX,DWORD PTR SS:[ESP+20]//LOCAL01变量某成员作为参数被CFStringGetCString调用
1001CB51 |. 51 PUSH ECX
1001CB52 |. 50 PUSH EAX
1001CB53 |. FFD6 CALL ESI ; <&CoreFoundation.CFStringGetCString>
1001CB55 |. 83C4 10 ADD ESP,10
1001CB58 |. 85FF TEST EDI,EDI
1001CB5A |. 74 18 JE SHORT iTunesMo.1001CB74//第2个参数为0则检验mbz是否为空
1001CB5C |. 68 00010008 PUSH 8000100
1001CB61 |. 68 04010000 PUSH 104
1001CB66 |. 8D9424 300200>LEA EDX,DWORD PTR SS:[ESP+230]//某局部变量首地址(设为LOCAL02)
1001CB6D |. 52 PUSH EDX
1001CB6E |. 57 PUSH EDI
1001CB6F |. FFD6 CALL ESI//LOCAL02变量作为参数被CFStringGetCString调用
1001CB71 |. 83C4 10 ADD ESP,10
1001CB74 |> 85ED TEST EBP,EBP//mbz是否为0
1001CB76 |. 74 18 JE SHORT iTunesMo.1001CB90
1001CB78 |. 68 00010008 PUSH 8000100
1001CB7D |. 68 04010000 PUSH 104
1001CB82 |. 8D8424 280100>LEA EAX,DWORD PTR SS:[ESP+128]//某局部变量首地址(设为LOCAL03
1001CB89 |. 50 PUSH EAX
1001CB8A |. 55 PUSH EBP
1001CB8B |. FFD6 CALL ESI//LOCAL03变量作为参数被CFStringGetCString调
1001CB8D |. 83C4 10 ADD ESP,10
1001CB90 |> 8B7424 10 MOV ESI,DWORD PTR SS:[ESP+10]
1001CB94 |. E8 D7F3FFFF CALL iTunesMo.1001BF70
1001CB99 |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
1001CB9D |. 51 PUSH ECX
1001CB9E |. 8D9424 240100>LEA EDX,DWORD PTR SS:[ESP+124]
1001CBA5 |. 8BF0 MOV ESI,EAX
1001CBA7 |. 52 PUSH EDX
1001CBA8 |. 8D8424 300200>LEA EAX,DWORD PTR SS:[ESP+230]
1001CBAF |. 50 PUSH EAX
1001CBB0 |. 68 3C530D10 PUSH iTunesMo.100D533C ; ASCII "Could not set value for [%s]:[%s] %s"
1001CBB5 |. FF15 30320D10 CALL DWORD PTR DS:[<&CoreFoundation.__CF>; CoreFoun.__CFStringMakeConstantString
1001CBBB |. 83C4 04 ADD ESP,4
1001CBBE |. 50 PUSH EAX
1001CBBF |. 68 64530D10 PUSH iTunesMo.100D5364 ; ASCII "AMDeviceSetValue"
1001CBC4 |. 6A 00 PUSH 0
1001CBC6 |. E8 05340000 CALL iTunesMo.1001FFD0//输出错误详细信息
1001CBCB |. 8B4C24 28 MOV ECX,DWORD PTR SS:[ESP+28]
1001CBCF |. 51 PUSH ECX
1001CBD0 |. FF15 34320D10 CALL DWORD PTR DS:[<&CoreFoundation.CFRe>; CoreFoun.CFRelease
1001CBD6 |. 83C4 1C ADD ESP,1C
1001CBD9 |. EB 02 JMP SHORT iTunesMo.1001CBDD
1001CBDB |> 33F6 XOR ESI,ESI//这里是成功了?
1001CBDD |> 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+14]
1001CBE1 |. 52 PUSH EDX
1001CBE2 |. E8 D9350000 CALL iTunesMo.100201C0
1001CBE7 |. 83C4 04 ADD ESP,4
1001CBEA |. 8BC6 MOV EAX,ESI
1001CBEC |> 8B8C24 300300>MOV ECX,DWORD PTR SS:[ESP+330]
1001CBF3 |. 5F POP EDI
1001CBF4 |. 5E POP ESI
1001CBF5 |. 5D POP EBP
1001CBF6 |. 5B POP EBX
1001CBF7 |. 33CC XOR ECX,ESP
1001CBF9 |. E8 B2A80900 CALL iTunesMo.100B74B0
1001CBFE |. 81C4 24030000 ADD ESP,324
1001CC04 \. C3 RETN
=======================================函数的名称是AMDeviceSetValue
1001CA36 |. A1 9CEC1110 MOV EAX,DWORD PTR DS:[1011EC9C]
1001CA3B |. 33C4 XOR EAX,ESP
1001CA3D |. 898424 200300>MOV DWORD PTR SS:[ESP+320],EAX
1001CA44 |. 53 PUSH EBX
1001CA45 |. 8B9C24 380300>MOV EBX,DWORD PTR SS:[ESP+338]//取key保存在ebx
1001CA4C |. 55 PUSH EBP
1001CA4D |. 8BAC24 380300>MOV EBP,DWORD PTR SS:[ESP+338]//取mbz保存在ebp
1001CA54 |. 56 PUSH ESI
1001CA55 |. 8BB424 340300>MOV ESI,DWORD PTR SS:[ESP+334]//取device结构保存在esi
1001CA5C |. 57 PUSH EDI
1001CA5D |. 8BBC24 3C0300>MOV EDI,DWORD PTR SS:[ESP+33C]//未知参数(第2个)
1001CA64 |. 68 04010000 PUSH 104 ; /n = 104 (260.)
1001CA69 |. 8D4424 1D LEA EAX,DWORD PTR SS:[ESP+1D] ; |
1001CA6D |. 6A 00 PUSH 0 ; |c = 00
1001CA6F |. 50 PUSH EAX ; |s
1001CA70 |. C74424 1C 000>MOV DWORD PTR SS:[ESP+1C],0 ; |
1001CA78 |. C64424 24 00 MOV BYTE PTR SS:[ESP+24],0 ; |
1001CA7D |. E8 3EAA0900 CALL <JMP.&MSVCR80.memset> ; \memset//本次及后2次都清空0x104大小的局部变量作为缓冲区(设为LOCAL01~03)
1001CA82 |. 68 04010000 PUSH 104 ; /n = 104 (260.)
1001CA87 |. 8D8C24 390200>LEA ECX,DWORD PTR SS:[ESP+239] ; |
1001CA8E |. 6A 00 PUSH 0 ; |c = 00
1001CA90 |. 51 PUSH ECX ; |s
1001CA91 |. C68424 400200>MOV BYTE PTR SS:[ESP+240],0 ; |
1001CA99 |. E8 22AA0900 CALL <JMP.&MSVCR80.memset> ; \memset
1001CA9E |. 68 04010000 PUSH 104 ; /n = 104 (260.)
1001CAA3 |. 8D9424 3D0100>LEA EDX,DWORD PTR SS:[ESP+13D] ; |
1001CAAA |. 6A 00 PUSH 0 ; |c = 00
1001CAAC |. 52 PUSH EDX ; |s
1001CAAD |. C68424 440100>MOV BYTE PTR SS:[ESP+144],0 ; |
1001CAB5 |. E8 06AA0900 CALL <JMP.&MSVCR80.memset> ; \memset
1001CABA |. 83C4 24 ADD ESP,24
1001CABD |. 85F6 TEST ESI,ESI
1001CABF |. 75 24 JNZ SHORT iTunesMo.1001CAE5//如果device为NULL则输出无设备的错误,否则继续处理
1001CAC1 |. 68 544C0D10 PUSH iTunesMo.100D4C54 ; ASCII "No device"
1001CAC6 |. FF15 30320D10 CALL DWORD PTR DS:[<&CoreFoundation.__CF>; CoreFoun.__CFStringMakeConstantString
1001CACC |. 50 PUSH EAX
1001CACD |. 68 64530D10 PUSH iTunesMo.100D5364 ; ASCII "AMDeviceSetValue"
1001CAD2 |. 56 PUSH ESI
1001CAD3 |. E8 F8340000 CALL iTunesMo.1001FFD0//输出错误信息
1001CAD8 |. 83C4 10 ADD ESP,10
1001CADB |. B8 010000E8 MOV EAX,E8000001
1001CAE0 |. E9 07010000 JMP iTunesMo.1001CBEC
1001CAE5 |> 8D46 34 LEA EAX,DWORD PTR DS:[ESI+34]//device[34]成员地址作为参数压栈调用自定义函数
1001CAE8 |. 50 PUSH EAX
1001CAE9 |. 894424 18 MOV DWORD PTR SS:[ESP+18],EAX
1001CAED |. E8 BE360000 CALL iTunesMo.100201B0
1001CAF2 |. 8B76 2C MOV ESI,DWORD PTR DS:[ESI+2C]//查看device[2C]成员是否为NULL,如为空输出错误
1001CAF5 |. 83C4 04 ADD ESP,4
1001CAF8 |. 85F6 TEST ESI,ESI
1001CAFA |. 75 24 JNZ SHORT iTunesMo.1001CB20
1001CAFC |. 68 DC4C0D10 PUSH iTunesMo.100D4CDC ; ASCII "No connection wrapper thingy"
1001CB01 |. FF15 30320D10 CALL DWORD PTR DS:[<&CoreFoundation.__CF>; CoreFoun.__CFStringMakeConstantString
1001CB07 |. 50 PUSH EAX
1001CB08 |. 68 64530D10 PUSH iTunesMo.100D5364 ; ASCII "AMDeviceSetValue"
1001CB0D |. 56 PUSH ESI
1001CB0E |. E8 BD340000 CALL iTunesMo.1001FFD0
1001CB13 |. 83C4 10 ADD ESP,10
1001CB16 |. BE 0B0000E8 MOV ESI,E800000B
1001CB1B |. E9 BD000000 JMP iTunesMo.1001CBDD
1001CB20 |> 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+10]//某局部变量首地址(设为LOCAL01)
1001CB24 |. 50 PUSH EAX
1001CB25 |. 53 PUSH EBX//key
1001CB26 |. 55 PUSH EBP//mbz
1001CB27 |. 57 PUSH EDI//未知参数(第2个)
1001CB28 |. 56 PUSH ESI//device
1001CB29 |. E8 82C7FFFF CALL iTunesMo.100192B0
1001CB2E |. 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+24]//检验LOCAL01变量某成员
1001CB32 |. 83C4 14 ADD ESP,14
1001CB35 |. 85C0 TEST EAX,EAX
1001CB37 |. 0F84 9E000000 JE iTunesMo.1001CBDB//如果为0转返回前(是设置value成功了吗?)
1001CB3D |. 8B35 CC300D10 MOV ESI,DWORD PTR DS:[<&CoreFoundation.C>; CoreFoun.CFStringGetCString
1001CB43 |. 68 00010008 PUSH 8000100
1001CB48 |. 68 04010000 PUSH 104
1001CB4D |. 8D4C24 20 LEA ECX,DWORD PTR SS:[ESP+20]//LOCAL01变量某成员作为参数被CFStringGetCString调用
1001CB51 |. 51 PUSH ECX
1001CB52 |. 50 PUSH EAX
1001CB53 |. FFD6 CALL ESI ; <&CoreFoundation.CFStringGetCString>
1001CB55 |. 83C4 10 ADD ESP,10
1001CB58 |. 85FF TEST EDI,EDI
1001CB5A |. 74 18 JE SHORT iTunesMo.1001CB74//第2个参数为0则检验mbz是否为空
1001CB5C |. 68 00010008 PUSH 8000100
1001CB61 |. 68 04010000 PUSH 104
1001CB66 |. 8D9424 300200>LEA EDX,DWORD PTR SS:[ESP+230]//某局部变量首地址(设为LOCAL02)
1001CB6D |. 52 PUSH EDX
1001CB6E |. 57 PUSH EDI
1001CB6F |. FFD6 CALL ESI//LOCAL02变量作为参数被CFStringGetCString调用
1001CB71 |. 83C4 10 ADD ESP,10
1001CB74 |> 85ED TEST EBP,EBP//mbz是否为0
1001CB76 |. 74 18 JE SHORT iTunesMo.1001CB90
1001CB78 |. 68 00010008 PUSH 8000100
1001CB7D |. 68 04010000 PUSH 104
1001CB82 |. 8D8424 280100>LEA EAX,DWORD PTR SS:[ESP+128]//某局部变量首地址(设为LOCAL03
1001CB89 |. 50 PUSH EAX
1001CB8A |. 55 PUSH EBP
1001CB8B |. FFD6 CALL ESI//LOCAL03变量作为参数被CFStringGetCString调
1001CB8D |. 83C4 10 ADD ESP,10
1001CB90 |> 8B7424 10 MOV ESI,DWORD PTR SS:[ESP+10]
1001CB94 |. E8 D7F3FFFF CALL iTunesMo.1001BF70
1001CB99 |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
1001CB9D |. 51 PUSH ECX
1001CB9E |. 8D9424 240100>LEA EDX,DWORD PTR SS:[ESP+124]
1001CBA5 |. 8BF0 MOV ESI,EAX
1001CBA7 |. 52 PUSH EDX
1001CBA8 |. 8D8424 300200>LEA EAX,DWORD PTR SS:[ESP+230]
1001CBAF |. 50 PUSH EAX
1001CBB0 |. 68 3C530D10 PUSH iTunesMo.100D533C ; ASCII "Could not set value for [%s]:[%s] %s"
1001CBB5 |. FF15 30320D10 CALL DWORD PTR DS:[<&CoreFoundation.__CF>; CoreFoun.__CFStringMakeConstantString
1001CBBB |. 83C4 04 ADD ESP,4
1001CBBE |. 50 PUSH EAX
1001CBBF |. 68 64530D10 PUSH iTunesMo.100D5364 ; ASCII "AMDeviceSetValue"
1001CBC4 |. 6A 00 PUSH 0
1001CBC6 |. E8 05340000 CALL iTunesMo.1001FFD0//输出错误详细信息
1001CBCB |. 8B4C24 28 MOV ECX,DWORD PTR SS:[ESP+28]
1001CBCF |. 51 PUSH ECX
1001CBD0 |. FF15 34320D10 CALL DWORD PTR DS:[<&CoreFoundation.CFRe>; CoreFoun.CFRelease
1001CBD6 |. 83C4 1C ADD ESP,1C
1001CBD9 |. EB 02 JMP SHORT iTunesMo.1001CBDD
1001CBDB |> 33F6 XOR ESI,ESI//这里是成功了?
1001CBDD |> 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+14]
1001CBE1 |. 52 PUSH EDX
1001CBE2 |. E8 D9350000 CALL iTunesMo.100201C0
1001CBE7 |. 83C4 04 ADD ESP,4
1001CBEA |. 8BC6 MOV EAX,ESI
1001CBEC |> 8B8C24 300300>MOV ECX,DWORD PTR SS:[ESP+330]
1001CBF3 |. 5F POP EDI
1001CBF4 |. 5E POP ESI
1001CBF5 |. 5D POP EBP
1001CBF6 |. 5B POP EBX
1001CBF7 |. 33CC XOR ECX,ESP
1001CBF9 |. E8 B2A80900 CALL iTunesMo.100B74B0
1001CBFE |. 81C4 24030000 ADD ESP,324
1001CC04 \. C3 RETN
=======================================函数的名称是AMDeviceSetValue
#5
谢谢,结贴
#6
那么到底是几个参数啊?3个还是4个?
#7
uint AMDeviceSetValue(
am_device device,
uint32_t mbz,
CFStringRef key,CFStringRef Name);
am_device device,
uint32_t mbz,
CFStringRef key,CFStringRef Name);