Disclaimer: This article is a blogger original article, follow the CC 4.0 BY-SA copyright agreement, reproduced, please attach the original source link and this statement.
ollydbg entry is an essential tool that I use in the win10 environment
First practice for deciphering traceme.exe
First look at the panel registers, ESP for the stack pointer to the top of the stack, the EIP points to the current instruction to be executed
F7 press about the next instruction is executed then EIP will point to the next instruction to be executed
Most registers can be edited directly
To modify this EIP
Right here you can modify the new origin EIP
Only flag register 0 and 1
Next is the single-step tracking
f7 is a single step into the call to follow up
f8 is not a single step forward through follow-up call
f9 run
f2 set breakpoints
This represents a return position 774. After execution
- No. button to return
Construction