// 每多调用一个函数,地址就减少
// 当断下时,栈地址=063DF674
// 代码为
.text:004FDC16 mov edx, [esp+34h+uType]
.text:004FDC1A push edx ; uType
.text:004FDC1B push eax ; lpCaption
.text:004FDC1C push ebp ; lpText
.text:004FDC1D push edi ; hWnd
.text:004FDC1E call ds:MessageBoxW // 栈地址=063DF674
// 此时,按F7步入MessageBoxW,栈地址就变为063DF670,栈地址减小了
063DF670 004FDC24 neg_msgbox_sub_4FDB50+D4
063DF674 00010010 // 断下时的栈顶
063DF678 0394E340 debug080:0394E340
063DF67C 03949690 debug080:03949690
063DF680 00041030
063DF684 BB18CB49
063DF688 00000035
063DF68C 76B89F90 USER32:user32_GetDesktopWindow
063DF690 00000000
063DF694 00000C8A
063DF698 0394AF70 debug080:0394AF70
063DF69C 03949690 debug080:03949690
063DF6A0 063D0000
063DF6A4 0000000F
063DF6A8 BB18CB59
063DF6AC 063DF8A4 debug286:063DF8A4
063DF6B0 006E09A0 sub_5CF400:SEH_46DB50
063DF6B4 00000001
063DF6B8 0050AE10 sub_50A1A0+C70
063DF6BC 00010010
063DF6C0 0394E340 debug080:0394E340
063DF6C4 063DF700 debug286:063DF700
063DF6C8 00041030
063DF6CC BB18CB11
063DF6D0 011E7470 debug011:011E7470
063DF6D4 0393BBE0 debug080:0393BBE0
063DF6D8 063DF934 debug286:063DF934
063DF6DC 00000C50
063DF6E0 FFFFFFFE
063DF6E4 012B0000 debug030:012B0000
063DF6E8 4014006A
063DF6EC 00000000
063DF6F0 772A0000 ntdll:772A0000
063DF6F4 0394E340 debug080:0394E340
063DF6F8 00000000
063DF6FC 00000157
063DF700 204D4449
063DF704 63207369
063DF708 7572726F Crypt32:crypt32_I_CryptInstallOssGlobal+546F
063DF70C A2007470
063DF710 70747468
063DF714 772F2F3A ntdll:ntdll_RtlGetThreadPreferredUILanguages+18A
063DF718 692E7777
063DF71C 7265746E
063DF720 6474656E
063DF724 6C6E776F
063DF728 6D64616F
063DF72C 67616E61 dcomp:67616E61
063DF730 632E7265
063DF734 642F6D6F
063DF738 6C6E776F
063DF73C 3264616F
063DF740 6D74682E
063DF744 0000006C
063DF748 20656854
063DF74C 6E69616D
063DF750 4D444920
063DF754 65786520
063DF758 69747563
063DF75C 66206576
063DF760 20656C69
063DF764 64207369
063DF768 67616D61 dcomp:67616D61
063DF76C 202E6465
063DF770 73277449 mswsock:73277449
063DF774 736F7020
063DF778 6C626973
063DF77C 68742065 COMCTL32:comctl32_Ordinal234+BEE5
063DF780 69207461
063DF784 61772074
063DF788 6E692073
063DF78C 74636566 windows.storage:74636566
063DF790 77206465 COMDLG32:77206465
063DF794 20687469
063DF798 69762061
063DF79C 2E737572
063DF7A0 0A0D0A0D
063DF7A4 61656C50
063DF7A8 64206573
063DF7AC 6C6E776F
063DF7B0 2064616F
063DF7B4 20656874
063DF7B8 6574616C
063DF7BC 76207473 SETUPAPI:76207473
063DF7C0 69737265
063DF7C4 6F206E6F
063DF7C8 44492066
063DF7CC 7266204D
063DF7D0 6F206D6F
063DF7D4 77207275 COMDLG32:77207275
063DF7D8 73206265 RASAPI32:73206265
063DF7DC 2C657469
063DF7E0 646E6120
063DF7E4 736E6920
063DF7E8 6C6C6174
063DF7EC 20746920
063DF7F0 7265766F
063DF7F4 756F7920 Crypt32:crypt32_RegCreateHKCUKeyExU+8F20
063DF7F8 75632072 KERNEL32:kernel32_WakeConditionVariable+1E8C
063DF7FC 6E657272
063DF800 65762074
063DF804 6F697372
063DF808 4A202E6E
063DF80C 20747375
063DF810 206E7572
063DF814 6E776F64
063DF818 64616F6C
063DF81C 49206465
063DF820 69204D44
063DF824 6174736E
063DF828 72656C6C
063DF82C 6E61202C
063DF830 74692064 windows.storage:74692064
063DF834 6C697720
063DF838 6572206C
063DF83C 63616C70 schannel:schannel_SpLsaModeInitialize+12420
063DF840 68742065 COMCTL32:comctl32_Ordinal234+BEE5
063DF844 61642065
063DF848 6567616D
063DF84C 69662064
063DF850 2E73656C
063DF854 206F4420
063DF858 20746F6E
063DF85C 72726F77
063DF860 62202C79
063DF864 75616365 KERNEL32:kernel32_Wow64Transition+4331
063DF868 61206573
063DF86C 64206C6C
063DF870 6C6E776F
063DF874 7364616F
063DF878 646E6120
063DF87C 4D444920
063DF880 74657320 windows.storage:74657320
063DF884 676E6974 dcomp:dcomp_DllGetClassObject+31B04
063DF888 69772073
063DF88C 6E206C6C
063DF890 6220746F
063DF894 66612065
063DF898 74636566 windows.storage:74636566
063DF89C 01006465
063DF8A0 BB18CB21
063DF8A4 063DF928 debug286:063DF928
063DF8A8 006CEB9C sub_506E90:SEH_47A1A0
063DF8AC 00000000
063DF8B0 00682640 _AfxThreadEntry(void *)+DA
063DF8B4 00000000
063DF8B8 BB18C4F5
063DF8BC 006AD07B _threadstartex(x)
063DF8C0 0394E930 debug080:0394E930
063DF8C4 0394E930 debug080:0394E930
063DF8C8 00000000
063DF8CC 0078458C .rdata:const CWnd::`vftable’
063DF8D0 00000001
063DF8D4 00000000
063DF8D8 00000000
063DF8DC 00000000
063DF8E0 00000001
063DF8E4 00000000
063DF8E8 012C57D8 debug030:012C57D8
063DF8EC 00000000
063DF8F0 D378BE00
063DF8F4 00000000
063DF8F8 00000000
063DF8FC 007844FC .rdata:const CWnd::XAccessible::`vftable’
063DF900 00784570 .rdata:const CWnd::XAccessibleServer::`vftable’
063DF904 00000000
063DF908 00000000
063DF90C 00000000
063DF910 00000000
063DF914 00000000
063DF918 00000000
063DF91C 00000000
063DF920 0393BBE0 debug080:0393BBE0
063DF924 063DF8B8 debug286:063DF8B8
063DF928 063DF95C debug286:063DF95C
063DF92C 006EAD0D _AfxThreadEntry(void *):loc_6EAD0D
063DF930 00000000
063DF934 063DF96C debug286:063DF96C
063DF938 006AD055 __callthreadstartex+1B
063DF93C 011E7470 debug011:011E7470
063DF940 BB18C4AD
063DF944 006AD07B _threadstartex(x)
063DF948 0394E930 debug080:0394E930
063DF94C 0394E930 debug080:0394E930
063DF950 063DF940 debug286:063DF940
063DF954 063DF940 debug286:063DF940
063DF958 063DF9D4 debug286:063DF9D4
063DF95C 063DF9D4 debug286:063DF9D4
063DF960 006A69B0 SEH_6337D0
063DF964 BD59D039
063DF968 00000000
063DF96C 063DF978 debug286:063DF978
063DF970 006AD0FD .text:006AD0FD
063DF974 006AD07B _threadstartex(x)
063DF978 063DF988 debug286:063DF988
063DF97C 755AFA29 KERNEL32:kernel32_BaseThreadInitThunk+19
063DF980 0394E930 debug080:0394E930
063DF984 755AFA10 KERNEL32:kernel32_BaseThreadInitThunk
063DF988 063DF9E4 debug286:063DF9E4
063DF98C 77307A7E ntdll:ntdll_RtlGetAppContainerNamedObjectPath+11E
063DF990 0394E930 debug080:0394E930
063DF994 D378BF44
063DF998 00000000
063DF99C 00000000
063DF9A0 0394E930 debug080:0394E930
063DF9A4 00000000
063DF9A8 00000000
063DF9AC 00000000
063DF9B0 00000000
063DF9B4 00000000
063DF9B8 00000000
063DF9BC 00000000
063DF9C0 00000000
063DF9C4 00000000
063DF9C8 00000000
063DF9CC 063DF994 debug286:063DF994
063DF9D0 00000000
063DF9D4 063DF9EC debug286:063DF9EC
063DF9D8 7731AD20 ntdll:ntdll_wcstombs+70
063DF9DC A27F8F80
063DF9E0 00000000
063DF9E4 063DF9F4 debug286:063DF9F4
063DF9E8 77307A4E ntdll:ntdll_RtlGetAppContainerNamedObjectPath+EE
063DF9EC FFFFFFFF
063DF9F0 77328A28 ntdll:ntdll_RtlCaptureContext+E8
063DF9F4 00000000
063DF9F8 00000000
063DF9FC 006AD07B _threadstartex(x)
063DFA00 0394E930 debug080:0394E930