标签:style blog color os strong io for cti
反汇编逆向实例_For语句反汇编
by:比方
逆向反汇编第二章,For语句反汇编
示例代码:
1 #include"stdio.h"
2 1.int function(int a,int b)
3 2.{
4 3. int c=a+b;
5 4. int i;
6 5. for(i=0;i<50;i++)
7 6. {
8 7. c=c+i;
9 8. }
10 9. return c;
11 10.}
12 11.void main()
13 12.{
14 13. function(1,2);
15 14.}
反汇编如下
1 #include "stdio.h"
2
3
4 int function(int a,int b)
5
6 {
011D1A40 push ebp
011D1A41 mov ebp,esp
011D1A43 sub esp,0D8h
011D1A49 push ebx ;保存环境
011D1A4A push esi ;保存环境
011D1A4B push edi ;保存环境
011D1A4C lea edi,[ebp-0D8h]
011D1A52 mov ecx,36h
011D1A57 mov eax,0CCCCCCCCh
011D1A5C rep stos dword ptr es:[edi] ;初始化为0xCC
011D1A5E mov eax,dword ptr [a]
011D1A61 add eax,dword ptr [b]
011D1A64 mov dword ptr [c],eax
;---------------------------------------------------------------------------------------------
1 int i;
2
3 for(i=0;i<50;i++)
011D1A67 mov dword ptr [i],0 ;i=0
011D1A6E jmp function+39h (11D1A79h) ;跳转到判断i是否大于50
011D1A70 mov eax,dword ptr [i] ;
011D1A73 add eax,1 ;执行了i=i+1
011D1A76 mov dword ptr [i],eax ;
;
011D1A79 cmp dword ptr [i],32h ;判断i是否大于50
011D1A7D jge function+4Ah (11D1A8Ah) ;如果大于等于50则跳出for循环,否则继续执行.
011D1A7F mov eax,dword ptr [c] ;执行了c=c+i;
011D1A82 add eax,dword ptr [i] ; |
011D1A85 mov dword ptr [c],eax ; |
}
011D1A88 jmp function+30h (11D1A70h) ;如果不大于跳转到执行i++的位置
;---------------------------------------------------------------------------------------------、
011D1A8A mov eax,dword ptr [c]
011D1A8D pop edi ;恢复环境
011D1A8E pop esi ;恢复环境
011D1A8F pop ebx ;恢复环境
011D1A90 mov esp,ebp
011D1A92 pop ebp
011D1A93 ret
反汇编逆向实例_For语句反汇编,布布扣,bubuko.com
反汇编逆向实例_For语句反汇编
标签:style blog color os strong io for cti
原文地址:http://www.cnblogs.com/hailunchina/p/3885042.html
