滴水C逆向(2)
内容:
1.返回值 一般通过eax传递
return 1; mov eax,1 64位 return 1.3; fld qword ptr ds:[0097ABD0h] FLD是Intel的指令集协处理器的汇编指令,用于把浮点数字传送入和传送出FPU寄存器。
0x0097ABD0 1.3000000000000000
二.数组本质
1.数组本质
14: int a = 1; mov dword ptr [ebp-8],1 15: int a2 = 2; mov dword ptr [ebp-14h],2 16: int a3 = 3; mov dword ptr [ebp-20h],3 17: int arr[3] = { 0,0x1,0x2 }; mov dword ptr [ebp-34h],0 mov dword ptr [ebp-30h],1 mov dword ptr [ebp-2Ch],2 汇编地址根据下标的增大地址是变大的
非常的丑陋的图
2.数组越界分析
19: int arr[3] = { 0,0x1,0x2 }; mov dword ptr [ebp-10h],0 mov dword ptr [ebp-0Ch],1 mov dword ptr [ebp-8],2 20: arr[3] = (int)HelloWord; mov eax,4 imul ecx,eax,3 mov dword ptr [ebp+ecx-10h],0DC1663h &arr看内存 照样能往里写入数据 所谓的数组越界是出于安全考虑 ,但是不代表我们不可以向里面写
3.二维数组
例子比如:一年有12个月,每个月都有一个平均气温,存储5年的数据
int arr[5][12] = { {1,2,1,4,5,6,7,8,9,1,2,3} //0 {1,2,1,4,5,6,7,8,9,1,2,3} //1 {1,2,1,4,5,6,7,8,9,1,2,3} //2 {1,2,1,4,5,6,7,8,9,1,2,3} //3 {1,2,1,4,5,6,7,8,9,1,2,3} //4 }
汇编
int arr[5][12] = { 20: 21: {1,2,1,4,5,6,7,8,9,1,2,3}, //0 mov dword ptr [ebp+FFFFFF0Ch],1 mov dword ptr [ebp+FFFFFF10h],2 mov dword ptr [ebp+FFFFFF14h],1 mov dword ptr [ebp+FFFFFF18h],4 mov dword ptr [ebp+FFFFFF1Ch],5 mov dword ptr [ebp+FFFFFF20h],6 mov dword ptr [ebp+FFFFFF24h],7 mov dword ptr [ebp+FFFFFF28h],8 mov dword ptr [ebp+FFFFFF2Ch],9 mov dword ptr [ebp+FFFFFF30h],1 mov dword ptr [ebp+FFFFFF34h],2 mov dword ptr [ebp+FFFFFF38h],3 22: 23: {1,2,1,4,5,6,7,8,9,1,2,3} , //1 mov dword ptr [ebp+FFFFFF3Ch],1 mov dword ptr [ebp+FFFFFF40h],2 mov dword ptr [ebp+FFFFFF44h],1 mov dword ptr [ebp+FFFFFF48h],4 mov dword ptr [ebp+FFFFFF4Ch],5 mov dword ptr [ebp+FFFFFF50h],6 mov dword ptr [ebp+FFFFFF54h],7 mov dword ptr [ebp+FFFFFF58h],8 mov dword ptr [ebp+FFFFFF5Ch],9 mov dword ptr [ebp+FFFFFF60h],1 mov dword ptr [ebp+FFFFFF64h],2 mov dword ptr [ebp+FFFFFF68h],3 24: 25: {1,2,1,4,5,6,7,8,9,1,2,3} , //2 mov dword ptr [ebp+FFFFFF6Ch],1 mov dword ptr [ebp+FFFFFF70h],2 mov dword ptr [ebp+FFFFFF74h],1 mov dword ptr [ebp+FFFFFF78h],4 mov dword ptr [ebp+FFFFFF7Ch],5 mov dword ptr [ebp-80h],6 mov dword ptr [ebp-7Ch],7 mov dword ptr [ebp-78h],8 mov dword ptr [ebp-74h],9 mov dword ptr [ebp-70h],1 mov dword ptr [ebp-6Ch],2 mov dword ptr [ebp-68h],3 26: 27: {1,2,1,4,5,6,7,8,9,1,2,3} , //3 mov dword ptr [ebp-64h],1 mov dword ptr [ebp-60h],2 mov dword ptr [ebp-5Ch],1 mov dword ptr [ebp-58h],4 mov dword ptr [ebp-54h],5 mov dword ptr [ebp-50h],6 mov dword ptr [ebp-4Ch],7 mov dword ptr [ebp-48h],8 mov dword ptr [ebp-44h],9 mov dword ptr [ebp-40h],1 mov dword ptr [ebp-3Ch],2 mov dword ptr [ebp-38h],3 28: 29: {1,2,1,4,5,6,7,8,9,1,2,3} //4 mov dword ptr [ebp-34h],1 mov dword ptr [ebp-30h],2 mov dword ptr [ebp-2Ch],1 mov dword ptr [ebp-28h],4 mov dword ptr [ebp-24h],5 mov dword ptr [ebp-20h],6 mov dword ptr [ebp-1Ch],7 mov dword ptr [ebp-18h],8 mov dword ptr [ebp-14h],9 mov dword ptr [ebp-10h],1 mov dword ptr [ebp-0Ch],2 mov dword ptr [ebp-8],3 30: 31: }; 32: }
其实也是简单的开辟空间//不简单
三.结构体
1.结构体由来
比如怪物 这个结构 内有生命 坐标等等 对此 我们创建了一个容器来保持
这就是结构体
2.结构体 对齐
保效率丢空间
三个案例
五.typedef
六.case 语句分析(中)
switch(表达式) { case 常量表达式1: 语句; break; case 常量表达式2: 语句; break; case 常量表达式3: 语句; break; case 常量表达式3: 语句; break; default: 语句; break; }
19: switch (3) mov dword ptr [ebp+FFFFFF3Ch],3 mov eax,dword ptr [ebp+FFFFFF3Ch] sub eax,1 mov dword ptr [ebp+FFFFFF3Ch],eax cmp dword ptr [ebp+FFFFFF3Ch],5 ja 00501CAC mov ecx,dword ptr [ebp+FFFFFF3Ch] jmp dword ptr [ecx*4+00501CC4h] 20: { 21: case 1: 22: printf("Hello World"); push 50ABD8h call 0050165E add esp,4 23: break; jmp 00501CAC 24: case 2: 25: printf("Hello World"); push 50ABD8h call 0050165E add esp,4
这里有个计算公式 包括为了节省资源会生成大表 小表 我忘了 不会
浙公网安备 33010602011771号