-
-
结构体逆向不懂的地方
-
发表于:
2010-4-30 16:35
3103
-
typedef struct
{
int a;
int b;
int c;
}mystruct;
void Myfunction()
{
char *buf[100];
mystruct *strs=(mystruct *)buf;
for(int i=0;i<5;i++)
{
strs[i].a=0;
strs[i].b=1;
strs[i].c=2;
}
}
上面是一段结构体的代码
00401090 /> \55 push ebp
00401091 |. 8BEC mov ebp, esp
00401093 |. 83EC 40 sub esp, 40
00401096 |. 53 push ebx
00401097 |. 56 push esi
00401098 |. 57 push edi
00401099 |. 8D7D C0 lea edi, dword ptr [ebp-40]
0040109C |. B9 10000000 mov ecx, 10
004010A1 |. B8 CCCCCCCC mov eax, CCCCCCCC
004010A6 |. F3:AB rep stos dword ptr es:[edi]
004010A8 |. E8 58FFFFFF call 00401005 ; Myfunction
004010AD |. 33C0 xor eax, eax
004010AF |. 5F pop edi
004010B0 |. 5E pop esi
004010B1 |. 5B pop ebx
004010B2 |. 83C4 40 add esp, 40
004010B5 |. 3BEC cmp ebp, esp
004010B7 |. E8 14000000 call 004010D0
004010BC |. 8BE5 mov esp, ebp
004010BE |. 5D pop ebp
004010BF \. C3 retn
复制代码0040D4C0 /> \55 push ebp
0040D4C1 |. 8BEC mov ebp, esp
0040D4C3 |. 81EC D8010000 sub esp, 1D8
0040D4C9 |. 53 push ebx
0040D4CA |. 56 push esi
0040D4CB |. 57 push edi
0040D4CC |. 8DBD 28FEFFFF lea edi, dword ptr [ebp-1D8]
0040D4D2 |. B9 76000000 mov ecx, 76
0040D4D7 |. B8 CCCCCCCC mov eax, CCCCCCCC
0040D4DC |. F3:AB rep stos dword ptr es:[edi]
0040D4DE |. 8D85 70FEFFFF lea eax, dword ptr [ebp-190]
0040D4E4 |. 8985 6CFEFFFF mov dword ptr [ebp-194], eax
0040D4EA |. C785 68FEFFFF>mov dword ptr [ebp-198], 0
0040D4F4 |. EB 0F jmp short 0040D505
0040D4F6 |> 8B8D 68FEFFFF /mov ecx, dword ptr [ebp-198]
0040D4FC |. 83C1 01 |add ecx, 1
0040D4FF |. 898D 68FEFFFF |mov dword ptr [ebp-198], ecx
0040D505 |> 83BD 68FEFFFF> cmp dword ptr [ebp-198], 5
0040D50C |. 7D 46 |jge short 0040D554
0040D50E |. 8B95 68FEFFFF |mov edx, dword ptr [ebp-198]
0040D514 |. 6BD2 0C |imul edx, edx, 0C //0Ch是结构的大小
0040D517 |. 8B85 6CFEFFFF |mov eax, dword ptr [ebp-194] //把strs的地址放入eax
0040D51D |. C70410 010000>|mov dword ptr [eax+edx], 1 //计算strs[i]的地址并付值
0040D524 |. 8B8D 68FEFFFF |mov ecx, dword ptr [ebp-198]
0040D52A |. 6BC9 0C |imul ecx, ecx, 0C
0040D52D |. 8B95 6CFEFFFF |mov edx, dword ptr [ebp-194]
0040D533 |. C7440A 04 020>|mov dword ptr [edx+ecx+4], 2
0040D53B |. 8B85 68FEFFFF |mov eax, dword ptr [ebp-198]
0040D541 |. 6BC0 0C |imul eax, eax, 0C
0040D544 |. 8B8D 6CFEFFFF |mov ecx, dword ptr [ebp-194]
0040D54A |. C74401 08 030>|mov dword ptr [ecx+eax+8], 3
0040D552 |.^ EB A2 \jmp short 0040D4F6
0040D554 |> 5F pop edi
0040D555 |. 5E pop esi
0040D556 |. 5B pop ebx
0040D557 |. 8BE5 mov esp, ebp
0040D559 |. 5D pop ebp
0040D55A \. C3 retn
上面显示的是 Myfunction 里的反汇编内容。
我想问的是那结构体的定义在那里可以看得到? 我还是一个初学者。希望大侠们可以不吝啬 指导一下
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
