[原创]vc6 - vc10库函数变化-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [原创]vc6 - vc10库函数变化 0.00雪花

发表于: 2011-11-17 16:34 1756

[旧帖] [原创]vc6 - vc10库函数变化 0.00雪花

devalone

2011-11-17 16:34

1756

vc6 - vc10库函数源码和编译器发生一些变化，以printf为例：

vc6 - source:

int __cdecl printf (
        const char *format,
        ...
        )
/*
* stdout 'PRINT', 'F'ormatted
*/
{
        va_list arglist;
        int buffing;
        int retval;

        va_start(arglist, format);

        _ASSERTE(format != NULL);

        _lock_str2(1, stdout);

        buffing = _stbuf(stdout);

        retval = _output(stdout,format,arglist);

        _ftbuf(buffing, stdout);

        _unlock_str2(1, stdout);

        return(retval);
}

原始状态。
--------------------------------------------------------------------------------------------------
vc6 - decompile code:

.text:00401010 printf          proc near               ; CODE XREF: _main+5p
.text:00401010
.text:00401010 arg_0           = dword ptr  4
.text:00401010 arg_4           = dword ptr  8
.text:00401010
.text:00401010                 push    ebx
.text:00401011                 push    esi
.text:00401012                 mov     esi, offset File
.text:00401017                 push    edi
.text:00401018                 push    esi
.text:00401019                 call    __stbuf
.text:0040101E                 mov     edi, eax
.text:00401020                 lea     eax, [esp+10h+arg_4]
.text:00401024                 push    eax             ; int
.text:00401025                 push    [esp+14h+arg_0] ; int
.text:00401029                 push    esi             ; File
.text:0040102A                 call    _output
.text:0040102F                 push    esi
.text:00401030                 push    edi
.text:00401031                 mov     ebx, eax
.text:00401033                 call    __ftbuf
.text:00401038                 add     esp, 18h
.text:0040103B                 mov     eax, ebx
.text:0040103D                 pop     edi
.text:0040103E                 pop     esi
.text:0040103F                 pop     ebx
.text:00401040                 retn
.text:00401040 printf          endp

*******************************************************************

vc10 - source:

int __cdecl printf (
        const char *format,
        ...
        )
/*
* stdout 'PRINT', 'F'ormatted
*/
{
    va_list arglist;
    int buffing;
    int retval;

    _VALIDATE_RETURN( (format != NULL), EINVAL, -1);

    va_start(arglist, format);

    _lock_str2(1, stdout);
    __try {
        buffing = _stbuf(stdout);

        retval = _output_l(stdout,format,NULL,arglist);

        _ftbuf(buffing, stdout);

    }
    __finally {
        _unlock_str2(1, stdout);
    }

    return(retval);
}

将核心函数调用包在了异常处理块中

--------------------------------------------------------------------------------------------------
vc10 - decompile code:

.text:0040101F
.text:0040101F var_1C          = dword ptr -1Ch
.text:0040101F ms_exc          = CPPEH_RECORD ptr -18h
.text:0040101F arg_0           = dword ptr  8
.text:0040101F arg_4           = dword ptr  0Ch
.text:0040101F
.text:0040101F                 push    0Ch
.text:00401021                 push    offset unk_409AA0
.text:00401026                 call    __SEH_prolog4
.text:0040102B                 xor     eax, eax
.text:0040102D                 xor     esi, esi
.text:0040102F                 cmp     [ebp+arg_0], esi
.text:00401032                 setnz   al
.text:00401035                 cmp     eax, esi
.text:00401037                 jnz     short loc_40104E
.text:00401039                 call    near ptr _errno
.text:0040103E                 mov     dword ptr [eax], 16h
.text:00401044                 call    _invalid_parameter_noinfo
.text:00401049                 or      eax, 0FFFFFFFFh
.text:0040104C                 jmp     short loc_4010AD
.text:0040104E ; ---------------------------------------------------------------------------
.text:0040104E
.text:0040104E loc_40104E:                             ; CODE XREF: printf+18j
.text:0040104E                 call    __iob_func
.text:00401053                 push    20h
.text:00401055                 pop     ebx
.text:00401056                 add     eax, ebx
.text:00401058                 push    eax
.text:00401059                 push    1
.text:0040105B                 call    _lock_file2
.text:00401060                 pop     ecx
.text:00401061                 pop     ecx
.text:00401062                 mov     [ebp+ms_exc.disabled], esi
.text:00401065                 call    __iob_func
.text:0040106A                 add     eax, ebx
.text:0040106C                 push    eax             ; File
.text:0040106D                 call    _stbuf
.text:00401072                 pop     ecx
.text:00401073                 mov     edi, eax
.text:00401075                 lea     eax, [ebp+arg_4]
.text:00401078                 push    eax             ; int
.text:00401079                 push    esi             ; int
.text:0040107A                 push    [ebp+arg_0]     ; int
.text:0040107D                 call    __iob_func
.text:00401082                 add     eax, ebx
.text:00401084                 push    eax             ; File
.text:00401085                 call    _output_l
.text:0040108A                 mov     [ebp+var_1C], eax
.text:0040108D                 call    __iob_func
.text:00401092                 add     eax, ebx
.text:00401094                 push    eax             ; File
.text:00401095                 push    edi             ; int
.text:00401096                 call    _ftbuf
.text:0040109B                 add     esp, 18h
.text:0040109E                 mov     [ebp+ms_exc.disabled], 0FFFFFFFEh
.text:004010A5                 call    sub_4010B3
.text:004010AA                 mov     eax, [ebp+var_1C]
.text:004010AD
.text:004010AD loc_4010AD:                             ; CODE XREF: printf+2Dj
.text:004010AD                 call    __SEH_epilog4
.text:004010B2                 retn
.text:004010B2 printf          endp

=====================================================

由于try...finally块的引入，反编译出来的代码稍微复杂了一点儿。

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

收藏・1

免费・0

支持