能力值:
( LV4,RANK:50 )
2 楼
1,相当于:
int v9 = -8191; // 十六进制0xFFFFE001
LOWORD(v9) = -8191; // 十六进制 0x0000E001
2,do while可以用for 循环来表示
能力值:
( LV2,RANK:10 )
3 楼
这个LOWORD宏的解释在MSDN上有,我复制下来:
LOWORD Macro
--------------------------------------------------------------------------------
The LOWORD macro retrieves the low-order word from the specified value.
Syntax
WORD LOWORD(
DWORD dwValue
);
Parameters
dwValue
Specifies the value to be converted.
Return Value
The return value is the low-order word of the specified value.
我知道你的LOWORD宏是IDA定义的,但是其实也就是MSDN一样的功能,参数也一样。
#define LOWORD(x) (*((_WORD*)&(x)))
*((_WORD*)&(x))相当于WORD PTR [x]
x是dword,所以我假定1111E001
WORD PTR [1111E001]在INTEL low-ending的字节序上就是取低十六位。也就是E001,符号扩展看上下文的用途。
KSSD字节序:http://www.pediy.com/kssd/index.html
KSSD基础篇可以看看 do while的实现可以在vc里面写一段代码然后观看反汇编:
#include <stdio.h>
#include <windows.h>
int main (int argc, char ** argv)
{
int j = 0x10000001;
int i = LOWORD(j);
do
{
printf ("U have tried:%d times\n", i);
i++;
} while (i<=10);
getch();
return 0;
}
在这里我就用了LOWORD宏了,虽然是多此一举:)
012A1A40 push ebp
012A1A41 mov ebp,esp
012A1A43 sub esp,0D8h
012A1A49 push ebx
012A1A4A push esi
012A1A4B push edi
012A1A4C lea edi,[ebp-0D8h]
012A1A52 mov ecx,36h
012A1A57 mov eax,0CCCCCCCCh
012A1A5C rep stos dword ptr es:[edi]
012A1A5E mov dword ptr [j],10000001h
012A1A65 mov eax,dword ptr [j]
012A1A68 and eax,0FFFFh
012A1A6D movzx ecx,ax ;LOWORD宏的实现
012A1A70 mov dword ptr [i],ecx
012A1A73 mov esi,esp
012A1A75 mov eax,dword ptr [i]
012A1A78 push eax
012A1A79 push offset string "U have tried:%d times\n" (12A573Ch)
012A1A7E call dword ptr [__imp__printf (12A82BCh)]
012A1A84 add esp,8
012A1A87 cmp esi,esp
012A1A89 call @ILT+310(__RTC_CheckEsp) (12A113Bh)
012A1A8E mov eax,dword ptr [i]
012A1A91 add eax,1
012A1A94 mov dword ptr [i],eax
012A1A97 cmp dword ptr [i],0Ah ;i<=10
012A1A9B jle main+33h (12A1A73h) ;vc默认signed,所以用jle
012A1A9D call @ILT+460(__getch) (12A11D1h)
012A1AA2 xor eax,eax
012A1AA4 pop edi
012A1AA5 pop esi
012A1AA6 pop ebx
012A1AA7 add esp,0D8h
012A1AAD cmp ebp,esp
012A1AAF call @ILT+310(__RTC_CheckEsp) (12A113Bh)
012A1AB4 mov esp,ebp
012A1AB6 pop ebp
下面是IDA Pro的代码,意图就更清楚了:
mov esi, esp
.text:00411A75 mov eax, [ebp+i]
.text:00411A78 push eax
.text:00411A79 push offset Format ; "U have tried:%d times\n"
.text:00411A7E call ds:__imp__printf ;不管三七二十一,先执行再说
.text:00411A84 add esp, 8
.text:00411A87 cmp esi, esp
.text:00411A89 call j___RTC_CheckEsp
.text:00411A8E mov eax, [ebp+i]
.text:00411A91 add eax, 1
.text:00411A94 mov [ebp+i], eax
.text:00411A97 cmp [ebp+i], 0Ah
.text:00411A9B jle short loc_411A73
.text:00411A9D call j__getch_ 不需要讨论do while和while有什么区别,没什么区别,就是一个先执行一次再判断,一个先判断,这和do while 的cmp位置有关而已。
能力值:
( LV2,RANK:10 )
4 楼
能力值:
( LV2,RANK:10 )
5 楼
do while可以用for 循环来表示,请问这个IDA f5里面可以设置吗。
没有找到,感觉 do{}while结果没有for{}直观