我学习逆向,整理的VC6编译出来表达式语句一些常见的反汇编笔记。由于我是新手,肯定有一些疏漏不完善的,我遇到了会实时更新的。
更新时间:2018年1月29日
整数
赋值
5: int a = 1;
0040102E mov dword ptr [ebp-4],1
6: int b = 2;
00401035 mov dword ptr [ebp-8],2
7: int c = 5;
0040103C mov dword ptr [ebp-0Ch],5
8: int d = -5;
00401043 mov dword ptr [ebp-10h],0FFFFFFFBh # 负数是以补码形式保存在计算机的
加法
10: int add = a + b;
0040104A mov eax,dword ptr [ebp-4]
0040104D add eax,dword ptr [ebp-8]
00401050 mov dword ptr [ebp-14h],eax
减法
11: int sub = a - b;
00401053 mov ecx,dword ptr [ebp-4]
00401056 sub ecx,dword ptr [ebp-8]
00401059 mov dword ptr [ebp-18h],ecx
乘法
12: int mul = c * b;
0040105C mov edx,dword ptr [ebp-0Ch]
0040105F imul edx,dword ptr [ebp-8]
00401063 mov dword ptr [ebp-1Ch],edx
除法
13: int div = c / b;
00401066 mov eax,dword ptr [ebp-0Ch]
00401069 cdq
0040106A idiv eax,dword ptr [ebp-8]
0040106D mov dword ptr [ebp-20h],eax # eax保存商值
求余
14: int rem = c % b;
00401070 mov eax,dword ptr [ebp-0Ch]
00401073 cdq
00401074 idiv eax,dword ptr [ebp-8]
00401077 mov dword ptr [ebp-24h],edx # edx 保存余数
浮点数
赋值
16: float aF = 1.1;
0040107A mov dword ptr [ebp-28h],3F8CCCCDh
17: float bF = 2.2;
00401081 mov dword ptr [ebp-2Ch],400CCCCDh
18: float cF = 5.5;
00401088 mov dword ptr [ebp-30h],40B00000h
19: float dF = -5.5;
0040108F mov dword ptr [ebp-34h],0C0B00000h
加法
21: float fadd = aF + bF;
00401096 fld dword ptr [ebp-28h]
00401099 fadd dword ptr [ebp-2Ch]
0040109C fstp dword ptr [ebp-38h]
减法
22: float fsub = aF - bF;
0040109F fld dword ptr [ebp-28h]
004010A2 fsub dword ptr [ebp-2Ch]
004010A5 fstp dword ptr [ebp-3Ch]
乘法
23: float fmul = cF * bF;
004010A8 fld dword ptr [ebp-30h]
004010AB fmul dword ptr [ebp-2Ch]
004010AE fstp dword ptr [ebp-40h]
除法
24: float fdiv = cF / bF;
004010B1 fld dword ptr [ebp-30h]
004010B4 fdiv dword ptr [ebp-2Ch]
004010B7 fstp dword ptr [ebp-44h]
布尔(C++)
赋值
5: bool b = false;
00401178 mov byte ptr [ebp-4],0 # 本质是int变量,0为假,非零为真
! (非)
6: bool temp = !b;
0040117C mov eax,dword ptr [ebp-4]
0040117F and eax,0FFh
00401184 neg eax
00401186 sbb eax,eax
00401188 inc eax
00401189 mov byte ptr [ebp-8],al
自增
i++
26: int i = 1;
004010BA mov dword ptr [ebp-48h],1
27: int temp = i++;
004010C1 mov eax,dword ptr [ebp-48h]
004010C4 mov dword ptr [ebp-4Ch],eax # 先赋值
004010C7 mov ecx,dword ptr [ebp-48h]
004010CA add ecx,1 # 再自增
004010CD mov dword ptr [ebp-48h],ecx
++i
28: temp = ++i;
004010D0 mov edx,dword ptr [ebp-48h]
004010D3 add edx,1 # 先自增
004010D6 mov dword ptr [ebp-48h],edx
004010D9 mov eax,dword ptr [ebp-48h]
004010DC mov dword ptr [ebp-4Ch],eax # 再赋值
三目运算符
? :
30: temp = a > b ? a : b;
004107AF mov ecx,dword ptr [ebp-4]
004107B2 cmp ecx,dword ptr [ebp-8]
004107B5 jle main+0DFh (004107bf)
004107B7 mov edx,dword ptr [ebp-4]
004107BA mov dword ptr [ebp-50h],edx
004107BD jmp main+0E5h (004107c5)
004107BF mov eax,dword ptr [ebp-8]
004107C2 mov dword ptr [ebp-50h],eax
004107C5 mov ecx,dword ptr [ebp-50h]
004107C8 mov dword ptr [ebp-4Ch],ecx
位运算符
& (与)
32: temp = a & b;
004107CB mov edx,dword ptr [ebp-4]
004107CE and edx,dword ptr [ebp-8]
004107D1 mov dword ptr [ebp-4Ch],edx
| (或)
33: temp = a | b;
004107D4 mov eax,dword ptr [ebp-4]
004107D7 or eax,dword ptr [ebp-8]
004107DA mov dword ptr [ebp-4Ch],eax
<< (左移)
39: temp = a << 2;
00410C8D mov ecx,dword ptr [ebp-4]
00410C90 shl ecx,2
00410C93 mov dword ptr [ebp-4Ch],ecx
>> (右移)
40: temp = d >> 2;
00410C96 mov edx,dword ptr [ebp-10h]
00410C99 sar edx,2
00410C9C mov dword ptr [ebp-4Ch],edx
! (非)
34: temp = !a;
004107DD xor ecx,ecx
004107DF cmp dword ptr [ebp-4],0
004107E3 sete cl
004107E6 mov dword ptr [ebp-4Ch],ecx
^ (异或)
41: temp = a ^ b;
00410C9F mov eax,dword ptr [ebp-4]
00410CA2 xor eax,dword ptr [ebp-8]
00410CA5 mov dword ptr [ebp-4Ch],eax
~ (取反)
42: temp = ~a;
00410CA8 mov ecx,dword ptr [ebp-4]
00410CAB not ecx
00410CAD mov dword ptr [ebp-4Ch],ecx
逻辑运算符
&& (逻辑与)
36: temp = a && b;
004107E9 cmp dword ptr [ebp-4],0
004107ED je main+11Eh (004107fe)
004107EF cmp dword ptr [ebp-8],0
004107F3 je main+11Eh (004107fe)
004107F5 mov dword ptr [ebp-54h],1
004107FC jmp main+125h (00410805)
004107FE mov dword ptr [ebp-54h],0
00410805 mov edx,dword ptr [ebp-54h]
00410808 mov dword ptr [ebp-4Ch],edx
|| (逻辑或)
37: temp = a || b;
0041080B cmp dword ptr [ebp-4],0
0041080F jne main+140h (00410820)
00410811 cmp dword ptr [ebp-8],0
00410815 jne main+140h (00410820)
00410817 mov dword ptr [ebp-58h],0
0041081E jmp main+147h (00410827)
00410820 mov dword ptr [ebp-58h],1
00410827 mov eax,dword ptr [ebp-58h]
0041082A mov dword ptr [ebp-4Ch],eax
其它重要关键字
用一个变量去初始化 static 变量(C++)
5: static int n = i;
00410B58 xor eax,eax
00410B5A mov al,[`fun'::`2'::$S1 (0042c230)] # 静态变量(0042c234)前面有个 (0042c230) 标记位用于标记该静态变量是否已经初始化过。
00410B5F and eax,1
00410B62 test eax,eax
00410B64 jne fun+3Eh (00410b7e) # 判断标记位为1,跳过初始化
00410B66 mov cl,byte ptr [`fun'::`2'::$S1 (0042c230)]
00410B6C or cl,1
00410B6F mov byte ptr [`fun'::`2'::$S1 (0042c230)],cl # 设置标记位为1,执行初始化
00410B75 mov edx,dword ptr [ebp+8]
00410B78 mov dword ptr [`fun'::`2'::$S1+4 (0042c234)],edx
const
C语言
13: const constInt = 10;
0040D464 mov dword ptr [ebp-2Ch],0Ah
14: temp = constInt;
0040D46B mov eax,dword ptr [ebp-2Ch] # const 在C语言里本质还是一个变量
0040D46E mov dword ptr [ebp-24h],eax
C++
35: const int constInt = 6;
00410C50 mov dword ptr [ebp-50h],6
36: temp = constInt;
00410C57 mov dword ptr [ebp-4Ch],6 # const 在C++语言里已经变成了一个常量
[培训]《安卓高级研修班(网课)》月薪三万计划,掌
握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
