0041F220 /$ 55 push ebp ; 二叉对比
0041F221 |. 8BEC mov ebp,esp
0041F223 |. 51 push ecx
0041F224 |. 8B51 04 mov edx,dword ptr ds:[ecx+0x4] ; ds:[7FF80784]=7FEB2050
0041F227 |. 8B42 04 mov eax,dword ptr ds:[edx+0x4] ; ds:[7FEB2054]=5B97F4C0
0041F22A |. 53 push ebx ; ebx=7F8B0040
0041F22B |. 8A58 15 mov bl,byte ptr ds:[eax+0x15]
0041F22E |. 84DB test bl,bl
0041F230 |. 56 push esi ; esi=7FF80740
0041F231 |. 57 push edi ; edi=61597124
0041F232 |. 8B7D 0C mov edi,[arg.2] ; 堆栈 ss:[0012F840]=0012F854
0041F235 |. 75 1E jnz short Game.0041F255
0041F237 |. 8B37 mov esi,dword ptr ds:[edi] ; 堆栈 ds:[0012F854]=000000EA
0041F239 |. 8DA424 000000>lea esp,dword ptr ss:[esp] ; 堆栈地址=0012F824
0041F240 |> 3970 0C /cmp dword ptr ds:[eax+0xC],esi ; eax+0xc=0x84 esi=000000EA
0041F243 |. 7D 05 |jge short Game.0041F24A
0041F245 |. 8B40 08 |mov eax,dword ptr ds:[eax+0x8] ; eax=5B367330 ds:[5B367338]=600ADFC0
0041F248 |. EB 04 |jmp short Game.0041F24E
0041F24A |> 8BD0 |mov edx,eax ; eax=5914A240
0041F24C |. 8B00 |mov eax,dword ptr ds:[eax]
0041F24E |> 8A58 15 |mov bl,byte ptr ds:[eax+0x15] ; bl=00 ds:[5B367345]=00
0041F251 |. 84DB |test bl,bl
0041F253 |.^ 74 EB \je short Game.0041F240
0041F255 |> 8B41 04 mov eax,dword ptr ds:[ecx+0x4] ; eax=eax=5914A240 ds:[7FF80784]=7FEB2050
0041F258 |. 3BD0 cmp edx,eax
0041F25A |. 8955 0C mov [arg.2],edx ; edx=5914A240
0041F25D |. 74 1A je short Game.0041F279
0041F25F |. 8B0F mov ecx,dword ptr ds:[edi] ; 堆栈 ds:[0012F854]=000000EA
0041F261 |. 3B4A 0C cmp ecx,dword ptr ds:[edx+0xC]
0041F264 |. 7C 13 jl short Game.0041F279
0041F266 |. 8D45 0C lea eax,[arg.2]
0041F269 |. 8B10 mov edx,dword ptr ds:[eax]
0041F26B |. 8B45 08 mov eax,[arg.1]
0041F26E |. 5F pop edi ; ntdll.7C92DF2C
0041F26F |. 5E pop esi ; ntdll.7C92DF2C
0041F270 |. 8910 mov dword ptr ds:[eax],edx
0041F272 |. 5B pop ebx ; ntdll.7C92DF2C
0041F273 |. 8BE5 mov esp,ebp
0041F275 |. 5D pop ebp ; ntdll.7C92DF2C
0041F276 |. C2 0800 retn 0x8
0041F279 |> 8945 FC mov [local.1],eax ; eax=7FEB2050
0041F27C |. 8D45 FC lea eax,[local.1] ; 堆栈地址=0012F830
0041F27F |. 8B10 mov edx,dword ptr ds:[eax] ; 堆栈 ds:[0012F830]=7FEB2050
0041F281 |. 8B45 08 mov eax,[arg.1] ; 堆栈 ss:[0012F83C]=0012F848
0041F284 |. 5F pop edi ; ntdll.7C92DF2C
0041F285 |. 5E pop esi ; ntdll.7C92DF2C
0041F286 |. 8910 mov dword ptr ds:[eax],edx ; edx=7FEB2050
0041F288 |. 5B pop ebx ; 堆栈 [0012F82C]=7F8B0040 (7F8B0040)
0041F289 |. 8BE5 mov esp,ebp
0041F28B |. 5D pop ebp ; ntdll.7C92DF2C
0041F28C \. C2 0800 retn 0x8
如上的一段代码 ,如果我估计的不错应该是二叉树吧。
我看一个教程里面是这样写的!我尝试过反汇编一个二叉树 和链接。
上面的代码,根据加粗的部分,看起来更像是在遍历链表。
请教各位大神小神,怎样判断(看懂)类似这样是在遍历链表还是二叉树呢。如何提升分析链表二叉树这方面的能力。
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
最后于 2018-4-15 22:05
被狗儿的朋友编辑
,原因: