-
-
请教一段汇编代码
-
发表于: 2018-12-14 16:54
-
看各位大佬参加CTF比赛,感觉挺过瘾的,所以就想彻底的学习一下汇编指令,那样应该就可以看懂大佬们的解题分析了,然后我就找到了《Intel 80386程序员手册》,虽然相比最新的CPU,指令要少很多,但都是一些最基本和最核心的指令。
第3.4.4.5节中有5段演示SHLD、SHRD用法的代码:
第一个例子我看懂了:
虽然注释写的是插入,实际上是替换,用ESI指向的length长度的位串,替换目的串中指定offset处的位串 ,我还画了图辅助理解。
第二个例子只是将替换位串的长度放宽了,但我看了很长时间都没看懂,
希望有大佬出现,帮忙解释一下这段代码:
2. Bit String Insert into Memory (when bit string is 1-31 bits long, i.e. spans five bytes or less): ; Insert a right-justified bit string from register into ; memory bit string. ; ; Assumptions: ; 1) The base of the string array is dword aligned, and ; 2) the length of the bit string is an immediate value ; but the bit offset is held in a register. ; ; Register ESI holds the right-justified bit string ; to be inserted. ; Register EDI holds the bit offset of the start of the ; substring. ; Registers EAX, EBX, ECX, and EDI are also used by ; this "insert" operation. ; MOV ECX,EDI ; temp storage for offset SHR EDI,5 ; signed divide offset by 32 (dword address) SHL EDI,2 ; multiply by 4 (in byte address format) AND CL,1FH ; isolate low five bits of offset in CL MOV EAX,[EDI]strg_base ; move low string dword into EAX MOV EDX,[EDI]strg_base+4 ; other string dword into EDX MOV EBX,EAX ; temp storage for part of string + rotate SHRD EAX,EDX,CL ; double shift by offset within dword | EDX:EAX SHRD EAX,EBX,CL ; double shift by offset within dword + right SHRD EAX,ESI,length ; bring in new bits ROL EAX,length ; right justify new bit field MOV EBX,EAX ; temp storage for part of string + rotate SHLD EAX,EDX,CL ; double shift back by offset within word | EDX:EAX SHLD EDX,EBX,CL ; double shift back by offset within word + left MOV [EDI]strg_base,EAX ; replace dword in memory MOV [EDI]strg_base+4,EDX ; replace dword in memory
我也画了图:
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
代码可能错的 你将 SHRD EAX,EBX,CL 改成 SHRD EDX,EBX,CL 试试 |
|
|
我开始也是这样想的,把EDX,EAX看作一个整体,就和例子1类似了,但想来想去,没想到一个简洁的改动方法,我对汇编不熟悉,加上这是官方手册里的,不敢断定错误,所以就来问大佬们了 |
