C語言三種迴圈反彙編分析
阿新 • • 發佈:2019-02-04
#include <stdio.h>
#include <stdlib.h>
int main()
{
00AB13D0 push ebp
00AB13D1 mov ebp,esp
00AB13D3 sub esp,0D8h
00AB13D9 push ebx
00AB13DA push esi
00AB13DB push edi
00AB13DC lea edi,[ebp-0D8h]
00AB13E2 mov ecx,36h
00AB13E7 mov eax,0CCCCCCCCh
00AB13EC rep stos dword ptr es:[edi]
int i = 0, sum = 0;
00AB13EE mov dword ptr [i],0
00AB13F5 mov dword ptr [sum],0
while (i < 10)
00AB13FC cmp dword ptr [i],0Ah
00AB1400 jge main+46h (0AB1416h)
{
sum += i;
00AB1402 mov eax,dword ptr [sum]
00AB1405 add eax,dword ptr [i]
00AB1408 mov dword ptr [sum],eax
i++;
00AB140B mov eax,dword ptr [i]
00AB140E add eax,1
00AB1411 mov dword ptr [i],eax
}
00AB1414 jmp main+2Ch (0AB13FCh)
i = 0;
00AB1416 mov dword ptr [i],0
do
{
sum += i;
00AB141D mov eax,dword ptr [sum]
00AB1420 add eax,dword ptr [i]
00AB1423 mov dword ptr [sum],eax
++i;
00AB1426 mov eax,dword ptr [i]
00AB1429 add eax,1
00AB142C mov dword ptr [i],eax
} while (i < 10);
00AB142F cmp dword ptr [i],0Ah
00AB1433 jl main+4Dh (0AB141Dh)
for (i = 0; i <= 10; i++)
00AB1435 mov dword ptr [i],0
00AB143C jmp main+77h (0AB1447h)
00AB143E mov eax,dword ptr [i]
00AB1441 add eax,1
00AB1444 mov dword ptr [i],eax
00AB1447 cmp dword ptr [i],0Ah
00AB144B jg main+88h (0AB1458h)
{
sum += i;
00AB144D mov eax,dword ptr [sum]
00AB1450 add eax,dword ptr [i]
00AB1453 mov dword ptr [sum],eax
}
00AB1456 jmp main+6Eh (0AB143Eh)
printf("%d\n", sum);
00AB1458 mov esi,esp
00AB145A mov eax,dword ptr [sum]
00AB145D push eax
00AB145E push 0AB5858h
00AB1463 call dword ptr ds:[0AB911Ch]
00AB1469 add esp,8
00AB146C cmp esi,esp
00AB146E call __RTC_CheckEsp (0AB1140h)
system("pause");
00AB1473 mov esi,esp
00AB1475 push 0AB58B8h
00AB147A call dword ptr ds:[0AB9110h]
00AB1480 add esp,4
00AB1483 cmp esi,esp
00AB1485 call __RTC_CheckEsp (0AB1140h)
return 0;
00AB148A xor eax,eax
}
00AB148C pop edi
00AB148D pop esi
00AB148E pop ebx
00AB148F add esp,0D8h
00AB1495 cmp ebp,esp
00AB1497 call __RTC_CheckEsp (0AB1140h)
00AB149C mov esp,ebp
00AB149E pop ebp
00AB149F ret
註解:
1、進入函式之後,儲存暫存器並初始化棧:
push ebp
00AB13D1 mov ebp,esp ;儲存esp
00AB13D3 sub esp,0D8h ;0D8h個位元組入棧
00AB13D9 push ebx
00AB13DA push esi
00AB13DB push edi
00AB13DC lea edi,[ebp-0D8h]
00AB13E2 mov ecx,36h ;0D8h / 4h = 36h
00AB13E7 mov eax,0CCCCCCCCh ;int 3中斷對應的彙編碼是0CCh,填充0CCh為了檢錯與除錯。
00AB13EC rep stos dword ptr es:[edi] ;rep:重複指令,ecx存放重複的次數。 stos:將eax中的值拷貝到es:[edi]中。
2、退出函式之前,恢復暫存器的值
00AB148C pop edi
00AB148D pop esi
00AB148E pop ebx
00AB148F add esp,0D8h
00AB1495 cmp ebp,esp
00AB1497 call __RTC_CheckEsp (0AB1140h)
00AB149C mov esp,ebp
00AB149E pop ebp
00AB149F ret
3、呼叫函式xxx()之後,都會呼叫__RTC_CheckEsp ()函式驗證esp的值是否恢復到呼叫前:
mov esi,esp
......
call xxx()
add esp,4
cmp esi,esp
call __RTC_CheckEsp (0AB1140h)
_RTC_CheckEsp內部程式碼:
jne esperror (0AB16D3h) ;若esi與esp的值不同,則跳轉到esperror()中處理錯誤
ret
#include <stdlib.h>
int main()
{
00AB13D0 push ebp
00AB13D1 mov ebp,esp
00AB13D3 sub esp,0D8h
00AB13D9 push ebx
00AB13DA push esi
00AB13DB push edi
00AB13DC lea edi,[ebp-0D8h]
00AB13E2 mov ecx,36h
00AB13E7 mov eax,0CCCCCCCCh
00AB13EC rep stos dword ptr es:[edi]
int i = 0, sum = 0;
00AB13EE mov dword ptr [i],0
00AB13F5 mov dword ptr [sum],0
while (i < 10)
00AB13FC cmp dword ptr [i],0Ah
00AB1400 jge main+46h (0AB1416h)
{
sum += i;
00AB1402 mov eax,dword ptr [sum]
00AB1405 add eax,dword ptr [i]
00AB1408 mov dword ptr [sum],eax
i++;
00AB140B mov eax,dword ptr [i]
00AB140E add eax,1
00AB1411 mov dword ptr [i],eax
}
00AB1414 jmp main+2Ch (0AB13FCh)
i = 0;
00AB1416 mov dword ptr [i],0
do
{
sum += i;
00AB141D mov eax,dword ptr [sum]
00AB1420 add eax,dword ptr [i]
00AB1423 mov dword ptr [sum],eax
++i;
00AB1426 mov eax,dword ptr [i]
00AB1429 add eax,1
00AB142C mov dword ptr [i],eax
} while (i < 10);
00AB142F cmp dword ptr [i],0Ah
00AB1433 jl main+4Dh (0AB141Dh)
for (i = 0; i <= 10; i++)
00AB1435 mov dword ptr [i],0
00AB143C jmp main+77h (0AB1447h)
00AB143E mov eax,dword ptr [i]
00AB1441 add eax,1
00AB1444 mov dword ptr [i],eax
00AB1447 cmp dword ptr [i],0Ah
00AB144B jg main+88h (0AB1458h)
{
sum += i;
00AB144D mov eax,dword ptr [sum]
00AB1450 add eax,dword ptr [i]
00AB1453 mov dword ptr [sum],eax
}
00AB1456 jmp main+6Eh (0AB143Eh)
printf("%d\n", sum);
00AB1458 mov esi,esp
00AB145A mov eax,dword ptr [sum]
00AB145D push eax
00AB145E push 0AB5858h
00AB1463 call dword ptr ds:[0AB911Ch]
00AB1469 add esp,8
00AB146C cmp esi,esp
00AB146E call __RTC_CheckEsp (0AB1140h)
system("pause");
00AB1473 mov esi,esp
00AB1475 push 0AB58B8h
00AB147A call dword ptr ds:[0AB9110h]
00AB1480 add esp,4
00AB1483 cmp esi,esp
00AB1485 call __RTC_CheckEsp (0AB1140h)
return 0;
00AB148A xor eax,eax
}
00AB148C pop edi
00AB148D pop esi
00AB148E pop ebx
00AB148F add esp,0D8h
00AB1495 cmp ebp,esp
00AB1497 call __RTC_CheckEsp (0AB1140h)
00AB149C mov esp,ebp
00AB149E pop ebp
00AB149F ret
註解:
1、進入函式之後,儲存暫存器並初始化棧:
push ebp
00AB13D1 mov ebp,esp ;儲存esp
00AB13D3 sub esp,0D8h ;0D8h個位元組入棧
00AB13D9 push ebx
00AB13DA push esi
00AB13DB push edi
00AB13DC lea edi,[ebp-0D8h]
00AB13E2 mov ecx,36h ;0D8h / 4h = 36h
00AB13E7 mov eax,0CCCCCCCCh ;int 3中斷對應的彙編碼是0CCh,填充0CCh為了檢錯與除錯。
00AB13EC rep stos dword ptr es:[edi] ;rep:重複指令,ecx存放重複的次數。 stos:將eax中的值拷貝到es:[edi]中。
2、退出函式之前,恢復暫存器的值
00AB148C pop edi
00AB148D pop esi
00AB148E pop ebx
00AB148F add esp,0D8h
00AB1495 cmp ebp,esp
00AB1497 call __RTC_CheckEsp (0AB1140h)
00AB149C mov esp,ebp
00AB149E pop ebp
00AB149F ret
3、呼叫函式xxx()之後,都會呼叫__RTC_CheckEsp ()函式驗證esp的值是否恢復到呼叫前:
mov esi,esp
......
call xxx()
add esp,4
cmp esi,esp
call __RTC_CheckEsp (0AB1140h)
_RTC_CheckEsp內部程式碼:
jne esperror (0AB16D3h) ;若esi與esp的值不同,則跳轉到esperror()中處理錯誤
ret