自制反汇编逆向分析工具 迭代第三版本
将一个函数的分支跳转逆向生成cpp文件,使逆向分析过程从分支跳转的分析中解放出来,工具首要的作用是应当解放生产力。 下面是效果图:
然后附上上面效果图对应的反汇编源代码和工具逆向生成的cpp文件。
有了这个逆向出来的文件,接下来的逆向工作有点像在做填空,但已经帮大忙。
不能上传附件,贴代码。
某比较大的函数的反汇编代码
QuartzCore`CA::Context::commit_transaction: -> <+0>: pushq %rbp <+1>: movq %rsp, %rbp <+4>: pushq %r15 <+6>: pushq %r14 <+8>: pushq %r13 <+10>: pushq %r12 <+12>: pushq %rbx <+13>: subq $0x198, %rsp <+20>: movq %rdi, %r12 <+23>: movq 0x80d62(%rip), %rax ; (void *)0x000000010495d070: __stack_chk_guard <+30>: movq (%rax), %rax <+33>: movq %rax, -0x30(%rbp) <+37>: movq %r12, -0x170(%rbp) <+44>: movq $0x10, -0x178(%rbp) <+55>: movq $0x10, -0x180(%rbp) <+66>: leaq -0xb0(%rbp), %rsi <+73>: leaq -0x178(%rbp), %rdx <+80>: movl $0x1, %edi <+85>: callq 0x1024014b0 ; CA::Context::retain_all_contexts(bool, CA::Context**, unsigned long&) <+90>: movq %rax, %r14 <+93>: leaq -0x160(%rbp), %rcx <+100>: movl $0x5d, %esi <+105>: movl $0x12, %edx <+110>: movq %r12, %rdi <+113>: callq 0x102430dcc ; CA::Transaction::get_value(unsigned int, _CAValueType, void*) <+118>: testb %al, %al <+120>: jne 0x1024033e5 ; <+133> <+122>: movq $0x0, -0x160(%rbp) <+133>: movabsq $0x7ff0000000000000, %rax <+143>: movq %rax, -0x158(%rbp) <+150>: xorl %esi, %esi <+152>: movq %r12, %rdi <+155>: callq 0x102431edc ; CA::Transaction::run_commit_handlers(CATransactionPhase) <+160>: movq -0x178(%rbp), %rax <+167>: movq %rax, -0x1c0(%rbp) <+174>: testq %rax, %rax <+177>: je 0x102403ccc ; <+2412> <+183>: callq 0x102450a6a ; symbol stub for: objc_autoreleasePoolPush <+188>: movq %rax, -0x198(%rbp) <+195>: xorl %ebx, %ebx <+197>: movq (%r14,%rbx,8), %r13 <+201>: movq %r13, -0x168(%rbp) <+208>: movq %r13, 0x50(%r12) <+213>: addq $0x10, %r13 <+217>: movq %r13, %rdi <+220>: callq 0x102450eb4 ; symbol stub for: pthread_mutex_lock <+225>: movq -0x168(%rbp), %rax <+232>: movq 0x68(%rax), %rdi <+236>: testq %rdi, %rdi <+239>: je 0x1024034a6 ; <+326> <+241>: callq 0x10241e773 ; CALayerGetLayer <+246>: movq %rax, %r15 <+249>: lock <+250>: incl (%r15) <+253>: movq %r13, %rdi <+256>: callq 0x102450ec0 ; symbol stub for: pthread_mutex_unlock <+261>: testq %r15, %r15 <+264>: je 0x1024034ae ; <+334> <+266>: movq %r15, %rdi <+269>: movq %r12, %rsi <+272>: callq 0x10240ecd6 ; CA::Layer::layout_and_display_if_needed(CA::Transaction*) <+277>: movq %r15, %rdi <+280>: movq %r12, %rsi <+283>: callq 0x10240ef76 ; CA::Layer::prepare_commit(CA::Transaction*) <+288>: movl $0xffffffff, %eax <+293>: lock <+294>: xaddl %eax, (%r15) <+298>: cmpl $0x1, %eax <+301>: jne 0x1024034ae ; <+334> <+303>: movq %r15, %rdi <+306>: callq 0x10240ddca ; CA::Layer::~Layer() <+311>: movl $0xb, %edi <+316>: movq %r15, %rsi <+319>: callq 0x10244af5e ; x_mem_dealloc_bucket <+324>: jmp 0x1024034ae ; <+334> <+326>: movq %r13, %rdi <+329>: callq 0x102450ec0 ; symbol stub for: pthread_mutex_unlock <+334>: incq %rbx <+337>: movq -0x178(%rbp), %r15 <+344>: cmpq %r15, %rbx <+347>: jb 0x102403425 ; <+197> <+353>: movq -0x198(%rbp), %rdi <+360>: callq 0x102450a64 ; symbol stub for: objc_autoreleasePoolPop <+365>: leaq -0x130(%rbp), %rsi <+372>: leaq -0x180(%rbp), %rdx <+379>: movl $0x1, %edi <+384>: callq 0x1024014b0 ; CA::Context::retain_all_contexts(bool, CA::Context**, unsigned long&) <+389>: movq %rax, -0x198(%rbp) <+396>: xorl %ebx, %ebx <+398>: leaq -0xb0(%rbp), %r13 <+405>: testq %r15, %r15 <+408>: je 0x102403513 ; <+435> <+410>: movq (%r14,%rbx,8), %rdi <+414>: movl $0x1, %esi <+419>: callq 0x102401c8a ; CA::Context::unref(bool) <+424>: incq %rbx <+427>: cmpq %r15, %rbx <+430>: jb 0x1024034fa ; <+410> <+432>: movq %r15, %rbx <+435>: cmpq %r13, %r14 <+438>: je 0x10240354d ; <+493> <+440>: shlq $0x3, %rbx <+444>: cmpq $0x190, %rbx <+451>: ja 0x102403542 ; <+482> <+453>: movabsq $0xfffffffff, %rax <+463>: addq %rax, %rbx <+466>: shrq $0x4, %rbx <+470>: movl %ebx, %edi <+472>: movq %r14, %rsi <+475>: callq 0x10244af5e ; x_mem_dealloc_bucket <+480>: jmp 0x10240354d ; <+493> <+482>: movq %rbx, %rdi <+485>: movq %r14, %rsi <+488>: callq 0x10244ad84 ; x_mem_dealloc_size <+493>: orb $0x2, 0x84(%r12) <+502>: movl $0x3, %esi <+507>: movq %r12, %rdi <+510>: callq 0x102431edc ; CA::Transaction::run_commit_handlers(CATransactionPhase) <+515>: callq 0x102450a6a ; symbol stub for: objc_autoreleasePoolPush <+520>: movq %rax, %rbx <+523>: movq (%r12), %rax <+527>: movq 0x28(%rax), %r15 <+531>: testq %r15, %r15 <+534>: je 0x10240377b ; <+1051> <+540>: movq %rbx, -0x1a0(%rbp) <+547>: movq %r12, -0x1a8(%rbp) <+554>: movq %r15, %rbx <+557>: movq %rbx, %rdi <+560>: callq 0x102431b52 ; CA::Transaction::Fence::run_callbacks() const <+565>: movq (%rbx), %rbx <+568>: testq %rbx, %rbx <+571>: jne 0x10240358d ; <+557> <+573>: movl $0x0, -0x184(%rbp) <+583>: xorl %r12d, %r12d <+586>: movq -0x180(%rbp), %rbx <+593>: cmpl $0x0, 0xc(%r15) <+598>: je 0x1024035c3 ; <+611> <+600>: cmpl $0x2, 0x10(%r15) <+605>: jb 0x1024036fe ; <+926> <+611>: testq %rbx, %rbx <+614>: je 0x1024036fe ; <+926> <+620>: xorl %r13d, %r13d <+623>: movq -0x198(%rbp), %rax <+630>: movq (%rax,%r13,8), %rdi <+634>: movl 0x5c(%rdi), %eax <+637>: cmpl 0x8(%r15), %eax <+641>: jne 0x1024036f2 ; <+914> <+647>: cmpl $0x0, -0x184(%rbp) <+654>: jne 0x102403630 ; <+720> <+656>: movq 0x80c31(%rip), %rax ; (void *)0x0000000104bdd234: mach_task_self_ <+663>: movl (%rax), %edi <+665>: movl $0x1, %esi <+670>: leaq -0x184(%rbp), %rdx <+677>: callq 0x102450d7c ; symbol stub for: mach_port_allocate <+682>: movq 0x80c17(%rip), %rax ; (void *)0x0000000104bdd234: mach_task_self_ <+689>: movl (%rax), %edi <+691>: movl -0x184(%rbp), %esi <+697>: movl $0x14, %ecx <+702>: movl %esi, %edx <+704>: callq 0x102450d8e ; symbol stub for: mach_port_insert_right <+709>: movq -0x198(%rbp), %rax <+716>: movq (%rax,%r13,8), %rdi <+720>: callq 0x102402640 ; CA::Context::retain_render_ctx() <+725>: movq %rax, %r14 <+728>: testq %r14, %r14 <+731>: je 0x10240366c ; <+780> <+733>: movl 0xc(%r15), %ecx <+737>: testl %ecx, %ecx <+739>: je 0x1024036a4 ; <+836> <+741>: movl -0x184(%rbp), %esi <+747>: movl 0x10(%r15), %r8d <+751>: xorl %edx, %edx <+753>: movq %r14, %rdi <+756>: callq 0x102330eb4 ; CA::Render::Context::set_fence(unsigned int, bool, unsigned int, unsigned int) <+761>: movzbl %al, %eax <+764>: addq %rax, %r12 <+767>: movq %r14, %rdi <+770>: callq 0x1023585ac ; CA::Render::Object::unref() const <+775>: jmp 0x1024036f2 ; <+914> <+780>: movq -0x198(%rbp), %rax <+787>: movq (%rax,%r13,8), %rax <+791>: movl 0x90(%rax), %edi <+797>: testl %edi, %edi <+799>: je 0x1024036f2 ; <+914> <+801>: movl 0xc(%r15), %ecx <+805>: testl %ecx, %ecx <+807>: je 0x1024036ca ; <+874> <+809>: movl 0x58(%rax), %esi <+812>: movl -0x184(%rbp), %edx <+818>: movl 0x10(%r15), %r8d <+822>: callq 0x102445cad ; _CASSetFence <+827>: cmpl $0x1, %eax <+830>: adcq $0x0, %r12 <+834>: jmp 0x1024036f2 ; <+914> <+836>: movl 0x14(%r15), %ecx <+840>: testl %ecx, %ecx <+842>: je 0x10240365f ; <+767> <+844>: movl -0x184(%rbp), %esi <+850>: xorl %edx, %edx <+852>: movq %r14, %rdi <+855>: callq 0x102330ec2 ; CA::Render::Context::set_fence(unsigned int, bool, unsigned int) <+860>: testb %al, %al <+862>: je 0x10240365f ; <+767> <+864>: movq %r15, %rdi <+867>: callq 0x102431af2 ; CA::Transaction::Fence::release_port() const <+872>: jmp 0x102403659 ; <+761> <+874>: movl 0x14(%r15), %ecx <+878>: testl %ecx, %ecx <+880>: je 0x1024036f2 ; <+914> <+882>: movl 0x58(%rax), %esi <+885>: movl -0x184(%rbp), %edx <+891>: callq 0x102445e2f ; _CASSetFenceWithPort <+896>: testl %eax, %eax <+898>: jne 0x1024036f2 ; <+914> <+900>: movq %r15, %rdi <+903>: callq 0x102431af2 ; CA::Transaction::Fence::release_port() const <+908>: movzbl %al, %eax <+911>: addq %rax, %r12 <+914>: incq %r13 <+917>: cmpq %rbx, %r13 <+920>: jb 0x1024035cf ; <+623> <+926>: movq (%r15), %r15 <+929>: testq %r15, %r15 <+932>: jne 0x1024035b1 ; <+593> <+938>: movl -0x184(%rbp), %edi <+944>: movb $0x1, %al <+946>: movl %eax, -0x1ac(%rbp) <+952>: testl %edi, %edi <+954>: je 0x102403787 ; <+1063> <+956>: movq %r12, %rsi <+959>: movq -0x1a0(%rbp), %rbx <+966>: callq 0x10233969c ; CA::Render::Fence::wait(unsigned int, unsigned long) <+971>: movq -0x1a8(%rbp), %r12 <+978>: xorps %xmm1, %xmm1 <+981>: ucomisd -0x160(%rbp), %xmm1 <+989>: jne 0x102403747 ; <+999> <+991>: movsd %xmm0, -0x160(%rbp) <+999>: movq 0x80ada(%rip), %rax ; (void *)0x0000000104bdd234: mach_task_self_ <+1006>: movl (%rax), %edi <+1008>: movl -0x184(%rbp), %esi <+1014>: movl $0x1, %edx <+1019>: movl $0xffffffff, %ecx <+1024>: callq 0x102450d94 ; symbol stub for: mach_port_mod_refs <+1029>: movq 0x80abc(%rip), %rax ; (void *)0x0000000104bdd234: mach_task_self_ <+1036>: movl (%rax), %edi <+1038>: movl -0x184(%rbp), %esi <+1044>: callq 0x102450d82 ; symbol stub for: mach_port_deallocate <+1049>: jmp 0x102403795 ; <+1077> <+1051>: movl $0x0, -0x1ac(%rbp) <+1061>: jmp 0x102403795 ; <+1077> <+1063>: movq -0x1a8(%rbp), %r12 <+1070>: movq -0x1a0(%rbp), %rbx <+1077>: movl $0x1, %esi <+1082>: movq %r12, %rdi <+1085>: callq 0x102431edc ; CA::Transaction::run_commit_handlers(CATransactionPhase) <+1090>: movq %rbx, %rdi <+1093>: callq 0x102450a64 ; symbol stub for: objc_autoreleasePoolPop <+1098>: xorpd %xmm0, %xmm0 <+1102>: ucomisd -0x160(%rbp), %xmm0 <+1110>: jne 0x1024037c5 ; <+1125> <+1112>: callq 0x102304b1f ; CACurrentMediaTime <+1117>: movsd %xmm0, -0x160(%rbp) <+1125>: xorl %edi, %edi <+1127>: cmpq $0x0, -0x180(%rbp) <+1135>: je 0x102403c88 ; <+2344> <+1141>: xorl %eax, %eax <+1143>: movq %rax, -0x1b8(%rbp) <+1150>: xorl %ecx, %ecx <+1152>: movq %rcx, -0x1a0(%rbp) <+1159>: movq -0x198(%rbp), %rax <+1166>: movq (%rax,%rcx,8), %r14 <+1170>: movq %r14, -0x168(%rbp) <+1177>: movb $0x0, -0x138(%rbp) <+1184>: addq $0x10, %r14 <+1188>: leaq -0x150(%rbp), %rax <+1195>: movq $0x0, 0x8(%rax) <+1203>: movq $0x0, (%rax) <+1210>: movq %r14, %rdi <+1213>: callq 0x102450eb4 ; symbol stub for: pthread_mutex_lock <+1218>: movq -0x168(%rbp), %rax <+1225>: movq %rax, 0x50(%r12) <+1230>: leaq -0x170(%rbp), %rcx <+1237>: movq %rcx, 0xb0(%rax) <+1244>: movq %r12, %rdi <+1247>: movq %r12, %r15 <+1250>: callq 0x1024306d0 ; CA::Transaction::lock() <+1255>: movq -0x168(%rbp), %rcx <+1262>: movq 0x70(%rcx), %rdi <+1266>: testq %rdi, %rdi <+1269>: je 0x10240386a ; <+1290> <+1271>: movq %rdi, -0x148(%rbp) <+1278>: callq 0x102330512 ; CA::Render::Context::will_commit() <+1283>: movq -0x168(%rbp), %rcx <+1290>: cmpl $0x0, 0x90(%rcx) <+1297>: je 0x102403943 ; <+1507> <+1303>: testb $0x1, 0xc8(%rcx) <+1310>: jne 0x102403943 ; <+1507> <+1316>: movq -0x1b8(%rbp), %rax <+1323>: testq %rax, %rax <+1326>: jne 0x10240389c ; <+1340> <+1328>: movq %rsp, %rax <+1331>: addq $-0x8000, %rax <+1337>: movq %rax, %rsp <+1340>: movq %rax, -0x1b8(%rbp) <+1347>: movl $0x1000, %edi <+1352>: movl $0x8000, %edx <+1357>: movq %rax, %rsi <+1360>: callq 0x10244d600 ; x_heap_new_with_ptr <+1365>: movq %rax, %r12 <+1368>: movl $0x68, %esi <+1373>: movq %r12, %rdi <+1376>: callq 0x10244d6e8 ; x_heap_malloc <+1381>: movq %rax, %rbx <+1384>: movq -0x168(%rbp), %rcx <+1391>: movl 0x58(%rcx), %r8d <+1395>: movsd -0x160(%rbp), %xmm0 <+1403>: xorl %edx, %edx <+1405>: movq %rbx, %rdi <+1408>: movq %r12, %r13 <+1411>: movq %r13, %rsi <+1414>: callq 0x102379f6a ; CA::Render::Encoder::Encoder(x_heap_struct*, unsigned int, void*, unsigned int, double) <+1419>: movq %rbx, -0x150(%rbp) <+1426>: movq -0x168(%rbp), %rax <+1433>: movq 0x98(%rax), %r12 <+1440>: testq %r12, %r12 <+1443>: jne 0x10240392f ; <+1487> <+1445>: movl $0x1, %edi <+1450>: callq 0x10244ab0a ; x_mem_alloc_bucket <+1455>: movq %rax, %r12 <+1458>: movq %r12, %rdi <+1461>: callq 0x102379942 ; CA::Render::Encoder::ObjectCache::ObjectCache() <+1466>: movq -0x168(%rbp), %rax <+1473>: movq %r12, 0x98(%rax) <+1480>: movq -0x150(%rbp), %rbx <+1487>: movq %r13, -0x1a8(%rbp) <+1494>: movq %rbx, %rdi <+1497>: movq %r12, %rsi <+1500>: callq 0x102379fac ; CA::Render::Encoder::set_object_cache(CA::Render::Encoder::ObjectCache*) <+1505>: jmp 0x10240394c ; <+1516> <+1507>: xorl %eax, %eax <+1509>: movq %rax, -0x1a8(%rbp) <+1516>: movq %r15, %rdi <+1519>: leaq -0xdd2(%rip), %rsi ; CA::Context::commit_deleted(unsigned long, unsigned int, void*) <+1526>: leaq -0x170(%rbp), %rdx <+1533>: callq 0x10243178e ; CA::Transaction::foreach_deleted_id(void (*)(unsigned long, unsigned int, void*), void*) <+1538>: movq -0x168(%rbp), %rax <+1545>: movl 0x5c(%rax), %esi <+1548>: movq %r15, %rdi <+1551>: leaq -0xda2(%rip), %rdx ; CA::Context::commit_command(int, unsigned long, void const*, void*) <+1558>: leaq -0x170(%rbp), %rcx <+1565>: callq 0x1024319d6 ; CA::Transaction::foreach_command(unsigned int, void (*)(int, unsigned long, void const*, void*), void*) <+1570>: movq -0x168(%rbp), %rax <+1577>: movq 0x68(%rax), %rdi <+1581>: xorl %r13d, %r13d <+1584>: testq %rdi, %rdi <+1587>: movl $0x0, %r12d <+1593>: je 0x1024039d0 ; <+1648> <+1595>: callq 0x10241e773 ; CALayerGetLayer <+1600>: movq %rax, %rbx <+1603>: xorl %r13d, %r13d <+1606>: testq %rbx, %rbx <+1609>: movl $0x0, %r12d <+1615>: je 0x1024039d0 ; <+1648> <+1617>: movb $0x1, %r13b <+1620>: movq %rbx, %rdi <+1623>: movq %r15, %rsi <+1626>: leaq -0xf09(%rip), %rdx ; CA::Context::commit_layer(CA::Layer*, unsigned int, unsigned int, void*) <+1633>: leaq -0x170(%rbp), %rcx <+1640>: callq 0x10240f1c4 ; CA::Layer::commit_if_needed(CA::Transaction*, void (*)(CA::Layer*, unsigned int, unsigned int, void*), void*) <+1645>: movq %rbx, %r12 <+1648>: movq %r15, %rdi <+1651>: leaq -0x6a6(%rip), %rsi ; CA::Context::commit_root(CA::Layer*, void*) <+1658>: leaq -0x170(%rbp), %rdx <+1665>: callq 0x1024318fe ; CA::Transaction::foreach_root(void (*)(CA::Layer*, void*), void*) <+1670>: testb %r13b, %r13b <+1673>: je 0x102403a05 ; <+1701> <+1675>: movsd -0x160(%rbp), %xmm0 <+1683>: movq %r12, %rdi <+1686>: movq %r15, %rsi <+1689>: leaq -0x158(%rbp), %rdx <+1696>: callq 0x1024167fa ; CA::Layer::collect_animations(CA::Transaction*, double, double*) <+1701>: movq -0x150(%rbp), %rax <+1708>: testq %rax, %rax <+1711>: je 0x102403a7a ; <+1818> <+1713>: movq 0x18(%rax), %rcx <+1717>: subq 0x10(%rax), %rcx <+1721>: cmpq 0x50(%rax), %rcx <+1725>: je 0x102403a7a ; <+1818> <+1727>: movb $0x1, -0x185(%rbp) <+1734>: movl $0x124, %esi <+1739>: movl $0x7, %edx <+1744>: movq %r15, %rdi <+1747>: leaq -0x185(%rbp), %rcx <+1754>: callq 0x102430dcc ; CA::Transaction::get_value(unsigned int, _CAValueType, void*) <+1759>: callq 0x102450ea2 ; symbol stub for: pthread_main_np <+1764>: testl %eax, %eax <+1766>: sete %al <+1769>: movl -0x1ac(%rbp), %ecx <+1775>: orb %cl, %al <+1777>: jne 0x102403a73 ; <+1811> <+1779>: callq 0x10244e4fb ; x_cpu_has_64bit <+1784>: testb %al, %al <+1786>: je 0x102403a73 ; <+1811> <+1788>: cmpb $0x0, -0x185(%rbp) <+1795>: je 0x102403a7a ; <+1818> <+1797>: movq -0x150(%rbp), %rdi <+1804>: callq 0x10237c985 ; CA::Render::encode_set_low_latency(CA::Render::Encoder*) <+1809>: jmp 0x102403a7a ; <+1818> <+1811>: movb $0x0, -0x185(%rbp) <+1818>: movl $0xfa, %esi <+1823>: movl $0x12, %edx <+1828>: movq %r15, %rdi <+1831>: leaq -0x190(%rbp), %rcx <+1838>: callq 0x102430dcc ; CA::Transaction::get_value(unsigned int, _CAValueType, void*) <+1843>: testb %al, %al <+1845>: je 0x102403ad7 ; <+1911> <+1847>: movq -0x148(%rbp), %rdi <+1854>: testq %rdi, %rdi <+1857>: je 0x102403ab0 ; <+1872> <+1859>: movsd -0x190(%rbp), %xmm0 <+1867>: callq 0x102330dfe ; CA::Render::Context::add_input_time(double) <+1872>: movq -0x150(%rbp), %rdi <+1879>: testq %rdi, %rdi <+1882>: je 0x102403ad7 ; <+1911> <+1884>: movq 0x18(%rdi), %rax <+1888>: subq 0x10(%rdi), %rax <+1892>: cmpq 0x50(%rdi), %rax <+1896>: je 0x102403ad7 ; <+1911> <+1898>: movsd -0x190(%rbp), %xmm0 <+1906>: callq 0x10237c931 ; CA::Render::encode_add_input_time(CA::Render::Encoder*, double) <+1911>: movq %r15, %rdi <+1914>: callq 0x1024306ee ; CA::Transaction::unlock() <+1919>: movq -0x148(%rbp), %rax <+1926>: testq %rax, %rax <+1929>: je 0x102403af3 ; <+1939> <+1931>: lock <+1932>: andl $0xfffeffff, 0x8(%rax) <+1939>: movq -0x150(%rbp), %rdi <+1946>: xorl %r13d, %r13d <+1949>: testq %rdi, %rdi <+1952>: je 0x102403b7d ; <+2077> <+1954>: movq 0x18(%rdi), %rax <+1958>: subq 0x10(%rdi), %rax <+1962>: cmpq 0x50(%rdi), %rax <+1966>: setne %al <+1969>: movl -0x1ac(%rbp), %ecx <+1975>: orb %cl, %al <+1977>: movzbl %al, %eax <+1980>: cmpl $0x1, %eax <+1983>: movl $0x0, %r12d <+1989>: jne 0x102403b80 ; <+2080> <+1991>: xorl %r13d, %r13d <+1994>: cmpb $0x0, 0x58(%rdi) <+1998>: je 0x102403b3f ; <+2015> <+2000>: callq 0x10237ac07 ; CA::Render::get_reply_port() <+2005>: movl %eax, %r13d <+2008>: movq -0x150(%rbp), %rdi <+2015>: movq -0x168(%rbp), %rax <+2022>: movl 0x90(%rax), %esi <+2028>: movl %r13d, %edx <+2031>: callq 0x10237a8d0 ; CA::Render::Encoder::send_message(unsigned int, unsigned int) <+2036>: movl %eax, %r12d <+2039>: cmpl $0x10000003, %r12d <+2046>: jne 0x102403b6e ; <+2062> <+2048>: movq -0x168(%rbp), %rax <+2055>: orb $0x1, 0xc8(%rax) <+2062>: movq -0x168(%rbp), %rax <+2069>: incl 0x88(%rax) <+2075>: jmp 0x102403b80 ; <+2080> <+2077>: xorl %r12d, %r12d <+2080>: movq $0x0, 0x50(%r15) <+2088>: movq -0x168(%rbp), %rax <+2095>: movq $0x0, 0xb0(%rax) <+2106>: movq -0x148(%rbp), %rdi <+2113>: testq %rdi, %rdi <+2116>: je 0x102403bc9 ; <+2153> <+2118>: movl 0x1c(%rdi), %ecx <+2121>: incl %ecx <+2123>: movl %ecx, 0x1c(%rdi) <+2126>: movl %ecx, 0x88(%rax) <+2132>: movzbl -0x138(%rbp), %esi <+2139>: xorl %edx, %edx <+2141>: callq 0x102330584 ; CA::Render::Context::did_commit(bool, bool) <+2146>: movq -0x168(%rbp), %rax <+2153>: andb $-0x5, 0xc8(%rax) <+2160>: movq -0x168(%rbp), %rdi <+2167>: testb $0x8, 0xc8(%rdi) <+2174>: je 0x102403be5 ; <+2181> <+2176>: callq 0x102401af0 ; CA::Context::destroy() <+2181>: movq %r14, %rdi <+2184>: callq 0x102450ec0 ; symbol stub for: pthread_mutex_unlock <+2189>: movq -0x150(%rbp), %rdi <+2196>: testq %rdi, %rdi <+2199>: movq -0x1a8(%rbp), %rbx <+2206>: je 0x102403c49 ; <+2281> <+2208>: testl %r13d, %r13d <+2211>: je 0x102403c44 ; <+2276> <+2213>: testl %r12d, %r12d <+2216>: jne 0x102403c32 ; <+2258> <+2218>: movl %r13d, %esi <+2221>: callq 0x10237ac12 ; CA::Render::Encoder::receive_reply(unsigned int) <+2226>: movl %eax, %r12d <+2229>: cmpl $0x10000003, %r12d <+2236>: jne 0x102403c32 ; <+2258> <+2238>: movq -0x168(%rbp), %rax <+2245>: orb $0x1, 0xc8(%rax) <+2252>: movl $0x10000003, %r12d <+2258>: movl %r13d, %edi <+2261>: movl %r12d, %esi <+2264>: callq 0x10237ac5f ; CA::Render::dispose_reply_port(unsigned int, int) <+2269>: movq -0x150(%rbp), %rdi <+2276>: callq 0x102379fa2 ; CA::Render::Encoder::~Encoder() <+2281>: testq %rbx, %rbx <+2284>: je 0x102403c56 ; <+2294> <+2286>: movq %rbx, %rdi <+2289>: callq 0x10244d64e ; x_heap_free <+2294>: movq -0x168(%rbp), %rdi <+2301>: movl $0x1, %esi <+2306>: callq 0x102401c8a ; CA::Context::unref(bool) <+2311>: movq -0x1a0(%rbp), %rcx <+2318>: incq %rcx <+2321>: movq -0x180(%rbp), %rdi <+2328>: cmpq %rdi, %rcx <+2331>: movq %r15, %r12 <+2334>: jb 0x1024037e0 ; <+1152> <+2340>: shlq $0x3, %rdi <+2344>: leaq -0x130(%rbp), %rax <+2351>: cmpq %rax, -0x198(%rbp) <+2358>: je 0x102403ccc ; <+2412> <+2360>: cmpq $0x190, %rdi <+2367>: ja 0x102403cc0 ; <+2400> <+2369>: movabsq $0xfffffffff, %rax <+2379>: addq %rax, %rdi <+2382>: shrq $0x4, %rdi <+2386>: movq -0x198(%rbp), %rsi <+2393>: callq 0x10244af5e ; x_mem_dealloc_bucket <+2398>: jmp 0x102403ccc ; <+2412> <+2400>: movq -0x198(%rbp), %rsi <+2407>: callq 0x10244ad84 ; x_mem_dealloc_size <+2412>: movq %r12, %rdi <+2415>: callq 0x1024306d0 ; CA::Transaction::lock() <+2420>: movq %r12, %rdi <+2423>: callq 0x102431f9c ; CA::Transaction::run_deferred_visibility_layer_calls() <+2428>: movq %r12, %rdi <+2431>: callq 0x1024306ee ; CA::Transaction::unlock() <+2436>: cmpq $0x0, -0x1c0(%rbp) <+2444>: jne 0x102403d08 ; <+2472> <+2446>: movl $0x3, %esi <+2451>: movq %r12, %rdi <+2454>: callq 0x102431edc ; CA::Transaction::run_commit_handlers(CATransactionPhase) <+2459>: movl $0x1, %esi <+2464>: movq %r12, %rdi <+2467>: callq 0x102431edc ; CA::Transaction::run_commit_handlers(CATransactionPhase) <+2472>: movl $0x2, %esi <+2477>: movq %r12, %rdi <+2480>: callq 0x102431edc ; CA::Transaction::run_commit_handlers(CATransactionPhase) <+2485>: movsd -0x160(%rbp), %xmm0 <+2493>: xorps %xmm1, %xmm1 <+2496>: ucomisd %xmm0, %xmm1 <+2500>: jne 0x102403d33 ; <+2515> <+2502>: callq 0x102304b1f ; CACurrentMediaTime <+2507>: movsd %xmm0, -0x160(%rbp) <+2515>: movsd -0x158(%rbp), %xmm1 <+2523>: movq %r12, %rdi <+2526>: callq 0x102416a02 ; CA::Layer::set_next_animation_time(CA::Transaction*, double, double) <+2531>: movsd -0x160(%rbp), %xmm0 <+2539>: callq 0x10230445a ; CARecordTransaction <+2544>: callq 0x10230fc0e ; CABackingStoreCollectAsync <+2549>: movsd -0x160(%rbp), %xmm0 <+2557>: callq 0x1023ec2cc ; CA::CG::Queue::collect(double) <+2562>: movq 0x80377(%rip), %rax ; (void *)0x000000010495d070: __stack_chk_guard <+2569>: movq (%rax), %rax <+2572>: cmpq -0x30(%rbp), %rax <+2576>: jne 0x102403ded ; <+2701> <+2578>: leaq -0x28(%rbp), %rsp <+2582>: popq %rbx <+2583>: popq %r12 <+2585>: popq %r13 <+2587>: popq %r14 <+2589>: popq %r15 <+2591>: popq %rbp <+2592>: retq <+2593>: movq %rax, %rbx <+2596>: movq -0x1a0(%rbp), %rdi <+2603>: callq 0x102450a64 ; symbol stub for: objc_autoreleasePoolPop <+2608>: jmp 0x102403d9d ; <+2621> <+2610>: movq %rax, %rbx <+2613>: movq %r14, %rdi <+2616>: callq 0x102450ec0 ; symbol stub for: pthread_mutex_unlock <+2621>: movq %rbx, %rdi <+2624>: callq 0x102450b48 ; symbol stub for: _Unwind_Resume <+2629>: movq %rax, %rbx <+2632>: jmp 0x102403db5 ; <+2645> <+2634>: movq %rax, %rbx <+2637>: movq %r13, %rdi <+2640>: callq 0x102450ec0 ; symbol stub for: pthread_mutex_unlock <+2645>: movq -0x198(%rbp), %rdi <+2652>: callq 0x102450a64 ; symbol stub for: objc_autoreleasePoolPop <+2657>: jmp 0x102403d9d ; <+2621> <+2659>: jmp 0x102403d81 ; <+2593> <+2661>: movq %rax, %rbx <+2664>: movl $0x1, %edi <+2669>: movq %r12, %rsi <+2672>: callq 0x10244af5e ; x_mem_dealloc_bucket <+2677>: jmp 0x102403d95 ; <+2613> <+2679>: movq %rbx, -0x1a0(%rbp) <+2686>: jmp 0x102403d81 ; <+2593> <+2688>: movq %rax, %rbx <+2691>: movq %r12, %rdi <+2694>: callq 0x1024306ee ; CA::Transaction::unlock() <+2699>: jmp 0x102403d9d ; <+2621> <+2701>: callq 0x102450b9c ; symbol stub for: __stack_chk_fail
分支跳转逆向输出 :
// created by reserve tool of zsl @ 2016, March 31th. // www.cnblogs.com/bbqzsl void CA::Transaction::commit_transaction(CA::Transaction*) { // 120 if () { } // 133 // 177 if () { _b197: // 239 if () { // 324 goto _f334; } // 326 // 264 if () { // 301 if () { _f334: } // 334 } // 334 // 347 if () goto _b197; // 408 if () { _b410: // 430 if () goto _b410; } // 435 // 438 if () { // 451 if () { // 480 goto _f493; } // 482 _f493: } // 493 // 534 if () { _b557: // 571 if () goto _b557; _b593: // 598 if () { } // 611 // 605 if () { // 614 if () { _b623: // 641 if () { // 654 if () { } // 720 // 731 if () { _b761: _b767: _b767: // 775 goto _f914; } // 780 // 739 if () { // 834 goto _f914; } // 836 // 799 if () { // 807 if () { // 842 if () goto _b767; // 862 if () goto _b767; // 872 goto _b761; } // 874 // 880 if () { // 898 if () { _f914: _f914: } // 914 } // 914 } // 914 } // 914 // 920 if () goto _b623; } // 926 } // 926 // 932 if () goto _b593; // 1049 goto _f1077; } // 1051 // 954 if () { // 989 if () { } // 999 // 1061 goto _f1077; } // 1063 _f1077: _f1077: // 1110 if () { } // 1125 // 1135 if () { _b1152: // 1269 if () { } // 1290 // 1297 if () { // 1310 if () { // 1326 if () { } // 1340 // 1443 if () { } // 1487 // 1505 goto _f1516; } // 1507 } // 1507 _f1516: // 1593 if () { // 1615 if () { } // 1648 } // 1648 // 1673 if () { } // 1701 // 1711 if () { // 1725 if () { // 1777 if () { // 1786 if () { // 1809 goto _f1818; } // 1811 } // 1811 // 1795 if () { _f1818: } // 1818 } // 1818 } // 1818 // 1845 if () { // 1857 if () { } // 1872 // 1882 if () { // 1896 if () { } // 1911 } // 1911 } // 1911 // 1929 if () { } // 1939 // 1952 if () { // 2075 goto _f2080; } // 2077 // 1989 if () { // 1998 if () { } // 2015 // 2046 if () { } // 2062 _f2080: } // 2080 // 2116 if () { } // 2153 // 2174 if () { } // 2181 // 2206 if () { // 2211 if () { // 2216 if () { // 2236 if () { } // 2258 } // 2258 } // 2276 } // 2281 // 2284 if () { } // 2294 // 2334 if () goto _b1152; } // 2344 // 2358 if () { // 2367 if () { // 2398 goto _f2412; } // 2400 _f2412: } // 2412 } // 2412 // 2444 if () { } // 2472 // 2500 if () { } // 2515 // 2576 if () { _b2593: _b2593: // 2608 goto _f2621; _b2613: _f2621: _b2621: _b2621: // 2632 goto _f2645; _f2645: // 2657 goto _b2621; // 2659 goto _b2593; // 2677 goto _b2613; // 2686 goto _b2593; // 2699 goto _b2621; } // 2701 }
逆向深入objc,c++
windows下仿objc动画层UI引擎