c++ 反汇编 数组和指针

  • 字符串初始化字符数组
58:     char as[] = "hello word";
00AC7308 A1 70 2E B6 00       mov         eax,dword ptr [string "hello word" (0B62E70h)]  
00AC730D 89 45 EC             mov         dword ptr [as],eax  //复制4字节
00AC7310 8B 0D 74 2E B6 00    mov         ecx,dword ptr ds:[0B62E74h]  
00AC7316 89 4D F0             mov         dword ptr [ebp-10h],ecx  //4字节
00AC7319 66 8B 15 78 2E B6 00 mov         dx,word ptr ds:[0B62E78h]  
00AC7320 66 89 55 F4          mov         word ptr [ebp-0Ch],dx  //2字节
00AC7324 A0 7A 2E B6 00       mov         al,byte ptr ds:[00B62E7Ah]  
00AC7329 88 45 F6             mov         byte ptr [ebp-0Ah],al //1字节

 


  • 数组作为参数
55:     // 数组作为参数
    56:      char szHello[20] = {0};
00127308 33 C0                xor         eax,eax  
0012730A 89 45 E4             mov         dword ptr [szHello],eax  
0012730D 89 45 E8             mov         dword ptr [ebp-18h],eax  
00127310 89 45 EC             mov         dword ptr [ebp-14h],eax  
00127313 89 45 F0             mov         dword ptr [ebp-10h],eax  
00127316 89 45 F4             mov         dword ptr [ebp-0Ch],eax  
    57:     Show(szHello);
00127319 8D 45 E4             lea         eax,[szHello]  //取数组szHello的地址,
0012731C 50                   push        eax  
0012731D E8 2F C4 FF FF       call        Show (0123751h)  
00127322 83 C4 04             add         esp,4 

Show

8: // 参数为字符数组
     9: void Show(char szBuff[])
    10: {
···debug环境初始化;
    11:     strcpy(szBuff, "Hello World");
0012717E 68 50 2E 1C 00       push        offset string "Hello World" (01C2E50h)  
00127183 8B 45 08             mov         eax,dword ptr [szBuff]  
00127186 50                   push        eax  //参数szBuff入栈
00127187 E8 DA BF FF FF       call        _strcpy (0123166h)  
0012718C 83 C4 08             add         esp,8  
    12:     printf(szBuff);
···printf 

sizeof(数组名)得到数组大小,而sizeof(指针,形参数组名)不可以。

 


 

  • 局部数组变量作为返回值(不允许出现!)
    73:     // 调用返回值为局部变量
    74:     printf("%s\r\n", RetArray());
012B73EB E8 99 CC FF FF       call        RetArray (012B4089h)  
012B73F0 50                   push        eax  
012B73F1 68 84 2E 35 01       push        offset string "%s\r\n" (01352E84h)  
012B73F6 E8 CF 9F FF FF       call        _printf (012B13CAh)  
012B73FB 83 C4 08             add         esp,8 

RetArray

 22: // 局部数组作为返回值
    23:  char* RetArray()
    24:  {
···debug环境初始化栈012B9DAE A1 1C 70 37 01       mov         eax,dword ptr [__security_cookie (0137701Ch)]  
012B9DB3 33 C5                xor         eax,ebp  
012B9DB5 89 45 FC             mov         dword ptr [ebp-4],eax  
    25:      char szBuff[] = {"Hello World"};
012B9DB8 A1 50 2E 35 01       mov         eax,dword ptr [string "Hello World" (01352E50h)]  
012B9DBD 89 45 EC             mov         dword ptr [szBuff],eax  
012B9DC0 8B 0D 54 2E 35 01    mov         ecx,dword ptr ds:[1352E54h]  
012B9DC6 89 4D F0             mov         dword ptr [ebp-10h],ecx  
012B9DC9 8B 15 58 2E 35 01    mov         edx,dword ptr ds:[1352E58h]  
012B9DCF 89 55 F4             mov         dword ptr [ebp-0Ch],edx  
    26:      return szBuff;
012B9DD2 8D 45 EC             lea         eax,[szBuff] //取局部数组变量的地址,最为函数返回值。其值位于栈中,后续的清理工作会使栈中数据不稳定! 
    27: }
···

 


 

  • 局部静态数组

局部静态数组同样存在初始化标志,只能初始化一次。

 


 

  • 下标寻址和指针寻址
93:     // 下标、指针寻址
    94: // 
    95:      char * pChar = NULL;
0092FC9B C7 45 D8 00 00 00 00 mov         dword ptr [pChar],0  
    96:      char szBuff[] = "popk no one";
0092FCA2 A1 84 2E 9C 00       mov         eax,dword ptr [string "popk no one" (09C2E84h)]  
0092FCA7 89 45 C4             mov         dword ptr [szBuff],eax  
0092FCAA 8B 0D 88 2E 9C 00    mov         ecx,dword ptr ds:[9C2E88h]  
0092FCB0 89 4D C8             mov         dword ptr [ebp-38h],ecx  
0092FCB3 8B 15 8C 2E 9C 00    mov         edx,dword ptr ds:[9C2E8Ch]  
0092FCB9 89 55 CC             mov         dword ptr [ebp-34h],edx  
    97:      pChar = szBuff;
0092FCBC 8D 45 C4             lea         eax,[szBuff]  
0092FCBF 89 45 D8             mov         dword ptr [pChar],eax  //指针变量赋值数组szBuff地址
    98:      printf("%c", *++pChar);
0092FCC2 8B 45 D8             mov         eax,dword ptr [pChar] //取指针变量 
0092FCC5 83 C0 01             add         eax,1  //指针加一,指向元素szBuff[1]
0092FCC8 89 45 D8             mov         dword ptr [pChar],eax //修改指针变量pChar 
0092FCCB 8B 4D D8             mov         ecx,dword ptr [pChar] 0092FCCE 0F BE 11             movsx       edx,byte ptr [ecx]  
0092FCD1 52                   push        edx  
0092FCD2 68 40 2F 9C 00       push        offset string "%c" (09C2F40h)  
0092FCD7 E8 EE 16 FF FF       call        _printf (09213CAh)  
0092FCDC 83 C4 08             add         esp,8  
    99:     printf("%c", szBuff[1]);
0092FCDF B8 01 00 00 00       mov         eax,1 //计算偏移量,数组元素类型大小*索引 
0092FCE4 C1 E0 00             shl         eax,0  
0092FCE7 0F BE 4C 05 C4       movsx       ecx,byte ptr szBuff[eax]  
0092FCEC 51                   push        ecx  
0092FCED 68 40 2F 9C 00       push        offset string "%c" (09C2F40h)  
0092FCF2 E8 D3 16 FF FF       call        _printf (09213CAh)  
0092FCF7 83 C4 08             add         esp,8  

指针寻址在效率上要低于下标寻址

 


 

  • 多维数组

二维数组

debug

000A0DFB C7 45 D8 00 00 00 00 mov         dword ptr [i],0  
   112:      int nTwoArray[2][3] = {{1, 2,3},{4, 5,6}};                // 二维数组
000A0E02 C7 45 B8 01 00 00 00 mov         dword ptr [nTwoArray],1  
000A0E09 C7 45 BC 02 00 00 00 mov         dword ptr [ebp-44h],2  
000A0E10 C7 45 C0 03 00 00 00 mov         dword ptr [ebp-40h],3  
000A0E17 C7 45 C4 04 00 00 00 mov         dword ptr [ebp-3Ch],4  
000A0E1E C7 45 C8 05 00 00 00 mov         dword ptr [ebp-38h],5  
000A0E25 C7 45 CC 06 00 00 00 mov         dword ptr [ebp-34h],6  
   113:      scanf("%d", &i);
000A0E2C 8D 45 D8             lea         eax,[i]  
000A0E2F 50                   push        eax  
000A0E30 68 80 AE 14 00       push        offset string "%d" (014AE80h)  
000A0E35 E8 B3 0A FF FF       call        _scanf (0918EDh)  
000A0E3A 83 C4 08             add         esp,8  
   114:      printf("nTwoArray = %d\r\n", nTwoArray[1][i]);        // 
000A0E3D B8 0C 00 00 00       mov         eax,0Ch  
000A0E42 C1 E0 00             shl         eax,0  
000A0E45 8D 4C 05 B8          lea         ecx,nTwoArray[eax]  
000A0E49 8B 55 D8             mov         edx,dword ptr [i]  
000A0E4C 8B 04 91             mov         eax,dword ptr [ecx+edx*4]  
000A0E4F 50                   push        eax  
000A0E50 68 84 AE 14 00       push        offset string "nTwoArray = %d\r\n" (014AE84h)  
000A0E55 E8 15 06 FF FF       call        _printf (09146Fh)  
000A0E5A 83 C4 08             add         esp,8  

release


int i = 0;
int nTwoArray[2][3] = {{1, 2,3},{4, 5,6}}; // 二维数组
scanf("%d", &i);
printf("nTwoArray = %d\r\n", nTwoArray[1][i]);

00F710FE  | 0F2805 30C2FB00 | movaps xmm0,xmmword ptr ds:[<__xmm@00000004000000030000000200000001> | array.cpp:112
00F71105  | 8D85 60FFFFFF   | lea eax,dword ptr ss:[ebp-0xA0]                                      | array.cpp:113
00F7110B  | 50              | push eax                                                             |
00F7110C  | 68 B0C1FB00     | push array.FBC1B0                                                    | FBC1B0:"%d"
00F71111  | C785 60FFFFFF 0 | mov dword ptr ss:[ebp-0xA0],0x0                                      |//i
00F7111B  | 0F1145 C4       | movups xmmword ptr ss:[ebp-0x3C],xmm0                                |//nTwoArray
00F7111F  | C745 D4 0500000 | mov dword ptr ss:[ebp-0x2C],0x5                                      |
00F71126  | C745 D8 0600000 | mov dword ptr ss:[ebp-0x28],0x6                                      | [ebp-28]:_iob+70
00F7112D  | E8 DE010000     | call <array.scanf>                                                   |
00F71132  | 8B85 60FFFFFF   | mov eax,dword ptr ss:[ebp-0xA0]                                      | array.cpp:114
00F71138  | FF7485 D0       | push dword ptr ss:[ebp+eax*4-0x30]                                   |//ebp-0x30-->nTwoArray[1]地址,eax-->i 
00F7113C  | 68 B4C1FB00     | push array.FBC1B4                                                    | FBC1B4:"nTwoArray = %d\r\n"
00F71141  | E8 9A010000     | call <array.printf>                                                  |

 

 

 

 

三维数组

debug

116:     //// 三维数组
   117:      int x = 0,y = 0,z = 0;
000A0E5D C7 45 AC 00 00 00 00 mov         dword ptr [x],0  
000A0E64 C7 45 A0 00 00 00 00 mov         dword ptr [y],0  
   115: 
   116:     //// 三维数组
   117:      int x = 0,y = 0,z = 0;
000A0E6B C7 45 94 00 00 00 00 mov         dword ptr [z],0  
   118:  
   119:     int nArray[2][3][4] = { {{1,1,1,1},{2,2,2,2},{3,3,3,3}},{{4,4,4,4},{5,5,5,5},{6,6,6,6}} };
000A0E72 C7 85 2C FF FF FF 01 00 00 00 mov         dword ptr [nArray],1  
000A0E7C C7 85 30 FF FF FF 01 00 00 00 mov         dword ptr [ebp-0D0h],1  
000A0E86 C7 85 34 FF FF FF 01 00 00 00 mov         dword ptr [ebp-0CCh],1  
000A0E90 C7 85 38 FF FF FF 01 00 00 00 mov         dword ptr [ebp-0C8h],1  
000A0E9A C7 85 3C FF FF FF 02 00 00 00 mov         dword ptr [ebp-0C4h],2  
000A0EA4 C7 85 40 FF FF FF 02 00 00 00 mov         dword ptr [ebp-0C0h],2  
000A0EAE C7 85 44 FF FF FF 02 00 00 00 mov         dword ptr [ebp-0BCh],2  
000A0EB8 C7 85 48 FF FF FF 02 00 00 00 mov         dword ptr [ebp-0B8h],2  
000A0EC2 C7 85 4C FF FF FF 03 00 00 00 mov         dword ptr [ebp-0B4h],3  
000A0ECC C7 85 50 FF FF FF 03 00 00 00 mov         dword ptr [ebp-0B0h],3  
000A0ED6 C7 85 54 FF FF FF 03 00 00 00 mov         dword ptr [ebp-0ACh],3  
000A0EE0 C7 85 58 FF FF FF 03 00 00 00 mov         dword ptr [ebp-0A8h],3  
000A0EEA C7 85 5C FF FF FF 04 00 00 00 mov         dword ptr [ebp-0A4h],4  
000A0EF4 C7 85 60 FF FF FF 04 00 00 00 mov         dword ptr [ebp-0A0h],4  
000A0EFE C7 85 64 FF FF FF 04 00 00 00 mov         dword ptr [ebp-9Ch],4  
000A0F08 C7 85 68 FF FF FF 04 00 00 00 mov         dword ptr [ebp-98h],4  
000A0F12 C7 85 6C FF FF FF 05 00 00 00 mov         dword ptr [ebp-94h],5  
000A0F1C C7 85 70 FF FF FF 05 00 00 00 mov         dword ptr [ebp-90h],5  
000A0F26 C7 85 74 FF FF FF 05 00 00 00 mov         dword ptr [ebp-8Ch],5  
000A0F30 C7 85 78 FF FF FF 05 00 00 00 mov         dword ptr [ebp-88h],5  
000A0F3A C7 85 7C FF FF FF 06 00 00 00 mov         dword ptr [ebp-84h],6  
000A0F44 C7 45 80 06 00 00 00 mov         dword ptr [ebp-80h],6  
000A0F4B C7 45 84 06 00 00 00 mov         dword ptr [ebp-7Ch],6  
000A0F52 C7 45 88 06 00 00 00 mov         dword ptr [ebp-78h],6  
   120:      scanf("%d %d %d", &x, &y, &z);
000A0F59 8D 45 94             lea         eax,[z]  
000A0F5C 50                   push        eax  
000A0F5D 8D 4D A0             lea         ecx,[y]  
000A0F60 51                   push        ecx  
000A0F61 8D 55 AC             lea         edx,[x]  
000A0F64 52                   push        edx  
000A0F65 68 98 AE 14 00       push        offset string "%d %d %d" (014AE98h)  
000A0F6A E8 7E 09 FF FF       call        _scanf (0918EDh)  
000A0F6F 83 C4 10             add         esp,10h  
   121:  
   122:     printf("%d", nArray[x][y][z]);
000A0F72 6B 45 AC 30          imul        eax,dword ptr [x],30h  //x*3*4*4
000A0F76 8D 8C 05 2C FF FF FF lea         ecx,nArray[eax]  
000A0F7D 8B 55 A0             mov         edx,dword ptr [y]  
000A0F80 C1 E2 04             shl         edx,4  //y*4*4    y*2^4
000A0F83 03 CA                add         ecx,edx  
000A0F85 8B 45 94             mov         eax,dword ptr [z]  
000A0F88 8B 0C 81             mov         ecx,dword ptr [ecx+eax*4]  
000A0F8B 51                   push        ecx  
000A0F8C 68 80 AE 14 00       push        offset string "%d" (014AE80h)  
000A0F91 E8 D9 04 FF FF       call        _printf (09146Fh)  
000A0F96 83 C4 08             add         esp,8  

release


//// 三维数组
int x = 0,y = 0,z = 0;

int nArray[2][3][4] = { {{1,1,1,1},{2,2,2,2},{3,3,3,3}},{{4,4,4,4},{5,5,5,5},{6,6,6,6}} };
scanf("%d %d %d", &x, &y, &z);

printf("%d", nArray[x][y][z]);


00F71146
| 0F2805 00C2FB00 | movaps xmm0,xmmword ptr ds:[<__xmm@00000001000000010000000100000001> | 初始化三维数组 00F7114D | 8D85 54FFFFFF | lea eax,dword ptr ss:[ebp-0xAC] | array.cpp:120 00F71153 | 0F1185 64FFFFFF | movups xmmword ptr ss:[ebp-0x9C],xmm0 | 00F7115A | 50 | push eax |//z 00F7115B | 0F2805 10C2FB00 | movaps xmm0,xmmword ptr ds:[<__xmm@00000002000000020000000200000002> | 00F71162 | 8D85 58FFFFFF | lea eax,dword ptr ss:[ebp-0xA8] | 00F71168 | 0F1185 74FFFFFF | movups xmmword ptr ss:[ebp-0x8C],xmm0 | 00F7116F | 50 | push eax |//y 00F71170 | 0F2805 20C2FB00 | movaps xmm0,xmmword ptr ds:[<__xmm@00000003000000030000000300000003> | 00F71177 | 8D85 5CFFFFFF | lea eax,dword ptr ss:[ebp-0xA4] | 00F7117D | 0F1145 84 | movups xmmword ptr ss:[ebp-0x7C],xmm0 | 00F71181 | 50 | push eax |//x 00F71182 | 0F2805 40C2FB00 | movaps xmm0,xmmword ptr ds:[<__xmm@00000004000000040000000400000004> | 00F71189 | 0F1145 94 | movups xmmword ptr ss:[ebp-0x6C],xmm0 | 00F7118D | 68 C8C1FB00 | push array.FBC1C8 | FBC1C8:"%d %d %d" 00F71192 | 0F2805 50C2FB00 | movaps xmm0,xmmword ptr ds:[<__xmm@00000005000000050000000500000005> | 00F71199 | 0F1145 A4 | movups xmmword ptr ss:[ebp-0x5C],xmm0 | 00F7119D | C785 5CFFFFFF 0 | mov dword ptr ss:[ebp-0xA4],0x0 //x=0 | 00F711A7 | 0F2805 60C2FB00 | movaps xmm0,xmmword ptr ds:[<__xmm@00000006000000060000000600000006> | 00F711AE | C785 58FFFFFF 0 | mov dword ptr ss:[ebp-0xA8],0x0 //y=0 | 00F711B8 | C785 54FFFFFF 0 | mov dword ptr ss:[ebp-0xAC],0x0 //z=0 | 00F711C2 | 0F1145 B4 | movups xmmword ptr ss:[ebp-0x4C],xmm0 | 00F711C6 | E8 45010000 | call <array.scanf> 00F711CB | 8B8D 5CFFFFFF | mov ecx,dword ptr ss:[ebp-0xA4] //x 00F711D1 | 83C4 40 | add esp,0x40 00F711D4 | 8B85 58FFFFFF | mov eax,dword ptr ss:[ebp-0xA8] //y 00F711DA | 8D1448 | lea edx,dword ptr ds:[eax+ecx*2] //x*2+y 00F711DD | 8B85 54FFFFFF | mov eax,dword ptr ss:[ebp-0xAC] //z 00F711E3 | 03D1 | add edx,ecx //(x*2+y)+x 00F711E5 | 8D0490 | lea eax,dword ptr ds:[eax+edx*4] // ((x*2+y)+x)*4+z 00F711E8 | FFB485 64FFFFFF | push dword ptr ss:[ebp+eax*4-0x9C] | 00F711EF | 68 B0C1FB00 | push array.FBC1B0 | FBC1B0:"%d" 00F711F4 | E8 E7000000 | call <array.printf> |

 

三维数组 type a[L][M][N],x,y,z作为下标

  a+x*sizeof(type[M][N])+y*sizeof(type [N])+z*sizeof(type)

=a+x*M*N*sizeof(type)+y*N*sizeof(type)+z*sizeof(type)

=a+(x*M*N+y*N+z)*sizeof(type)              -->debbug下

=a+( (x*M+y)*N + z )*sizeof(type)            -->release下优化

 


 

  • 指针数组

数组元素为指针

release


// 指针数组
char * pBuff[3] = {
"Hello ",
"World ",
"!\r\n"
};
for (int i = 0; i < 3; i++) {
printf(pBuff[i]);
}

00F711FC  | C745 D0 D4C1FB0 | mov dword ptr ss:[ebp-0x30],array.FBC1D4         | array.cpp:126, FBC1D4:"Hello "
00F71203  | C745 D4 DCC1FB0 | mov dword ptr ss:[ebp-0x2C],array.FBC1DC         | array.cpp:127, FBC1DC:"World "
00F7120A  | 33F6            | xor esi,esi                                      | esi:__argc
00F7120C  | C745 D8 E4C1FB0 | mov dword ptr ss:[ebp-0x28],array.FBC1E4         | array.cpp:128, [ebp-28]:_iob+70, FBC1E4:"!\r\n"
00F71213  | FF74B5 D0       | push dword ptr ss:[ebp+esi*4-0x30]               | array.cpp:131
00F71217  | E8 C4000000     | call <array.printf>                              |
00F7121C  | 46              | inc esi                                          | esi:__argc
00F7121D  | 83C4 04         | add esp,0x4                                      |
00F71220  | 83FE 03         | cmp esi,0x3                                      | esi:__argc
00F71223  | 7C EE           | jl array.F71213                                  |

 


 

  • 数组指针

指向数组的指针,是指针。

release


// 数组指针
char (*pArray)[10] = cArray;
for (int i = 0; i < 3; i++)
{
printf(*pArray);
pArray++;
}

00F71296  | 8D75 DC         | lea esi,dword ptr ss:[ebp-0x24] //取数组首地址 ,esi相当于数组指针。                
00F71299 | BF 03000000 | mov edi,0x3 00F7129E | 66:90 | nop
00F712A0 | 56 | push esi
00F712A1 | E8 3A000000 | call <array.printf> 00F712A6 | 83C4 04 | add esp,0x4 00F712A9 | 83C6 0A | add esi,0xA //指针++
00F712AC | 83EF 01 | sub edi,0x1 00F712AF | 75 EF | jne array.F712A0

 


 

  • 函数指针
 166:     int (__stdcall *pShow)(int) = Show;
000A1102 C7 85 B4 FE FF FF 6C 12 09 00 mov         dword ptr [pShow],offset Show (09126Ch)  
   167:     int nRet = pShow(5);
000A110C 8B F4                mov         esi,esp  
000A110E 6A 05                push        5  
000A1110 FF 95 B4 FE FF FF    call        dword ptr [pShow]  
000A1116 3B F4                cmp         esi,esp  
000A1118 E8 C0 21 FF FF       call        __RTC_CheckEsp (0932DDh)  
000A111D 89 85 A8 FE FF FF    mov         dword ptr [nRet],eax  
   168:     printf("ret = %d \r\n", nRet);
000A1123 8B 85 A8 FE FF FF    mov         eax,dword ptr [nRet]  
000A1129 50                   push        eax  
000A112A 68 50 AF 14 00       push        offset string "ret = %d \r\n" (014AF50h)  
000A112F E8 3B 03 FF FF       call        _printf (09146Fh)  
000A1134 83 C4 08             add         esp,8  
   169: }
posted @ 2020-01-09 17:36  DirWangK  阅读(502)  评论(0编辑  收藏  举报