c++ 反汇编 数组和指针
- 字符串初始化字符数组
58: char as[] = "hello word"; 00AC7308 A1 70 2E B6 00 mov eax,dword ptr [string "hello word" (0B62E70h)] 00AC730D 89 45 EC mov dword ptr [as],eax //复制4字节 00AC7310 8B 0D 74 2E B6 00 mov ecx,dword ptr ds:[0B62E74h] 00AC7316 89 4D F0 mov dword ptr [ebp-10h],ecx //4字节 00AC7319 66 8B 15 78 2E B6 00 mov dx,word ptr ds:[0B62E78h] 00AC7320 66 89 55 F4 mov word ptr [ebp-0Ch],dx //2字节 00AC7324 A0 7A 2E B6 00 mov al,byte ptr ds:[00B62E7Ah] 00AC7329 88 45 F6 mov byte ptr [ebp-0Ah],al //1字节
- 数组作为参数
55: // 数组作为参数 56: char szHello[20] = {0}; 00127308 33 C0 xor eax,eax 0012730A 89 45 E4 mov dword ptr [szHello],eax 0012730D 89 45 E8 mov dword ptr [ebp-18h],eax 00127310 89 45 EC mov dword ptr [ebp-14h],eax 00127313 89 45 F0 mov dword ptr [ebp-10h],eax 00127316 89 45 F4 mov dword ptr [ebp-0Ch],eax 57: Show(szHello); 00127319 8D 45 E4 lea eax,[szHello] //取数组szHello的地址, 0012731C 50 push eax 0012731D E8 2F C4 FF FF call Show (0123751h) 00127322 83 C4 04 add esp,4
Show
8: // 参数为字符数组 9: void Show(char szBuff[]) 10: { ···debug环境初始化; 11: strcpy(szBuff, "Hello World"); 0012717E 68 50 2E 1C 00 push offset string "Hello World" (01C2E50h) 00127183 8B 45 08 mov eax,dword ptr [szBuff] 00127186 50 push eax //参数szBuff入栈 00127187 E8 DA BF FF FF call _strcpy (0123166h) 0012718C 83 C4 08 add esp,8 12: printf(szBuff); ···printf
sizeof(数组名)得到数组大小,而sizeof(指针,形参数组名)不可以。
- 局部数组变量作为返回值(不允许出现!)
73: // 调用返回值为局部变量 74: printf("%s\r\n", RetArray()); 012B73EB E8 99 CC FF FF call RetArray (012B4089h) 012B73F0 50 push eax 012B73F1 68 84 2E 35 01 push offset string "%s\r\n" (01352E84h) 012B73F6 E8 CF 9F FF FF call _printf (012B13CAh) 012B73FB 83 C4 08 add esp,8
RetArray
22: // 局部数组作为返回值 23: char* RetArray() 24: { ···debug环境初始化栈012B9DAE A1 1C 70 37 01 mov eax,dword ptr [__security_cookie (0137701Ch)] 012B9DB3 33 C5 xor eax,ebp 012B9DB5 89 45 FC mov dword ptr [ebp-4],eax 25: char szBuff[] = {"Hello World"}; 012B9DB8 A1 50 2E 35 01 mov eax,dword ptr [string "Hello World" (01352E50h)] 012B9DBD 89 45 EC mov dword ptr [szBuff],eax 012B9DC0 8B 0D 54 2E 35 01 mov ecx,dword ptr ds:[1352E54h] 012B9DC6 89 4D F0 mov dword ptr [ebp-10h],ecx 012B9DC9 8B 15 58 2E 35 01 mov edx,dword ptr ds:[1352E58h] 012B9DCF 89 55 F4 mov dword ptr [ebp-0Ch],edx 26: return szBuff; 012B9DD2 8D 45 EC lea eax,[szBuff] //取局部数组变量的地址,最为函数返回值。其值位于栈中,后续的清理工作会使栈中数据不稳定! 27: }
···
- 局部静态数组
局部静态数组同样存在初始化标志,只能初始化一次。
- 下标寻址和指针寻址
93: // 下标、指针寻址 94: // 95: char * pChar = NULL; 0092FC9B C7 45 D8 00 00 00 00 mov dword ptr [pChar],0 96: char szBuff[] = "popk no one"; 0092FCA2 A1 84 2E 9C 00 mov eax,dword ptr [string "popk no one" (09C2E84h)] 0092FCA7 89 45 C4 mov dword ptr [szBuff],eax 0092FCAA 8B 0D 88 2E 9C 00 mov ecx,dword ptr ds:[9C2E88h] 0092FCB0 89 4D C8 mov dword ptr [ebp-38h],ecx 0092FCB3 8B 15 8C 2E 9C 00 mov edx,dword ptr ds:[9C2E8Ch] 0092FCB9 89 55 CC mov dword ptr [ebp-34h],edx 97: pChar = szBuff; 0092FCBC 8D 45 C4 lea eax,[szBuff] 0092FCBF 89 45 D8 mov dword ptr [pChar],eax //指针变量赋值数组szBuff地址 98: printf("%c", *++pChar); 0092FCC2 8B 45 D8 mov eax,dword ptr [pChar] //取指针变量 0092FCC5 83 C0 01 add eax,1 //指针加一,指向元素szBuff[1] 0092FCC8 89 45 D8 mov dword ptr [pChar],eax //修改指针变量pChar 0092FCCB 8B 4D D8 mov ecx,dword ptr [pChar] 0092FCCE 0F BE 11 movsx edx,byte ptr [ecx] 0092FCD1 52 push edx 0092FCD2 68 40 2F 9C 00 push offset string "%c" (09C2F40h) 0092FCD7 E8 EE 16 FF FF call _printf (09213CAh) 0092FCDC 83 C4 08 add esp,8 99: printf("%c", szBuff[1]); 0092FCDF B8 01 00 00 00 mov eax,1 //计算偏移量,数组元素类型大小*索引 0092FCE4 C1 E0 00 shl eax,0 0092FCE7 0F BE 4C 05 C4 movsx ecx,byte ptr szBuff[eax] 0092FCEC 51 push ecx 0092FCED 68 40 2F 9C 00 push offset string "%c" (09C2F40h) 0092FCF2 E8 D3 16 FF FF call _printf (09213CAh) 0092FCF7 83 C4 08 add esp,8
指针寻址在效率上要低于下标寻址
- 多维数组
二维数组
debug
000A0DFB C7 45 D8 00 00 00 00 mov dword ptr [i],0 112: int nTwoArray[2][3] = {{1, 2,3},{4, 5,6}}; // 二维数组 000A0E02 C7 45 B8 01 00 00 00 mov dword ptr [nTwoArray],1 000A0E09 C7 45 BC 02 00 00 00 mov dword ptr [ebp-44h],2 000A0E10 C7 45 C0 03 00 00 00 mov dword ptr [ebp-40h],3 000A0E17 C7 45 C4 04 00 00 00 mov dword ptr [ebp-3Ch],4 000A0E1E C7 45 C8 05 00 00 00 mov dword ptr [ebp-38h],5 000A0E25 C7 45 CC 06 00 00 00 mov dword ptr [ebp-34h],6 113: scanf("%d", &i); 000A0E2C 8D 45 D8 lea eax,[i] 000A0E2F 50 push eax 000A0E30 68 80 AE 14 00 push offset string "%d" (014AE80h) 000A0E35 E8 B3 0A FF FF call _scanf (0918EDh) 000A0E3A 83 C4 08 add esp,8 114: printf("nTwoArray = %d\r\n", nTwoArray[1][i]); // 000A0E3D B8 0C 00 00 00 mov eax,0Ch 000A0E42 C1 E0 00 shl eax,0 000A0E45 8D 4C 05 B8 lea ecx,nTwoArray[eax] 000A0E49 8B 55 D8 mov edx,dword ptr [i] 000A0E4C 8B 04 91 mov eax,dword ptr [ecx+edx*4] 000A0E4F 50 push eax 000A0E50 68 84 AE 14 00 push offset string "nTwoArray = %d\r\n" (014AE84h) 000A0E55 E8 15 06 FF FF call _printf (09146Fh) 000A0E5A 83 C4 08 add esp,8
release
int i = 0;
int nTwoArray[2][3] = {{1, 2,3},{4, 5,6}}; // 二维数组
scanf("%d", &i);
printf("nTwoArray = %d\r\n", nTwoArray[1][i]);
00F710FE | 0F2805 30C2FB00 | movaps xmm0,xmmword ptr ds:[<__xmm@00000004000000030000000200000001> | array.cpp:112 00F71105 | 8D85 60FFFFFF | lea eax,dword ptr ss:[ebp-0xA0] | array.cpp:113 00F7110B | 50 | push eax | 00F7110C | 68 B0C1FB00 | push array.FBC1B0 | FBC1B0:"%d" 00F71111 | C785 60FFFFFF 0 | mov dword ptr ss:[ebp-0xA0],0x0 |//i 00F7111B | 0F1145 C4 | movups xmmword ptr ss:[ebp-0x3C],xmm0 |//nTwoArray 00F7111F | C745 D4 0500000 | mov dword ptr ss:[ebp-0x2C],0x5 | 00F71126 | C745 D8 0600000 | mov dword ptr ss:[ebp-0x28],0x6 | [ebp-28]:_iob+70 00F7112D | E8 DE010000 | call <array.scanf> | 00F71132 | 8B85 60FFFFFF | mov eax,dword ptr ss:[ebp-0xA0] | array.cpp:114 00F71138 | FF7485 D0 | push dword ptr ss:[ebp+eax*4-0x30] |//ebp-0x30-->nTwoArray[1]地址,eax-->i 00F7113C | 68 B4C1FB00 | push array.FBC1B4 | FBC1B4:"nTwoArray = %d\r\n" 00F71141 | E8 9A010000 | call <array.printf> |
三维数组
debug
116: //// 三维数组 117: int x = 0,y = 0,z = 0; 000A0E5D C7 45 AC 00 00 00 00 mov dword ptr [x],0 000A0E64 C7 45 A0 00 00 00 00 mov dword ptr [y],0 115: 116: //// 三维数组 117: int x = 0,y = 0,z = 0; 000A0E6B C7 45 94 00 00 00 00 mov dword ptr [z],0 118: 119: int nArray[2][3][4] = { {{1,1,1,1},{2,2,2,2},{3,3,3,3}},{{4,4,4,4},{5,5,5,5},{6,6,6,6}} }; 000A0E72 C7 85 2C FF FF FF 01 00 00 00 mov dword ptr [nArray],1 000A0E7C C7 85 30 FF FF FF 01 00 00 00 mov dword ptr [ebp-0D0h],1 000A0E86 C7 85 34 FF FF FF 01 00 00 00 mov dword ptr [ebp-0CCh],1 000A0E90 C7 85 38 FF FF FF 01 00 00 00 mov dword ptr [ebp-0C8h],1 000A0E9A C7 85 3C FF FF FF 02 00 00 00 mov dword ptr [ebp-0C4h],2 000A0EA4 C7 85 40 FF FF FF 02 00 00 00 mov dword ptr [ebp-0C0h],2 000A0EAE C7 85 44 FF FF FF 02 00 00 00 mov dword ptr [ebp-0BCh],2 000A0EB8 C7 85 48 FF FF FF 02 00 00 00 mov dword ptr [ebp-0B8h],2 000A0EC2 C7 85 4C FF FF FF 03 00 00 00 mov dword ptr [ebp-0B4h],3 000A0ECC C7 85 50 FF FF FF 03 00 00 00 mov dword ptr [ebp-0B0h],3 000A0ED6 C7 85 54 FF FF FF 03 00 00 00 mov dword ptr [ebp-0ACh],3 000A0EE0 C7 85 58 FF FF FF 03 00 00 00 mov dword ptr [ebp-0A8h],3 000A0EEA C7 85 5C FF FF FF 04 00 00 00 mov dword ptr [ebp-0A4h],4 000A0EF4 C7 85 60 FF FF FF 04 00 00 00 mov dword ptr [ebp-0A0h],4 000A0EFE C7 85 64 FF FF FF 04 00 00 00 mov dword ptr [ebp-9Ch],4 000A0F08 C7 85 68 FF FF FF 04 00 00 00 mov dword ptr [ebp-98h],4 000A0F12 C7 85 6C FF FF FF 05 00 00 00 mov dword ptr [ebp-94h],5 000A0F1C C7 85 70 FF FF FF 05 00 00 00 mov dword ptr [ebp-90h],5 000A0F26 C7 85 74 FF FF FF 05 00 00 00 mov dword ptr [ebp-8Ch],5 000A0F30 C7 85 78 FF FF FF 05 00 00 00 mov dword ptr [ebp-88h],5 000A0F3A C7 85 7C FF FF FF 06 00 00 00 mov dword ptr [ebp-84h],6 000A0F44 C7 45 80 06 00 00 00 mov dword ptr [ebp-80h],6 000A0F4B C7 45 84 06 00 00 00 mov dword ptr [ebp-7Ch],6 000A0F52 C7 45 88 06 00 00 00 mov dword ptr [ebp-78h],6 120: scanf("%d %d %d", &x, &y, &z); 000A0F59 8D 45 94 lea eax,[z] 000A0F5C 50 push eax 000A0F5D 8D 4D A0 lea ecx,[y] 000A0F60 51 push ecx 000A0F61 8D 55 AC lea edx,[x] 000A0F64 52 push edx 000A0F65 68 98 AE 14 00 push offset string "%d %d %d" (014AE98h) 000A0F6A E8 7E 09 FF FF call _scanf (0918EDh) 000A0F6F 83 C4 10 add esp,10h 121: 122: printf("%d", nArray[x][y][z]); 000A0F72 6B 45 AC 30 imul eax,dword ptr [x],30h //x*3*4*4 000A0F76 8D 8C 05 2C FF FF FF lea ecx,nArray[eax] 000A0F7D 8B 55 A0 mov edx,dword ptr [y] 000A0F80 C1 E2 04 shl edx,4 //y*4*4 y*2^4 000A0F83 03 CA add ecx,edx 000A0F85 8B 45 94 mov eax,dword ptr [z] 000A0F88 8B 0C 81 mov ecx,dword ptr [ecx+eax*4] 000A0F8B 51 push ecx 000A0F8C 68 80 AE 14 00 push offset string "%d" (014AE80h) 000A0F91 E8 D9 04 FF FF call _printf (09146Fh) 000A0F96 83 C4 08 add esp,8
release
//// 三维数组
int x = 0,y = 0,z = 0;
int nArray[2][3][4] = { {{1,1,1,1},{2,2,2,2},{3,3,3,3}},{{4,4,4,4},{5,5,5,5},{6,6,6,6}} };
scanf("%d %d %d", &x, &y, &z);
printf("%d", nArray[x][y][z]);
00F71146 | 0F2805 00C2FB00 | movaps xmm0,xmmword ptr ds:[<__xmm@00000001000000010000000100000001> | 初始化三维数组 00F7114D | 8D85 54FFFFFF | lea eax,dword ptr ss:[ebp-0xAC] | array.cpp:120 00F71153 | 0F1185 64FFFFFF | movups xmmword ptr ss:[ebp-0x9C],xmm0 | 00F7115A | 50 | push eax |//z 00F7115B | 0F2805 10C2FB00 | movaps xmm0,xmmword ptr ds:[<__xmm@00000002000000020000000200000002> | 00F71162 | 8D85 58FFFFFF | lea eax,dword ptr ss:[ebp-0xA8] | 00F71168 | 0F1185 74FFFFFF | movups xmmword ptr ss:[ebp-0x8C],xmm0 | 00F7116F | 50 | push eax |//y 00F71170 | 0F2805 20C2FB00 | movaps xmm0,xmmword ptr ds:[<__xmm@00000003000000030000000300000003> | 00F71177 | 8D85 5CFFFFFF | lea eax,dword ptr ss:[ebp-0xA4] | 00F7117D | 0F1145 84 | movups xmmword ptr ss:[ebp-0x7C],xmm0 | 00F71181 | 50 | push eax |//x 00F71182 | 0F2805 40C2FB00 | movaps xmm0,xmmword ptr ds:[<__xmm@00000004000000040000000400000004> | 00F71189 | 0F1145 94 | movups xmmword ptr ss:[ebp-0x6C],xmm0 | 00F7118D | 68 C8C1FB00 | push array.FBC1C8 | FBC1C8:"%d %d %d" 00F71192 | 0F2805 50C2FB00 | movaps xmm0,xmmword ptr ds:[<__xmm@00000005000000050000000500000005> | 00F71199 | 0F1145 A4 | movups xmmword ptr ss:[ebp-0x5C],xmm0 | 00F7119D | C785 5CFFFFFF 0 | mov dword ptr ss:[ebp-0xA4],0x0 //x=0 | 00F711A7 | 0F2805 60C2FB00 | movaps xmm0,xmmword ptr ds:[<__xmm@00000006000000060000000600000006> | 00F711AE | C785 58FFFFFF 0 | mov dword ptr ss:[ebp-0xA8],0x0 //y=0 | 00F711B8 | C785 54FFFFFF 0 | mov dword ptr ss:[ebp-0xAC],0x0 //z=0 | 00F711C2 | 0F1145 B4 | movups xmmword ptr ss:[ebp-0x4C],xmm0 | 00F711C6 | E8 45010000 | call <array.scanf> 00F711CB | 8B8D 5CFFFFFF | mov ecx,dword ptr ss:[ebp-0xA4] //x 00F711D1 | 83C4 40 | add esp,0x40 00F711D4 | 8B85 58FFFFFF | mov eax,dword ptr ss:[ebp-0xA8] //y 00F711DA | 8D1448 | lea edx,dword ptr ds:[eax+ecx*2] //x*2+y 00F711DD | 8B85 54FFFFFF | mov eax,dword ptr ss:[ebp-0xAC] //z 00F711E3 | 03D1 | add edx,ecx //(x*2+y)+x 00F711E5 | 8D0490 | lea eax,dword ptr ds:[eax+edx*4] // ((x*2+y)+x)*4+z 00F711E8 | FFB485 64FFFFFF | push dword ptr ss:[ebp+eax*4-0x9C] | 00F711EF | 68 B0C1FB00 | push array.FBC1B0 | FBC1B0:"%d" 00F711F4 | E8 E7000000 | call <array.printf> |
三维数组 type a[L][M][N],x,y,z作为下标
a+x*sizeof(type[M][N])+y*sizeof(type [N])+z*sizeof(type)
=a+x*M*N*sizeof(type)+y*N*sizeof(type)+z*sizeof(type)
=a+(x*M*N+y*N+z)*sizeof(type) -->debbug下
=a+( (x*M+y)*N + z )*sizeof(type) -->release下优化
- 指针数组
数组元素为指针
release
// 指针数组
char * pBuff[3] = {
"Hello ",
"World ",
"!\r\n"
};
for (int i = 0; i < 3; i++) {
printf(pBuff[i]);
}
00F711FC | C745 D0 D4C1FB0 | mov dword ptr ss:[ebp-0x30],array.FBC1D4 | array.cpp:126, FBC1D4:"Hello " 00F71203 | C745 D4 DCC1FB0 | mov dword ptr ss:[ebp-0x2C],array.FBC1DC | array.cpp:127, FBC1DC:"World " 00F7120A | 33F6 | xor esi,esi | esi:__argc 00F7120C | C745 D8 E4C1FB0 | mov dword ptr ss:[ebp-0x28],array.FBC1E4 | array.cpp:128, [ebp-28]:_iob+70, FBC1E4:"!\r\n" 00F71213 | FF74B5 D0 | push dword ptr ss:[ebp+esi*4-0x30] | array.cpp:131 00F71217 | E8 C4000000 | call <array.printf> | 00F7121C | 46 | inc esi | esi:__argc 00F7121D | 83C4 04 | add esp,0x4 | 00F71220 | 83FE 03 | cmp esi,0x3 | esi:__argc 00F71223 | 7C EE | jl array.F71213 |
- 数组指针
指向数组的指针,是指针。
release
// 数组指针
char (*pArray)[10] = cArray;
for (int i = 0; i < 3; i++)
{
printf(*pArray);
pArray++;
}
00F71296 | 8D75 DC | lea esi,dword ptr ss:[ebp-0x24] //取数组首地址 ,esi相当于数组指针。
00F71299 | BF 03000000 | mov edi,0x3 00F7129E | 66:90 | nop
00F712A0 | 56 | push esi
00F712A1 | E8 3A000000 | call <array.printf> 00F712A6 | 83C4 04 | add esp,0x4 00F712A9 | 83C6 0A | add esi,0xA //指针++
00F712AC | 83EF 01 | sub edi,0x1 00F712AF | 75 EF | jne array.F712A0
- 函数指针
166: int (__stdcall *pShow)(int) = Show; 000A1102 C7 85 B4 FE FF FF 6C 12 09 00 mov dword ptr [pShow],offset Show (09126Ch) 167: int nRet = pShow(5); 000A110C 8B F4 mov esi,esp 000A110E 6A 05 push 5 000A1110 FF 95 B4 FE FF FF call dword ptr [pShow] 000A1116 3B F4 cmp esi,esp 000A1118 E8 C0 21 FF FF call __RTC_CheckEsp (0932DDh) 000A111D 89 85 A8 FE FF FF mov dword ptr [nRet],eax 168: printf("ret = %d \r\n", nRet); 000A1123 8B 85 A8 FE FF FF mov eax,dword ptr [nRet] 000A1129 50 push eax 000A112A 68 50 AF 14 00 push offset string "ret = %d \r\n" (014AF50h) 000A112F E8 3B 03 FF FF call _printf (09146Fh) 000A1134 83 C4 08 add esp,8 169: }