c++ 反汇编 结构体和类

  在C++中,结构体和类都具有构造函数、析构函数和成员函数,两者只有一个区别:结构体的访问控制默认为public,而类的默认访问控制是private。

对于C++中的结构体而言,public、private、protected的访问控制都是在编译期进行检查,当越权访问时,编译过程中会检查出此类错误并给予提示。

编译成功后,程序在执行的过程中不会在访问控制方面做任何检查和限制。因此,在反汇编中,C++中的结构体与类没有分别,两者的原理相同,只是类型名称不同,

 

  • 静态数据成员和普通数据成员

// 含有静态数据成员的类
class CStatic
{
public:
void ShowNumber()
{
printf("m_nInt = %d , m_snInt = %d", m_nInt, m_snInt);
}

static int m_snInt;
int m_nInt;
};
int CStatic::m_snInt = 5;


208: CStatic Static; 209: int nSize = sizeof(Static); 01083646 C7 45 B4 04 00 00 00 mov dword ptr [nSize],4 210: printf("CStatic : %d\r\n", nSize); 0108364D 8B 45 B4 mov eax,dword ptr [nSize] 01083650 50 push eax 01083651 68 78 3E 11 01 push offset string "CStatic : %d\r\n" (01113E78h) 01083656 E8 6A DD FE FF call _printf (010713C5h) 0108365B 83 C4 08 add esp,8 211: 212: printf("0x%08x\r\n", &Static.m_snInt); 0108365E 68 00 80 13 01 push offset CStatic::m_snInt (01138000h) //静态成员变量,与全局变量相似 01083663 68 B4 3E 11 01 push offset string "0x%08x\r\n" (01113EB4h) 01083668 E8 58 DD FE FF call _printf (010713C5h) 0108366D 83 C4 08 add esp,8 213: printf("0x%08x\r\n", &Static.m_nInt); 01083670 8D 45 C0 lea eax,[Static] //普通成员变量, 01083673 50 push eax 01083674 68 B4 3E 11 01 push offset string "0x%08x\r\n" (01113EB4h) 01083679 E8 47 DD FE FF call _printf (010713C5h) 0108367E 83 C4 08 add esp,8 214: 215: Static.m_nInt = 1; 01083681 C7 45 C0 01 00 00 00 mov dword ptr [Static],1 //普通成员变量赋值 216: Static.m_snInt = 2; 01083688 C7 05 00 80 13 01 02 00 00 00 mov dword ptr [CStatic::m_snInt (01138000h)],2 //静态成员函数赋值 217: Static.ShowNumber(); 01083692 8D 4D C0 lea ecx,[Static] 01083695 E8 30 F6 FE FF call CStatic::ShowNumber (01072CCAh)

 


  • 对象作为函数参数

class CFunTest
{
public:
void ShowNumber()
{
printf("%d %d %s\r\n", m_nOne, m_nTwo, m_szName);
}
int m_nOne;
int m_nTwo;
char m_szName[32];
};

void ShowFunTest(CFunTest FunTest)
{
//FunTest.ShowNumber();
printf("%d %d %s\r\n",
FunTest .m_nOne, FunTest.m_nTwo, FunTest .m_szName);
}


219: //对象作为函数参数 220: CFunTest FunTest; 221: FunTest.m_nOne = 1; 0108369A C7 45 84 01 00 00 00 mov dword ptr [FunTest],1 222: FunTest.m_nTwo = 2; 010836A1 C7 45 88 02 00 00 00 mov dword ptr [ebp-78h],2 223: strcpy(FunTest.m_szName, "Name"); 010836A8 68 A0 3E 11 01 push offset string "Name" (01113EA0h) 010836AD 8D 45 8C lea eax,[ebp-74h] 010836B0 50 push eax 010836B1 E8 FB FA FE FF call _strcpy (010731B1h) 010836B6 83 C4 08 add esp,8 224: ShowFunTest(FunTest); 010836B9 83 EC 28 sub esp,28h //CFunTest类大小为40字节,开辟栈空间,存储参数对象(相当于形参) 010836BC B9 0A 00 00 00 mov ecx,0Ah 010836C1 8D 75 84 lea esi,[FunTest] 010836C4 8B FC mov edi,esp 010836C6 F3 A5 rep movs dword ptr es:[edi],dword ptr [esi] //浅拷贝,将参数对象拷贝到局部栈空间中;(如果有拷贝构造的话,此处调用) 010836C8 E8 4B 02 FF FF call ShowFunTest (01073918h) 010836CD 83 C4 28 add esp,28h

对象中存在资源释放时,做为函数参数

// 带有资源申请与释放的类
class CMyString
{
public:
CMyString(){
m_pString = new char[10];
if (m_pString == NULL){
return;
}
strcpy(m_pString, "Hello");
}
~CMyString(){
if (m_pString != NULL){
delete m_pString;
m_pString = NULL;
}
}
char * GetString(){
return m_pString;
}
void SetString(char * pString)
{
int nLen = strlen(pString);
if (m_pString != NULL)
{
delete [] m_pString;
m_pString = NULL;
}
m_pString = new char[nLen + sizeof(char)];
strcpy(m_pString, pString);
}
private:
char * m_pString;
};

 

227: //对象中存在资源释放时,做为函数参数 228: CMyString MyString; 010836D0 8D 8D 78 FF FF FF lea ecx,[MyString] 010836D6 E8 28 E5 FE FF call CMyString::CMyString (01071C03h) 010836DB C7 45 FC 00 00 00 00 mov dword ptr [ebp-4],0 //当前作用域对象数量 229: ShowMyString(MyString); 010836E2 8B 85 78 FF FF FF mov eax,dword ptr [MyString] //类CMyString大小为4字节,只有一项数据成员m_pString 010836E8 50 push eax //相当于对象参数浅拷贝到局部空间中 010836E9 E8 5C 07 FF FF call ShowMyString (01073E4Ah) 010836EE 83 C4 04 add esp,4 230: ShowMyString(MyString); 010836F1 8B 85 78 FF FF FF mov eax,dword ptr [MyString] 010836F7 50 push eax 010836F8 E8 4D 07 FF FF call ShowMyString (01073E4Ah) //再次调用,函数内调用了析构函数,其中使用delete将资源释放,程序发生异常 010836FD 83 C4 04 add esp,4

 

 

…………main函数退出时

0108379B C7 45 FC FF FF FF FF mov         dword ptr [ebp-4],0FFFFFFFFh  //对象计数
010837A2 8D 8D 78 FF FF FF    lea         ecx,[MyString]  
010837A8 E8 5B F3 FE FF       call        CMyString::~CMyString (01072B08h)  //析构
010837AD 33 C0                xor         eax,eax  
010837AF 52                   push        edx  
010837B0 8B CD                mov         ecx,ebp  
010837B2 50                   push        eax  
010837B3 8D 15 EC 37 08 01    lea         edx,ds:[10837ECh]  
010837B9 E8 86 F8 FE FF       call        @_RTC_CheckStackVars@8 (01073044h)  
010837BE 58                   pop         eax  
010837BF 5A                   pop         edx  
010837C0 8B 4D F4             mov         ecx,dword ptr [ebp-0Ch]  
010837C3 64 89 0D 00 00 00 00 mov         dword ptr fs:[0],ecx  
010837CA 59                   pop         ecx  
010837CB 5F                   pop         edi  
010837CC 5E                   pop         esi  
010837CD 5B                   pop         ebx  
010837CE 8B 4D F0             mov         ecx,dword ptr [ebp-10h]  
010837D1 33 CD                xor         ecx,ebp  
010837D3 E8 85 F3 FE FF       call        @__security_check_cookie@4 (01072B5Dh)  
010837D8 81 C4 10 02 00 00    add         esp,210h  
010837DE 3B EC                cmp         ebp,esp  
010837E0 E8 F7 F6 FE FF       call        __RTC_CheckEsp (01072EDCh)  
010837E5 8B E5                mov         esp,ebp  
010837E7 5D                   pop         ebp  
010837E8 C3                   ret  

 

void ShowMyString(CMyString MyStringCpy)
   151: void ShowMyString(CMyString MyStringCpy)
   152: {
010773E0 55                   push        ebp  
010773E1 8B EC                mov         ebp,esp  
010773E3 6A FF                push        0FFFFFFFFh  
010773E5 68 08 15 11 01       push        1111508h  
010773EA 64 A1 00 00 00 00    mov         eax,dword ptr fs:[00000000h]  
010773F0 50                   push        eax  
010773F1 81 EC C0 00 00 00    sub         esp,0C0h  
010773F7 53                   push        ebx  
010773F8 56                   push        esi  
010773F9 57                   push        edi  
010773FA 8D BD 34 FF FF FF    lea         edi,[ebp-0CCh]  
01077400 B9 30 00 00 00       mov         ecx,30h  
01077405 B8 CC CC CC CC       mov         eax,0CCCCCCCCh  
0107740A F3 AB                rep stos    dword ptr es:[edi]  
0107740C A1 08 80 13 01       mov         eax,dword ptr [__security_cookie (01138008h)]  
01077411 33 C5                xor         eax,ebp  
01077413 50                   push        eax  
01077414 8D 45 F4             lea         eax,[ebp-0Ch]  
01077417 64 A3 00 00 00 00    mov         dword ptr fs:[00000000h],eax  
0107741D C7 45 FC 00 00 00 00 mov         dword ptr [ebp-4],0  //当前域对象计数
   153:     printf(MyStringCpy.GetString());
01077424 8D 4D 08             lea         ecx,[MyStringCpy]  //取对象参数的地址,   [ecx](ecx所指内存中数据)是对象参数的成员数据m_pString,由于只是简单的复制,所以与原对象中的值相同。
01077427 E8 06 A1 FF FF       call        CMyString::GetString (01071532h)  
   153:     printf(MyStringCpy.GetString());
0107742C 50                   push        eax  
0107742D E8 93 9F FF FF       call        _printf (010713C5h)  
01077432 83 C4 04             add         esp,4  
   154: }
01077435 C7 45 FC FF FF FF FF mov         dword ptr [ebp-4],0FFFFFFFFh  //对象计数
0107743C 8D 4D 08             lea         ecx,[MyStringCpy]  
0107743F E8 C4 B6 FF FF       call        CMyString::~CMyString (01072B08h)  
01077444 8B 4D F4             mov         ecx,dword ptr [ebp-0Ch]  
01077447 64 89 0D 00 00 00 00 mov         dword ptr fs:[0],ecx  
0107744E 59                   pop         ecx  
0107744F 5F                   pop         edi  
01077450 5E                   pop         esi  
01077451 5B                   pop         ebx  
01077452 81 C4 CC 00 00 00    add         esp,0CCh  
01077458 3B EC                cmp         ebp,esp  
0107745A E8 7D BA FF FF       call        __RTC_CheckEsp (01072EDCh)  
0107745F 8B E5                mov         esp,ebp  
01077461 5D                   pop         ebp  
01077462 C3                   ret  

 


 

  • 对象作为返回值

class CReturn
{
public:
int m_nNumber;
int m_nArry[10];
};

// 对象作为返回值

CReturn GetCReturn()
{
CReturn Return ;
Return.m_nNumber = 0;
for (int i = 0; i < 10; i++)
{
Return.m_nArry[i] = i+1;
}
return Return;
}

 

233: //返回值为对象 234: CReturn Return; 235: Return = GetCReturn(); 012136F1 8D 85 F4 FD FF FF lea eax,[ebp-20Ch] //开辟的返回对象空间地址 012136F7 50 push eax 012136F8 E8 F3 FC FE FF call GetCReturn (012033F0h) 012136FD 83 C4 04 add esp,4 01213700 B9 0B 00 00 00 mov ecx,0Bh 01213705 8B F0 mov esi,eax 01213707 8D BD 28 FE FF FF lea edi,[ebp-1D8h] //临时对象地址 0121370D F3 A5 rep movs dword ptr es:[edi],dword ptr [esi] //返回对象浅复制到临时对象 0121370F B9 0B 00 00 00 mov ecx,0Bh 01213714 8D B5 28 FE FF FF lea esi,[ebp-1D8h] 0121371A 8D BD 44 FF FF FF lea edi,[Return] 01213720 F3 A5 rep movs dword ptr es:[edi],dword ptr [esi] //临时对象浅复制到Return 236: printf("%d %d %d", Return.m_nNumber, Return.m_nArry[0], Return.m_nArry[9]); 01213722 B8 04 00 00 00 mov eax,4 01213727 6B C8 09 imul ecx,eax,9 0121372A 8B 94 0D 48 FF FF FF mov edx,dword ptr [ebp+ecx-0B8h] //m_nArry[9] 01213731 52 push edx 01213732 B8 04 00 00 00 mov eax,4 01213737 6B C8 00 imul ecx,eax,0 0121373A 8B 94 0D 48 FF FF FF mov edx,dword ptr [ebp+ecx-0B8h] //m_nArry[0] 01213741 52 push edx 01213742 8B 85 44 FF FF FF mov eax,dword ptr [Return] 01213748 50 push eax 236: printf("%d %d %d", Return.m_nNumber, Return.m_nArry[0], Return.m_nArry[9]); 01213749 68 D4 3E 2A 01 push offset string "%d %d %d" (012A3ED4h) 0121374E E8 72 DC FE FF call _printf (012013C5h) 01213753 83 C4 10 add esp,10h
GetCReturn
  164: // 对象作为返回值
   165: 
   166: CReturn GetCReturn()
   167: {
012078A0 55                   push        ebp  
012078A1 8B EC                mov         ebp,esp  
012078A3 81 EC 04 01 00 00    sub         esp,104h  
012078A9 53                   push        ebx  
012078AA 56                   push        esi  
012078AB 57                   push        edi  
012078AC 8D BD FC FE FF FF    lea         edi,[ebp-104h]  
012078B2 B9 41 00 00 00       mov         ecx,41h  
012078B7 B8 CC CC CC CC       mov         eax,0CCCCCCCCh  
012078BC F3 AB                rep stos    dword ptr es:[edi]  
012078BE A1 08 80 2C 01       mov         eax,dword ptr [__security_cookie (012C8008h)]  
012078C3 33 C5                xor         eax,ebp  
012078C5 89 45 FC             mov         dword ptr [ebp-4],eax //当前域对象计数 
   168:     CReturn Return ;
   169:     Return.m_nNumber = 0;
012078C8 C7 45 CC 00 00 00 00 mov         dword ptr [Return],0  
   170:     for (int i = 0; i < 10; i++)
012078CF C7 45 C0 00 00 00 00 mov         dword ptr [ebp-40h],0  
012078D6 EB 09                jmp         GetCReturn+41h (012078E1h)  
012078D8 8B 45 C0             mov         eax,dword ptr [ebp-40h]  
012078DB 83 C0 01             add         eax,1  
012078DE 89 45 C0             mov         dword ptr [ebp-40h],eax  
012078E1 83 7D C0 0A          cmp         dword ptr [ebp-40h],0Ah  
012078E5 7D 0F                jge         GetCReturn+56h (012078F6h)  
   171:     {
   172:         Return.m_nArry[i] = i+1;
012078E7 8B 45 C0             mov         eax,dword ptr [ebp-40h]  
   171:     {
   172:         Return.m_nArry[i] = i+1;
012078EA 83 C0 01             add         eax,1  
012078ED 8B 4D C0             mov         ecx,dword ptr [ebp-40h]  
012078F0 89 44 8D D0          mov         dword ptr [ebp+ecx*4-30h],eax  
   173:     }
012078F4 EB E2                jmp         GetCReturn+38h (012078D8h)  
   174:     return Return;
012078F6 B9 0B 00 00 00       mov         ecx,0Bh  
012078FB 8D 75 CC             lea         esi,[Return]  
012078FE 8B 7D 08             mov         edi,dword ptr [ebp+8]  
01207901 F3 A5                rep movs    dword ptr es:[edi],dword ptr [esi] //将局部对象Return 复制到返回对象中 (如果有拷贝构造函数,此处调用)
01207903 8B 45 08             mov         eax,dword ptr [ebp+8]  
   175: }
posted @ 2020-01-10 17:41  DirWangK  阅读(663)  评论(0编辑  收藏  举报