零基础逆向工程14_C语言08_指针02_反汇编
1.指针数组
5: char* keyword[] = {"if", "for", "while", "switch"}; //数组指针,大小为4×4=16字节
0040D7D8 mov dword ptr [ebp-10h],offset string "AAA" (00422028)
0040D7DF mov dword ptr [ebp-0Ch],offset string "for" (00422024)
0040D7E6 mov dword ptr [ebp-8],offset string "DDD" (0042201c)
0040D7ED mov dword ptr [ebp-4],offset string "\xb5\xd8\xd6\xb7\xce\xaa%x, \xca\xc7\xb5\xda%d\xb8\xf6\
2.数组和指针
*(p+i) = p[i]
*(*(p+i)+k) = p[i][k]
*(*(*(p+i)+k)+m) = p[i][k][m]
一段反汇编代码分析
5: int x = 100;
00401028 mov dword ptr [ebp-4],64h
6: int* p = &x;
0040102F lea eax,[ebp-4]
00401032 mov dword ptr [ebp-8],eax
7: int** p1 = &p;
00401035 lea ecx,[ebp-8]
00401038 mov dword ptr [ebp-0Ch],ecx
8:
9: printf("%d\n", x);
0040103B mov edx,dword ptr [ebp-4]
0040103E push edx
0040103F push offset string "%d\n" (0042201c)
00401044 call printf (004010e0)
00401049 add esp,8
10: printf("%d\n", *p);
0040104C mov eax,dword ptr [ebp-8]
0040104F mov ecx,dword ptr [eax]
00401051 push ecx
00401052 push offset string "%d\n" (0042201c)
00401057 call printf (004010e0)
0040105C add esp,8
11: printf("%d\n", **p1);
0040105F mov edx,dword ptr [ebp-0Ch]
00401062 mov eax,dword ptr [edx]
00401064 mov ecx,dword ptr [eax]
00401066 push ecx
00401067 push offset string "%d\n" (0042201c)
0040106C call printf (004010e0)
00401071 add esp,8
12: printf("%d\n", p[0]);
00401074 mov edx,dword ptr [ebp-8]
00401077 mov eax,dword ptr [edx]
00401079 push eax
0040107A push offset string "%d\n" (0042201c)
0040107F call printf (004010e0)
00401084 add esp,8
13: printf("%d\n", p1[0][0]);
00401087 mov ecx,dword ptr [ebp-0Ch]
0040108A mov edx,dword ptr [ecx]
0040108C mov eax,dword ptr [edx]
0040108E push eax
0040108F push offset string "%d\n" (0042201c)
00401094 call printf (004010e0)
00401099 add esp,8
3.数组指针
一段反汇编代码分析
#include <stdio.h>
char code[]=
{
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,
0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,
0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,
0x1f,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,
0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f,0x30,0x31,0x32,
0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x3a,0x3b,0x3c,
0x3d,0x3e,0x3f,0x40,0x41,0x42,0x43,0x44,0x45,0x46,
0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f,0x50,
0x51,0x52,0x53,0x54,0x55,0x56,0x57,0x58,0x59,0x5a,
0x5b,0x5c,0x5d,0x5e,0x5f,0x60,0x61,0x62,0x63,0x64
};
int main()
{
//1.一维数组指针
//int (*px)[5];
//px = (int (*)[5]code);
//printf("%x\n", *(*(px+2)+2));
//2.二维数组指针
char (*py)[2][3];
py = (char (*)[2][3])code; //2*3*1 = 6 // 3*1 = 3
printf("%x\n", *(*(*(py+2)+3)+4)); // 12+9+4 = 25 即结果为0x1a
//3.三维数组指针
return 0;
}
4.函数指针
函数的反汇编代码
int Function(int x, int y)
{
return x+y;
}
00401010 55 push ebp
00401011 8B EC mov ebp,esp
00401013 83 EC 40 sub esp,40h
00401016 53 push ebx
00401017 56 push esi
00401018 57 push edi
00401019 8D 7D C0 lea edi,[ebp-40h]
0040101C B9 10 00 00 00 mov ecx,10h
00401021 B8 CC CC CC CC mov eax,0CCCCCCCCh
00401026 F3 AB rep stos dword ptr [edi]
00401028 8B 45 08 mov eax,dword ptr [ebp+8]
0040102B 03 45 0C add eax,dword ptr [ebp+0Ch]
0040102E 5F pop edi
0040102F 5E pop esi
00401030 5B pop ebx
00401031 8B E5 mov esp,ebp
00401033 5D pop ebp
00401034 C3 ret
取其硬编码,写函数调用
#include <stdio.h>
int x = 10;
unsigned char arr[] =
{
0x55,
0x8B, 0xEC,
0x83, 0xEC, 0x40,
0x53,
0x56,
0x57,
0x8D, 0x7D, 0xC0,
0xB9, 0x10, 0x00, 0x00, 0x00,
0xB8, 0xCC, 0xCC, 0xCC, 0xCC,
0xF3, 0xAB,
0x8B, 0x45, 0x08,
0x03, 0x45, 0x0C,
0x5F,
0x5E,
0x5B,
0x8B, 0xE5,
0x5D,
0xC3
};
int main()
{
int (*pFun)(int, int);
pFun = (int (*)(int ,int ))arr;
x = pFun(2, 3);
printf("%d\n", x);
return 0;
}
补充:指针的本质
1.是一个类型
2.宽度是四
3.可以作加减的运算
4.可以与整数相加相减
5.可以比较大小