零基础逆向工程14_C语言08_指针02_反汇编

1.指针数组

5:        char* keyword[] = {"if", "for", "while", "switch"};  //数组指针,大小为4×4=16字节
0040D7D8   mov         dword ptr [ebp-10h],offset string "AAA" (00422028)
0040D7DF   mov         dword ptr [ebp-0Ch],offset string "for" (00422024)
0040D7E6   mov         dword ptr [ebp-8],offset string "DDD" (0042201c)
0040D7ED   mov         dword ptr [ebp-4],offset string "\xb5\xd8\xd6\xb7\xce\xaa%x, \xca\xc7\xb5\xda%d\xb8\xf6\

2.数组和指针

*(p+i) = p[i]
*(*(p+i)+k) = p[i][k]
*(*(*(p+i)+k)+m) = p[i][k][m]

一段反汇编代码分析

5:        int x = 100;
00401028   mov         dword ptr [ebp-4],64h
6:        int* p = &x;
0040102F   lea         eax,[ebp-4]
00401032   mov         dword ptr [ebp-8],eax
7:        int** p1 = &p;
00401035   lea         ecx,[ebp-8]
00401038   mov         dword ptr [ebp-0Ch],ecx
8:
9:        printf("%d\n", x);
0040103B   mov         edx,dword ptr [ebp-4]
0040103E   push        edx
0040103F   push        offset string "%d\n" (0042201c)
00401044   call        printf (004010e0)
00401049   add         esp,8
10:       printf("%d\n", *p);
0040104C   mov         eax,dword ptr [ebp-8]
0040104F   mov         ecx,dword ptr [eax]
00401051   push        ecx
00401052   push        offset string "%d\n" (0042201c)
00401057   call        printf (004010e0)
0040105C   add         esp,8
11:       printf("%d\n", **p1);
0040105F   mov         edx,dword ptr [ebp-0Ch]
00401062   mov         eax,dword ptr [edx]
00401064   mov         ecx,dword ptr [eax]
00401066   push        ecx
00401067   push        offset string "%d\n" (0042201c)
0040106C   call        printf (004010e0)
00401071   add         esp,8
12:       printf("%d\n", p[0]);
00401074   mov         edx,dword ptr [ebp-8]
00401077   mov         eax,dword ptr [edx]
00401079   push        eax
0040107A   push        offset string "%d\n" (0042201c)
0040107F   call        printf (004010e0)
00401084   add         esp,8
13:       printf("%d\n", p1[0][0]);
00401087   mov         ecx,dword ptr [ebp-0Ch]
0040108A   mov         edx,dword ptr [ecx]
0040108C   mov         eax,dword ptr [edx]
0040108E   push        eax
0040108F   push        offset string "%d\n" (0042201c)
00401094   call        printf (004010e0)
00401099   add         esp,8

3.数组指针

一段反汇编代码分析

#include <stdio.h>

char code[]=
{
	0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,
	0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,
	0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,
	0x1f,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,
	0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f,0x30,0x31,0x32,
	0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x3a,0x3b,0x3c,
	0x3d,0x3e,0x3f,0x40,0x41,0x42,0x43,0x44,0x45,0x46,
	0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f,0x50,
	0x51,0x52,0x53,0x54,0x55,0x56,0x57,0x58,0x59,0x5a,
	0x5b,0x5c,0x5d,0x5e,0x5f,0x60,0x61,0x62,0x63,0x64
};

int main()
{
	//1.一维数组指针
	//int (*px)[5];
	//px = (int (*)[5]code);
	//printf("%x\n", *(*(px+2)+2));
	//2.二维数组指针
	char (*py)[2][3];
	py = (char (*)[2][3])code;         //2*3*1 = 6   // 3*1 = 3
	printf("%x\n", *(*(*(py+2)+3)+4));  // 12+9+4 = 25  即结果为0x1a
	//3.三维数组指针
	return 0;
}

4.函数指针

函数的反汇编代码

int Function(int x, int y)
{
	return x+y;
}
00401010 55                   push        ebp
00401011 8B EC                mov         ebp,esp
00401013 83 EC 40             sub         esp,40h
00401016 53                   push        ebx
00401017 56                   push        esi
00401018 57                   push        edi
00401019 8D 7D C0             lea         edi,[ebp-40h]
0040101C B9 10 00 00 00       mov         ecx,10h
00401021 B8 CC CC CC CC       mov         eax,0CCCCCCCCh
00401026 F3 AB                rep stos    dword ptr [edi]
00401028 8B 45 08             mov         eax,dword ptr [ebp+8]
0040102B 03 45 0C             add         eax,dword ptr [ebp+0Ch]
0040102E 5F                   pop         edi
0040102F 5E                   pop         esi
00401030 5B                   pop         ebx
00401031 8B E5                mov         esp,ebp
00401033 5D                   pop         ebp
00401034 C3                   ret

取其硬编码,写函数调用

#include <stdio.h>

int x = 10;
unsigned char arr[] = 
{
	0x55,
	0x8B, 0xEC,
	0x83, 0xEC, 0x40,
	0x53,
	0x56,
	0x57,
	0x8D, 0x7D, 0xC0,
	0xB9, 0x10, 0x00, 0x00, 0x00,
	0xB8, 0xCC, 0xCC, 0xCC, 0xCC,
	0xF3, 0xAB,
	0x8B, 0x45, 0x08,
	0x03, 0x45, 0x0C,
	0x5F,
	0x5E,
	0x5B,
	0x8B, 0xE5,
	0x5D,
	0xC3
};


int main()
{
	int (*pFun)(int, int);

	pFun = (int (*)(int ,int ))arr;

	x = pFun(2, 3);

	printf("%d\n", x);

	return 0;
}

补充:指针的本质

1.是一个类型
2.宽度是四
3.可以作加减的运算
4.可以与整数相加相减
5.可以比较大小

posted @ 2017-09-06 23:06  flatcc  阅读(249)  评论(0编辑  收藏  举报