十一、逆向练习
1 00411A20 push ebp 2 00411A21 mov ebp,esp 3 00411A23 sub esp,0E8h 4 00411A29 push ebx 5 00411A2A push esi 6 00411A2B push edi 7 00411A2C lea edi,[ebp-0E8h] 8 00411A32 mov ecx,3Ah 9 00411A37 mov eax,0CCCCCCCCh 10 00411A3C rep stos dword ptr[edi] 11 00411A3E mov eax,dword ptr [a] 12 00411A41 add eax,dword ptr [b] 13 00411A44 mov dword ptr [d],eax 14 00411A47 mov dword ptr [i],1 15 00411A4E mov dword ptr [c],0 16 00411A55 cmp dword ptr [c],64h 17 00411A59 jge myfunction+46h (00411A66h) 18 00411A5B mov eax,dword ptr[c] 19 00411A5E add eax,dword ptr [i] 20 00411A61 mov dword ptr [c],eax 21 00411A64 jmp myfunction+35h (00411A55h) 22 00411A66 mov eax,dword ptr [c] 23 00411A69 mov dword ptr [ebp-0E8h],eax 24 00411A6F cmp dword ptr [ebp-0E8h],0 25 00411A79 je myfunction+63h (00411A83h) 26 00411A78 cmp dword ptr [ebp-0E8h],1 27 00411A7F je myfunction+6Ah (00411A8Ah) 28 00411A81 jmp myfunction+72h (00411A92h) 29 00411A83 mov dword ptr [d],1 30 00411A8A mov eax,dword ptr [c] 31 00411A8D mov dword ptr [d],eax 32 00411A90 jmp myfunction+79h (00411A99h) 33 00411A92 mov dword ptr [d],0 34 00411A99 mov eax,dword ptr [d] 35 00411A9c pop edi 36 00411A9D pop esi 37 00411A9E pop ebx 38 00411A9F mov esp,ebp 39 00411AA1 pop ebp 40 00411AA2 ret
请把对应的c/c++代码写出来。
下面是我自己写的c++代码:
1 int _tmain(int argc, _TCHAR* argv[]) 2 { 3 int a=5,b=6,c=0,d,e; 4 d=a+b; 5 int i=1; 6 7 8 while(c<100) 9 { 10 c=c+i; 11 } 12 13 e=c; 14 15 if( (e==0) || (e==1) ) 16 { 17 return c; 18 } 19 else 20 { 21 return 0; 22 } 23 }
然后对应的汇编代码,未验证这些代码的正确性。
1 int _tmain(int argc, _TCHAR* argv[]) 2 { 3 00411370 push ebp 4 00411371 mov ebp,esp 5 00411373 sub esp,108h 6 00411379 push ebx 7 0041137A push esi 8 0041137B push edi 9 0041137C lea edi,[ebp-108h] 10 00411382 mov ecx,42h 11 00411387 mov eax,0CCCCCCCCh 12 0041138C rep stos dword ptr es:[edi] 13 int a=5,b=6,c=0,d,e; 14 0041138E mov dword ptr [a],5 15 00411395 mov dword ptr [b],6 16 0041139C mov dword ptr [c],0 17 d=a+b; 18 004113A3 mov eax,dword ptr [a] 19 004113A6 add eax,dword ptr [b] 20 004113A9 mov dword ptr [d],eax 21 int i=1; 22 004113AC mov dword ptr [i],1 23 24 25 while(c<100) 26 004113B3 cmp dword ptr [c],64h 27 004113B7 jge wmain+54h (4113C4h) 28 { 29 c=c+i; 30 004113B9 mov eax,dword ptr [c] 31 004113BC add eax,dword ptr [i] 32 004113BF mov dword ptr [c],eax 33 } 34 004113C2 jmp wmain+43h (4113B3h) 35 36 e=c; 37 004113C4 mov eax,dword ptr [c] 38 004113C7 mov dword ptr [e],eax 39 40 if( (e==0) || (e==1) ) 41 004113CA cmp dword ptr [e],0 42 004113CE je wmain+66h (4113D6h) 43 004113D0 cmp dword ptr [e],1 44 004113D4 jne wmain+6Dh (4113DDh) 45 { 46 return c; 47 004113D6 mov eax,dword ptr [c] 48 004113D9 jmp wmain+6Fh (4113DFh) 49 } 50 else 51 004113DB jmp wmain+6Fh (4113DFh) 52 { 53 return 0; 54 004113DD xor eax,eax 55 } 56 } 57 004113DF pop edi 58 004113E0 pop esi 59 004113E1 pop ebx 60 004113E2 mov esp,ebp 61 004113E4 pop ebp 62 004113E5 ret
.....