汇编学习二-续
- 由于对VB分析学习遇到了许多问题,所以就通过c语言的指针来了解VB的变体变量函数。写了一个简单的c :
1 #include<stdio.h> 2 #include<string.h> 3 void test(char *str){ 4 puts(str); 5 } 6 int main(){ 7 char str[20]={"hello world!"}; 8 char *p=NULL; 9 p=str; 10 test(p); 11 getchar(); 12 return 0; 13 }
代码比较简单,所以就直接上汇编了。
1 00401500 /$ 55 push ebp 2 00401501 |. 89E5 mov ebp,esp 3 00401503 |. 83EC 18 sub esp,0x18 4 00401506 |. 8B45 08 mov eax,[arg.1] ; | 5 00401509 |. 890424 mov dword ptr ss:[esp],eax ; | 6 0040150C |. E8 37110000 call <jmp.&msvcrt.puts> ; \puts 7 00401511 |. C9 leave 8 00401512 \. C3 retn 9 00401513 /$ 55 push ebp ; 函数开始 10 00401514 |. 89E5 mov ebp,esp 11 00401516 |. 83E4 F0 and esp,0xFFFFFFF0 12 00401519 |. 83EC 30 sub esp,0x30 13 0040151C |. E8 AF090000 call point1.00401ED0 14 00401521 |. C74424 18 686>mov dword ptr ss:[esp+0x18],0x6C6C6568 ; hello world! 的首地址(0022fed8) 15 00401529 |. C74424 1C 6F2>mov dword ptr ss:[esp+0x1C],0x6F77206F 16 00401531 |. C74424 20 726>mov dword ptr ss:[esp+0x20],0x21646C72 ; 上面三行用于将hello world!入栈 17 00401539 |. C74424 24 000>mov dword ptr ss:[esp+0x24],0x0 18 00401541 |. C74424 28 000>mov dword ptr ss:[esp+0x28],0x0 19 00401549 |. C74424 2C 000>mov dword ptr ss:[esp+0x2C],0x0 20 00401551 |. 8D4424 18 lea eax,dword ptr ss:[esp+0x18] ; eax=0022fed8='hello world' 21 00401555 |. 894424 2C mov dword ptr ss:[esp+0x2C],eax ; 0022feec='hello world' 22 00401559 |. 8B4424 2C mov eax,dword ptr ss:[esp+0x2C] 23 0040155D |. 890424 mov dword ptr ss:[esp],eax ; 0022fec0='hello world' 24 00401560 |. E8 9BFFFFFF call point1.00401500 ; call test() 25 00401565 |. E8 E6100000 call <jmp.&msvcrt.getchar> ; [getchar 26 0040156A |. B8 00000000 mov eax,0x0 27 0040156F |. C9 leave 28 00401570 \. C3 retn 29 30
很明显,函数内的变量是用地址来操作的,只不过不同于VB,c语言中是asicll码,在VB中是以Unicode来存储的。如果看懂了这个,就可以回https://www.cnblogs.com/wlpk/p/12447460.html
小白本白
