循环语句逆向分析

循环语句逆向分析

从反汇编的角度简单分析while,do-whilefor循环语句

while

CPP代码:

#include "stdafx.h"
void Fun() {
	int s = 0, i = 1;
	while (i <= 10) {
		s += i++;
	}
}

int main(int argc, char* argv[]) {
	Fun();
	return 0;
}

反汇编:

Fun:
00401020   push        ebp
00401021   mov         ebp,esp
00401023   sub         esp,48h
00401026   push        ebx
00401027   push        esi
00401028   push        edi
00401029   lea         edi,[ebp-48h]
0040102C   mov         ecx,12h
00401031   mov         eax,0CCCCCCCCh
00401036   rep stos    dword ptr [edi]
;-----------------------------------------------
00401038   mov         dword ptr [ebp-4],0
;s=0
0040103F   mov         dword ptr [ebp-8],1
;i=1
00401046   cmp         dword ptr [ebp-8],0Ah
0040104A   jg          Fun+40h (00401060)
;i>0xA 跳转到00401060,结束循环
0040104C   mov         eax,dword ptr [ebp-4]
0040104F   add         eax,dword ptr [ebp-8]
00401052   mov         dword ptr [ebp-4],eax
;s=s+i
00401055   mov         ecx,dword ptr [ebp-8]
00401058   add         ecx,1
0040105B   mov         dword ptr [ebp-8],ecx
;i=i+1
0040105E   jmp         Fun+26h (00401046)
;跳转到00401046继续循坏
;-----------------------------------------------
00401060   pop         edi
00401061   pop         esi
00401062   pop         ebx
00401063   mov         esp,ebp
00401065   pop         ebp
00401066   ret

do-while

CPP代码:

#include "stdafx.h"
void Fun() {
	int s = 0, i = 1;
	do {
		s += i;
	} while (i++ < 10);
}

int main(int argc, char* argv[]) {
	Fun();
	return 0;
}

反汇编:

Fun:
0040D4B0   push        ebp
0040D4B1   mov         ebp,esp
0040D4B3   sub         esp,48h
0040D4B6   push        ebx
0040D4B7   push        esi
0040D4B8   push        edi
0040D4B9   lea         edi,[ebp-48h]
0040D4BC   mov         ecx,12h
0040D4C1   mov         eax,0CCCCCCCCh
0040D4C6   rep stos    dword ptr [edi]
;-----------------------------------------------
0040D4C8   mov         dword ptr [ebp-4],0
;s=0
0040D4CF   mov         dword ptr [ebp-8],1
;i=1
0040D4D6   mov         eax,dword ptr [ebp-4]
0040D4D9   add         eax,dword ptr [ebp-8]
0040D4DC   mov         dword ptr [ebp-4],eax
;s=s+i
0040D4DF   mov         ecx,dword ptr [ebp-8]
;将i先保存一份
0040D4E2   mov         edx,dword ptr [ebp-8]
0040D4E5   add         edx,1
0040D4E8   mov         dword ptr [ebp-8],edx
;i=i+1
0040D4EB   cmp         ecx,0Ah
0040D4EE   jl          Fun+26h (0040d4d6)
;i<0xA 跳转到0040d4d6继续循环,否则结束循环
;-----------------------------------------------
0040D4F0   pop         edi
0040D4F1   pop         esi
0040D4F2   pop         ebx
0040D4F3   mov         esp,ebp
0040D4F5   pop         ebp
0040D4F6   ret

for

CPP代码:

#include "stdafx.h"
void Fun() {
	int i, s = 0;
	for (i = 1; i <= 10; i++) {
		s += i;
	}
}

int main(int argc, char* argv[]) {
	Fun();
	return 0;
}

反汇编:

Fun:
00401020   push        ebp
00401021   mov         ebp,esp
00401023   sub         esp,48h
00401026   push        ebx
00401027   push        esi
00401028   push        edi
00401029   lea         edi,[ebp-48h]
0040102C   mov         ecx,12h
00401031   mov         eax,0CCCCCCCCh
00401036   rep stos    dword ptr [edi]
;-----------------------------------------------
00401038   mov         dword ptr [ebp-8],0
;s=0
0040103F   mov         dword ptr [ebp-4],1
;i=1
00401046   jmp         Fun+31h (00401051)
;跳转到00401051,决定要不要开始循环
00401048   mov         eax,dword ptr [ebp-4]
0040104B   add         eax,1
0040104E   mov         dword ptr [ebp-4],eax
;i=i+1(收尾工作)
00401051   cmp         dword ptr [ebp-4],0Ah
00401055   jg          Fun+42h (00401062)
;i>0xA 跳转到00401062,结束循环
00401057   mov         ecx,dword ptr [ebp-8]
0040105A   add         ecx,dword ptr [ebp-4]
0040105D   mov         dword ptr [ebp-8],ecx
;s=s+i
00401060   jmp         Fun+28h (00401048)
;跳转到00401048做收尾工作
;-----------------------------------------------
00401062   pop         edi
00401063   pop         esi
00401064   pop         ebx
00401065   mov         esp,ebp
00401067   pop         ebp
00401068   ret
posted @ 2021-08-29 13:14  Ybitsec  阅读(43)  评论(0编辑  收藏  举报