循环语句逆向分析
循环语句逆向分析
从反汇编的角度简单分析
while
,do-while
和for
循环语句
while
CPP代码:
#include "stdafx.h"
void Fun() {
int s = 0, i = 1;
while (i <= 10) {
s += i++;
}
}
int main(int argc, char* argv[]) {
Fun();
return 0;
}
反汇编:
Fun:
00401020 push ebp
00401021 mov ebp,esp
00401023 sub esp,48h
00401026 push ebx
00401027 push esi
00401028 push edi
00401029 lea edi,[ebp-48h]
0040102C mov ecx,12h
00401031 mov eax,0CCCCCCCCh
00401036 rep stos dword ptr [edi]
;-----------------------------------------------
00401038 mov dword ptr [ebp-4],0
;s=0
0040103F mov dword ptr [ebp-8],1
;i=1
00401046 cmp dword ptr [ebp-8],0Ah
0040104A jg Fun+40h (00401060)
;i>0xA 跳转到00401060,结束循环
0040104C mov eax,dword ptr [ebp-4]
0040104F add eax,dword ptr [ebp-8]
00401052 mov dword ptr [ebp-4],eax
;s=s+i
00401055 mov ecx,dword ptr [ebp-8]
00401058 add ecx,1
0040105B mov dword ptr [ebp-8],ecx
;i=i+1
0040105E jmp Fun+26h (00401046)
;跳转到00401046继续循坏
;-----------------------------------------------
00401060 pop edi
00401061 pop esi
00401062 pop ebx
00401063 mov esp,ebp
00401065 pop ebp
00401066 ret
do-while
CPP代码:
#include "stdafx.h"
void Fun() {
int s = 0, i = 1;
do {
s += i;
} while (i++ < 10);
}
int main(int argc, char* argv[]) {
Fun();
return 0;
}
反汇编:
Fun:
0040D4B0 push ebp
0040D4B1 mov ebp,esp
0040D4B3 sub esp,48h
0040D4B6 push ebx
0040D4B7 push esi
0040D4B8 push edi
0040D4B9 lea edi,[ebp-48h]
0040D4BC mov ecx,12h
0040D4C1 mov eax,0CCCCCCCCh
0040D4C6 rep stos dword ptr [edi]
;-----------------------------------------------
0040D4C8 mov dword ptr [ebp-4],0
;s=0
0040D4CF mov dword ptr [ebp-8],1
;i=1
0040D4D6 mov eax,dword ptr [ebp-4]
0040D4D9 add eax,dword ptr [ebp-8]
0040D4DC mov dword ptr [ebp-4],eax
;s=s+i
0040D4DF mov ecx,dword ptr [ebp-8]
;将i先保存一份
0040D4E2 mov edx,dword ptr [ebp-8]
0040D4E5 add edx,1
0040D4E8 mov dword ptr [ebp-8],edx
;i=i+1
0040D4EB cmp ecx,0Ah
0040D4EE jl Fun+26h (0040d4d6)
;i<0xA 跳转到0040d4d6继续循环,否则结束循环
;-----------------------------------------------
0040D4F0 pop edi
0040D4F1 pop esi
0040D4F2 pop ebx
0040D4F3 mov esp,ebp
0040D4F5 pop ebp
0040D4F6 ret
for
CPP代码:
#include "stdafx.h"
void Fun() {
int i, s = 0;
for (i = 1; i <= 10; i++) {
s += i;
}
}
int main(int argc, char* argv[]) {
Fun();
return 0;
}
反汇编:
Fun:
00401020 push ebp
00401021 mov ebp,esp
00401023 sub esp,48h
00401026 push ebx
00401027 push esi
00401028 push edi
00401029 lea edi,[ebp-48h]
0040102C mov ecx,12h
00401031 mov eax,0CCCCCCCCh
00401036 rep stos dword ptr [edi]
;-----------------------------------------------
00401038 mov dword ptr [ebp-8],0
;s=0
0040103F mov dword ptr [ebp-4],1
;i=1
00401046 jmp Fun+31h (00401051)
;跳转到00401051,决定要不要开始循环
00401048 mov eax,dword ptr [ebp-4]
0040104B add eax,1
0040104E mov dword ptr [ebp-4],eax
;i=i+1(收尾工作)
00401051 cmp dword ptr [ebp-4],0Ah
00401055 jg Fun+42h (00401062)
;i>0xA 跳转到00401062,结束循环
00401057 mov ecx,dword ptr [ebp-8]
0040105A add ecx,dword ptr [ebp-4]
0040105D mov dword ptr [ebp-8],ecx
;s=s+i
00401060 jmp Fun+28h (00401048)
;跳转到00401048做收尾工作
;-----------------------------------------------
00401062 pop edi
00401063 pop esi
00401064 pop ebx
00401065 mov esp,ebp
00401067 pop ebp
00401068 ret