C++反汇编->类,结构体,命名空间分析
浏览数:28 /
时间:2015年06月08日
首先来看类(class)的反汇编代码:
class name
{
public:
int i;
int j;
int add(int in1,int in2)
{
return in1+in2;
}
protected:
private:
};
void main()
{
name n;
n.i=10;
n.j=12;
std::cout<<n.add(n.i,n.j)<<std::endl;
system("pause");
}主函数对应反汇编代码:
00401560 > > \55 PUSH EBP 00401561 . 8BEC MOV EBP,ESP 00401563 . 83EC 48 SUB ESP,48 00401566 . 53 PUSH EBX 00401567 . 56 PUSH ESI 00401568 . 57 PUSH EDI 00401569 . 8D7D B8 LEA EDI,DWORD PTR SS:[EBP-48] 0040156C . B9 12000000 MOV ECX,12 00401571 . B8 CCCCCCCC MOV EAX,CCCCCCCC 00401576 . F3:AB REP STOS DWORD PTR ES:[EDI] 00401578 . C745 F8 0A000>MOV DWORD PTR SS:[EBP-8],0A 0040157F . C745 FC 0C000>MOV DWORD PTR SS:[EBP-4],0C 00401586 . 68 C8104000 PUSH testcals.004010C8 0040158B . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0040158E . 50 PUSH EAX 0040158F . 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] 00401592 . 51 PUSH ECX 00401593 . 8D4D F8 LEA ECX,DWORD PTR SS:[EBP-8] 00401596 . E8 59FCFFFF CALL testcals.004011F4 //执行add函数语句 0040159B . 50 PUSH EAX 0040159C . B9 A0DE4700 MOV ECX,OFFSET testcals.std::cout 004015A1 . E8 59FBFFFF CALL testcals.004010FF 004015A6 . 8BC8 MOV ECX,EAX 004015A8 . E8 33FCFFFF CALL testcals.004011E0 004015AD . 68 1C004700 PUSH OFFSET testcals.??_C@_05PBCN@pause?>; /pause 004015B2 . E8 D9EF0100 CALL testcals.system ; \system 004015B7 . 83C4 04 ADD ESP,4 004015BA . 5F POP EDI 004015BB . 5E POP ESI 004015BC . 5B POP EBX 004015BD . 83C4 48 ADD ESP,48 004015C0 . 3BEC CMP EBP,ESP 004015C2 . E8 D9F00100 CALL testcals.__chkesp 004015C7 . 8BE5 MOV ESP,EBP 004015C9 . 5D POP EBP 004015CA . C3 RETN找到对应的语句如下:
004015F0 >/> \55 PUSH EBP ; add function 004015F1 |. 8BEC MOV EBP,ESP 004015F3 |. 83EC 44 SUB ESP,44 004015F6 |. 53 PUSH EBX 004015F7 |. 56 PUSH ESI 004015F8 |. 57 PUSH EDI 004015F9 |. 51 PUSH ECX 004015FA |. 8D7D BC LEA EDI,DWORD PTR SS:[EBP-44] 004015FD |. B9 11000000 MOV ECX,11 00401602 |. B8 CCCCCCCC MOV EAX,CCCCCCCC 00401607 |. F3:AB REP STOS DWORD PTR ES:[EDI] 00401609 |. 59 POP ECX 0040160A |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX 0040160D |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 00401610 |. 0345 0C ADD EAX,DWORD PTR SS:[EBP+C] 00401613 |. 5F POP EDI 00401614 |. 5E POP ESI 00401615 |. 5B POP EBX 00401616 |. 8BE5 MOV ESP,EBP 00401618 |. 5D POP EBP 00401619 \. C2 0800 RETN 8
2.namespace 命名:
namespace name
{
int i;
int j;
int add(int in1,int in2)
{
return in1+in2;
}
}
void main()
{
std::cout<<"tip1"<<std::endl;
name::i=10;
name::j=12;
std::cout<<name::add(name::i,name::j)<<std::endl;
system("pause");
}
对应的反汇编源码:
00401580 >/> \55 PUSH EBP 00401581 |. 8BEC MOV EBP,ESP 00401583 |. 83EC 40 SUB ESP,40 00401586 |. 53 PUSH EBX 00401587 |. 56 PUSH ESI 00401588 |. 57 PUSH EDI 00401589 |. 8D7D C0 LEA EDI,DWORD PTR SS:[EBP-40] 0040158C |. B9 10000000 MOV ECX,10 00401591 |. B8 CCCCCCCC MOV EAX,CCCCCCCC 00401596 |. F3:AB REP STOS DWORD PTR ES:[EDI] 00401598 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] ; 实现add函数 0040159B |. 0345 0C ADD EAX,DWORD PTR SS:[EBP+C] 0040159E |. 5F POP EDI 0040159F |. 5E POP ESI 004015A0 |. 5B POP EBX 004015A1 |. 8BE5 MOV ESP,EBP 004015A3 |. 5D POP EBP 004015A4 \. C3 RETN 004015A5 CC INT3 004015A6 CC INT3 004015A7 CC INT3 004015A8 CC INT3 004015A9 CC INT3 004015AA CC INT3 004015AB CC INT3 004015AC CC INT3 004015AD CC INT3 004015AE CC INT3 004015AF CC INT3 004015B0 > > 55 PUSH EBP 004015B1 . 8BEC MOV EBP,ESP 004015B3 . 83EC 40 SUB ESP,40 004015B6 . 53 PUSH EBX 004015B7 . 56 PUSH ESI 004015B8 . 57 PUSH EDI 004015B9 . 8D7D C0 LEA EDI,DWORD PTR SS:[EBP-40] 004015BC . B9 10000000 MOV ECX,10 004015C1 . B8 CCCCCCCC MOV EAX,CCCCCCCC 004015C6 . F3:AB REP STOS DWORD PTR ES:[EDI] 004015C8 . 68 C8104000 PUSH testname.004010C8 004015CD . 68 24004700 PUSH OFFSET testname.??_C@_04HPCL@tip1?$>; tip1 004015D2 . 68 A8DE4700 PUSH OFFSET testname.std::cout 004015D7 . E8 AEFCFFFF CALL testname.0040128A 004015DC . 83C4 08 ADD ESP,8 004015DF . 8BC8 MOV ECX,EAX 004015E1 . E8 FFFBFFFF CALL testname.004011E5 004015E6 . C705 F8DD4700>MOV DWORD PTR DS:[name::i],0A ; name::i赋值 004015F0 . C705 FCDD4700>MOV DWORD PTR DS:[name::j],0C ; name::j赋值 004015FA . 68 C8104000 PUSH testname.004010C8 004015FF . A1 FCDD4700 MOV EAX,DWORD PTR DS:[name::j] ; 寄存器存入 OA 00401604 . 50 PUSH EAX 00401605 . 8B0D F8DD4700 MOV ECX,DWORD PTR DS:[name::i] ; 寄存器存入 0C 0040160B . 51 PUSH ECX 0040160C . E8 84FBFFFF CALL testname.00401195 ; 执行 name::add函数 00401611 . 83C4 08 ADD ESP,8 ; 栈平衡 00401614 . 50 PUSH EAX ; 输出EAX寄存器 00401615 . B9 A8DE4700 MOV ECX,OFFSET testname.std::cout 0040161A . E8 E0FAFFFF CALL testname.004010FF 0040161F . 8BC8 MOV ECX,EAX 00401621 . E8 BFFBFFFF CALL testname.004011E5 00401626 . 68 1C004700 PUSH OFFSET testname.??_C@_05PBCN@pause?>; /pause 0040162B . E8 90F30100 CALL testname.system ; \system 00401630 . 83C4 04 ADD ESP,4 00401633 . 5F POP EDI 00401634 . 5E POP ESI 00401635 . 5B POP EBX 00401636 . 83C4 40 ADD ESP,40 00401639 . 3BEC CMP EBP,ESP 0040163B . E8 90F40100 CALL testname.__chkesp 00401640 . 8BE5 MOV ESP,EBP 00401642 . 5D POP EBP 00401643 . C3 RETN
3.struct代码:
struct name
{
int i;
int j;
int add(int in1,int in2)
{
return in1+in2;
}
};
void main()
{
std::cout<<"tips";
name n;
n.i=10;
n.j=12;
std::cout<<n.add(n.i,n.j)<<std::endl;
system("pause");
}对应反汇编如下:
00401580 > > \55 PUSH EBP 00401581 . 8BEC MOV EBP,ESP 00401583 . 83EC 48 SUB ESP,48 00401586 . 53 PUSH EBX 00401587 . 56 PUSH ESI 00401588 . 57 PUSH EDI 00401589 . 8D7D B8 LEA EDI,DWORD PTR SS:[EBP-48] 0040158C . B9 12000000 MOV ECX,12 00401591 . B8 CCCCCCCC MOV EAX,CCCCCCCC 00401596 . F3:AB REP STOS DWORD PTR ES:[EDI] 00401598 . 68 24004700 PUSH OFFSET teststru.??_C@_04IPMF@tips?$>; tips 0040159D . 68 A0DE4700 PUSH OFFSET teststru.std::cout 004015A2 . E8 E3FCFFFF CALL teststru.0040128A 004015A7 . 83C4 08 ADD ESP,8 004015AA . C745 F8 0A000>MOV DWORD PTR SS:[EBP-8],0A 004015B1 . C745 FC 0C000>MOV DWORD PTR SS:[EBP-4],0C 004015B8 . 68 C8104000 PUSH teststru.004010C8 004015BD . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 004015C0 . 50 PUSH EAX 004015C1 . 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] 004015C4 . 51 PUSH ECX 004015C5 . 8D4D F8 LEA ECX,DWORD PTR SS:[EBP-8] 004015C8 . E8 27FCFFFF CALL teststru.004011F4 004015CD . 50 PUSH EAX 004015CE . B9 A0DE4700 MOV ECX,OFFSET teststru.std::cout 004015D3 . E8 27FBFFFF CALL teststru.004010FF 004015D8 . 8BC8 MOV ECX,EAX 004015DA . E8 01FCFFFF CALL teststru.004011E0 004015DF . 68 1C004700 PUSH OFFSET teststru.??_C@_05PBCN@pause?>; /pause 004015E4 . E8 C7F30100 CALL teststru.system ; \system 004015E9 . 83C4 04 ADD ESP,4 004015EC . 5F POP EDI 004015ED . 5E POP ESI 004015EE . 5B POP EBX 004015EF . 83C4 48 ADD ESP,48 004015F2 . 3BEC CMP EBP,ESP 004015F4 . E8 C7F40100 CALL teststru.__chkesp 004015F9 . 8BE5 MOV ESP,EBP 004015FB . 5D POP EBP 004015FC . C3 RETN 004015FD CC INT3 004015FE CC INT3 004015FF CC INT3 00401600 CC INT3 00401601 CC INT3 00401602 CC INT3 00401603 CC INT3 00401604 CC INT3 00401605 CC INT3 00401606 CC INT3 00401607 CC INT3 00401608 CC INT3 00401609 CC INT3 0040160A CC INT3 0040160B CC INT3 0040160C CC INT3 0040160D CC INT3 0040160E CC INT3 0040160F CC INT3 00401610 CC INT3 00401611 CC INT3 00401612 CC INT3 00401613 CC INT3 00401614 CC INT3 00401615 CC INT3 00401616 CC INT3 00401617 CC INT3 00401618 CC INT3 00401619 CC INT3 0040161A CC INT3 0040161B CC INT3 0040161C CC INT3 0040161D CC INT3 0040161E CC INT3 0040161F CC INT3 00401620 >/> 55 PUSH EBP ; struct实现函数位置 00401621 |. 8BEC MOV EBP,ESP 00401623 |. 83EC 44 SUB ESP,44 00401626 |. 53 PUSH EBX 00401627 |. 56 PUSH ESI 00401628 |. 57 PUSH EDI 00401629 |. 51 PUSH ECX 0040162A |. 8D7D BC LEA EDI,DWORD PTR SS:[EBP-44] 0040162D |. B9 11000000 MOV ECX,11 00401632 |. B8 CCCCCCCC MOV EAX,CCCCCCCC 00401637 |. F3:AB REP STOS DWORD PTR ES:[EDI] 00401639 |. 59 POP ECX 0040163A |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX 0040163D |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 00401640 |. 0345 0C ADD EAX,DWORD PTR SS:[EBP+C] 00401643 |. 5F POP EDI 00401644 |. 5E POP ESI 00401645 |. 5B POP EBX 00401646 |. 8BE5 MOV ESP,EBP 00401648 |. 5D POP EBP 00401649 \. C2 0800 RETN 8
小结:
1.命名空间定义的函数,在编译主函数之前,而类和结构体在主函数之后。
2.类和结构体内部公有函数反汇编源码一致,也印证了结构体内的函数与类里面的公有函数等效。
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。
