do...while循环、for循环、while循环反汇编
do...while循环
C代码如下所示:
- VC6++
- Debug32位版本
#include "stdafx.h"
void Function()
{
int i = 0;
int sum = 0;
do
{
sum += i;
i++;
}while(i<100);
}
int main(void){
Function();
return 0;
}
反汇编如下:
Function:
0040B960 55 push ebp
0040B961 8B EC mov ebp,esp
0040B963 83 EC 48 sub esp,48h
0040B966 53 push ebx
0040B967 56 push esi
0040B968 57 push edi
0040B969 8D 7D B8 lea edi,[ebp-48h]
0040B96C B9 12 00 00 00 mov ecx,12h
0040B971 B8 CC CC CC CC mov eax,0CCCCCCCCh
0040B976 F3 AB rep stos dword ptr [edi]
0040B978 C7 45 FC 00 00 00 00 mov dword ptr [ebp-4],0
0040B97F C7 45 F8 00 00 00 00 mov dword ptr [ebp-8],0
0040B986 8B 45 F8 mov eax,dword ptr [ebp-8]
0040B989 03 45 FC add eax,dword ptr [ebp-4]
0040B98C 89 45 F8 mov dword ptr [ebp-8],eax
0040B98F 8B 4D FC mov ecx,dword ptr [ebp-4]
0040B992 83 C1 01 add ecx,1
0040B995 89 4D FC mov dword ptr [ebp-4],ecx
0040B998 83 7D FC 64 cmp dword ptr [ebp-4],64h
0040B99C 7C E8 jl Function+26h (0040b986)
0040B99E 5F pop edi
0040B99F 5E pop esi
0040B9A0 5B pop ebx
0040B9A1 8B E5 mov esp,ebp
0040B9A3 5D pop ebp
0040B9A4 C3 ret
反汇编识别:
牢记汇编的几个关键位置,针对于32位汇编而言,ebp+4为返回地址,ebp+8(+c,+0x10)都是外部参数压栈,或者传入的变量
ebp-4,ebp-8一般是内部开辟的局部变量
for循环
C语言代码如下:
- VC6++
- Debug32位版本
#include "stdafx.h"
void Function()
{
int sum = 0;
for(int i =0;i<100;i++)
{
sum+=i;
}
printf("sum = %d\n",sum);
}
int main(void){
Function();
return 0;
}
汇编代码如下:
Function:
0040B960 55 push ebp
0040B961 8B EC mov ebp,esp
0040B963 83 EC 48 sub esp,48h
0040B966 53 push ebx
0040B967 56 push esi
0040B968 57 push edi
0040B969 8D 7D B8 lea edi,[ebp-48h]
0040B96C B9 12 00 00 00 mov ecx,12h
0040B971 B8 CC CC CC CC mov eax,0CCCCCCCCh
0040B976 F3 AB rep stos dword ptr [edi]
0040B978 C7 45 FC 00 00 00 00 mov dword ptr [ebp-4],0
0040B97F C7 45 F8 00 00 00 00 mov dword ptr [ebp-8],0
0040B986 EB 09 jmp Function+31h (0040b991)
0040B988 8B 45 F8 mov eax,dword ptr [ebp-8]
0040B98B 83 C0 01 add eax,1
0040B98E 89 45 F8 mov dword ptr [ebp-8],eax
0040B991 83 7D F8 64 cmp dword ptr [ebp-8],64h
0040B995 7D 0B jge Function+42h (0040b9a2)
0040B997 8B 4D FC mov ecx,dword ptr [ebp-4]
0040B99A 03 4D F8 add ecx,dword ptr [ebp-8]
0040B99D 89 4D FC mov dword ptr [ebp-4],ecx
0040B9A0 EB E6 jmp Function+28h (0040b988)
0040B9A2 8B 55 FC mov edx,dword ptr [ebp-4]
0040B9A5 52 push edx
0040B9A6 68 74 0F 42 00 push offset string "3" (00420f74)
0040B9AB E8 70 57 FF FF call printf (00401120)
0040B9B0 83 C4 08 add esp,8
0040B9B3 5F pop edi
0040B9B4 5E pop esi
0040B9B5 5B pop ebx
0040B9B6 83 C4 48 add esp,48h
0040B9B9 3B EC cmp ebp,esp
0040B9BB E8 E0 57 FF FF call __chkesp (004011a0)
0040B9C0 8B E5 mov esp,ebp
0040B9C2 5D pop ebp
0040B9C3 C3 ret
识别如下所示:
while循环
C语言代码如下:
- VC6++
- Debug32位
#include "stdafx.h"
void Function()
{
int i = 0;
int sum = 0;
while(i<100){
sum += i;
i++;
}
}
int main(void){
Function();
return 0;
}
汇编语言如下:
Function:
0040B960 55 push ebp
0040B961 8B EC mov ebp,esp
0040B963 83 EC 48 sub esp,48h
0040B966 53 push ebx
0040B967 56 push esi
0040B968 57 push edi
0040B969 8D 7D B8 lea edi,[ebp-48h]
0040B96C B9 12 00 00 00 mov ecx,12h
0040B971 B8 CC CC CC CC mov eax,0CCCCCCCCh
0040B976 F3 AB rep stos dword ptr [edi]
0040B978 C7 45 FC 00 00 00 00 mov dword ptr [ebp-4],0
0040B97F C7 45 F8 00 00 00 00 mov dword ptr [ebp-8],0
0040B986 83 7D FC 64 cmp dword ptr [ebp-4],64h
0040B98A 7D 14 jge Function+40h (0040b9a0)
0040B98C 8B 45 F8 mov eax,dword ptr [ebp-8]
0040B98F 03 45 FC add eax,dword ptr [ebp-4]
0040B992 89 45 F8 mov dword ptr [ebp-8],eax
0040B995 8B 4D FC mov ecx,dword ptr [ebp-4]
0040B998 83 C1 01 add ecx,1
0040B99B 89 4D FC mov dword ptr [ebp-4],ecx
0040B99E EB E6 jmp Function+26h (0040b986)
0040B9A0 5F pop edi
0040B9A1 5E pop esi
0040B9A2 5B pop ebx
0040B9A3 8B E5 mov esp,ebp
0040B9A5 5D pop ebp
0040B9A6 C3 ret
汇编识别如下所示:
Over~