Symbian中反汇编代码分析
来源:互联网 发布:sql 加合计行 编辑:程序博客网 时间:2024/05/17 07:43
这是比较初级的东西,只是看看栈的分配而已。
源代码
TInt CMyAppDocument::AssembleAdd()
{
TInt result = 0;
TInt a = 2;
TInt b = 3;
result = a+b;
return result;
}
反汇编后
{
0x31312820 <CMyAppDocument::AssembleAdd>: push ebp
0x31312821 <CMyAppDocument::AssembleAdd+1>: mov ebp,esp
0x31312823 <CMyAppDocument::AssembleAdd+3>: sub esp,0x10
0x31312826 <CMyAppDocument::AssembleAdd+6>: push ecx
0x31312827 <CMyAppDocument::AssembleAdd+7>: push edi
0x31312828 <CMyAppDocument::AssembleAdd+8>: lea edi,dword ptr [esp+0x8]
0x3131282c <CMyAppDocument::AssembleAdd+12>: mov eax,0xcccccccc
0x31312831 <CMyAppDocument::AssembleAdd+17>: stosd
0x31312832 <CMyAppDocument::AssembleAdd+18>: stosd
0x31312833 <CMyAppDocument::AssembleAdd+19>: stosd
0x31312834 <CMyAppDocument::AssembleAdd+20>: stosd
0x31312835 <CMyAppDocument::AssembleAdd+21>: pop edi
0x31312836 <CMyAppDocument::AssembleAdd+22>: pop ecx
0x31312837 <CMyAppDocument::AssembleAdd+23>: mov dword ptr [ebp-0x10],ecx
TInt result = 0;
0x3131283a <CMyAppDocument::AssembleAdd+26>: mov dword ptr [ebp-0x4],0x0
TInt a = 2;
0x31312841 <CMyAppDocument::AssembleAdd+33>: mov dword ptr [ebp-0x8],0x2
TInt b = 3;
0x31312848 <CMyAppDocument::AssembleAdd+40>: mov dword ptr [ebp-0xc],0x3
result = a+b;
0x3131284f <CMyAppDocument::AssembleAdd+47>: mov edx,dword ptr [ebp-0x8]
0x31312852 <CMyAppDocument::AssembleAdd+50>: add edx,dword ptr [ebp-0xc]
0x31312855 <CMyAppDocument::AssembleAdd+53>: mov dword ptr [ebp-0x4],edx
return result;
0x31312858 <CMyAppDocument::AssembleAdd+56>: mov eax,dword ptr [ebp-0x4]
}
0x3131285b <CMyAppDocument::AssembleAdd+59>: leave
0x3131285c <CMyAppDocument::AssembleAdd+60>: ret near
栈空间分析:
|------------------| <Low address of memory>
| |
|------------------|
| ...... |
|------------------| <High address of memory>
| ESP | ;Before push EBP
|------------------|
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
PUSH ebp
MOV ebp,esp
|------------------| <Low address of memory>
| |
|------------------|
| ...... |
|------------------|
| | ;ESP-0x10
|------------------|
| | ;ESP-0xC
|------------------|
| | ;ESP-0x8
|------------------|
| | ;ESP-0x4
|------------------|
| EBP | ;Current ESP
|------------------| <High address of memory>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
SUB esp,0x10
|------------------| <Low address of memory>
| |
|------------------|
| ...... |
|------------------|
| | ;Current ESP
|------------------|
| |
|------------------|
| |
|------------------|
| |
|------------------|
| EBP |
|------------------| <High address of memory>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
PUSH ecx
|------------------| <Low address of memory>
| |
|------------------|
| ...... |
|------------------|
| ECX | ;Current ESP
|------------------|
| |
|------------------|
| |
|------------------|
| |
|------------------|
| |
|------------------|
| EBP |
|------------------| <High address of memory>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
PUSH edi
|------------------| <Low address of memory>
| |
|------------------|
| ...... |
|------------------|
| EDI | ;Current ESP
|------------------|
| ECX |
|------------------|
| |
|------------------|
| |
|------------------|
| |
|------------------|
| |
|------------------|
| EBP |
|------------------| <High address of memory>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
LEA edi,dword ptr[esp+0x8]
|------------------| <Low address of memory>
| |
|------------------|
| ...... |
|------------------|
| EDI | ;Current ESP, edi pointer to ESP+0x8
|------------------|
| ECX |
|------------------|
| | ;ESP+0x8, EDI pointer to here
|------------------|
| |
|------------------|
| |
|------------------|
| |
|------------------|
| EBP |
|------------------| <High address of memory>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
MOV EAX,0xCCCCCCCC
|------------------| <Low address of memory>
| |
|------------------|
| ...... |
|------------------|
| EDI | ;Current ESP, edi pointer to ESP+0x8
|------------------|
| ECX |
|------------------|
| | ;ESP+0x8, EDI pointer to here
|------------------|
| |
|------------------|
| |
|------------------|
| |
|------------------|
| EBP |
|------------------| <High address of memory>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
STOSD
STOSD
STOSD
STOSD
|------------------| <Low address of memory>
| |
|------------------|
| ...... |
|------------------|
| EDI | ;Current ESP, edi pointer to ESP+0x8
|------------------|
| ECX |
|------------------|
| 0xCCCCCCCC | ;ESP+0x8, First EDI pointer to here
|------------------|
| 0xCCCCCCCC | ;Second EDI pointer to here
|------------------|
| 0xCCCCCCCC | ;Third EDI pointer to here
|------------------|
| 0xCCCCCCCC | ;Fourth EDI pointer to here
|------------------|
| EBP |
|------------------| <High address of memory>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
POP edi
POP ecx
|------------------| <Low address of memory>
| |
|------------------|
| ...... |
|------------------|
| 0xCCCCCCCC | ;Current ESP
|------------------|
| 0xCCCCCCCC |
|------------------|
| 0xCCCCCCCC |
|------------------|
| 0xCCCCCCCC |
|------------------|
| EBP |
|------------------| <High address of memory>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
MOV dword ptr[ebp-0x10],ECX ;Address[0x2F873920],contents at memory[586A7107]<===>0x07716A58(Little-endian)
|------------------| <Low address of memory>
| |
|------------------|
| ...... |
|------------------|
| 0x2F873920 | ;EBP-0x10, and mov the content of ECX to here
|------------------|
| 0xCCCCCCCC | ;Current ESP
|------------------|
| 0xCCCCCCCC |
|------------------|
| 0xCCCCCCCC |
|------------------|
| 0xCCCCCCCC |
|------------------|
| EBP |
|------------------| <High address of memory>
剩下的和上面的类似,就不再列出了。
- Symbian中反汇编代码分析
- 反汇编代码分析
- 反汇编代码分析
- C++反汇编代码分析
- 反汇编代码分析--函数调用
- C++反汇编代码分析--函数调用
- c++反汇编代码分析--循环结构
- C++反汇编代码分析--函数调用
- C++反汇编代码分析--函数调用
- C++反汇编代码分析--函数调用
- c++反汇编代码分析--循环结构
- 反汇编代码分析--函数调用
- C程序反汇编代码分析
- C++反汇编代码分析--函数调用
- C++反汇编代码分析--函数调用
- 反汇编一个简单的C程序,分析汇编代码
- vc中查看反汇编代码
- vs中c++的反汇编分析
- sql语句
- C#中计算两个日期差
- 关于Geodatabase(转)
- 从算法入手讲解SQL Server的典型示例
- 通用套打web端解决方法
- Symbian中反汇编代码分析
- C/C++ 实现文件透明加解密
- Ext.form.ComboBox 本地和远程模式的基本定义
- 将xml字符串转换为一个xml对象
- 如何解决SQLServer占内存过多的问题
- form 表单验证
- 有关窗体创建代码(Form常做设置)
- SQL SERV ER 查询性能调试,用SET STATISTICS IO和SET STATISTICS TIME
- Struts2下使用jsonplugin及jquery完成ajax功能
