C++反汇编->类,结构体,命名空间分析
来源:互联网 发布:哈尔滨 知乎 编辑:程序博客网 时间:2024/05/12 12:14
首先来看类(class)的反汇编代码:
class name{public:int i;int j; int add(int in1,int in2){return in1+in2;}protected:private:};void main(){name n;n.i=10;n.j=12;std::cout<<n.add(n.i,n.j)<<std::endl;system("pause");}主函数对应反汇编代码:
00401560 > > \55 PUSH EBP00401561 . 8BEC MOV EBP,ESP00401563 . 83EC 48 SUB ESP,4800401566 . 53 PUSH EBX00401567 . 56 PUSH ESI00401568 . 57 PUSH EDI00401569 . 8D7D B8 LEA EDI,DWORD PTR SS:[EBP-48]0040156C . B9 12000000 MOV ECX,1200401571 . B8 CCCCCCCC MOV EAX,CCCCCCCC00401576 . F3:AB REP STOS DWORD PTR ES:[EDI]00401578 . C745 F8 0A000>MOV DWORD PTR SS:[EBP-8],0A0040157F . C745 FC 0C000>MOV DWORD PTR SS:[EBP-4],0C00401586 . 68 C8104000 PUSH testcals.004010C80040158B . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]0040158E . 50 PUSH EAX0040158F . 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]00401592 . 51 PUSH ECX00401593 . 8D4D F8 LEA ECX,DWORD PTR SS:[EBP-8]00401596 . E8 59FCFFFF CALL testcals.004011F4 //执行add函数语句0040159B . 50 PUSH EAX0040159C . B9 A0DE4700 MOV ECX,OFFSET testcals.std::cout004015A1 . E8 59FBFFFF CALL testcals.004010FF004015A6 . 8BC8 MOV ECX,EAX004015A8 . E8 33FCFFFF CALL testcals.004011E0004015AD . 68 1C004700 PUSH OFFSET testcals.??_C@_05PBCN@pause?>; /pause004015B2 . E8 D9EF0100 CALL testcals.system ; \system004015B7 . 83C4 04 ADD ESP,4004015BA . 5F POP EDI004015BB . 5E POP ESI004015BC . 5B POP EBX004015BD . 83C4 48 ADD ESP,48004015C0 . 3BEC CMP EBP,ESP004015C2 . E8 D9F00100 CALL testcals.__chkesp004015C7 . 8BE5 MOV ESP,EBP004015C9 . 5D POP EBP004015CA . C3 RETN找到对应的语句如下:
004015F0 >/> \55 PUSH EBP ; add function004015F1 |. 8BEC MOV EBP,ESP004015F3 |. 83EC 44 SUB ESP,44004015F6 |. 53 PUSH EBX004015F7 |. 56 PUSH ESI004015F8 |. 57 PUSH EDI004015F9 |. 51 PUSH ECX004015FA |. 8D7D BC LEA EDI,DWORD PTR SS:[EBP-44]004015FD |. B9 11000000 MOV ECX,1100401602 |. B8 CCCCCCCC MOV EAX,CCCCCCCC00401607 |. F3:AB REP STOS DWORD PTR ES:[EDI]00401609 |. 59 POP ECX0040160A |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX0040160D |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]00401610 |. 0345 0C ADD EAX,DWORD PTR SS:[EBP+C]00401613 |. 5F POP EDI00401614 |. 5E POP ESI00401615 |. 5B POP EBX00401616 |. 8BE5 MOV ESP,EBP00401618 |. 5D POP EBP00401619 \. C2 0800 RETN 8
2.namespace 命名:
namespace name{int i;int j;int add(int in1,int in2){return in1+in2;}}void main(){std::cout<<"tip1"<<std::endl;name::i=10;name::j=12;std::cout<<name::add(name::i,name::j)<<std::endl; system("pause");}对应的反汇编源码:00401580 >/> \55 PUSH EBP00401581 |. 8BEC MOV EBP,ESP00401583 |. 83EC 40 SUB ESP,4000401586 |. 53 PUSH EBX00401587 |. 56 PUSH ESI00401588 |. 57 PUSH EDI00401589 |. 8D7D C0 LEA EDI,DWORD PTR SS:[EBP-40]0040158C |. B9 10000000 MOV ECX,1000401591 |. B8 CCCCCCCC MOV EAX,CCCCCCCC00401596 |. F3:AB REP STOS DWORD PTR ES:[EDI]00401598 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] ; 实现add函数0040159B |. 0345 0C ADD EAX,DWORD PTR SS:[EBP+C]0040159E |. 5F POP EDI0040159F |. 5E POP ESI004015A0 |. 5B POP EBX004015A1 |. 8BE5 MOV ESP,EBP004015A3 |. 5D POP EBP004015A4 \. C3 RETN004015A5 CC INT3004015A6 CC INT3004015A7 CC INT3004015A8 CC INT3004015A9 CC INT3004015AA CC INT3004015AB CC INT3004015AC CC INT3004015AD CC INT3004015AE CC INT3004015AF CC INT3004015B0 > > 55 PUSH EBP004015B1 . 8BEC MOV EBP,ESP004015B3 . 83EC 40 SUB ESP,40004015B6 . 53 PUSH EBX004015B7 . 56 PUSH ESI004015B8 . 57 PUSH EDI004015B9 . 8D7D C0 LEA EDI,DWORD PTR SS:[EBP-40]004015BC . B9 10000000 MOV ECX,10004015C1 . B8 CCCCCCCC MOV EAX,CCCCCCCC004015C6 . F3:AB REP STOS DWORD PTR ES:[EDI]004015C8 . 68 C8104000 PUSH testname.004010C8004015CD . 68 24004700 PUSH OFFSET testname.??_C@_04HPCL@tip1?$>; tip1004015D2 . 68 A8DE4700 PUSH OFFSET testname.std::cout004015D7 . E8 AEFCFFFF CALL testname.0040128A004015DC . 83C4 08 ADD ESP,8004015DF . 8BC8 MOV ECX,EAX004015E1 . E8 FFFBFFFF CALL testname.004011E5004015E6 . C705 F8DD4700>MOV DWORD PTR DS:[name::i],0A ; name::i赋值004015F0 . C705 FCDD4700>MOV DWORD PTR DS:[name::j],0C ; name::j赋值004015FA . 68 C8104000 PUSH testname.004010C8004015FF . A1 FCDD4700 MOV EAX,DWORD PTR DS:[name::j] ; 寄存器存入 OA00401604 . 50 PUSH EAX00401605 . 8B0D F8DD4700 MOV ECX,DWORD PTR DS:[name::i] ; 寄存器存入 0C0040160B . 51 PUSH ECX0040160C . E8 84FBFFFF CALL testname.00401195 ; 执行 name::add函数00401611 . 83C4 08 ADD ESP,8 ; 栈平衡00401614 . 50 PUSH EAX ; 输出EAX寄存器00401615 . B9 A8DE4700 MOV ECX,OFFSET testname.std::cout0040161A . E8 E0FAFFFF CALL testname.004010FF0040161F . 8BC8 MOV ECX,EAX00401621 . E8 BFFBFFFF CALL testname.004011E500401626 . 68 1C004700 PUSH OFFSET testname.??_C@_05PBCN@pause?>; /pause0040162B . E8 90F30100 CALL testname.system ; \system00401630 . 83C4 04 ADD ESP,400401633 . 5F POP EDI00401634 . 5E POP ESI00401635 . 5B POP EBX00401636 . 83C4 40 ADD ESP,4000401639 . 3BEC CMP EBP,ESP0040163B . E8 90F40100 CALL testname.__chkesp00401640 . 8BE5 MOV ESP,EBP00401642 . 5D POP EBP00401643 . C3 RETN
3.struct代码:
struct name {int i;int j;int add(int in1,int in2){return in1+in2;}};void main(){std::cout<<"tips";name n;n.i=10;n.j=12;std::cout<<n.add(n.i,n.j)<<std::endl;system("pause");}对应反汇编如下:00401580 > > \55 PUSH EBP00401581 . 8BEC MOV EBP,ESP00401583 . 83EC 48 SUB ESP,4800401586 . 53 PUSH EBX00401587 . 56 PUSH ESI00401588 . 57 PUSH EDI00401589 . 8D7D B8 LEA EDI,DWORD PTR SS:[EBP-48]0040158C . B9 12000000 MOV ECX,1200401591 . B8 CCCCCCCC MOV EAX,CCCCCCCC00401596 . F3:AB REP STOS DWORD PTR ES:[EDI]00401598 . 68 24004700 PUSH OFFSET teststru.??_C@_04IPMF@tips?$>; tips0040159D . 68 A0DE4700 PUSH OFFSET teststru.std::cout004015A2 . E8 E3FCFFFF CALL teststru.0040128A004015A7 . 83C4 08 ADD ESP,8004015AA . C745 F8 0A000>MOV DWORD PTR SS:[EBP-8],0A004015B1 . C745 FC 0C000>MOV DWORD PTR SS:[EBP-4],0C004015B8 . 68 C8104000 PUSH teststru.004010C8004015BD . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]004015C0 . 50 PUSH EAX004015C1 . 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]004015C4 . 51 PUSH ECX004015C5 . 8D4D F8 LEA ECX,DWORD PTR SS:[EBP-8]004015C8 . E8 27FCFFFF CALL teststru.004011F4004015CD . 50 PUSH EAX004015CE . B9 A0DE4700 MOV ECX,OFFSET teststru.std::cout004015D3 . E8 27FBFFFF CALL teststru.004010FF004015D8 . 8BC8 MOV ECX,EAX004015DA . E8 01FCFFFF CALL teststru.004011E0004015DF . 68 1C004700 PUSH OFFSET teststru.??_C@_05PBCN@pause?>; /pause004015E4 . E8 C7F30100 CALL teststru.system ; \system004015E9 . 83C4 04 ADD ESP,4004015EC . 5F POP EDI004015ED . 5E POP ESI004015EE . 5B POP EBX004015EF . 83C4 48 ADD ESP,48004015F2 . 3BEC CMP EBP,ESP004015F4 . E8 C7F40100 CALL teststru.__chkesp004015F9 . 8BE5 MOV ESP,EBP004015FB . 5D POP EBP004015FC . C3 RETN004015FD CC INT3004015FE CC INT3004015FF CC INT300401600 CC INT300401601 CC INT300401602 CC INT300401603 CC INT300401604 CC INT300401605 CC INT300401606 CC INT300401607 CC INT300401608 CC INT300401609 CC INT30040160A CC INT30040160B CC INT30040160C CC INT30040160D CC INT30040160E CC INT30040160F CC INT300401610 CC INT300401611 CC INT300401612 CC INT300401613 CC INT300401614 CC INT300401615 CC INT300401616 CC INT300401617 CC INT300401618 CC INT300401619 CC INT30040161A CC INT30040161B CC INT30040161C CC INT30040161D CC INT30040161E CC INT30040161F CC INT300401620 >/> 55 PUSH EBP ; struct实现函数位置00401621 |. 8BEC MOV EBP,ESP00401623 |. 83EC 44 SUB ESP,4400401626 |. 53 PUSH EBX00401627 |. 56 PUSH ESI00401628 |. 57 PUSH EDI00401629 |. 51 PUSH ECX0040162A |. 8D7D BC LEA EDI,DWORD PTR SS:[EBP-44]0040162D |. B9 11000000 MOV ECX,1100401632 |. B8 CCCCCCCC MOV EAX,CCCCCCCC00401637 |. F3:AB REP STOS DWORD PTR ES:[EDI]00401639 |. 59 POP ECX0040163A |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX0040163D |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]00401640 |. 0345 0C ADD EAX,DWORD PTR SS:[EBP+C]00401643 |. 5F POP EDI00401644 |. 5E POP ESI00401645 |. 5B POP EBX00401646 |. 8BE5 MOV ESP,EBP00401648 |. 5D POP EBP00401649 \. C2 0800 RETN 8
小结:
1.命名空间定义的函数,在编译主函数之前,而类和结构体在主函数之后。
2.类和结构体内部公有函数反汇编源码一致,也印证了结构体内的函数与类里面的公有函数等效。
0 0
- C++反汇编->类,结构体,命名空间分析
- C反汇编示例分析
- cpp反汇编之类和结构体分析
- c++反汇编代码分析--循环结构
- c++反汇编代码分析--循环结构
- C++编程->加法的七种方式实现(命名空间,类,模板,结构体,函数,位运算,内联汇编)
- C库字符串反汇编分析
- C程序反汇编代码分析
- 基于arm的C++反汇编 结构体和类
- 反汇编一个简单的C程序,分析汇编代码
- 驱动反汇编常用结构体OffSet
- SSDT 结构体 方便反汇编
- C++ 函数反汇编跟踪以及栈结构分析
- 简单C语言反汇编(循环,判断,数组,结构体,共用体,枚举类型)
- C语言反汇编代码(三大结构)
- C 语言函数返回结构体汇编分析
- C语言返回值为结构体的汇编分析
- 反汇编角度深入学习C++第一课:C++的命名空间
- HDU 1233 还是畅通工程 (九度OJ 1017)
- 打包JAR
- hdu1059(多重背包)
- 完全卸载oracle11g步骤
- 《Hadoop权威指南》- 2、关于MapReduce
- C++反汇编->类,结构体,命名空间分析
- python网页抓取代码
- 怎么打败BAT
- java 8 多重注解
- Charm Bracelet
- redis list应用–大型网站缓冲队列服务器
- Winform 关闭事件
- 利用GDAL/OGR导空间数据到SQLServer2008
- 科目一预告(4月14日):理论考试说明
