Professional Documents
Culture Documents
天书夜读 从汇编语言到Windows内核编程 201612071247
天书夜读 从汇编语言到Windows内核编程 201612071247
天书夜读 从汇编语言到Windows内核编程 201612071247
FLA SPAR A if(e>0 && c<10) 00411A66 cmp dword ptr [c],0 00411A6A le myfunction+6ih (411A81h) BIE —Pelse if AU 00411A6C cmp dword ptr [c], 0Rh 00411A70 jge —myfunction+61h (411A81n) ‘BEF —eise if i UE (GOHRAR A SNIP print£(*c>0"); 00411872 push offset string *e>0* (4240Dch) 0041177 call. @ULT+1300(_print£) (411519h) ooaia7c add esp.4 > else if Helse RFRA. (FPR. MRA. BRAS SLM ET Re. BILAL ATTA AS} SHAT SPA IT LHR AG 9) SE ADT FES SP AAT ME “RHE LA TUT AR EAA else IUZE jmp ZG FLED SERIE. if else if SN FFM HEIL if ZG AUBETE HH cmp LEAR. TAH AEBS TE HE AT BEE else if( c>10 && c<100) 00411A7° jmp myfunction+89h (411AA9n) ALAR BRED HINES ot 0041181 cmp dword ptr [c],0ah Hee RR 1A Eh a jle myfunction+7ch (421A9ch) cmp dword ptr (c],64h 00421A8B jge — myfunction+7Ch (411A9Ch) 2.2.2 switch-case #1) B33 TERED MiB, TELL BA IRAVIE switch. switch MIRE RUE BAHT. lI. switch BRA HUITA Pt, TCLABAE je. APHIBESIAE TS case Wh. JIT -AAE ICA BH. FLREBES! default Zb. WL FARAH: switch(c) t case 0: £00"); print£("c>10 && c<100"); break; > default: printf ("c>10 && c<100"); ) 1920 BAL Roe switch(c) 00411066 mov eax, dword ptr [cl 00411069 mov word ptr [ebp-OE8h] ,eax OO411A6F cmp dword ptr [ebp-0B8h],0 00411A76 je — myfunction+63h (411A83h) 00411A78 emp — dword ptr [ebp-O88h),1 oo4i1a7F je — myfunction+70h (411A90h) 00411A81 jmp — myfunction+7Fh (411A9Fh) G on EAE HL REALL ATR ASAI switch, LTRS #5 SBIR JE TE LEA cL ATE 0. 1 GAVE. EP SEIE c Ho) H ebp-Oe8h SRAM, PRAT ELC, GRE RAE A BB default Ab, LALFT defaule, BEB) switch 25h. o FURR AEA HH. BI A ALF case #il default ARIE HEM ML. WURAT break, WHEN —TACA PHBE: FEB AT break (tii F, BLA AE ICAL. case 0: print£(*c>0"); 00411083 push offset string "c>0* (4240DCh) 00412A88 call @ILT+1300(_printf) (411519h) 00411A8D add esp, 4 case 1: ‘ print£("c>10 && c<100"); 00411090 push offset string "c>10 6& c<100" 0042A95 call @ILT+1300(_printf) (411519h) 00411094 ada esp, 4 break; 00411A9D jmp — myfunction+8Ch (411AACh) ) default: print£("c>10 && c<100"); 00411A9F push offset string *c>10 && c<100* 00421AA4 call @ILT+1300(_printf) (411519h) 00411AA9 add esp, 4 ) (424288h) (424288h)2K CweMRB AN “RE583) FIBA. ARIE PF AMAR CY. MSRP AAT AEA, BSL F RMA. ROR TABOTC RA ERE, MATE RATHAES BAI ike DCA HRB AREA. Hae, RET AZ 00411A20 push ebp 00411a21 mov —ebp, esp 00411A23 sub esp, OE8h 00411a29 push ebx 00411A2A push esi 00411A2B push edi 00411A2c lea edi, (ebp-0E8h] 00411832 mov —ecx, 3A 00411a37 mov eax, occcecccch 00411a3c rep stos dword ptr (edi) 00411A3E mov eax, dword ptr (a) 00411a41 add eax, dword ptr (b] 00411A44 mov dword ptr [dl,eax 00411A47 mov dword ptr [i],1 00411A4E mov dword ptr [e],0 00411055 cmp dword ptr [c], 64h 00411059 jge —myfunction+46h (411A66h) 00411A5B mov eax, dword ptr [c] 00411A5E add eax, dword ptr [i] 00411A61 mov adword ptr [c],eax 00411A64 jmp — myfunction+35h (411A55h) 00411A66 mov eax, dword ptr [c] 00411A69 mov dword ptr [ebp-0B8h],eax 00411A6F cmp dword ptr [ebp-OE8h] ,0 00411A76 je —myfunction+63h (411A83h) 00411478 cmp dword ptr [ebp-OE8h],1 00411A7F je — myfunction+6ah (411A8Ah) 00411A81 jmp —myfunction+72h (411A92h) 00411A83 mov dword ptr [d],1 00411A8A mov eax, dword ptr [cl] 00411A8D mov dword ptr [dJ,eax 00412A90 jmp —myfunction+79h (411A99h) 21_ RABI ccmisee Windows meee 00411092 mov word ptr (a],0 eax,dword ptr [a] edi 00411A9D pop esi 00411A9E pop — ebx QO411A9F mov esp, ebp o4i1aA1 pop — ebp OO411AA2 ret 2.3 CHT WRAL Sa BIDS ASF T St Hs a A 9 18 typedef struct { int a; BL int b; int ¢; ) mystruct; int myfunction(int a, int b) unsigned char *buf (100); mystruct *strs = (mystruct *)buf; for (is0;icSrive) ‘ strs[i).a strs[il.b strs[il.c = ) return 0; ? SSA Ha AI SECALiT] BRABEAG ©ALSKGAN BH Si IR C for (i=0;i<5:it+) 00413674 mov dword ptr [i],0 UY for AE 00413684 jmp — myfunction+45h (413695h) 00413686 mov eax, dword ptr [i] 0041368C add eax, 1 00413687 mov dword ptr [i],eax00413695 0041369c i emp jge strs[i].a 0041369E 004136a4 0041367 004136aD mov imal mov strs[i}.b 004136B4 004136Ba 004136BD imu dword ptr (41,5 { myfunction+94h (413684h) OF , ~ eax,dword ptr (i) FABRE ivoch AB peax 10h SHAE 48 strs MIBIERA cox HEB ocr (1 HOHE IHR O eax, eax, 0Ch ecx,dword ptr [strs] dword ptr [ecx+eax],0 as eax,dword ptr [i] eax, eax, 0Ch ecx,dword ptr (strs) RBS, MINER b ONE 004136¢3 mov dword ptr [ecx+eaxed] ,1 strslil.c = 2; 004136c8 004136D1 00413604 004136DA d 00413682 004136E4 mov imal imp eax,dword ptr (i) eax,eax, 0Ch ecx,dword ptr (strs] Gword ptr [ecx+eax+8],2 myfunction+36h (413686h) ; RAINE eax, eax peax ee immul 4 ik AAR 24 HS A BAL, RE EP EU Ua — 2 HT EER RGB RTE TCR FRADE. LIN, ASTOR NRE A= F< BP TCR MCT A HR STORET AE AE Ba RES EE — PR tn EACH SLA OCH, kT PEAR. DEG, RRP eA imul 184, HTC PRET RR. BRA RI HE LA FE 5h HE — NTE, TKN a) a5 HEADS PR RAS EA AAR ZS TA Sn AN RO AMER HWS, OMAR b BICEMIERE 4 (4H). TERE ICMAT OR, AE IRAE. DDS SEP HOA AR SE TERE OR) ORE WDK JPL PHO PER 4 TPA A SARL ATES) TIT ARM BB A IT CEA eS aa RT EA ES 23KA RIE— ici | Windows itz fe#? Bue Wks, 2.4 CHR TERJE KBE FRAT COWIE) BUHASSE MY ABAL CE CIB Oy TA ee bn oT AA SRL. RA HiT AEA SR AU LOT, BELLI aa, es i TAS WRAILT. WT iRR, BIEN ALHO BY RUIRE, RIG BOIS — FR. Lf EAI typedef enum ( ENUM_1 = 1, ENUM_2 = 2, ENUM_3, ENUMA, ) myenum; J) hE typedef struct ( int a; int b; int ¢; } mystruct; “typedef union { mystruct s; myenum (3); } myunion; int myfunction(int a, int b) i unsigned char buf(100] = { 0 }; myunion *uns = (myunion *)buf; int 1) ia SE A, Git, (URE ORICA Se for (i=0;i<5;i++) uns[i].s.a = 0; 24uns(i].s.b = 1; uns(i].e(2] = ENUM4; ) return 0; ) BABA RAN 2.3 HEAL ARS. for (i=0;i<5;i++) 00411857 mov 00411A5E jmp 00411a60 mov 00411063 add 00411A66 mov 00411469 cmp o04i1a6D ge ‘ @word ptr (41,0 myfunction+49h (411A69h) eax, dword ptr [i] eax,1 adword ptr [iJ],eax dword ptr (i],5 myfunction+83h (411AA3h) uns[il.s.a = 0; 00411A6F mov eax,dword ptr [i] ;ARAKS, Bit 12H. 2 HSE 00411472 imal 00411A75 mov ecx,dword ptr [uns] 00411A78 mov —dword ptr [ecx+eax] ,0 uns[{i].s-b = 1; O0413A7F mov eax,dword ptr [i] 00412a82 imul eax, eax, 0Ch 00411a85 mov ecx,dword ptr [uns] 00411A88 mov dword ptr [ecx+eax+4],1 uns(i].e(2] = ENUM_4; 00411A90 mov eax, dword ptr (i) 00411493 imul eax, eax, 0Ch 00411A96 mov ecx, dword ptr [uns] 00411A99 mov dword ptr [ecx+eax+8],4 ) 00421Aa1 jmp eax, eax, 0Ch myfunction+40h (411A60h) RIK CRRA CR OEM PEI AAT, SB. FAK AER ALA AAS BA A EAT Si, SEAL ARR ALE Ty REE A WEA, RPP aR ae eh HH OR BE. EMTIIE ARS] AHSB35 SIV CBSES 31 BSR BY BELA mo nnnnnnnnnnnnnnansnsnnnnsnananene BF 3.1 SRR RIC ~ 27 3.1.2 SR RIC AAD EG. 28 8.2 RAT RRED RIL rrr 29 3.3 (CMR C BEB om rrrmnnrnenenenennerees BS,TS SARTRE 3.1 SHRI CHG TANS ES ALTE RICH PL A RRS), TN LP AYRES 6 ANOLE IE AN BIC MARGARET ERIS, SEAS SL A SET. 3.1.1 BARI T BOA MADRE BGA TE, REREAD AI) TY. FTE 3x3 HE SHR HT int myfunction(int a{3](3),int b(3](3],int ¢(31(31) co ‘ / int i,3; | for (i=0;i<3;i++) € for (5=0;5<3;5++) . Li] (3) = a4) (0) *b(0) (5) +a fi) (1) *bI2] (5) +aCi) [2] *bL ) return 0; ) JAB U A Tih M, ASL, IC Ga STC AE int i, for (i0;ic3site) 00411A3E mov @word ptr [i],0 00411A45 jmp — myfunction+30h (411A50h) 00411A47 mov eax, dword ptr [i] O0411M4A add eax,1 00411A4D mov dword ptr [i],eax 00411050 cmp dword ptr [il,3 00411054 jge myfunction+0AEh (411ACEh) c for(j=0;5<3;5++) 00411056 mov dword ptr [31,0 00411AsD jmp myfunction+48h (411A68h) 0O411ASF mov eax,dword ptr [3] 00411a62 add eax, 1 27KARE ic 8s 8 Windows WEAR 00421465 mov dword ptr [4] eax 0o421A68 cmp adword ptr [4],3 ooaiia6c jge — myfunction+0agh (411ACcSh) eli] {5} = afi} (0]*b{0] [5] +aCi) (1) *b(2] (5) ali) (21 B12) (5); WORE FHI S RA mov, add A imal HEAT BI SC 0041162 mov eax,dword ptr (4) 00411471 imul eax, eax, 0Ch 00411474 mov ecx,dword ptr [a] 00411477 mov ex, dword ptr [3] 00411A7A mov esi, dword ptr (b] 00411A7D mov eax, dword ptr [ecx+eax] 00411A80-—tmlul eax, dword ptr [esi+edx*4] 0041384 mov ecx,dword ptr [3] 00441a87 imal ecx,ecx, 0ch OOR1IABA mov edx,dword ptr [a] Odd11aeD mov esi, dword ptr [3] 00811090 mov edi, dword ptr [b} 00413493 mov _-ecx;dvord ptr [edx+ecx+4) 00411097—tul ecx,dword ptr [editesi*4+0ch] oo4i1asc add eax,ecx 0041192 mov edx,dword ptr [i] O04i1AA1 imal edx,edx, Och 00411AA4 mov ecx,dword ptr {a} 00411AA7 mov esi, dvord ptr [3] O0421AAA mov edi ,dvord ptr (b) 00411AAD mov edx,dword ptr [ecx+edx+8) 00411AB1 iml ‘edx,dword ptr [edi+esi*d+i8h] 00411AB6 add eax, edx 00411AB8 mov ecx,dword ptr [i] 00411ABB imul ecx,ecx,0Ch 00411A88 add ecx,dword ptr (ec) 00411AC1 mov eax, dword ptr [3] 00411AC4 mov dword ptr [ecx+edx*4] ,eax 00411AC7 jmp myfunction+3Fh (411A5Fh) ) 00411Ac9 jmp —myfunction+27h (421A47h) 3.1.2 BARROS SERIE EAE AES, A EAE TE ES OOS 5 BA SLO} PE DA SEA TRT AR BEE HRA HO FBI. PBUH SEARS AND Ja, se A(ARR BE UR, BES A AE AH. Rend MRE Did A BIR HIRTBCY EI BRS AE REE £421) mov ABR — AAT C Rik. AR, KAA IE AEX GUE OT LLB], SABA ally] ARBRE AK A Hy aly SEH SHE XML. PTDL, AUTRE BIN RR DARA TT EL. MARI vt R imal mov eax, < REM TORO F t> eax, eax, ocx, UNICODE_STRING str = RTL_CONSTANT_STRING(L*my first string!*); JERE TERE MIRAE NO OE. OT BB EE, AT RillnitUnicodeString. av fi 4 F: UNICODE_STRING str; RtlInitUnicodestring(estr,L'my first string!*); FLATTER ALN FER SLA A ARCH UL, BL SEMAN ME Bite. a1