c++ 反汇编 数组和指针
2024-08-31 21:44:36
- 字符串初始化字符数组
58: char as[] = "hello word";
00AC7308 A1 70 2E B6 00 mov eax,dword ptr [string "hello word" (0B62E70h)]
00AC730D 89 45 EC mov dword ptr [as],eax //复制4字节
00AC7310 8B 0D 74 2E B6 00 mov ecx,dword ptr ds:[0B62E74h]
00AC7316 89 4D F0 mov dword ptr [ebp-10h],ecx //4字节
00AC7319 66 8B 15 78 2E B6 00 mov dx,word ptr ds:[0B62E78h]
00AC7320 66 89 55 F4 mov word ptr [ebp-0Ch],dx //2字节
00AC7324 A0 7A 2E B6 00 mov al,byte ptr ds:[00B62E7Ah]
00AC7329 88 45 F6 mov byte ptr [ebp-0Ah],al //1字节
- 数组作为参数
55: // 数组作为参数
56: char szHello[20] = {0};
00127308 33 C0 xor eax,eax
0012730A 89 45 E4 mov dword ptr [szHello],eax
0012730D 89 45 E8 mov dword ptr [ebp-18h],eax
00127310 89 45 EC mov dword ptr [ebp-14h],eax
00127313 89 45 F0 mov dword ptr [ebp-10h],eax
00127316 89 45 F4 mov dword ptr [ebp-0Ch],eax
57: Show(szHello);
00127319 8D 45 E4 lea eax,[szHello] //取数组szHello的地址,
0012731C 50 push eax
0012731D E8 2F C4 FF FF call Show (0123751h)
00127322 83 C4 04 add esp,4
Show
8: // 参数为字符数组
9: void Show(char szBuff[])
10: {
···debug环境初始化;
11: strcpy(szBuff, "Hello World");
0012717E 68 50 2E 1C 00 push offset string "Hello World" (01C2E50h)
00127183 8B 45 08 mov eax,dword ptr [szBuff]
00127186 50 push eax //参数szBuff入栈
00127187 E8 DA BF FF FF call _strcpy (0123166h)
0012718C 83 C4 08 add esp,8
12: printf(szBuff);
···printf
sizeof(数组名)得到数组大小,而sizeof(指针,形参数组名)不可以。
- 局部数组变量作为返回值(不允许出现!)
73: // 调用返回值为局部变量
74: printf("%s\r\n", RetArray());
012B73EB E8 99 CC FF FF call RetArray (012B4089h)
012B73F0 50 push eax
012B73F1 68 84 2E 35 01 push offset string "%s\r\n" (01352E84h)
012B73F6 E8 CF 9F FF FF call _printf (012B13CAh)
012B73FB 83 C4 08 add esp,8
RetArray
22: // 局部数组作为返回值
23: char* RetArray()
24: {
···debug环境初始化栈012B9DAE A1 1C 70 37 01 mov eax,dword ptr [__security_cookie (0137701Ch)]
012B9DB3 33 C5 xor eax,ebp
012B9DB5 89 45 FC mov dword ptr [ebp-4],eax
25: char szBuff[] = {"Hello World"};
012B9DB8 A1 50 2E 35 01 mov eax,dword ptr [string "Hello World" (01352E50h)]
012B9DBD 89 45 EC mov dword ptr [szBuff],eax
012B9DC0 8B 0D 54 2E 35 01 mov ecx,dword ptr ds:[1352E54h]
012B9DC6 89 4D F0 mov dword ptr [ebp-10h],ecx
012B9DC9 8B 15 58 2E 35 01 mov edx,dword ptr ds:[1352E58h]
012B9DCF 89 55 F4 mov dword ptr [ebp-0Ch],edx
26: return szBuff;
012B9DD2 8D 45 EC lea eax,[szBuff] //取局部数组变量的地址,最为函数返回值。其值位于栈中,后续的清理工作会使栈中数据不稳定!
27: }
···
- 局部静态数组
局部静态数组同样存在初始化标志,只能初始化一次。
- 下标寻址和指针寻址
93: // 下标、指针寻址
94: //
95: char * pChar = NULL;
0092FC9B C7 45 D8 00 00 00 00 mov dword ptr [pChar],0
96: char szBuff[] = "popk no one";
0092FCA2 A1 84 2E 9C 00 mov eax,dword ptr [string "popk no one" (09C2E84h)]
0092FCA7 89 45 C4 mov dword ptr [szBuff],eax
0092FCAA 8B 0D 88 2E 9C 00 mov ecx,dword ptr ds:[9C2E88h]
0092FCB0 89 4D C8 mov dword ptr [ebp-38h],ecx
0092FCB3 8B 15 8C 2E 9C 00 mov edx,dword ptr ds:[9C2E8Ch]
0092FCB9 89 55 CC mov dword ptr [ebp-34h],edx
97: pChar = szBuff;
0092FCBC 8D 45 C4 lea eax,[szBuff]
0092FCBF 89 45 D8 mov dword ptr [pChar],eax //指针变量赋值数组szBuff地址
98: printf("%c", *++pChar);
0092FCC2 8B 45 D8 mov eax,dword ptr [pChar] //取指针变量
0092FCC5 83 C0 01 add eax,1 //指针加一,指向元素szBuff[1]
0092FCC8 89 45 D8 mov dword ptr [pChar],eax //修改指针变量pChar
0092FCCB 8B 4D D8 mov ecx,dword ptr [pChar] 0092FCCE 0F BE 11 movsx edx,byte ptr [ecx]
0092FCD1 52 push edx
0092FCD2 68 40 2F 9C 00 push offset string "%c" (09C2F40h)
0092FCD7 E8 EE 16 FF FF call _printf (09213CAh)
0092FCDC 83 C4 08 add esp,8
99: printf("%c", szBuff[1]);
0092FCDF B8 01 00 00 00 mov eax,1 //计算偏移量,数组元素类型大小*索引
0092FCE4 C1 E0 00 shl eax,0
0092FCE7 0F BE 4C 05 C4 movsx ecx,byte ptr szBuff[eax]
0092FCEC 51 push ecx
0092FCED 68 40 2F 9C 00 push offset string "%c" (09C2F40h)
0092FCF2 E8 D3 16 FF FF call _printf (09213CAh)
0092FCF7 83 C4 08 add esp,8
指针寻址在效率上要低于下标寻址
- 多维数组
二维数组
debug
000A0DFB C7 45 D8 00 00 00 00 mov dword ptr [i],0
112: int nTwoArray[2][3] = {{1, 2,3},{4, 5,6}}; // 二维数组
000A0E02 C7 45 B8 01 00 00 00 mov dword ptr [nTwoArray],1
000A0E09 C7 45 BC 02 00 00 00 mov dword ptr [ebp-44h],2
000A0E10 C7 45 C0 03 00 00 00 mov dword ptr [ebp-40h],3
000A0E17 C7 45 C4 04 00 00 00 mov dword ptr [ebp-3Ch],4
000A0E1E C7 45 C8 05 00 00 00 mov dword ptr [ebp-38h],5
000A0E25 C7 45 CC 06 00 00 00 mov dword ptr [ebp-34h],6
113: scanf("%d", &i);
000A0E2C 8D 45 D8 lea eax,[i]
000A0E2F 50 push eax
000A0E30 68 80 AE 14 00 push offset string "%d" (014AE80h)
000A0E35 E8 B3 0A FF FF call _scanf (0918EDh)
000A0E3A 83 C4 08 add esp,8
114: printf("nTwoArray = %d\r\n", nTwoArray[1][i]); //
000A0E3D B8 0C 00 00 00 mov eax,0Ch
000A0E42 C1 E0 00 shl eax,0
000A0E45 8D 4C 05 B8 lea ecx,nTwoArray[eax]
000A0E49 8B 55 D8 mov edx,dword ptr [i]
000A0E4C 8B 04 91 mov eax,dword ptr [ecx+edx*4]
000A0E4F 50 push eax
000A0E50 68 84 AE 14 00 push offset string "nTwoArray = %d\r\n" (014AE84h)
000A0E55 E8 15 06 FF FF call _printf (09146Fh)
000A0E5A 83 C4 08 add esp,8
release
int i = 0;
int nTwoArray[2][3] = {{1, 2,3},{4, 5,6}}; // 二维数组
scanf("%d", &i);
printf("nTwoArray = %d\r\n", nTwoArray[1][i]);
00F710FE | 0F2805 30C2FB00 | movaps xmm0,xmmword ptr ds:[<__xmm@00000004000000030000000200000001> | array.cpp:112
00F71105 | 8D85 60FFFFFF | lea eax,dword ptr ss:[ebp-0xA0] | array.cpp:113
00F7110B | 50 | push eax |
00F7110C | 68 B0C1FB00 | push array.FBC1B0 | FBC1B0:"%d"
00F71111 | C785 60FFFFFF 0 | mov dword ptr ss:[ebp-0xA0],0x0 |//i
00F7111B | 0F1145 C4 | movups xmmword ptr ss:[ebp-0x3C],xmm0 |//nTwoArray
00F7111F | C745 D4 0500000 | mov dword ptr ss:[ebp-0x2C],0x5 |
00F71126 | C745 D8 0600000 | mov dword ptr ss:[ebp-0x28],0x6 | [ebp-28]:_iob+70
00F7112D | E8 DE010000 | call <array.scanf> |
00F71132 | 8B85 60FFFFFF | mov eax,dword ptr ss:[ebp-0xA0] | array.cpp:114
00F71138 | FF7485 D0 | push dword ptr ss:[ebp+eax*4-0x30] |//ebp-0x30-->nTwoArray[1]地址,eax-->i
00F7113C | 68 B4C1FB00 | push array.FBC1B4 | FBC1B4:"nTwoArray = %d\r\n"
00F71141 | E8 9A010000 | call <array.printf> |
三维数组
debug
116: //// 三维数组
117: int x = 0,y = 0,z = 0;
000A0E5D C7 45 AC 00 00 00 00 mov dword ptr [x],0
000A0E64 C7 45 A0 00 00 00 00 mov dword ptr [y],0
115:
116: //// 三维数组
117: int x = 0,y = 0,z = 0;
000A0E6B C7 45 94 00 00 00 00 mov dword ptr [z],0
118:
119: int nArray[2][3][4] = { {{1,1,1,1},{2,2,2,2},{3,3,3,3}},{{4,4,4,4},{5,5,5,5},{6,6,6,6}} };
000A0E72 C7 85 2C FF FF FF 01 00 00 00 mov dword ptr [nArray],1
000A0E7C C7 85 30 FF FF FF 01 00 00 00 mov dword ptr [ebp-0D0h],1
000A0E86 C7 85 34 FF FF FF 01 00 00 00 mov dword ptr [ebp-0CCh],1
000A0E90 C7 85 38 FF FF FF 01 00 00 00 mov dword ptr [ebp-0C8h],1
000A0E9A C7 85 3C FF FF FF 02 00 00 00 mov dword ptr [ebp-0C4h],2
000A0EA4 C7 85 40 FF FF FF 02 00 00 00 mov dword ptr [ebp-0C0h],2
000A0EAE C7 85 44 FF FF FF 02 00 00 00 mov dword ptr [ebp-0BCh],2
000A0EB8 C7 85 48 FF FF FF 02 00 00 00 mov dword ptr [ebp-0B8h],2
000A0EC2 C7 85 4C FF FF FF 03 00 00 00 mov dword ptr [ebp-0B4h],3
000A0ECC C7 85 50 FF FF FF 03 00 00 00 mov dword ptr [ebp-0B0h],3
000A0ED6 C7 85 54 FF FF FF 03 00 00 00 mov dword ptr [ebp-0ACh],3
000A0EE0 C7 85 58 FF FF FF 03 00 00 00 mov dword ptr [ebp-0A8h],3
000A0EEA C7 85 5C FF FF FF 04 00 00 00 mov dword ptr [ebp-0A4h],4
000A0EF4 C7 85 60 FF FF FF 04 00 00 00 mov dword ptr [ebp-0A0h],4
000A0EFE C7 85 64 FF FF FF 04 00 00 00 mov dword ptr [ebp-9Ch],4
000A0F08 C7 85 68 FF FF FF 04 00 00 00 mov dword ptr [ebp-98h],4
000A0F12 C7 85 6C FF FF FF 05 00 00 00 mov dword ptr [ebp-94h],5
000A0F1C C7 85 70 FF FF FF 05 00 00 00 mov dword ptr [ebp-90h],5
000A0F26 C7 85 74 FF FF FF 05 00 00 00 mov dword ptr [ebp-8Ch],5
000A0F30 C7 85 78 FF FF FF 05 00 00 00 mov dword ptr [ebp-88h],5
000A0F3A C7 85 7C FF FF FF 06 00 00 00 mov dword ptr [ebp-84h],6
000A0F44 C7 45 80 06 00 00 00 mov dword ptr [ebp-80h],6
000A0F4B C7 45 84 06 00 00 00 mov dword ptr [ebp-7Ch],6
000A0F52 C7 45 88 06 00 00 00 mov dword ptr [ebp-78h],6
120: scanf("%d %d %d", &x, &y, &z);
000A0F59 8D 45 94 lea eax,[z]
000A0F5C 50 push eax
000A0F5D 8D 4D A0 lea ecx,[y]
000A0F60 51 push ecx
000A0F61 8D 55 AC lea edx,[x]
000A0F64 52 push edx
000A0F65 68 98 AE 14 00 push offset string "%d %d %d" (014AE98h)
000A0F6A E8 7E 09 FF FF call _scanf (0918EDh)
000A0F6F 83 C4 10 add esp,10h
121:
122: printf("%d", nArray[x][y][z]);
000A0F72 6B 45 AC 30 imul eax,dword ptr [x],30h //x*3*4*4
000A0F76 8D 8C 05 2C FF FF FF lea ecx,nArray[eax]
000A0F7D 8B 55 A0 mov edx,dword ptr [y]
000A0F80 C1 E2 04 shl edx,4 //y*4*4 y*2^4
000A0F83 03 CA add ecx,edx
000A0F85 8B 45 94 mov eax,dword ptr [z]
000A0F88 8B 0C 81 mov ecx,dword ptr [ecx+eax*4]
000A0F8B 51 push ecx
000A0F8C 68 80 AE 14 00 push offset string "%d" (014AE80h)
000A0F91 E8 D9 04 FF FF call _printf (09146Fh)
000A0F96 83 C4 08 add esp,8
release
//// 三维数组
int x = 0,y = 0,z = 0;
int nArray[2][3][4] = { {{1,1,1,1},{2,2,2,2},{3,3,3,3}},{{4,4,4,4},{5,5,5,5},{6,6,6,6}} };
scanf("%d %d %d", &x, &y, &z);
printf("%d", nArray[x][y][z]);
00F71146 | 0F2805 00C2FB00 | movaps xmm0,xmmword ptr ds:[<__xmm@00000001000000010000000100000001> | 初始化三维数组
00F7114D | 8D85 54FFFFFF | lea eax,dword ptr ss:[ebp-0xAC] | array.cpp:120
00F71153 | 0F1185 64FFFFFF | movups xmmword ptr ss:[ebp-0x9C],xmm0 |
00F7115A | 50 | push eax |//z
00F7115B | 0F2805 10C2FB00 | movaps xmm0,xmmword ptr ds:[<__xmm@00000002000000020000000200000002> |
00F71162 | 8D85 58FFFFFF | lea eax,dword ptr ss:[ebp-0xA8] |
00F71168 | 0F1185 74FFFFFF | movups xmmword ptr ss:[ebp-0x8C],xmm0 |
00F7116F | 50 | push eax |//y
00F71170 | 0F2805 20C2FB00 | movaps xmm0,xmmword ptr ds:[<__xmm@00000003000000030000000300000003> |
00F71177 | 8D85 5CFFFFFF | lea eax,dword ptr ss:[ebp-0xA4] |
00F7117D | 0F1145 84 | movups xmmword ptr ss:[ebp-0x7C],xmm0 |
00F71181 | 50 | push eax |//x
00F71182 | 0F2805 40C2FB00 | movaps xmm0,xmmword ptr ds:[<__xmm@00000004000000040000000400000004> |
00F71189 | 0F1145 94 | movups xmmword ptr ss:[ebp-0x6C],xmm0 |
00F7118D | 68 C8C1FB00 | push array.FBC1C8 | FBC1C8:"%d %d %d"
00F71192 | 0F2805 50C2FB00 | movaps xmm0,xmmword ptr ds:[<__xmm@00000005000000050000000500000005> |
00F71199 | 0F1145 A4 | movups xmmword ptr ss:[ebp-0x5C],xmm0 |
00F7119D | C785 5CFFFFFF 0 | mov dword ptr ss:[ebp-0xA4],0x0 //x=0 |
00F711A7 | 0F2805 60C2FB00 | movaps xmm0,xmmword ptr ds:[<__xmm@00000006000000060000000600000006> |
00F711AE | C785 58FFFFFF 0 | mov dword ptr ss:[ebp-0xA8],0x0 //y=0 |
00F711B8 | C785 54FFFFFF 0 | mov dword ptr ss:[ebp-0xAC],0x0 //z=0 |
00F711C2 | 0F1145 B4 | movups xmmword ptr ss:[ebp-0x4C],xmm0 |
00F711C6 | E8 45010000 | call <array.scanf>
00F711CB | 8B8D 5CFFFFFF | mov ecx,dword ptr ss:[ebp-0xA4] //x
00F711D1 | 83C4 40 | add esp,0x40
00F711D4 | 8B85 58FFFFFF | mov eax,dword ptr ss:[ebp-0xA8] //y
00F711DA | 8D1448 | lea edx,dword ptr ds:[eax+ecx*2] //x*2+y
00F711DD | 8B85 54FFFFFF | mov eax,dword ptr ss:[ebp-0xAC] //z
00F711E3 | 03D1 | add edx,ecx //(x*2+y)+x
00F711E5 | 8D0490 | lea eax,dword ptr ds:[eax+edx*4] // ((x*2+y)+x)*4+z
00F711E8 | FFB485 64FFFFFF | push dword ptr ss:[ebp+eax*4-0x9C] |
00F711EF | 68 B0C1FB00 | push array.FBC1B0 | FBC1B0:"%d"
00F711F4 | E8 E7000000 | call <array.printf> |
三维数组 type a[L][M][N],x,y,z作为下标
a+x*sizeof(type[M][N])+y*sizeof(type [N])+z*sizeof(type)
=a+x*M*N*sizeof(type)+y*N*sizeof(type)+z*sizeof(type)
=a+(x*M*N+y*N+z)*sizeof(type) -->debbug下
=a+( (x*M+y)*N + z )*sizeof(type) -->release下优化
- 指针数组
数组元素为指针
release
// 指针数组
char * pBuff[3] = {
"Hello ",
"World ",
"!\r\n"
};
for (int i = 0; i < 3; i++) {
printf(pBuff[i]);
}
00F711FC | C745 D0 D4C1FB0 | mov dword ptr ss:[ebp-0x30],array.FBC1D4 | array.cpp:126, FBC1D4:"Hello "
00F71203 | C745 D4 DCC1FB0 | mov dword ptr ss:[ebp-0x2C],array.FBC1DC | array.cpp:127, FBC1DC:"World "
00F7120A | 33F6 | xor esi,esi | esi:__argc
00F7120C | C745 D8 E4C1FB0 | mov dword ptr ss:[ebp-0x28],array.FBC1E4 | array.cpp:128, [ebp-28]:_iob+70, FBC1E4:"!\r\n"
00F71213 | FF74B5 D0 | push dword ptr ss:[ebp+esi*4-0x30] | array.cpp:131
00F71217 | E8 C4000000 | call <array.printf> |
00F7121C | 46 | inc esi | esi:__argc
00F7121D | 83C4 04 | add esp,0x4 |
00F71220 | 83FE 03 | cmp esi,0x3 | esi:__argc
00F71223 | 7C EE | jl array.F71213 |
- 数组指针
指向数组的指针,是指针。
release
// 数组指针
char (*pArray)[10] = cArray;
for (int i = 0; i < 3; i++)
{
printf(*pArray);
pArray++;
}
00F71296 | 8D75 DC | lea esi,dword ptr ss:[ebp-0x24] //取数组首地址 ,esi相当于数组指针。
00F71299 | BF 03000000 | mov edi,0x3
00F7129E | 66:90 | nop
00F712A0 | 56 | push esi
00F712A1 | E8 3A000000 | call <array.printf>
00F712A6 | 83C4 04 | add esp,0x4
00F712A9 | 83C6 0A | add esi,0xA //指针++
00F712AC | 83EF 01 | sub edi,0x1
00F712AF | 75 EF | jne array.F712A0
- 函数指针
166: int (__stdcall *pShow)(int) = Show;
000A1102 C7 85 B4 FE FF FF 6C 12 09 00 mov dword ptr [pShow],offset Show (09126Ch)
167: int nRet = pShow(5);
000A110C 8B F4 mov esi,esp
000A110E 6A 05 push 5
000A1110 FF 95 B4 FE FF FF call dword ptr [pShow]
000A1116 3B F4 cmp esi,esp
000A1118 E8 C0 21 FF FF call __RTC_CheckEsp (0932DDh)
000A111D 89 85 A8 FE FF FF mov dword ptr [nRet],eax
168: printf("ret = %d \r\n", nRet);
000A1123 8B 85 A8 FE FF FF mov eax,dword ptr [nRet]
000A1129 50 push eax
000A112A 68 50 AF 14 00 push offset string "ret = %d \r\n" (014AF50h)
000A112F E8 3B 03 FF FF call _printf (09146Fh)
000A1134 83 C4 08 add esp,8
169: }
最新文章
- 10款免费的响应式 WordPress 主题下载
- Linux驱动开发 -- 打开dev_dbg()
- Android面试题(文章内容来自他人博客)
- PHP中字符串补齐为定长
- sql server从一个数据库复制一个表到另一个数据库的方法
- Delphi Math里的基本函数,以及浮点数比较函数(转)
- nginx的环境配置的问题
- 第三次C语言作业
- iOS解决UITableView中Cell重用带来的问题
- C语言博客作业04——数组
- SQLI DUMB SERIES-20
- asp.net处理事件
- [SDOI2010]大陆争霸
- JS实现input中输入数字,控制每四位加一个空格(银行卡号格式)
- nginx实现nginx/tomcat负载均衡
- Arbiter
- Unity光照与渲染设置学习笔记
- sql语句执行出错:Incorrect integer value: '' for column 'id' at row 1
- Java中的容器类(List,Set,Map,Queue)
- 简单的TCP接受在转发到客户端的套接口