C++反汇编->类,结构体,命名空间分析

首先来看类(class)的反汇编代码:

class name
{
public:
	int i;
	int j;
    int add(int in1,int in2)
	{
		return in1+in2;
	}
protected:
private:
};

void main()
{
	name n;
	n.i=10;
	n.j=12;
	std::cout<<n.add(n.i,n.j)<<std::endl;
	system("pause");
}

主函数对应反汇编代码:

00401560 > > \55            PUSH EBP
00401561   .  8BEC          MOV EBP,ESP
00401563   .  83EC 48       SUB ESP,48
00401566   .  53            PUSH EBX
00401567   .  56            PUSH ESI
00401568   .  57            PUSH EDI
00401569   .  8D7D B8       LEA EDI,DWORD PTR SS:[EBP-48]
0040156C   .  B9 12000000   MOV ECX,12
00401571   .  B8 CCCCCCCC   MOV EAX,CCCCCCCC
00401576   .  F3:AB         REP STOS DWORD PTR ES:[EDI]
00401578   .  C745 F8 0A000>MOV DWORD PTR SS:[EBP-8],0A
0040157F   .  C745 FC 0C000>MOV DWORD PTR SS:[EBP-4],0C
00401586   .  68 C8104000   PUSH testcals.004010C8
0040158B   .  8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0040158E   .  50            PUSH EAX
0040158F   .  8B4D F8       MOV ECX,DWORD PTR SS:[EBP-8]
00401592   .  51            PUSH ECX
00401593   .  8D4D F8       LEA ECX,DWORD PTR SS:[EBP-8]
00401596   .  E8 59FCFFFF   CALL testcals.004011F4 //执行add函数语句
0040159B   .  50            PUSH EAX
0040159C   .  B9 A0DE4700   MOV ECX,OFFSET testcals.std::cout
004015A1   .  E8 59FBFFFF   CALL testcals.004010FF
004015A6   .  8BC8          MOV ECX,EAX
004015A8   .  E8 33FCFFFF   CALL testcals.004011E0
004015AD   .  68 1C004700   PUSH OFFSET testcals.??_C@_05PBCN@pause?>; /pause
004015B2   .  E8 D9EF0100   CALL testcals.system                     ; \system
004015B7   .  83C4 04       ADD ESP,4
004015BA   .  5F            POP EDI
004015BB   .  5E            POP ESI
004015BC   .  5B            POP EBX
004015BD   .  83C4 48       ADD ESP,48
004015C0   .  3BEC          CMP EBP,ESP
004015C2   .  E8 D9F00100   CALL testcals.__chkesp
004015C7   .  8BE5          MOV ESP,EBP
004015C9   .  5D            POP EBP
004015CA   .  C3            RETN

找到对应的语句如下:

004015F0 >/> \55            PUSH EBP                                 ;  add function
004015F1  |.  8BEC          MOV EBP,ESP
004015F3  |.  83EC 44       SUB ESP,44
004015F6  |.  53            PUSH EBX
004015F7  |.  56            PUSH ESI
004015F8  |.  57            PUSH EDI
004015F9  |.  51            PUSH ECX
004015FA  |.  8D7D BC       LEA EDI,DWORD PTR SS:[EBP-44]
004015FD  |.  B9 11000000   MOV ECX,11
00401602  |.  B8 CCCCCCCC   MOV EAX,CCCCCCCC
00401607  |.  F3:AB         REP STOS DWORD PTR ES:[EDI]
00401609  |.  59            POP ECX
0040160A  |.  894D FC       MOV DWORD PTR SS:[EBP-4],ECX
0040160D  |.  8B45 08       MOV EAX,DWORD PTR SS:[EBP+8]
00401610  |.  0345 0C       ADD EAX,DWORD PTR SS:[EBP+C]
00401613  |.  5F            POP EDI
00401614  |.  5E            POP ESI
00401615  |.  5B            POP EBX
00401616  |.  8BE5          MOV ESP,EBP
00401618  |.  5D            POP EBP
00401619  \.  C2 0800       RETN 8

2.namespace 命名:

namespace name
{
	int i;
	int j;
	int add(int in1,int in2)
	{
		return in1+in2;
	}
}
void main()
{
	std::cout<<"tip1"<<std::endl;
	name::i=10;
	name::j=12;
	std::cout<<name::add(name::i,name::j)<<std::endl;
    
	system("pause");
}

对应的反汇编源码:

00401580 >/> \55            PUSH EBP
00401581  |.  8BEC          MOV EBP,ESP
00401583  |.  83EC 40       SUB ESP,40
00401586  |.  53            PUSH EBX
00401587  |.  56            PUSH ESI
00401588  |.  57            PUSH EDI
00401589  |.  8D7D C0       LEA EDI,DWORD PTR SS:[EBP-40]
0040158C  |.  B9 10000000   MOV ECX,10
00401591  |.  B8 CCCCCCCC   MOV EAX,CCCCCCCC
00401596  |.  F3:AB         REP STOS DWORD PTR ES:[EDI]
00401598  |.  8B45 08       MOV EAX,DWORD PTR SS:[EBP+8]             ;  实现add函数
0040159B  |.  0345 0C       ADD EAX,DWORD PTR SS:[EBP+C]
0040159E  |.  5F            POP EDI
0040159F  |.  5E            POP ESI
004015A0  |.  5B            POP EBX
004015A1  |.  8BE5          MOV ESP,EBP
004015A3  |.  5D            POP EBP
004015A4  \.  C3            RETN
004015A5      CC            INT3
004015A6      CC            INT3
004015A7      CC            INT3
004015A8      CC            INT3
004015A9      CC            INT3
004015AA      CC            INT3
004015AB      CC            INT3
004015AC      CC            INT3
004015AD      CC            INT3
004015AE      CC            INT3
004015AF      CC            INT3
004015B0 > >  55            PUSH EBP
004015B1   .  8BEC          MOV EBP,ESP
004015B3   .  83EC 40       SUB ESP,40
004015B6   .  53            PUSH EBX
004015B7   .  56            PUSH ESI
004015B8   .  57            PUSH EDI
004015B9   .  8D7D C0       LEA EDI,DWORD PTR SS:[EBP-40]
004015BC   .  B9 10000000   MOV ECX,10
004015C1   .  B8 CCCCCCCC   MOV EAX,CCCCCCCC
004015C6   .  F3:AB         REP STOS DWORD PTR ES:[EDI]
004015C8   .  68 C8104000   PUSH testname.004010C8
004015CD   .  68 24004700   PUSH OFFSET testname.??_C@_04HPCL@tip1?$>;  tip1
004015D2   .  68 A8DE4700   PUSH OFFSET testname.std::cout
004015D7   .  E8 AEFCFFFF   CALL testname.0040128A
004015DC   .  83C4 08       ADD ESP,8
004015DF   .  8BC8          MOV ECX,EAX
004015E1   .  E8 FFFBFFFF   CALL testname.004011E5
004015E6   .  C705 F8DD4700>MOV DWORD PTR DS:[name::i],0A            ;  name::i赋值
004015F0   .  C705 FCDD4700>MOV DWORD PTR DS:[name::j],0C            ;  name::j赋值
004015FA   .  68 C8104000   PUSH testname.004010C8
004015FF   .  A1 FCDD4700   MOV EAX,DWORD PTR DS:[name::j]           ;  寄存器存入 OA
00401604   .  50            PUSH EAX
00401605   .  8B0D F8DD4700 MOV ECX,DWORD PTR DS:[name::i]           ;  寄存器存入 0C
0040160B   .  51            PUSH ECX
0040160C   .  E8 84FBFFFF   CALL testname.00401195                   ;  执行 name::add函数
00401611   .  83C4 08       ADD ESP,8                                ;  栈平衡
00401614   .  50            PUSH EAX                                 ;  输出EAX寄存器
00401615   .  B9 A8DE4700   MOV ECX,OFFSET testname.std::cout
0040161A   .  E8 E0FAFFFF   CALL testname.004010FF
0040161F   .  8BC8          MOV ECX,EAX
00401621   .  E8 BFFBFFFF   CALL testname.004011E5
00401626   .  68 1C004700   PUSH OFFSET testname.??_C@_05PBCN@pause?>; /pause
0040162B   .  E8 90F30100   CALL testname.system                     ; \system
00401630   .  83C4 04       ADD ESP,4
00401633   .  5F            POP EDI
00401634   .  5E            POP ESI
00401635   .  5B            POP EBX
00401636   .  83C4 40       ADD ESP,40
00401639   .  3BEC          CMP EBP,ESP
0040163B   .  E8 90F40100   CALL testname.__chkesp
00401640   .  8BE5          MOV ESP,EBP
00401642   .  5D            POP EBP
00401643   .  C3            RETN

3.struct代码:

struct name 
{
	int i;
	int j;
	int add(int in1,int in2)
	{
		return in1+in2;
	}
};

void main()
{
	std::cout<<"tips";
	name n;
	n.i=10;
	n.j=12;
	std::cout<<n.add(n.i,n.j)<<std::endl;
	system("pause");
}

对应反汇编如下:

00401580 > > \55            PUSH EBP
00401581   .  8BEC          MOV EBP,ESP
00401583   .  83EC 48       SUB ESP,48
00401586   .  53            PUSH EBX
00401587   .  56            PUSH ESI
00401588   .  57            PUSH EDI
00401589   .  8D7D B8       LEA EDI,DWORD PTR SS:[EBP-48]
0040158C   .  B9 12000000   MOV ECX,12
00401591   .  B8 CCCCCCCC   MOV EAX,CCCCCCCC
00401596   .  F3:AB         REP STOS DWORD PTR ES:[EDI]
00401598   .  68 24004700   PUSH OFFSET teststru.??_C@_04IPMF@tips?$>;  tips
0040159D   .  68 A0DE4700   PUSH OFFSET teststru.std::cout
004015A2   .  E8 E3FCFFFF   CALL teststru.0040128A
004015A7   .  83C4 08       ADD ESP,8
004015AA   .  C745 F8 0A000>MOV DWORD PTR SS:[EBP-8],0A
004015B1   .  C745 FC 0C000>MOV DWORD PTR SS:[EBP-4],0C
004015B8   .  68 C8104000   PUSH teststru.004010C8
004015BD   .  8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
004015C0   .  50            PUSH EAX
004015C1   .  8B4D F8       MOV ECX,DWORD PTR SS:[EBP-8]
004015C4   .  51            PUSH ECX
004015C5   .  8D4D F8       LEA ECX,DWORD PTR SS:[EBP-8]
004015C8   .  E8 27FCFFFF   CALL teststru.004011F4
004015CD   .  50            PUSH EAX
004015CE   .  B9 A0DE4700   MOV ECX,OFFSET teststru.std::cout
004015D3   .  E8 27FBFFFF   CALL teststru.004010FF
004015D8   .  8BC8          MOV ECX,EAX
004015DA   .  E8 01FCFFFF   CALL teststru.004011E0
004015DF   .  68 1C004700   PUSH OFFSET teststru.??_C@_05PBCN@pause?>; /pause
004015E4   .  E8 C7F30100   CALL teststru.system                     ; \system
004015E9   .  83C4 04       ADD ESP,4
004015EC   .  5F            POP EDI
004015ED   .  5E            POP ESI
004015EE   .  5B            POP EBX
004015EF   .  83C4 48       ADD ESP,48
004015F2   .  3BEC          CMP EBP,ESP
004015F4   .  E8 C7F40100   CALL teststru.__chkesp
004015F9   .  8BE5          MOV ESP,EBP
004015FB   .  5D            POP EBP
004015FC   .  C3            RETN
004015FD      CC            INT3
004015FE      CC            INT3
004015FF      CC            INT3
00401600      CC            INT3
00401601      CC            INT3
00401602      CC            INT3
00401603      CC            INT3
00401604      CC            INT3
00401605      CC            INT3
00401606      CC            INT3
00401607      CC            INT3
00401608      CC            INT3
00401609      CC            INT3
0040160A      CC            INT3
0040160B      CC            INT3
0040160C      CC            INT3
0040160D      CC            INT3
0040160E      CC            INT3
0040160F      CC            INT3
00401610      CC            INT3
00401611      CC            INT3
00401612      CC            INT3
00401613      CC            INT3
00401614      CC            INT3
00401615      CC            INT3
00401616      CC            INT3
00401617      CC            INT3
00401618      CC            INT3
00401619      CC            INT3
0040161A      CC            INT3
0040161B      CC            INT3
0040161C      CC            INT3
0040161D      CC            INT3
0040161E      CC            INT3
0040161F      CC            INT3
00401620 >/>  55            PUSH EBP                                 ;  struct实现函数位置
00401621  |.  8BEC          MOV EBP,ESP
00401623  |.  83EC 44       SUB ESP,44
00401626  |.  53            PUSH EBX
00401627  |.  56            PUSH ESI
00401628  |.  57            PUSH EDI
00401629  |.  51            PUSH ECX
0040162A  |.  8D7D BC       LEA EDI,DWORD PTR SS:[EBP-44]
0040162D  |.  B9 11000000   MOV ECX,11
00401632  |.  B8 CCCCCCCC   MOV EAX,CCCCCCCC
00401637  |.  F3:AB         REP STOS DWORD PTR ES:[EDI]
00401639  |.  59            POP ECX
0040163A  |.  894D FC       MOV DWORD PTR SS:[EBP-4],ECX
0040163D  |.  8B45 08       MOV EAX,DWORD PTR SS:[EBP+8]
00401640  |.  0345 0C       ADD EAX,DWORD PTR SS:[EBP+C]
00401643  |.  5F            POP EDI
00401644  |.  5E            POP ESI
00401645  |.  5B            POP EBX
00401646  |.  8BE5          MOV ESP,EBP
00401648  |.  5D            POP EBP
00401649  \.  C2 0800       RETN 8

小结:

1.命名空间定义的函数,在编译主函数之前,而类和结构体在主函数之后。

2.类和结构体内部公有函数反汇编源码一致,也印证了结构体内的函数与类里面的公有函数等效。

转载自:https://blog.csdn.net/sunboyiris/article/details/23552147

You may also like...