C++反汇编->类,结构体,命名空间分析
首先来看类(class)的反汇编代码:
class name
{
public:
int i;
int j;
int add(int in1,int in2)
{
return in1+in2;
}
protected:
private:
};
void main()
{
name n;
n.i=10;
n.j=12;
std::cout<<n.add(n.i,n.j)<<std::endl;
system("pause");
}
主函数对应反汇编代码:
00401560 > > \55 PUSH EBP
00401561 . 8BEC MOV EBP,ESP
00401563 . 83EC 48 SUB ESP,48
00401566 . 53 PUSH EBX
00401567 . 56 PUSH ESI
00401568 . 57 PUSH EDI
00401569 . 8D7D B8 LEA EDI,DWORD PTR SS:[EBP-48]
0040156C . B9 12000000 MOV ECX,12
00401571 . B8 CCCCCCCC MOV EAX,CCCCCCCC
00401576 . F3:AB REP STOS DWORD PTR ES:[EDI]
00401578 . C745 F8 0A000>MOV DWORD PTR SS:[EBP-8],0A
0040157F . C745 FC 0C000>MOV DWORD PTR SS:[EBP-4],0C
00401586 . 68 C8104000 PUSH testcals.004010C8
0040158B . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0040158E . 50 PUSH EAX
0040158F . 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
00401592 . 51 PUSH ECX
00401593 . 8D4D F8 LEA ECX,DWORD PTR SS:[EBP-8]
00401596 . E8 59FCFFFF CALL testcals.004011F4 //执行add函数语句
0040159B . 50 PUSH EAX
0040159C . B9 A0DE4700 MOV ECX,OFFSET testcals.std::cout
004015A1 . E8 59FBFFFF CALL testcals.004010FF
004015A6 . 8BC8 MOV ECX,EAX
004015A8 . E8 33FCFFFF CALL testcals.004011E0
004015AD . 68 1C004700 PUSH OFFSET testcals.??_C@_05PBCN@pause?>; /pause
004015B2 . E8 D9EF0100 CALL testcals.system ; \system
004015B7 . 83C4 04 ADD ESP,4
004015BA . 5F POP EDI
004015BB . 5E POP ESI
004015BC . 5B POP EBX
004015BD . 83C4 48 ADD ESP,48
004015C0 . 3BEC CMP EBP,ESP
004015C2 . E8 D9F00100 CALL testcals.__chkesp
004015C7 . 8BE5 MOV ESP,EBP
004015C9 . 5D POP EBP
004015CA . C3 RETN
找到对应的语句如下:
004015F0 >/> \55 PUSH EBP ; add function
004015F1 |. 8BEC MOV EBP,ESP
004015F3 |. 83EC 44 SUB ESP,44
004015F6 |. 53 PUSH EBX
004015F7 |. 56 PUSH ESI
004015F8 |. 57 PUSH EDI
004015F9 |. 51 PUSH ECX
004015FA |. 8D7D BC LEA EDI,DWORD PTR SS:[EBP-44]
004015FD |. B9 11000000 MOV ECX,11
00401602 |. B8 CCCCCCCC MOV EAX,CCCCCCCC
00401607 |. F3:AB REP STOS DWORD PTR ES:[EDI]
00401609 |. 59 POP ECX
0040160A |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
0040160D |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00401610 |. 0345 0C ADD EAX,DWORD PTR SS:[EBP+C]
00401613 |. 5F POP EDI
00401614 |. 5E POP ESI
00401615 |. 5B POP EBX
00401616 |. 8BE5 MOV ESP,EBP
00401618 |. 5D POP EBP
00401619 \. C2 0800 RETN 8
2.namespace 命名:
namespace name
{
int i;
int j;
int add(int in1,int in2)
{
return in1+in2;
}
}
void main()
{
std::cout<<"tip1"<<std::endl;
name::i=10;
name::j=12;
std::cout<<name::add(name::i,name::j)<<std::endl;
system("pause");
}
对应的反汇编源码:
00401580 >/> \55 PUSH EBP
00401581 |. 8BEC MOV EBP,ESP
00401583 |. 83EC 40 SUB ESP,40
00401586 |. 53 PUSH EBX
00401587 |. 56 PUSH ESI
00401588 |. 57 PUSH EDI
00401589 |. 8D7D C0 LEA EDI,DWORD PTR SS:[EBP-40]
0040158C |. B9 10000000 MOV ECX,10
00401591 |. B8 CCCCCCCC MOV EAX,CCCCCCCC
00401596 |. F3:AB REP STOS DWORD PTR ES:[EDI]
00401598 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] ; 实现add函数
0040159B |. 0345 0C ADD EAX,DWORD PTR SS:[EBP+C]
0040159E |. 5F POP EDI
0040159F |. 5E POP ESI
004015A0 |. 5B POP EBX
004015A1 |. 8BE5 MOV ESP,EBP
004015A3 |. 5D POP EBP
004015A4 \. C3 RETN
004015A5 CC INT3
004015A6 CC INT3
004015A7 CC INT3
004015A8 CC INT3
004015A9 CC INT3
004015AA CC INT3
004015AB CC INT3
004015AC CC INT3
004015AD CC INT3
004015AE CC INT3
004015AF CC INT3
004015B0 > > 55 PUSH EBP
004015B1 . 8BEC MOV EBP,ESP
004015B3 . 83EC 40 SUB ESP,40
004015B6 . 53 PUSH EBX
004015B7 . 56 PUSH ESI
004015B8 . 57 PUSH EDI
004015B9 . 8D7D C0 LEA EDI,DWORD PTR SS:[EBP-40]
004015BC . B9 10000000 MOV ECX,10
004015C1 . B8 CCCCCCCC MOV EAX,CCCCCCCC
004015C6 . F3:AB REP STOS DWORD PTR ES:[EDI]
004015C8 . 68 C8104000 PUSH testname.004010C8
004015CD . 68 24004700 PUSH OFFSET testname.??_C@_04HPCL@tip1?$>; tip1
004015D2 . 68 A8DE4700 PUSH OFFSET testname.std::cout
004015D7 . E8 AEFCFFFF CALL testname.0040128A
004015DC . 83C4 08 ADD ESP,8
004015DF . 8BC8 MOV ECX,EAX
004015E1 . E8 FFFBFFFF CALL testname.004011E5
004015E6 . C705 F8DD4700>MOV DWORD PTR DS:[name::i],0A ; name::i赋值
004015F0 . C705 FCDD4700>MOV DWORD PTR DS:[name::j],0C ; name::j赋值
004015FA . 68 C8104000 PUSH testname.004010C8
004015FF . A1 FCDD4700 MOV EAX,DWORD PTR DS:[name::j] ; 寄存器存入 OA
00401604 . 50 PUSH EAX
00401605 . 8B0D F8DD4700 MOV ECX,DWORD PTR DS:[name::i] ; 寄存器存入 0C
0040160B . 51 PUSH ECX
0040160C . E8 84FBFFFF CALL testname.00401195 ; 执行 name::add函数
00401611 . 83C4 08 ADD ESP,8 ; 栈平衡
00401614 . 50 PUSH EAX ; 输出EAX寄存器
00401615 . B9 A8DE4700 MOV ECX,OFFSET testname.std::cout
0040161A . E8 E0FAFFFF CALL testname.004010FF
0040161F . 8BC8 MOV ECX,EAX
00401621 . E8 BFFBFFFF CALL testname.004011E5
00401626 . 68 1C004700 PUSH OFFSET testname.??_C@_05PBCN@pause?>; /pause
0040162B . E8 90F30100 CALL testname.system ; \system
00401630 . 83C4 04 ADD ESP,4
00401633 . 5F POP EDI
00401634 . 5E POP ESI
00401635 . 5B POP EBX
00401636 . 83C4 40 ADD ESP,40
00401639 . 3BEC CMP EBP,ESP
0040163B . E8 90F40100 CALL testname.__chkesp
00401640 . 8BE5 MOV ESP,EBP
00401642 . 5D POP EBP
00401643 . C3 RETN
3.struct代码:
struct name
{
int i;
int j;
int add(int in1,int in2)
{
return in1+in2;
}
};
void main()
{
std::cout<<"tips";
name n;
n.i=10;
n.j=12;
std::cout<<n.add(n.i,n.j)<<std::endl;
system("pause");
}
对应反汇编如下:
00401580 > > \55 PUSH EBP
00401581 . 8BEC MOV EBP,ESP
00401583 . 83EC 48 SUB ESP,48
00401586 . 53 PUSH EBX
00401587 . 56 PUSH ESI
00401588 . 57 PUSH EDI
00401589 . 8D7D B8 LEA EDI,DWORD PTR SS:[EBP-48]
0040158C . B9 12000000 MOV ECX,12
00401591 . B8 CCCCCCCC MOV EAX,CCCCCCCC
00401596 . F3:AB REP STOS DWORD PTR ES:[EDI]
00401598 . 68 24004700 PUSH OFFSET teststru.??_C@_04IPMF@tips?$>; tips
0040159D . 68 A0DE4700 PUSH OFFSET teststru.std::cout
004015A2 . E8 E3FCFFFF CALL teststru.0040128A
004015A7 . 83C4 08 ADD ESP,8
004015AA . C745 F8 0A000>MOV DWORD PTR SS:[EBP-8],0A
004015B1 . C745 FC 0C000>MOV DWORD PTR SS:[EBP-4],0C
004015B8 . 68 C8104000 PUSH teststru.004010C8
004015BD . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004015C0 . 50 PUSH EAX
004015C1 . 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8]
004015C4 . 51 PUSH ECX
004015C5 . 8D4D F8 LEA ECX,DWORD PTR SS:[EBP-8]
004015C8 . E8 27FCFFFF CALL teststru.004011F4
004015CD . 50 PUSH EAX
004015CE . B9 A0DE4700 MOV ECX,OFFSET teststru.std::cout
004015D3 . E8 27FBFFFF CALL teststru.004010FF
004015D8 . 8BC8 MOV ECX,EAX
004015DA . E8 01FCFFFF CALL teststru.004011E0
004015DF . 68 1C004700 PUSH OFFSET teststru.??_C@_05PBCN@pause?>; /pause
004015E4 . E8 C7F30100 CALL teststru.system ; \system
004015E9 . 83C4 04 ADD ESP,4
004015EC . 5F POP EDI
004015ED . 5E POP ESI
004015EE . 5B POP EBX
004015EF . 83C4 48 ADD ESP,48
004015F2 . 3BEC CMP EBP,ESP
004015F4 . E8 C7F40100 CALL teststru.__chkesp
004015F9 . 8BE5 MOV ESP,EBP
004015FB . 5D POP EBP
004015FC . C3 RETN
004015FD CC INT3
004015FE CC INT3
004015FF CC INT3
00401600 CC INT3
00401601 CC INT3
00401602 CC INT3
00401603 CC INT3
00401604 CC INT3
00401605 CC INT3
00401606 CC INT3
00401607 CC INT3
00401608 CC INT3
00401609 CC INT3
0040160A CC INT3
0040160B CC INT3
0040160C CC INT3
0040160D CC INT3
0040160E CC INT3
0040160F CC INT3
00401610 CC INT3
00401611 CC INT3
00401612 CC INT3
00401613 CC INT3
00401614 CC INT3
00401615 CC INT3
00401616 CC INT3
00401617 CC INT3
00401618 CC INT3
00401619 CC INT3
0040161A CC INT3
0040161B CC INT3
0040161C CC INT3
0040161D CC INT3
0040161E CC INT3
0040161F CC INT3
00401620 >/> 55 PUSH EBP ; struct实现函数位置
00401621 |. 8BEC MOV EBP,ESP
00401623 |. 83EC 44 SUB ESP,44
00401626 |. 53 PUSH EBX
00401627 |. 56 PUSH ESI
00401628 |. 57 PUSH EDI
00401629 |. 51 PUSH ECX
0040162A |. 8D7D BC LEA EDI,DWORD PTR SS:[EBP-44]
0040162D |. B9 11000000 MOV ECX,11
00401632 |. B8 CCCCCCCC MOV EAX,CCCCCCCC
00401637 |. F3:AB REP STOS DWORD PTR ES:[EDI]
00401639 |. 59 POP ECX
0040163A |. 894D FC MOV DWORD PTR SS:[EBP-4],ECX
0040163D |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00401640 |. 0345 0C ADD EAX,DWORD PTR SS:[EBP+C]
00401643 |. 5F POP EDI
00401644 |. 5E POP ESI
00401645 |. 5B POP EBX
00401646 |. 8BE5 MOV ESP,EBP
00401648 |. 5D POP EBP
00401649 \. C2 0800 RETN 8
小结:
1.命名空间定义的函数,在编译主函数之前,而类和结构体在主函数之后。
2.类和结构体内部公有函数反汇编源码一致,也印证了结构体内的函数与类里面的公有函数等效。
转载自:https://blog.csdn.net/sunboyiris/article/details/23552147