if分支和简单switch分支的还原

最新推荐文章于 2022-07-12 20:27:07 发布

LostSpeed

最新推荐文章于 2022-07-12 20:27:07 发布

阅读量866

点赞数

前言

简单switch分支 : case数量<=3
if 分支包括:
if
if -else
if -else if - else if - … - else
经过学习, 现在看if和switch分支, 还真是有点看到汇编代码就想到C代码的感觉^_^

Debug版

IDA笔记

.text:00401010 ; =============== S U B R O U T I N E =======================================
.text:00401010
.text:00401010 ; Attributes: bp-based frame
.text:00401010
.text:00401010 _main_0         proc near               ; CODE XREF: _mainj
.text:00401010
.text:00401010 var_44          = byte ptr -44h
.text:00401010 var_4           = dword ptr -4
.text:00401010 arg_0           = dword ptr  8
.text:00401010
.text:00401010                 push    ebp
.text:00401011                 mov     ebp, esp
.text:00401013                 sub     esp, 44h
.text:00401016                 push    ebx
.text:00401017                 push    esi
.text:00401018                 push    edi
.text:00401019                 lea     edi, [ebp+var_44]
.text:0040101C                 mov     ecx, 11h
.text:00401021                 mov     eax, 0CCCCCCCCh
.text:00401026                 rep stosd               ; {
.text:00401028                 cmp     [ebp+arg_0], 7
.text:0040102C                 jnz     short L_IF_END1 ; if (arg_0 == 7)
.text:0040102E                 push    offset STR_FMT_ARGC_EQU_7 ; "argc == 7\r\n"
.text:00401033                 call    _printf
.text:00401038                 add     esp, 4
.text:0040103B
.text:0040103B L_IF_END1:                              ; CODE XREF: _main_0+1Cj
.text:0040103B                 cmp     [ebp+arg_0], 7  ; if (arg_0 == 7)
.text:0040103F                 jnz     short L_IF_ELSE1 ; else {
.text:00401041                 push    offset STR_FMT_ARGC_EQU_7 ; "argc == 7\r\n"
.text:00401046                 call    _printf
.text:0040104B                 add     esp, 4
.text:0040104E                 jmp     short L_IF_BEGIN
.text:00401050 ; ---------------------------------------------------------------------------
.text:00401050
.text:00401050 L_IF_ELSE1:                             ; CODE XREF: _main_0+2Fj
.text:00401050                 push    offset STR_ARGC_NOT_EQU_7 ; else {
.text:00401055                 call    _printf
.text:0040105A                 add     esp, 4          ; }
.text:0040105D
.text:0040105D L_IF_BEGIN:                             ; CODE XREF: _main_0+3Ej
.text:0040105D                 cmp     [ebp+arg_0], 7
.text:00401061                 jnz     short ELSE_IF_8
.text:00401063                 push    offset STR_FMT_ARGC_EQU_7 ; "argc == 7\r\n"
.text:00401068                 call    _printf
.text:0040106D                 add     esp, 4
.text:00401070                 jmp     short ELSE_END1 ; switch (arg_0)
.text:00401072 ; ---------------------------------------------------------------------------
.text:00401072
.text:00401072 ELSE_IF_8:                              ; CODE XREF: _main_0+51j
.text:00401072                 cmp     [ebp+arg_0], 8
.text:00401076                 jnz     short ELSE_IF_9
.text:00401078                 push    offset STR_ARGC8 ; "argc == 8\r\n"
.text:0040107D                 call    _printf
.text:00401082                 add     esp, 4
.text:00401085                 jmp     short ELSE_END1 ; switch (arg_0)
.text:00401087 ; ---------------------------------------------------------------------------
.text:00401087
.text:00401087 ELSE_IF_9:                              ; CODE XREF: _main_0+66j
.text:00401087                 cmp     [ebp+arg_0], 9
.text:0040108B                 jnz     short ELSE_IF_10
.text:0040108D                 push    offset aArgc9   ; "argc == 9\r\n"
.text:00401092                 call    _printf
.text:00401097                 add     esp, 4
.text:0040109A                 jmp     short ELSE_END1 ; switch (arg_0)
.text:0040109C ; ---------------------------------------------------------------------------
.text:0040109C
.text:0040109C ELSE_IF_10:                             ; CODE XREF: _main_0+7Bj
.text:0040109C                 cmp     [ebp+arg_0], 0Ah
.text:004010A0                 jnz     short ELSE_
.text:004010A2                 push    offset aArgc10  ; "argc == 10\r\n"
.text:004010A7                 call    _printf
.text:004010AC                 add     esp, 4
.text:004010AF                 jmp     short ELSE_END1 ; switch (arg_0)
.text:004010B1 ; ---------------------------------------------------------------------------
.text:004010B1
.text:004010B1 ELSE_:                                  ; CODE XREF: _main_0+90j
.text:004010B1                 push    offset aOther   ; "other\r\n"
.text:004010B6                 call    _printf
.text:004010BB                 add     esp, 4
.text:004010BE
.text:004010BE ELSE_END1:                              ; CODE XREF: _main_0+60j
.text:004010BE                                         ; _main_0+75j ...
.text:004010BE                 mov     eax, [ebp+arg_0] ; switch (arg_0)
.text:004010C1                 mov     [ebp+var_4], eax
.text:004010C4                 cmp     [ebp+var_4], 1
.text:004010C8                 jz      short SWITCH_CASE1
.text:004010CA                 cmp     [ebp+var_4], 4
.text:004010CE                 jz      short SWITCH_CASE4
.text:004010D0                 cmp     [ebp+var_4], 8
.text:004010D4                 jz      short SWITCH_CASE8
.text:004010D6                 jmp     short SWITCH_DEFAULT
.text:004010D8 ; ---------------------------------------------------------------------------
.text:004010D8
.text:004010D8 SWITCH_CASE1:                           ; CODE XREF: _main_0+B8j
.text:004010D8                 push    offset STR_1    ; "argc == 1\r\n"
.text:004010DD                 call    _printf
.text:004010E2                 add     esp, 4
.text:004010E5                 jmp     short SWITCH_END
.text:004010E7 ; ---------------------------------------------------------------------------
.text:004010E7
.text:004010E7 SWITCH_CASE4:                           ; CODE XREF: _main_0+BEj
.text:004010E7                 push    offset STR_2    ; "argc == 4\r\n"
.text:004010EC                 call    _printf
.text:004010F1                 add     esp, 4
.text:004010F4
.text:004010F4 SWITCH_CASE8:                           ; CODE XREF: _main_0+C4j
.text:004010F4                 push    offset STR_ARGC8 ; "argc == 8\r\n"
.text:004010F9                 call    _printf
.text:004010FE                 add     esp, 4
.text:00401101                 jmp     short SWITCH_END
.text:00401103 ; ---------------------------------------------------------------------------
.text:00401103
.text:00401103 SWITCH_DEFAULT:                         ; CODE XREF: _main_0+C6j
.text:00401103                 push    offset STR_DEFAULT ; "default\r\n"
.text:00401108                 call    _printf
.text:0040110D                 add     esp, 4
.text:00401110
.text:00401110 SWITCH_END:                             ; CODE XREF: _main_0+D5j
.text:00401110                                         ; _main_0+F1j
.text:00401110                 push    offset STR_HELLO ; "Hello world!"
.text:00401115                 call    _printf
.text:0040111A                 add     esp, 4
.text:0040111D                 push    offset STR_HELLO ; "Hello world!"
.text:00401122                 call    _printf
.text:00401127                 add     esp, 4
.text:0040112A                 push    offset STR_HELLO ; "Hello world!"
.text:0040112F                 call    _printf
.text:00401134                 add     esp, 4
.text:00401137                 push    offset STR_HELLO ; "Hello world!"
.text:0040113C                 call    _printf
.text:00401141                 add     esp, 4
.text:00401144                 push    offset STR_HELLO ; "Hello world!"
.text:00401149                 call    _printf
.text:0040114E                 add     esp, 4
.text:00401151                 xor     eax, eax        ; }
.text:00401153                 pop     edi
.text:00401154                 pop     esi
.text:00401155                 pop     ebx
.text:00401156                 add     esp, 44h
.text:00401159                 cmp     ebp, esp
.text:0040115B                 call    __chkesp
.text:00401160                 mov     esp, ebp
.text:00401162                 pop     ebp
.text:00401163                 retn
.text:00401163 _main_0         endp
.text:00401163
.text:00401163 ; ---------------------------------------------------------------------------

Debug版的还原代码

// RE_Debug.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"

int main(int argc, char* argv[])
{
    if (7 == argc) {
        printf("argc == 7\r\n");
    }

    if (7 == argc) {
        printf("argc == 7\r\n");
    } else {
        printf("argc != 7\r\n");
    }

    if (7 == argc) {
        printf("argc == 7\r\n");
    } else if (8 == argc) {
        printf("argc == 8\r\n");
    } else if (9 == argc) {
        printf("argc == 9\r\n");
    } else if (10 == argc) {
        printf("argc == 10\r\n");
    } else {
        printf("other\r\n");
    }

    switch (argc) {
        case 1:
            printf("argc == 1\r\n");
            break;
        case 4:
            printf("argc == 4\r\n");
        case 8:
            printf("argc == 8\r\n");
            break;
        default:
            printf("default\r\n");
            break;
    }

    printf("Hello world!");
    printf("Hello world!");
    printf("Hello world!");
    printf("Hello world!");
    printf("Hello world!");

    return 0;
}