C++源代码如下
#include "windows.h"
size_t strlen_a(const char * str);
void main(){
char aaa[15] = "abcdef";
int a = strlen_a(aaa);
int b = a;
}
size_t strlen_a(const char * str) {
size_t length = 0 ;
while (*str++ )
++ length;
return length;
}
重点研究strlen_a函数的逆向
OD逆向:
00401080 /> \55 PUSH EBP
00401081 |. 8BEC MOV EBP,ESP
00401083 |. 83EC 44 SUB ESP,44
00401086 |. 53 PUSH EBX
00401087 |. 56 PUSH ESI
00401088 |. 57 PUSH EDI
00401089 |. 8D7D BC LEA EDI,DWORD PTR SS:[EBP-44]
0040108C |. B9 11000000 MOV ECX,11
00401091 |. B8 CCCCCCCC MOV EAX,CCCCCCCC
00401096 |. F3:AB REP STOS DWORD PTR ES:[EDI]
00401098 |. C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0040109F |> 8B45 08 /MOV EAX,DWORD PTR SS:[EBP+8]
004010A2 |. 0FBE08 |MOVSX ECX,BYTE PTR DS:[EAX]
004010A5 |. 8B55 08 |MOV EDX,DWORD PTR SS:[EBP+8]
004010A8 |. 83C2 01 |ADD EDX,1
004010AB |. 8955 08 |MOV DWORD PTR SS:[EBP+8],EDX
004010AE |. 85C9 |TEST ECX,ECX
004010B0 |. 74 0B |JE SHORT temp.004010BD
004010B2 |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
004010B5 |. 83C0 01 |ADD EAX,1
004010B8 |. 8945 FC |MOV DWORD PTR SS:[EBP-4],EAX
004010BB |.^ EB E2 \JMP SHORT temp.0040109F
004010BD |> 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
004010C0 |. 5F POP EDI
004010C1 |. 5E POP ESI
004010C2 |. 5B POP EBX
004010C3 |. 8BE5 MOV ESP,EBP
004010C5 |. 5D POP EBP
004010C6 \. C3 RETN
IDA5.2逆向:
.text:00401080 strlen_a proc near ; CODE XREF: j_strlen_a j
.text:00401080
.text:00401080 var_44 = byte ptr -44h
.text:00401080 var_4 = dword ptr -4
.text:00401080 arg_0 = dword ptr 8
.text:00401080
.text:00401080 push ebp
.text:00401081 mov ebp, esp
.text:00401083 sub esp, 44h
.text:00401086 push ebx
.text:00401087 push esi
.text:00401088 push edi
.text:00401089 lea edi, [ebp+var_44]
.text:0040108C mov ecx, 11h
.text:00401091 mov eax, 0CCCCCCCCh
.text:00401096 rep stosd
.text:00401098 mov [ebp+var_4], 0
.text:0040109F
.text:0040109F loc_40109F: ; CODE XREF: strlen_a+3B j
.text:0040109F mov eax, [ebp+arg_0]
.text:004010A2 movsx ecx, byte ptr [eax]
.text:004010A5 mov edx, [ebp+arg_0]
.text:004010A8 add edx, 1
.text:004010AB mov [ebp+arg_0], edx
.text:004010AE test ecx, ecx
.text:004010B0 jz short loc_4010BD
.text:004010B2 mov eax, [ebp+var_4]
.text:004010B5 add eax, 1
.text:004010B8 mov [ebp+var_4], eax
.text:004010BB jmp short loc_40109F
.text:004010BD ; ---------------------------------------------------------------------------
.text:004010BD
.text:004010BD loc_4010BD: ; CODE XREF: strlen_a+30 j
.text:004010BD mov eax, [ebp+var_4]
.text:004010C0 pop edi
.text:004010C1 pop esi
.text:004010C2 pop ebx
.text:004010C3 mov esp, ebp
.text:004010C5 pop ebp
.text:004010C6 retn
.text:004010C6 strlen_a endp
IDA5.2 F5自动分析:
int __cdecl strlen_a(int a1)
{
int v2; // ecx@2
int v3; // [sp+4Ch] [bp-4h]@1
v3 = 0;
while ( 1 )
{
v2 = *(_BYTE *)a1++;
if ( !v2 )
break;
++v3;
}
return v3;
}