以下是一段汇编代码:
mov edx, [ebp+var_10]
add edx, 74h
lea eax, [ebx+74h]
sub esp, 4
push 0CCh ; Size
push eax ; Src
push edx ; Dst
call _memcpy
mov al, [ebx+140h]
mov edx, [ebp+var_10]
mov [edx+140h], al
mov al, [ebx+141h]
mov [edx+141h], al
mov al, [ebx+142h]
mov [edx+142h], al
mov al, [ebx+143h]
mov [edx+143h], al
mov al, [ebx+144h]
mov [edx+144h], al
mov al, [ebx+145h]
mov [edx+145h], al
mov al, [ebx+146h]
mov [edx+146h], al
mov al, [ebx+147h]
mov [edx+147h], al
mov al, [ebx+148h]
mov [edx+148h], al
mov al, [ebx+149h]
mov [edx+149h], al
mov al, [ebx+14Ah]
mov [edx+14Ah], al
mov al, [ebx+14Bh]
mov [edx+14Bh], al
mov al, [ebx+14Ch]
mov [edx+14Ch], al
mov al, [ebx+14Dh]
mov [edx+14Dh], al
mov al, [ebx+14Eh]
mov [edx+14Eh], al
mov al, [ebx+14Fh]
mov [edx+14Fh], al
mov al, [ebx+150h]
mov [edx+150h], al
mov al, [ebx+151h]
mov [edx+151h], al
mov al, [ebx+152h]
mov [edx+152h], al
mov al, [ebx+153h]
mov [edx+153h], al
mov al, [ebx+154h]
mov [edx+154h], al
IDA75与IDA77都把以上代码翻译为:
memcpy((void *)(a3 + 116), (const void *)(v7 + 116), 0xE1u);实际上,原始代码要做的操作是:
memcpy(arg_8->_116, arg_0->_24._116, 204);
arg_8->_320 = arg_0->_24._320;
arg_8->_321 = arg_0->_24._321;
arg_8->_322 = arg_0->_24._322;
arg_8->_323 = arg_0->_24._323;
arg_8->_324 = arg_0->_24._324;
arg_8->_325 = arg_0->_24._325;
arg_8->_326 = arg_0->_24._326;
arg_8->_327 = arg_0->_24._327;
arg_8->_328 = arg_0->_24._328;
arg_8->_329 = arg_0->_24._329;
arg_8->_330 = arg_0->_24._330;
arg_8->_331 = arg_0->_24._331;
arg_8->_332 = arg_0->_24._332;
arg_8->_333 = arg_0->_24._333;
arg_8->_334 = arg_0->_24._334;
arg_8->_335 = arg_0->_24._335;
arg_8->_336 = arg_0->_24._336;
arg_8->_337 = arg_0->_24._337;
arg_8->_338 = arg_0->_24._338;
arg_8->_339 = arg_0->_24._339;
arg_8->_340 = arg_0->_24._340;
即是把一个结构变量的部分分量赋给另一个结构变量。
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
