逆向学习笔记一

. iDea.

已于 2022-06-20 13:36:33 修改

阅读量428

点赞数

分类专栏：逆向文章标签：学习 c++ c语言

于 2022-06-19 02:17:20 首次发布

本文链接：https://blog.csdn.net/qq_46804551/article/details/125354021

版权

逆向专栏收录该内容

3 篇文章 0 订阅

订阅专栏

C语言概述

基础语法
指针

#include <stdio.h>
#include <string.h>
void add(int *a, int *b) {
	int temp = *a + *b;
	*a = temp;
}
int main() {
	int x = 10;
	int y = 20;
	add(&x,&y);
	printf("%d", x);
	return 0;
}
//结果30

fgets/fputs

#include <stdio.h>
#include <string.h>

int main() {
	char sz[50];
	fgets(sz,50,stdin);
	fputs(sz,stdout);
	return 0;
}

C预处理器

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
//定义预处理器
#define NUM(a, b, c) a+b+c

int main()
{
	int c = NUM(1, 2, 3);
	printf("%d",c);
}

链表

c++基础

#include <iostream>
int main() {
	//赋值新特性也可以用=
	int num{ 5 };
	std::cout << num << std::endl;
	//声明为常量
	const int num1=20;
	return 0;
}

#include <iostream>
//起别名
//typedef unsigned int uint32;
using uint32 = unsigned int;
int main() {
	
	uint32 num{ 9 };
	num = num << 3;
	std::cout << num << std::endl;

	return 0;
}

决策
if-else switch
循环
for while do-while

#include <iostream>
#include <vector>
int main() {
	std::vector<int>nNum;
	//往里添加元素
	nNum.push_back(10);
	//删除元素  pop_back()
	//清空元素
	nNum.clear();
	//初始化 std::vector<int>nNum(10,20);
	//初始化 std::vector<int>nNum{1,2,3,4,5,6,7};
	return 0;
}

命名空间

#include <iostream>
//命名空间
namespace MyName {
	const float pi{ 3.14 };
}

//全局声明
using namespace MyName;
using namespace std;
int main() {
	cout << pi << endl;
	return 0;
}

面向对象

#include <iostream>
class MyClass
{
public:
	int volume() {
		return Length * width * heigth;
	}

private:
	int Length{ 5 };
	int width{ 6 };
	int heigth{ 8 };
};

int main() {
	//创建类对象
	MyClass my;
	std::cout << my.volume() << std::endl;
}

汇编

用vs2017创建汇编程序项目

点击确定

然后点击应用确定

下载msam32 http://www.masm32.com/
在这里插入图片描述

在这里插入图片描述
添加新建项改后缀为.asm，就可以编写汇编语言了

hello word汇编程序

INCLUDELIB kernel32.lib
INCLUDELIB user32.lib
 
.386
.model flat,stdcall
 
MessageBoxA PROTO,
hwnd:DWORD,
lpText:DWORD,
lpCaption:DWORD,
uType:DWORD
 
ExitProcess PROTO,
dwExitCode:DWORD
 
.data
msg byte 'Hello,Assembly!'
 
.code
main Proc
	mov eax,offset msg
	push 0h
	push 0h
	push eax
	push 0h
	call MessageBoxA
	push 0h
	call ExitProcess
main endp
end main

在这里插入图片描述

这里记录一个坑点，我本来得用的vs2019但是搭建汇编环境死活有问题，最后换了vs2017一配置立马ok

三类：通用寄存器、专用寄存器、段寄存器

1.通用寄存器
数据寄存器:ax、bx、cx、dx
ax:作为累加器使用，是算术运算的主要寄存器
bx:可以作为通用寄存器，此外在计算储存地址时，它经常用作基址寄存器
cx:可以作为通用寄存器，此外在循环和串处理指令中作隐含的计数器
dx:可以作为通用寄存器，在作双字长运算时用来存放高位字

2.专用寄存器
IP:为指令指针寄存器，用来存放代码段中的偏移地址，在程序运行过程中，它始终指向下一条指令的首地址，它与cs寄存器联用确定下一条指令的物理地址
SP:为堆栈指针寄存器
PSW:程序状态字寄存器。由条件码标志、控制标志和系统标志构成

3.段寄存器
代码段CS:存放当前正在运行的程序
数据段DS:存放当前运行程序所用的数据
段栈段SS:定义来堆栈的所在区域。堆栈一种数据结构，它开辟了一个比较特殊的存储区，并以后进先出的方式来访问这一区域
附加段ES:是附加的数据段，它是一个辅助的数据区，也是串处理指令的目的操作数存放区

数据类型
在这里插入图片描述

offset

.586
.MODEL flat,stdcall
option casemap:none

include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib
.data
szStr db "my name is iDea",0
num dword 5
arrNum DWORD 0,1,2,3,4,5
var1 db ?
.code
main proc
	mov eax,offset arrNum + 4
	mov eax,[eax]
	mov eax,7
	add ebx,6
	sub eax,ebx
	call ExitProcess
	add esp,4
main ENDP
END main

jmp和loop
jmp

.586
.MODEL flat,stdcall
option casemap:none

include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib
.data

.code
main proc
	xor eax,eax
lp:
	inc eax
	jmp lp ;跳转到lp处继续执行
	push 0
	call ExitProcess
	add esp,4
main ENDP
END main

loop
可以规定循环次数

.586
.MODEL flat,stdcall
option casemap:none

include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib
.data

.code
main proc
	xor eax,eax
	mov ecx,10 ;规定执行的次数
lp:
	inc eax
	loop[ lp ;跳转到lp处继续执行
	push 0
	call ExitProcess
	add esp,4
main ENDP
END main

复制字符串

.586
.MODEL flat,stdcall
option casemap:none

include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib
.data
source byte "my name is iDea",0
target byte sizeof source dup(0)
.code
main proc
	mov esi,0
	mov ecx,sizeof source
lp:
	mov al,source[esi]
	mov target[esi],al
	inc esi
	loop lp
	push 0
	call ExitProcess
	add esp,4
main ENDP
END main

-栈、堆操作
栈：
先进后出

.586
.MODEL flat,stdcall
option casemap:none

include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib
.data
source byte "my name is iDea",0
sourcesize=($-source)-1 ;获取source字符串长度
.code
main proc
	mov ecx,sourcesize
	mov esi,0
l1:
	movzx eax,source[esi]
	push eax
	inc esi  ;inc 对指定操着数+1处理
	loop l1
	mov ecx,sourcesize
	mov esi,0
l2:
	pop eax
	mov source[esi],al
	inc esi
	loop l2
	push 0
	call ExitProcess
	add esp,4
main ENDP
END main

定义函数

addx proc uses esi ecx  ;定义函数
	add esi,ecx
	mov eax,esi
	ret  ;返回值
addx endp

main proc
	mov esi,5
	mov ecx,6
	push esi
	push ecx
	call addx
	INVOKE ExitProcess, 0
main ENDP

循环

main proc
	mov eax,o1
	mov eax,o2
	jnz L1 ;如果相等就向下执行，如果不相等就指定L1处
	mov x,1
	mov y,1
L1:
	push 0
	call  ExitProcess
	add exp,4
main ENDP
END main

main proc
	mov eax,o1
	mov eax,o2
	jnz L1
	mov x,1
	mov y,1
	jmp L2 ;执行完跳转到l2处
L1:
	mov x,2
	mov y,2
L2:
	push 0
	call  ExitProcess
	add exp,4
main ENDP
END main

条件控制
if

.586
.MODEL flat,stdcall
option casemap:none

include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib
.data
i dword 100
.code
main proc
	mov eax,101
	.if eax > i 
	inc eax
	.endif ;if条件结束标志
	push 0
	call ExitProcess
	add esp,4
main ENDP
END main

if-else

.586
.MODEL flat,stdcall
option casemap:none

include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib
.data
i dword 100
.code
main proc
	mov eax,101
	.if eax > i 
	inc eax
	.else
	dec eax
	.endif ;条件结束标志
	push 0
	call ExitProcess
	add esp,4
main ENDP
END main

if-elseif-else

.586
.MODEL flat,stdcall
option casemap:none

include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib
.data
i dword 100
.code
main proc
	mov eax,101
	.if eax > i 
	inc eax
	.elseif eax < i
	add eax,2
	.else
	dec eax
	.endif
	push 0
	call ExitProcess
	add esp,4
main ENDP
END main

while

.586
.MODEL flat,stdcall
option casemap:none

include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib
.data
i dword 102
.code
main proc
	mov eax,101
	.while eax < i  
	inc eax
	.endw ;条件结束标志
	push 0
	call ExitProcess
	add esp,4
main ENDP
END main

do…while

.586
.MODEL flat,stdcall
option casemap:none

include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib
.data
i dword 100
.code
main proc
	mov eax,101
	.repeat
	inc eax
	.until eax > 105
	push 0
	call ExitProcess
	add esp,4
main ENDP
END main

乘法

有符号 mul div
无符号 imul idiv

乘数bl bx ebx
被乘数 al ax eax

main proc
	mov al,5h
	mov bl,10h
	mul bl
	push 0
	call ExitProcess
	add esp,4
main ENDP

结构与宏
结构体：

.586
.MODEL flat,stdcall
option casemap:none

include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib

iDea struct  ;声明结构体
	sd1 dword ?
	sd2 dword ?
iDea ends

.data
	myiDea iDea <>
.code

main proc
	mov myiDea.sd1,1
	mov eax,myiDea.sd1
	push 0
	call ExitProcess
	add esp,4
main ENDP
END main

宏:

.586
.MODEL flat,stdcall
option casemap:none

include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib

iDea macro char;定义宏
	mov eax,char
endm

main proc
	iDea 9
	mov eax,eax
	push 0
	call ExitProcess
	add esp,4
main ENDP
END main