backup
函数栈初始化
00B92340 push ebp
00B92341 mov ebp,esp
00B92343 sub esp,0E4h
00B92349 push ebx
00B9234A push esi
00B9234B push edi
00B9234C lea edi,[ebp-0E4h]
00B92352 mov ecx,39h
00B92357 mov eax,0CCCCCCCCh
00B9235C rep stos dword ptr es:[edi]
rep:执行后边的语句ecx遍
stosw:将eax值写入edi指向地址,
edi地址加4
If汇编对照
if (i > 0 && i < 1)
008749B5 cmp dword ptr [i],0
008749B9 jle disifelse+3Ch (08749CCh)
008749BB cmp dword ptr [i],1
008749BF jge disifelse+3Ch (08749CCh)
{
008749CA jmp disifelse+56h (08749E6h)
}
else if (i > 10)
008749CC cmp dword ptr [i],0Ah
008749D0 jle disifelse+4Dh (08749DDh)
{
008749D8 mov dword ptr [i],eax
}
else
008749DB jmp disifelse+56h (08749E6h)
{
008749DD nop
}
..........................................
CMP 条件
jle <下一个分支>
else if 和 else 开始处都有一个无条件跳转指令,阻止前面的分支结束后直接直接进入此分支
Switch汇编对照
Imm(,r0,r)
switch (c)
00343D35 mov eax,dword ptr [c]
00343D38 mov dword ptr [ebp-0D0h],eax
00343D3E cmp dword ptr [ebp-0D0h],0
00343D45 je diswitch+42h (0343D52h)
00343D47 cmp dword ptr [ebp-0D0h],1
00343D4E je diswitch+4Dh (0343D5Dh)
00343D50 jmp diswitch+56h (0343D66h)
{
case 0:
00343D52 nop
break;
00343D5B jmp diswitch+56h (0343D66h)
case 1:
00343D5D nop
break;
default:
break;
}
.....................................................
switch 不用于判断大小,所有都是je,分别跳转到每个case处,最后一个无条件跳转到default处
While循环汇编对照表
t = test-expr
if !t:
goto done
do ...while
while (_sum > 0)
013A3D05 cmp dword ptr [_sum],0
013A3D09 jle diswhile+36h (013A3D16h)
{
_sum--;
013A3D0B mov eax,dword ptr [_sum]
013A3D0E sub eax,1
013A3D11 mov dword ptr [_sum],eax
}
013A3D14 jmp diswhile+25h (013A3D05h)
.................................
A:CMP <循环变量>,<限制变量>
JLE <循环外>
(循环体)
Do-While循环汇编对照
Loop:
body_statement
t= test-expr
if t:
goto loop
do {
_sum++;
00971AB5 mov eax,dword ptr [_sum]
00971AB8 add eax,1
00971ABB mov dword ptr [_sum],eax
} while (_sum < 100);
00971ABE cmp dword ptr [_sum],64h
00971AC2 jl disdo+25h (0971AB5h)
......................................
(循环体)
CMP <循环变量>,<限制变量>
JL <循环起点>
For循环汇编对照
for init-expr;test-expr;update-expr:
body-statement
转换为while
init-expr
while test-expr:
body-statement
update-expr
for (int i = 0; i < 50; i++)
00B91AB5 mov dword ptr [ebp-14h],0
00B91ABC jmp disfor+37h (0B91AC7h)
00B91ABE mov eax,dword ptr [ebp-14h]
00B91AC1 add eax,1
00B91AC4 mov dword ptr [ebp-14h],eax
00B91AC7 cmp dword ptr [ebp-14h],32h
00B91ACB jge disfor+48h (0B91AD8h)
{
_sum += i;
00B91ACD mov eax,dword ptr [_sum]
00B91AD0 add eax,dword ptr [ebp-14h]
00B91AD3 mov dword ptr [_sum],eax
}
00B91AD6 jmp disfor+2Eh (0B91ABEh)
............................
MOV <循环变量>,<初始值>
JMP B
A:( 修改循环变量)
...
B: CMP <循环变量>,<限制变量>
jge (跳出循环)
循环体
JMP A