修改c语言编写的exe逆向,[分享]C语言逆向小笔记[错误修正]

今天晚上做的，文字就不写了，没什么技术含量，免得被人拍砖，源代码和反汇编代码附上

lea     ebx, [esp+38h+var_28]

lea     edi, [esp+38h+var_20]   这两处应该是ESP+38代表了一个堆栈地址，+28H应该是代表了这个地址的起始大小，下面那个add     ebx, 2   和add     edi, 8是它们的内容+2和 +8

这两个寄存器里面存放的是Address，所以是地址+2和+8

// C语言数组.cpp : Defines the entry point for the console application.

//

#include "stdafx.h"

#define size 4

int main(int argc, char* argv[])

{

short date[size]; //definition one short type Array

short *ptr; //definition one short type pointer

short index;

double bills[size];

double *ptf;

ptr=date;

ptf=bills;

printf("%23s %10s\n","short","double");

for(index=0;index

printf("pointer +%d: %10p %10p\n",index,ptr+index,ptf+index);

return 0;

}

反汇编代码.text:00401000 83 EC 28 sub esp, 28h ; ESP=128,ESP-28=100

.text:00401003 53 push ebx ; ESP-4,100-4=96

.text:00401004 55 push ebp ; ESP-8,100-8=92

.text:00401005 56 push esi ; ESP-C,100-C=88

.text:00401006 57 push edi ; ESP-F,100-F=84

.text:00401007 68 5C 70 40 00 push offset aDouble ; "double"

.text:0040100C 68 54 70 40 00 push offset aShort ; "short"

.text:00401011 68 48 70 40 00 push offset a23s10s ; "%23s %10s\n"

.text:00401016 E8 45 00 00 00 call printf

.text:0040101B 83 C4 0C add esp, 0Ch ; renew wareroom，72+12=84，now wareroom originate address be EDI pointer of address

.text:0040101E 33 F6 xor esi, esi ; esi zero

.text:00401020 8D 5C 24 10 lea ebx, [esp+38h+var_28] ; Load ESP+38h+28,This We Can Conceive Is Load ESP+38 of Store Address，at+28 Of Offset Address

.text:00401024 8D 7C 24 18 lea edi, [esp+38h+var_20] ; Load ESP+38H+20，This Me Can Conceive Is Load ESP+38 Of AnotherSide Address，Endure Look Next

.text:00401028 BD 04 00 00 00 mov ebp, 4 ; EBP Load Constant 4

.text:0040102D

.text:0040102D loc_40102D: ; CODE XREF: _main+45j

.text:0040102D 57 push edi ; EDI Enter Corral ESP-4，84-4=80

.text:0040102E 53 push ebx ; EBX Enter Corral ESP-8， 84-8=76

.text:0040102F 56 push esi ; ESI Enter Corral ESP-C，84-C=72

.text:00401030 68 30 70 40 00 push offset aPointerD10p10p ; "pointer +%d: %10p %10p\n"

.text:00401035 E8 26 00 00 00 call printf ; CALL Printf Function

.text:0040103A 83 C4 10 add esp, 10h ; Resume Corral

.text:0040103D 46 inc esi ; Inc ESI ESI Now Is ESI+1

.text:0040103E 83 C7 08 add edi, 8 ; Just Is Use Lea Load Into EDI Address，Add EDI+8 Equal EDI Address+8

.text:00401041 83 C3 02 add ebx, 2 ; Ditto

.text:00401044 4D dec ebp ; Ebp-1

.text:00401045 75 E6 jnz short loc_40102D ; Unknown Not Learned How This

.text:00401047 5F pop edi

.text:00401048 5E pop esi

.text:00401049 5D pop ebp

上传的附件：

C语言数组.zip

(326.18kb，34次下载)