asm source code note 1.10 nion 和 enum 的访问
发布日期:2021-06-30 22:06:04
浏览次数:2
分类:技术文章
本文共 3597 字,大约阅读时间需要 11 分钟。
//asm source code note 1.10 union 和 enum 的访问
//************************************************************ //* original c code //************************************************************ #include "stdafx.h" #include <windows.h> #include <stdlib.h> #include <stdio.h> typedef enum { enum_1 = 0x111, //搞个特殊的数, 容易看 enum_2, enum_3, }myenum; typedef struct { int a; int b; int c; }mystruct; typedef union { mystruct s; myenum e[3]; }myunion; int fn(int a, int b); int main(int argc, char* argv[]) { fn(1, 2); return 0; } int fn(int a, int b) { int i = 0; UCHAR buf[100] = {0}; myunion * uns = NULL; for(i = 0; i < 5; i++) { uns = (myunion *)(buf + sizeof(myunion) * i); uns->s.a = 0x666; uns->s.b = 0x777; uns->s.c = 0x888; uns->e[0] = enum_1; uns->e[1] = enum_2; uns->e[2] = enum_3; } return 0; } //************************************************************ //* asm code //************************************************************ /* memory image: addr(uns) = ebp - 0x6c; addr(buf[100]) = ebp - 0x68; addr(i) = ebp - 4; */ 37: 38: int fn(int a, int b) 39: { 00401070 push ebp 00401071 mov ebp,esp 00401073 sub esp,0ACh 00401079 push ebx 0040107A push esi 0040107B push edi 0040107C lea edi,[ebp-0ACh] 00401082 mov ecx,2Bh 00401087 mov eax,0CCCCCCCCh 0040108C rep stos dword ptr [edi] 40: int i = 0; 0040108E mov dword ptr [ebp-4],0 41: UCHAR buf[100] = {0}; //由于对Buf[0]赋值的原因(1Byte), 填充buf[100]的过程分成了3次(96Bytes, 2Bytes, 1Byte) 00401095 mov byte ptr [ebp-68h],0 00401099 mov ecx,18h 0040109E xor eax,eax 004010A0 lea edi,[ebp-67h] 004010A3 rep stos dword ptr [edi] 004010A5 stos word ptr [edi] 004010A7 stos byte ptr [edi] 42: myunion * uns = NULL; 004010A8 mov dword ptr [ebp-6Ch],0 43: 44: for(i = 0; i < 5; i++) 004010AF mov dword ptr [ebp-4],0 //i = 0; 004010B6 jmp fn+51h (004010c1) 004010B8 mov eax,dword ptr [ebp-4] 004010BB add eax,1 004010BE mov dword ptr [ebp-4],eax 004010C1 cmp dword ptr [ebp-4],5 004010C5 jge fn+0A0h (00401110) //if(i >= 5) break; 45: { 46: uns = (myunion *)(buf + sizeof(myunion) * i); 004010C7 mov ecx,dword ptr [ebp-4] 004010CA imul ecx,ecx,0Ch //ecx = i * 0xc;//算出在buf中union的偏移 004010CD lea edx,[ebp+ecx-68h] //当前union总偏移 = buf + ecx; 004010D1 mov dword ptr [ebp-6Ch],edx //更新当前uns 47: 48: uns->s.a = 0x666; 004010D4 mov eax,dword ptr [ebp-6Ch] 004010D7 mov dword ptr [eax],666h //给结构成员1赋值, 结构内偏移(ebp-6Ch + 0) 49: uns->s.b = 0x777; 004010DD mov ecx,dword ptr [ebp-6Ch] 004010E0 mov dword ptr [ecx+4],777h //给结构成员2赋值, 结构内偏移(ebp-6Ch + 4) 50: uns->s.c = 0x888; 004010E7 mov edx,dword ptr [ebp-6Ch] 004010EA mov dword ptr [edx+8],888h //给结构成员3赋值, 结构内偏移(ebp-6Ch + 8) 51: 52: uns->e[0] = enum_1; 004010F1 mov eax,dword ptr [ebp-6Ch] 004010F4 mov dword ptr [eax],111h //给结构成员1赋值, 结构内偏移(ebp-6Ch + 0) 53: uns->e[1] = enum_2; 004010FA mov ecx,dword ptr [ebp-6Ch] 004010FD mov dword ptr [ecx+4],112h //给结构成员2赋值, 结构内偏移(ebp-6Ch + 4) 54: uns->e[2] = enum_3; 00401104 mov edx,dword ptr [ebp-6Ch] 00401107 mov dword ptr [edx+8],113h //给结构成员3赋值, 结构内偏移(ebp-6Ch + 8) 55: } 0040110E jmp fn+48h (004010b8) 56: 57: return 0; 00401110 xor eax,eax 58: } 00401112 pop edi 00401113 pop esi 00401114 pop ebx 00401115 mov esp,ebp 00401117 pop ebp 00401118 ret //************************************************************ //* note //************************************************************ 指令功能说明: rep stos dword ptr [edi]; //[eax] copy to [edi], move counter is [ecx], operand is DWORD stos word ptr [edi]; //[eax] copy to [edi], move one time, operand is WORD stos byte ptr [edi]; //[eax] copy to [edi], move one time, operand is BYTE 单从asm代码无法看出是struct还是union, 在asm代码中都是操作的struct转载地址:https://lostspeed.blog.csdn.net/article/details/4634354 如侵犯您的版权,请留言回复原文章的地址,我们会给您删除此文章,给您带来不便请您谅解!
发表评论
最新留言
留言是一种美德,欢迎回访!
[***.207.175.100]2024年05月04日 12时15分36秒
关于作者
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!
-- 愿君每日到此一游!
推荐文章
Django + REST学习笔记
2019-04-30
【转载】将Ubuntu16.04 中gedit在仅显示一个文件时显示文件名tab
2019-04-30
fstream 对象多次使用时注意clear
2019-04-30
调试 LenaCV 3D Camera (Linux)
2019-04-30
OpenCV杂记 - Mat in C++
2019-04-30
lnmp部署
2019-04-30
location区段
2019-04-30
nginx访问控制、基于用户认证、https配置
2019-04-30
SaltStack
2019-04-30
linux内存的寻址方式
2019-04-30
ubunut16.04的pip3出现问题,重新安装pip3
2019-04-30
how2heap-double free
2019-04-30
how2heap-fastbin_dup_consolidate
2019-04-30
orw_shellcode_模板
2019-04-30
[fmt+shellcode]string
2019-04-30
fmt在bss段(neepusec_easy_format)
2019-04-30
白红宇的个人博客 - 记录点点滴滴的事 - 您是第 311185233 位访客
访问时间: 2024-05-05 20:39:36
访问IP: 3.146.105.137
Copyright © 2020 - 2023 blog.css8.cn 京ICP备2021015314号-1
手机版