IDA反汇编

最新推荐文章于 2025-02-22 20:14:31 发布

原创最新推荐文章于 2025-02-22 20:14:31 发布 · 934 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#permissions #alignment #汇编 #assembly #file #input

本文档展示了使用IDA反汇编工具分析的Windows可执行文件。文件MD5为718F5252C7BEDF5580024E9DF6D10608，格式为PE，适用于80386架构。重点讨论了代码段的虚拟地址、大小、文件偏移、权限和对齐方式。反汇编的代码显示了一个简单的 MessageBoxA 调用，用于显示'Win32 Assembly is Great!'的消息框。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

; 赏屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
; ?    This file is generated by The Interactive Disassembler (IDA)        ?
; ?    Copyright (c) 2006 by DataRescue sa/nv, <ida@datarescue.com>        ?
; ?Licensed to: Paul Ashton - Blue Lane Technologies (1-user Advanced 03/2006) ?s
; 韧屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯?
;
; Input MD5   : 718F5252C7BEDF5580024E9DF6D10608

; File Name   : F:/反汇编/汇编/1_1.exe
; Format      : Portable executable for 80386 (PE)
; Imagebase   : 400000
; Section 1. (virtual address 00001000)
; Virtual size                  : 00000026 (     38.)
; Section size in file          : 00000200 (    512.)
; Offset to raw data for section: 00000400
; Flags 60000020: Text Executable Readable
; Alignment     : default

.686p
.mmx
.model flat

; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing

public start
start proc near
push    0               ; uType
push    offset Caption ; "Iczelion Tutorial No.2"
push    offset Text     ; "Win32 Assembly is Great!"
push    0               ; hWnd
call    MessageBoxA
push    0
call    $+5
jmp     ds:ExitProcess
start endp