本文通过一份具体的C++代码示例,深入剖析了程序的基本结构和IDA生成的反汇编文件内容,包括代码段的详细属性及代码实现细节。
上篇日志在排版方面花费了很多时间,索性就不排版了。将注释用其他颜色表示。
C++代码: | C++代码 |
#include<iostream> | |
using namespace std; | |
int main() | int main() |
{ | { |
return 0; | return 0; |
} | } |
; +-------------------------------------------------------------------------+ | ; +-------------------------------------------------------------------------+ |
; | This file is generated by The Interactive Disassembler (IDA) | | ; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> | | ; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> | |
; | Licensed to: Mach EDV Dienstleistungen, Jan Mach, 1 user, adv, 11/2007 | | ; | Licensed to: Mach EDV Dienstleistungen, Jan Mach, 1 user, adv, 11/2007 | |
; +-------------------------------------------------------------------------+ | ; +-------------------------------------------------------------------------+ |
; | ; |
; Input MD5 : 42F80D9A9B9DC10CA601A96BB2A7BA52 | ; Input MD5 : 17178FC90D2A31A0E7D285EDE9FFD2D6 |
; File Name : G:/software/realempty/realempty.exe | ; File Name : G:/software/empty/empty.exe |
; Format : Portable executable for 80386 (PE) | ; Format : Portable executable for 80386 (PE) |
; Imagebase : 400000 | ; Imagebase : 400000 |
; Section 1. (virtual address 00001000) | ; Section 1. (virtual address 00001000) |
; Virtual size : 000060D4 ( 24788.) | ; Virtual size : 000060D4 ( 24788.) |
; Section size in file : 00007000 ( 28672.) | ; Section size in file : 00007000 ( 28672.) |
; Offset to raw data for section: 00001000 | ; Offset to raw data for section: 00001000 |
; Flags 60000020: Text Executable Readable | ; Flags 60000020: Text Executable Readable |
; Alignment : default | ; Alignment : default |
; OS type : MS Windows | ; OS type : MS Windows |
; Application type: Executable 32bit | ; Application type: Executable 32bit |
include uni.inc ; see unicode subdir of ida for info on unicode | include uni.inc ; see unicode subdir of ida for info on unicode |
.686p | .686p |
.mmx | .mmx |
.model flat | .model flat |
; Segment type: Pure code | ; Segment type: Pure code |
; Segment permissions: Read/Execute | ; Segment permissions: Read/Execute |
_text segment para public 'CODE' use32 | _text segment para public 'CODE' use32 |
assume cs:_text | assume cs:_text |
;org 401000h | ;org 401000h |
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing | assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing |
; Attributes: bp-based frame | ; Attributes: bp-based frame |
; int __cdecl main(int argc, const char **argv, const char *envp) | ; int __cdecl main(int argc, const char **argv, const char *envp) |
_main proc near | _main proc near |
argc= dword ptr 8 | argc= dword ptr 8 |
argv= dword ptr 0Ch | argv= dword ptr 0Ch |
envp= dword ptr 10h | envp= dword ptr 10h |
push ebp | push ebp |
mov ebp, esp | mov ebp, esp |
xor eax, eax | xor eax, eax |
pop ebp | pop ebp |
retn | retn |
_main endp | _main endp |
反思: | 可以发现上节的怀疑是没有意义的。主体部分只是和main(){}之内的函数有关 |
下步: | 增加cout函数 |
扫一扫
5919
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
