64,654
社区成员
发帖
与我相关
我的任务
分享汇编语言还原为C++代码?
一.ida 5.0反编译的代码,均与键盘缓冲有关:
41AH 字 指向键盘缓冲区首址
41CH 字 指向键盘缓冲区尾址,当该值等于前一字的值时,说明缓冲区满。
41EH 32字节 循环键盘缓冲区,它保存键盘键入的字符,直到程序可以接收这些字符为止,前两个字指向此缓冲区的当前是首和尾。
43EH 字节 表示磁盘驱动器的搜索状态,0-3位分别对应于驱动器。如果这些位中有一位为0,则表示在搜索磁道之前,必须重新校准相应的驱动器。位4-6未使用,位7为中断标志位,为1表示中断发生。
; Attributes: bp-based frame
public ClearKeyboard(void)
ClearKeyboard(void) proc far
var_8= dword ptr -8
var_4= dword ptr -4
enter 8, 0
mov [bp+var_4], 41Ah ; <suspicious>
mov [bp+var_8], 41Ch ; <suspicious>
les bx, [bp+var_4]
mov word ptr es:[bx], 1Eh
les bx, [bp+var_8]
mov word ptr es:[bx], 1Eh
leave
retf
ClearKeyboard(void) endp
我还原的代码?但还是不行...
void ClearKeyboard(void)
{
long int x,y;
asm{
mov word ptr x, 41Ah
mov word ptr y, 41Ch
les bx, x
mov word ptr es:[bx], 1Eh
les bx, y
mov word ptr es:[bx], 1Eh
}
}
以上能编译通过
二.ida 5.0反编译的代码,均与键盘缓冲有关:
; Attributes: bp-based frame
; int __cdecl far AddKeyboardString(char far *s)
public AddKeyboardString(signed char *)
AddKeyboardString(signed char *) proc far
var_2= word ptr -2
s= dword ptr 6
enter 2, 0
push si
push word ptr [bp+s+2]
push word ptr [bp+s] ; s
call __fstrlen
add sp, 4
mov [bp+var_2], ax
xor si, si
jmp short loc_1066C
loc_1065B:
les bx, [bp+s]
add bx, si
mov al, es:[bx]
mov ah, 0
push ax
push cs
call near ptr AddKeyboard(int)
pop cx
inc si
loc_1066C:
cmp si, [bp+var_2]
jl short loc_1065B
pop si
leave
retf
AddKeyboardString(signed char *) end
; Attributes: bp-based frame
public AddKeyboard(int)
AddKeyboard(int) proc far
var_E= word ptr -0Eh
var_C= dword ptr -0Ch
var_8= dword ptr -8
var_4= dword ptr -4
arg_0= word ptr 6
enter 0Eh, 0
mov [bp+var_4], 41Ah ; <suspicious>
mov [bp+var_8], 41Ch ; <suspicious>
les bx, [bp+var_8]
mov ax, es:[bx]
add ax, 400h ; <suspicious>
movsx eax, ax
shld edx, eax, 10h
mov word ptr [bp+var_C+2], dx
mov word ptr [bp+var_C], ax
les bx, [bp+var_8]
mov cx, es:[bx]
les bx, [bp+var_4]
mov ax, es:[bx]
mov [bp+var_E], ax
cmp cx, 3Dh ; '=' ; <suspicious>
jl short loc_1061E
mov cx, 1Eh
mov ax, cx
add ax, 400h ; <suspicious>
movsx eax, ax
mov [bp+var_C], eax
loc_1061E:
add cx, 2
cmp cx, 3Dh ; '=' ; <suspicious>
jl short loc_10629
mov cx, 1Eh
loc_10629:
cmp cx, [bp+var_E]
jnz short loc_1063
jmp short locret_1063
loc_10630:
les bx, [bp+var_C]
mov ax, [bp+arg_0]
mov es:[bx], ax
les bx, [bp+var_8]
mov es:[bx], cx
locret_1063F:
leave
retf
AddKeyboard(int) endp
我正还原的代码部分:
int __cdecl far AddKeyboardString(char far *s) {
//var_2= word ptr -2
//s= dword ptr 6
int var_2;
var_2=_fstrlen(s);
asm {
push word ptr [bp+s+2]
push word ptr [bp+s]
//call __fstrlen
add sp, 4
mov word ptr var_2, ax
xor si, si
jmp short loc_1066C
}
loc_1065B:
asm {
les bx, [bp+s]
add bx, si
mov al, es:[bx]
mov ah, 0
push ax
push cs
call near ptr AddKeyboard(int)
pop cx
inc si
}
loc_1066C:
asm {
cmp si, word ptr var_2
jl short loc_1065B
}
}
void AddKeyboard(int)
{
//var_E= word ptr -0Eh
//var_C= dword ptr -0Ch
//var_8= dword ptr -8
//var_4= dword ptr -4
//arg_0= word ptr 6
long int var_4,var_8,var_C;
int var_E;
//enter 0Eh, 0
asm {
mov word ptr var_4, 41Ah
mov word ptr var_8, 41Ch
les bx, word ptr var_8
mov ax, es:[bx]
add ax, 400h
movsx eax, ax
shld edx, eax, 10h
mov word ptr var_C+2, dx
mov word ptr var_C, ax
les bx, word ptr var_8
mov cx, es:[bx]
les bx, word ptr var_4
mov ax, es:[bx]
mov word ptr var_E, ax
cmp cx, 3Dh // '='
jl short loc_1061E
mov cx, 1Eh
mov ax, cx
add ax, 400h
movsx eax, ax
mov word ptr var_C, eax
}
loc_1061E:
asm {
add cx, 2
cmp cx, 3Dh ; '=' ; <suspicious>
jl short loc_10629
mov cx, 1Eh
}
loc_10629:
asm {
cmp cx, [bp+var_E]
jnz short loc_1063
jmp short locret_1063
}
loc_10630:
asm {
les bx, [bp+var_C]
mov ax, [bp+arg_0]
mov es:[bx], ax
les bx, [bp+var_8]
mov es:[bx], cx
}
locret_1063F:
asm {
leave
}
}
41AH 字 指向键盘缓冲区首址
41CH 字 指向键盘缓冲区尾址,当该值等于前一字的值时,说明缓冲区满。
41EH 32字节 循环键盘缓冲区,它保存键盘键入的字符,直到程序可以接收这些字符为止,前两个字指向此缓冲区的当前是首和尾。
43EH 字节 表示磁盘驱动器的搜索状态,0-3位分别对应于驱动器。如果这些位中有一位为0,则表示在搜索磁道之前,必须重新校准相应的驱动器。位4-6未使用,位7为中断标志位,为1表示中断发生。
; Attributes: bp-based frame
public ClearKeyboard(void)
ClearKeyboard(void) proc far
var_8= dword ptr -8
var_4= dword ptr -4
enter 8, 0
mov [bp+var_4], 41Ah ; <suspicious>
mov [bp+var_8], 41Ch ; <suspicious>
les bx, [bp+var_4]
mov word ptr es:[bx], 1Eh
les bx, [bp+var_8]
mov word ptr es:[bx], 1Eh
leave
retf
ClearKeyboard(void) endp
我还原的代码?但还是不行...
void ClearKeyboard(void)
{
long int x,y;
asm{
mov word ptr x, 41Ah
mov word ptr y, 41Ch
les bx, x
mov word ptr es:[bx], 1Eh
les bx, y
mov word ptr es:[bx], 1Eh
}
}
以上能编译通过
二.ida 5.0反编译的代码,均与键盘缓冲有关:
; Attributes: bp-based frame
; int __cdecl far AddKeyboardString(char far *s)
public AddKeyboardString(signed char *)
AddKeyboardString(signed char *) proc far
var_2= word ptr -2
s= dword ptr 6
enter 2, 0
push si
push word ptr [bp+s+2]
push word ptr [bp+s] ; s
call __fstrlen
add sp, 4
mov [bp+var_2], ax
xor si, si
jmp short loc_1066C
loc_1065B:
les bx, [bp+s]
add bx, si
mov al, es:[bx]
mov ah, 0
push ax
push cs
call near ptr AddKeyboard(int)
pop cx
inc si
loc_1066C:
cmp si, [bp+var_2]
jl short loc_1065B
pop si
leave
retf
AddKeyboardString(signed char *) end
; Attributes: bp-based frame
public AddKeyboard(int)
AddKeyboard(int) proc far
var_E= word ptr -0Eh
var_C= dword ptr -0Ch
var_8= dword ptr -8
var_4= dword ptr -4
arg_0= word ptr 6
enter 0Eh, 0
mov [bp+var_4], 41Ah ; <suspicious>
mov [bp+var_8], 41Ch ; <suspicious>
les bx, [bp+var_8]
mov ax, es:[bx]
add ax, 400h ; <suspicious>
movsx eax, ax
shld edx, eax, 10h
mov word ptr [bp+var_C+2], dx
mov word ptr [bp+var_C], ax
les bx, [bp+var_8]
mov cx, es:[bx]
les bx, [bp+var_4]
mov ax, es:[bx]
mov [bp+var_E], ax
cmp cx, 3Dh ; '=' ; <suspicious>
jl short loc_1061E
mov cx, 1Eh
mov ax, cx
add ax, 400h ; <suspicious>
movsx eax, ax
mov [bp+var_C], eax
loc_1061E:
add cx, 2
cmp cx, 3Dh ; '=' ; <suspicious>
jl short loc_10629
mov cx, 1Eh
loc_10629:
cmp cx, [bp+var_E]
jnz short loc_1063
jmp short locret_1063
loc_10630:
les bx, [bp+var_C]
mov ax, [bp+arg_0]
mov es:[bx], ax
les bx, [bp+var_8]
mov es:[bx], cx
locret_1063F:
leave
retf
AddKeyboard(int) endp
我正还原的代码部分:
int __cdecl far AddKeyboardString(char far *s) {
//var_2= word ptr -2
//s= dword ptr 6
int var_2;
var_2=_fstrlen(s);
asm {
push word ptr [bp+s+2]
push word ptr [bp+s]
//call __fstrlen
add sp, 4
mov word ptr var_2, ax
xor si, si
jmp short loc_1066C
}
loc_1065B:
asm {
les bx, [bp+s]
add bx, si
mov al, es:[bx]
mov ah, 0
push ax
push cs
call near ptr AddKeyboard(int)
pop cx
inc si
}
loc_1066C:
asm {
cmp si, word ptr var_2
jl short loc_1065B
}
}
void AddKeyboard(int)
{
//var_E= word ptr -0Eh
//var_C= dword ptr -0Ch
//var_8= dword ptr -8
//var_4= dword ptr -4
//arg_0= word ptr 6
long int var_4,var_8,var_C;
int var_E;
//enter 0Eh, 0
asm {
mov word ptr var_4, 41Ah
mov word ptr var_8, 41Ch
les bx, word ptr var_8
mov ax, es:[bx]
add ax, 400h
movsx eax, ax
shld edx, eax, 10h
mov word ptr var_C+2, dx
mov word ptr var_C, ax
les bx, word ptr var_8
mov cx, es:[bx]
les bx, word ptr var_4
mov ax, es:[bx]
mov word ptr var_E, ax
cmp cx, 3Dh // '='
jl short loc_1061E
mov cx, 1Eh
mov ax, cx
add ax, 400h
movsx eax, ax
mov word ptr var_C, eax
}
loc_1061E:
asm {
add cx, 2
cmp cx, 3Dh ; '=' ; <suspicious>
jl short loc_10629
mov cx, 1Eh
}
loc_10629:
asm {
cmp cx, [bp+var_E]
jnz short loc_1063
jmp short locret_1063
}
loc_10630:
asm {
les bx, [bp+var_C]
mov ax, [bp+arg_0]
mov es:[bx], ax
les bx, [bp+var_8]
mov es:[bx], cx
}
locret_1063F:
asm {
leave
}
}
...全文
请发表友善的回复…
发表回复
