1.9w+
社区成员
4.1w+
社区内容
- 主页
一段字符串解码的反汇编代码,请高手帮忙解释一下,不甚感激!
以下是一段字符串解码的反汇编代码,通过调试,发现传递两个参数(char *b ,int a) 给函数 func
函数func中跳转到 JMP-1 这个解码部分返回解码的内容。 希望汇编高手帮忙看看,我最想知道
的就是那个JMP-1 到底做了些什么,如果高手能给出c的代码,那是跪地感谢了,如果能详细讲解
一下那个JMP-1每句话的意思,也是感激万分。拜托各位了!(问题解决,马上散分)
func(char *b,int a)
{
::10030A90:: 55 PUSH EBP
::10030A91:: 8BEC MOV EBP, ESP
::10030A93:: 83EC 08 SUB ESP, 8
::10030A96:: 53 PUSH EBX
::10030A97:: 56 PUSH ESI
::10030A98:: 57 PUSH EDI
::10030A99:: 8BF9 MOV EDI, ECX
::10030A9B:: 8B87 B0000000 MOV EAX, [EDI+B0]
::10030AA1:: 83F8 42 CMP EAX, 42
::10030AA4:: 897D F8 MOV [EBP-8], EDI
::10030AA7:: 74 29 JE SHORT 10030AD2 JMP-1
::10030AA9:: 83F8 4C CMP EAX, 4C
::10030AAC:: 75 6F JNZ SHORT 10030B1D JMP-2
::10030AAE:: 8B87 C0000000 MOV EAX, [EDI+C0]
::10030AB4:: 8B5D 0C MOV EBX, [EBP+C]
::10030AB7:: 8B75 08 MOV ESI, [EBP+8]
::10030ABA:: 50 PUSH EAX
::10030ABB:: E8 60FEFFFF CALL 10030920 CALL-1
::10030AC0:: 83C4 04 ADD ESP, 4
::10030AC3:: 8987 C0000000 MOV [EDI+C0], EAX
::10030AC9:: 5F POP EDI
::10030ACA:: 5E POP ESI
::10030ACB:: 5B POP EBX
::10030ACC:: 8BE5 MOV ESP, EBP
::10030ACE:: 5D POP EBP
::10030ACF:: C2 0800 RETN 8
}
---------------------------------------------------------------
JMP-1
{
::10030AD2:: 8B8F C0000000 MOV ECX, [EDI+C0]
::10030AD8:: 894D FC MOV [EBP-4], ECX
::10030ADB:: FC CLD
::10030ADC:: 8B7D 08 MOV EDI, [EBP+8]
::10030ADF:: 8B4D 0C MOV ECX, [EBP+C]
::10030AE2:: BE 6121BDE7 MOV ESI, E7BD2161
::10030AE7:: 8B45 FC MOV EAX, [EBP-4]
::10030AEA:: 8BFF MOV EDI, EDI
::10030AEC:: 51 PUSH ECX
::10030AED:: B9 20000000 MOV ECX, 20
::10030AF2:: 8BD8 MOV EBX, EAX
::10030AF4:: D1E0 SHL EAX, 1
::10030AF6:: 23DE AND EBX, ESI
::10030AF8:: 8BD3 MOV EDX, EBX
::10030AFA:: 0FCB BSWAP EBX
::10030AFC:: 66:33DA XOR BX, DX
::10030AFF:: 32FB XOR BH, BL
::10030B01:: 7A 01 JPE SHORT 10030B04
::10030B03:: 40 INC EAX
::10030B04:: 49 DEC ECX
::10030B05:: 75 EB JNZ SHORT 10030AF2
::10030B07:: 59 POP ECX
::10030B08:: 3007 XOR [EDI], AL
::10030B0A:: 47 INC EDI
::10030B0B:: 49 DEC ECX
::10030B0C:: 75 DE JNZ SHORT 10030AEC
::10030B0E:: 8945 FC MOV [EBP-4], EAX
::10030B11:: 8B55 FC MOV EDX, [EBP-4]
::10030B14:: 8B45 F8 MOV EAX, [EBP-8]
::10030B17:: 8990 C0000000 MOV [EAX+C0], EDX
::10030B1D:: 5F POP EDI
::10030B1E:: 5E POP ESI
::10030B1F:: 5B POP EBX
::10030B20:: 8BE5 MOV ESP, EBP
::10030B22:: 5D POP EBP
::10030B23:: C2 0800 RETN 8
}
---------------------------------------------------------------
JMP-2
{
::10030B1D:: 5F POP EDI
::10030B1E:: 5E POP ESI
::10030B1F:: 5B POP EBX
::10030B20:: 8BE5 MOV ESP, EBP
::10030B22:: 5D POP EBP
::10030B23:: C2 0800 RETN 8
}
-----------------------------------------------------------
CALL-1
{
........
}
函数func中跳转到 JMP-1 这个解码部分返回解码的内容。 希望汇编高手帮忙看看,我最想知道
的就是那个JMP-1 到底做了些什么,如果高手能给出c的代码,那是跪地感谢了,如果能详细讲解
一下那个JMP-1每句话的意思,也是感激万分。拜托各位了!(问题解决,马上散分)
func(char *b,int a)
{
::10030A90:: 55 PUSH EBP
::10030A91:: 8BEC MOV EBP, ESP
::10030A93:: 83EC 08 SUB ESP, 8
::10030A96:: 53 PUSH EBX
::10030A97:: 56 PUSH ESI
::10030A98:: 57 PUSH EDI
::10030A99:: 8BF9 MOV EDI, ECX
::10030A9B:: 8B87 B0000000 MOV EAX, [EDI+B0]
::10030AA1:: 83F8 42 CMP EAX, 42
::10030AA4:: 897D F8 MOV [EBP-8], EDI
::10030AA7:: 74 29 JE SHORT 10030AD2 JMP-1
::10030AA9:: 83F8 4C CMP EAX, 4C
::10030AAC:: 75 6F JNZ SHORT 10030B1D JMP-2
::10030AAE:: 8B87 C0000000 MOV EAX, [EDI+C0]
::10030AB4:: 8B5D 0C MOV EBX, [EBP+C]
::10030AB7:: 8B75 08 MOV ESI, [EBP+8]
::10030ABA:: 50 PUSH EAX
::10030ABB:: E8 60FEFFFF CALL 10030920 CALL-1
::10030AC0:: 83C4 04 ADD ESP, 4
::10030AC3:: 8987 C0000000 MOV [EDI+C0], EAX
::10030AC9:: 5F POP EDI
::10030ACA:: 5E POP ESI
::10030ACB:: 5B POP EBX
::10030ACC:: 8BE5 MOV ESP, EBP
::10030ACE:: 5D POP EBP
::10030ACF:: C2 0800 RETN 8
}
---------------------------------------------------------------
JMP-1
{
::10030AD2:: 8B8F C0000000 MOV ECX, [EDI+C0]
::10030AD8:: 894D FC MOV [EBP-4], ECX
::10030ADB:: FC CLD
::10030ADC:: 8B7D 08 MOV EDI, [EBP+8]
::10030ADF:: 8B4D 0C MOV ECX, [EBP+C]
::10030AE2:: BE 6121BDE7 MOV ESI, E7BD2161
::10030AE7:: 8B45 FC MOV EAX, [EBP-4]
::10030AEA:: 8BFF MOV EDI, EDI
::10030AEC:: 51 PUSH ECX
::10030AED:: B9 20000000 MOV ECX, 20
::10030AF2:: 8BD8 MOV EBX, EAX
::10030AF4:: D1E0 SHL EAX, 1
::10030AF6:: 23DE AND EBX, ESI
::10030AF8:: 8BD3 MOV EDX, EBX
::10030AFA:: 0FCB BSWAP EBX
::10030AFC:: 66:33DA XOR BX, DX
::10030AFF:: 32FB XOR BH, BL
::10030B01:: 7A 01 JPE SHORT 10030B04
::10030B03:: 40 INC EAX
::10030B04:: 49 DEC ECX
::10030B05:: 75 EB JNZ SHORT 10030AF2
::10030B07:: 59 POP ECX
::10030B08:: 3007 XOR [EDI], AL
::10030B0A:: 47 INC EDI
::10030B0B:: 49 DEC ECX
::10030B0C:: 75 DE JNZ SHORT 10030AEC
::10030B0E:: 8945 FC MOV [EBP-4], EAX
::10030B11:: 8B55 FC MOV EDX, [EBP-4]
::10030B14:: 8B45 F8 MOV EAX, [EBP-8]
::10030B17:: 8990 C0000000 MOV [EAX+C0], EDX
::10030B1D:: 5F POP EDI
::10030B1E:: 5E POP ESI
::10030B1F:: 5B POP EBX
::10030B20:: 8BE5 MOV ESP, EBP
::10030B22:: 5D POP EBP
::10030B23:: C2 0800 RETN 8
}
---------------------------------------------------------------
JMP-2
{
::10030B1D:: 5F POP EDI
::10030B1E:: 5E POP ESI
::10030B1F:: 5B POP EBX
::10030B20:: 8BE5 MOV ESP, EBP
::10030B22:: 5D POP EBP
::10030B23:: C2 0800 RETN 8
}
-----------------------------------------------------------
CALL-1
{
........
}
...全文
还没有回复,快来抢沙发~
发动态
发帖子
社区公告
暂无公告