零起点跟我学逆向C语言
啊冲 QQ109688759
4.10 .输出函数
源代码
#include <stdio.h>
int main()
{
printf("四则运算...\n");
printf("%d+%d\t=%d\n",15,16,15+16);
printf("%d-%d\t=%d\n",15,16,15-16);
printf("%d*%d\t=%d\n",15,16,15*16);
printf("%d/%d\t=%d\n",15,16,15/16);
return 0;
}
执行结果:
反汇编:
4: printf("四则运算...\n");
0040D708 push offset string "\xcb\xc4\xd4\xf2\xd4\xcb\\n" (00422fd0)
0040D70D call printf (00401060)
0040D712 add esp,4
5: printf("%d+%d\t=%d\n",15,16,15+16);
0040D715 push 1Fh
0040D717 push 10h
0040D719 push 0Fh
0040D71B push offset string "%d+%d\t=%d\n" (00422fc4)
0040D720 call printf (00401060)
0040D725 add esp,10h
6: printf("%d-%d\t=%d\n",15,16,15-16);
0040D728 push 0FFh
0040D72A push 10h
0040D72C push 0Fh
0040D72E push offset string "%d-%d\t=%d\n" (00422fb8)
0040D733 call printf (00401060)
0040D738 add esp,10h
7: printf("%d*%d\t=%d\n",15,16,15*16);
0040D73B push 0F0h
0040D740 push 10h
0040D742 push 0Fh
0040D744 push offset string "%d*%d\t=%d\n" (00422fac)
0040D749 call printf (00401060)
0040D74E add esp,10h
8: printf("%d/%d\t=%d\n",15,16,15/16);
0040D751 push 0
0040D753 push 10h
0040D755 push 0Fh
0040D757 push offset string "show x: %d\n" (0042201c)
0040D75C call printf (00401060)
0040D761 add esp,10h
9: return 0;
0040D764 xor eax,eax
本节课既然是要研究输出函数,那么我们就把这个printf函数跟踪一下看看到底是调用了哪些系统函数
打开OD,来到MAIN函数地起始位置
0040D6F0 >/>PUSH EBP
0040D6F1 |>MOV EBP,ESP
0040D6F3 |>SUB ESP,40
0040D6F6 |>PUSH EBX
0040D6F7 |>PUSH ESI
0040D6F8 |>PUSH EDI
0040D6F9 |>LEA EDI,DWORD PTR SS:[EBP-40]
0040D6FC |>MOV ECX,10
0040D701 |>MOV EAX,CCCCCCCC
0040D706 |>REP STOS DWORD PTR ES:[EDI]
并输出0040D708 |>PUSH OFFSET 1.??_C@_0N@OAKC@?K?D?T?r?T?K?K?c?4?4?4?6?$AA@ ; /format = "四则运算...\n"
0040D70D |>CALL 1.printf ; \printf
0040D712 |>ADD ESP,4
跟进0040D70D |>CALL 1.printf
00401060 >/>PUSH EBP
00401061 |>MOV EBP,ESP
00401063 |>SUB ESP,0C
00401066 |>PUSH EBX
00401067 |>PUSH ESI
00401068 |>PUSH EDI
00401069 |>LEA EAX,DWORD PTR SS:[EBP+C]
0040106C |>MOV DWORD PTR SS:[EBP-C],EAX
0040106F |>/CMP DWORD PTR SS:[EBP+8],0
00401073 |>|JNZ SHORT 1.00401093
00401075 |>|PUSH OFFSET 1.??_C@_0P@LNLA@format?5?$CB?$DN?5NULL?$AA@ ; ASCII "format != NULL"
0040107A |>|PUSH 0
0040107C |>|PUSH 36
0040107E |>|PUSH OFFSET 1.??_C@_08GNFC@printf?4c?$AA@ ; ASCII "printf.c"
00401083 |>|PUSH 2
00401085 |>|CALL 1._CrtDbgReport
0040108A |>|ADD ESP,14
0040108D |>|CMP EAX,1
00401090 |>|JNZ SHORT 1.00401093
00401092 |>|INT3
00401093 |>|XOR ECX,ECX
00401095 |>|TEST ECX,ECX
00401097 |>\JNZ SHORT 1.0040106F
00401099 |>PUSH 1.00424A60
0040109E |>CALL 1._stbuf
004010A3 |>ADD ESP,4
004010A6 |>MOV DWORD PTR SS:[EBP-4],EAX
004010A9 |>MOV EDX,DWORD PTR SS:[EBP-C]
004010AC |>PUSH EDX
004010AD |>MOV EAX,DWORD PTR SS:[EBP+8]
004010B0 |>PUSH EAX
004010B1 |>PUSH 1.00424A60
004010B6 |>CALL 1._output
004010BB |>ADD ESP,0C
004010BE |>MOV DWORD PTR SS:[EBP-8],EAX
004010C1 |>PUSH 1.00424A60
004010C6 |>MOV ECX,DWORD PTR SS:[EBP-4]
004010C9 |>PUSH ECX
004010CA |>CALL 1._ftbuf
004010CF |>ADD ESP,8
004010D2 |>MOV EAX,DWORD PTR SS:[EBP-8]
004010D5 |>POP EDI
004010D6 |>POP ESI
004010D7 |>POP EBX
004010D8 |>MOV ESP,EBP
004010DA |>POP EBP
004010DB \>RETN
好多的CALL,跟进第一个00401085 |>|CALL 1._CrtDbgReport
00402660 >/>PUSH EBP
00402661 |>MOV EBP,ESP
00402663 |>MOV EAX,302C
00402668 |>CALL 1.__chkstk
0040266D |>PUSH EDI
0040266E |>MOV BYTE PTR SS:[EBP-3008],0
00402675 |>MOV ECX,3FF
0040267A |>XOR EAX,EAX
0040267C |>LEA EDI,DWORD PTR SS:[EBP-3007]
00402682 |>REP STOS DWORD PTR ES:[EDI]
00402684 |>STOS WORD PTR ES:[EDI]
00402686 |>STOS BYTE PTR ES:[EDI]
00402687 |>MOV BYTE PTR SS:[EBP-2008],0
0040268E |>MOV ECX,3FF
00402693 |>XOR EAX,EAX
00402695 |>LEA EDI,DWORD PTR SS:[EBP-2007]
0040269B |>REP STOS DWORD PTR ES:[EDI]
0040269D |>STOS WORD PTR ES:[EDI]
0040269F |>STOS BYTE PTR ES:[EDI]
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论