sicc
reverse
x86 assembly
機器語言
組合語言
高階語言
C,C++,python
難懂,接近硬體
01 01 10 11 01 00
好懂!
組譯器
編譯器
原始碼
編譯
組譯
執行檔
原始碼
反編譯
反組譯
執行檔
此圖擷取自網路
L1:
mov eax, 3
mov ebx, 5
add eax, 1
dec ebx
cmp eax, ebx
jg equal
jmp not_equal
equal:
add ebx, 7
jmp end
not_equal:
add eax, 10
inc ebx
end:
L1:
mov eax, 3 ; eax = 3 ebx = 0
mov ebx, 5 ; eax = 3 ebx = 5
add eax, 1 ; eax = 4 ebx = 5
dec ebx ; eax = 4 ebx = 4
cmp eax, ebx
jg equal ; 因為 eax = ebx 所以不跳轉
jmp not_equal ; 跳轉到 not_equal
equal:
add ebx, 7
jmp end
not_equal:
add eax, 10 ; eax = 14 ebx = 4
inc ebx ; eax = 14 ebx = 5
end:
L1:
mov eax, 3
mov ebx, 5
add eax, 1
dec ebx
cmp eax, ebx
jg L3
L2:
add eax, 10
inc ebx
L3:
add ebx, 7
嘗試把它寫成我們的高階語言
#include <bits/stdc++.h>
using namespace std;
int main(){
int eax = 3;
int ebx = 5;
eax +=1;
ebx--;
if(eax <= ebx){
eax += 10;
ebx ++;
}
ebx +=7;
}
L1:
mov eax, 3 ; eax = 3 ebx = 0
mov ebx, 5 ; eax = 3 ebx = 5
add eax, 1 ; eax = 4 ebx = 5
dec ebx ; eax = 4 ebx = 4
cmp eax, ebx
jg L3 ; eax = ebx 所以不跳轉
L2:
add eax, 10 ; eax = 14 ebx = 4
inc ebx ; eax = 14 ebx = 5
L3:
add ebx, 7 ;eax = 14 ebx = 12
int main(){
int a = 1 , b = 2;
function(a,b);
}
但要怎麼在記憶體中實作呢?
int main(){
int a = 1 , b = 2;
function(a,b);
}
但要怎麼在記憶體中實作呢?
1
2
3
1
2
3
1
2
3
1
2
1
High address
Low address
ebp
esp
stack
frame
High address
Low address
ebp
esp
0x12345678
0x97658364
push 0x87654321
High address
Low address
ebp
esp
0x12345678
0x97658364
push 0x87654321
0x87654321
High address
Low address
ebp
esp
0x12345678
0x97658364
pop
0x87654321
High address
Low address
ebp
esp
0x12345678
0x97658364
pop
eax : 0x87654321
Text
void add(int a,int b){
a = a + b;
}
int main(){
int a = 1, b = 2;
add(a,b);
cout << a << " " << b << endl;
}
void add(int a,int b){
a = a + b;
}
由右至左 push 參數
push b
push a
call add
void add(int a,int b){
a = a + b;
}
mov eax , b
add eax ,a
mov a, eax
ret
Big
Endian
Little
Endian
High address
Low address
0x78
0x56
0x34
0x12
0x12
0x34
0x56
0x78
nexti 執行下一行指令
stepi 進入 function call
ontinue 繼續執行到下一個斷點或結束
set * address = value
set $register = value