我使用IDAPro反汇编elf文件。 在函数sub_8210884中,我注意到了一些奇怪的代码:
sub_8049DB6:
...
call sub_8210884
sub_8210884:
push ebp
mov ebp, esp
push esi
push ebx
mov ebx, [ebp+arg_0]
mov eax, [ebx+0Ch]
cmp eax, 1
... (not modify ebp)
cmp ebp, ds:dword_84B8844
意思是什么? 我猜它是对sub_8049DB6中的局部变量的引用,但不确定。
这是完整的汇编代码:
LOAD:08049DB6 sub_8049DB6 proc near ; CODE XREF: sub_8049D8A+21p
LOAD:08049DB6 ; sub_8049F74+Ep ...
LOAD:08049DB6
LOAD:08049DB6 arg_0 = dword ptr 8
LOAD:08049DB6
LOAD:08049DB6 push ebp
LOAD:08049DB7 mov ebp, esp
LOAD:08049DB9 sub esp, 8
LOAD:08049DBC sub esp, 0Ch
LOAD:08049DBF mov eax, [ebp+arg_0]
LOAD:08049DC2 add eax, 4
LOAD:08049DC5 push eax
LOAD:08049DC6 call sub_8210884
LOAD:08049DCB add esp, 10h
LOAD:08049DCE leave
LOAD:08049DCF retn
LOAD:08049DCF sub_8049DB6 endp
LOAD:08210884 sub_8210884 proc near ; CODE XREF: sub_8049DB6+10p
LOAD:08210884 ; sub_8056626+16p ...
LOAD:08210884
LOAD:08210884 arg_0 = dword ptr 8
LOAD:08210884
LOAD:08210884 push ebp
LOAD:08210885 mov ebp, esp
LOAD:08210887 push esi
LOAD:08210888 push ebx
LOAD:08210889 mov ebx, [ebp+arg_0]
LOAD:0821088C mov eax, [ebx+0Ch]
LOAD:0821088F cmp eax, 1
LOAD:08210892 jz short loc_82108B4
LOAD:08210894 jle loc_8210970
LOAD:0821089A cmp eax, 2
LOAD:0821089D jz short loc_8210918
LOAD:0821089F cmp eax, 3
LOAD:082108A2 jz loc_8210962
LOAD:082108A8
LOAD:082108A8 loc_82108A8: ; CODE XREF: sub_8210884+EEj
LOAD:082108A8 mov eax, 16h
LOAD:082108AD
LOAD:082108AD loc_82108AD: ; CODE XREF: sub_8210884+C4j
LOAD:082108AD lea esp, [ebp-8]
LOAD:082108B0 pop ebx
LOAD:082108B1 pop esi
LOAD:082108B2 leave
LOAD:082108B3 retn
LOAD:082108B4 ; ---------------------------------------------------------------------------
LOAD:082108B4
LOAD:082108B4 loc_82108B4: ; CODE XREF: sub_8210884+Ej
LOAD:082108B4 cmp ebp, ds:dword_84B8844
LOAD:082108BA mov eax, ebp
LOAD:082108BC mov esi, offset unk_83A44C0
LOAD:082108C1 jnb short loc_82108F0
LOAD:082108C3 cmp ebp, ds:dword_84B883C
LOAD:082108C9 jb short loc_82108D8
LOAD:082108CB cmp ebp, ds:dword_84B8854
LOAD:082108D1 mov esi, offset unk_83A40A0
LOAD:082108D6 jb short loc_82108F0
LOAD:082108D8
LOAD:082108D8 loc_82108D8: ; CODE XREF: sub_8210884+45j
LOAD:082108D8 mov edx, ds:dword_84B8820
LOAD:082108DE test edx, edx
LOAD:082108E0 jz loc_8210996
LOAD:082108E6 call search_in_array_84B8880
LOAD:082108EB mov esi, eax
LOAD:082108ED lea esi, [esi+0]
LOAD:082108F0
LOAD:082108F0 loc_82108F0: ; CODE XREF: sub_8210884+3Dj
LOAD:082108F0 ; sub_8210884+52j ...
LOAD:082108F0 cmp [ebx+8], esi
LOAD:082108F3 jz loc_821098C
LOAD:082108F9 lea eax, [ebx+10h]
LOAD:082108FC mov edx, esi
LOAD:082108FE call sub_8213CC8
LOAD:08210903 mov [ebx+8], esi
LOAD:08210906 mov dword ptr [ebx+4], 0
LOAD:0821090D xor eax, eax
LOAD:0821090F
LOAD:0821090F loc_821090F: ; CODE XREF: sub_8210884+DCj
LOAD:0821090F ; sub_8210884+EAj ...
LOAD:0821090F lea esp, [ebp-8]
LOAD:08210912 pop ebx
LOAD:08210913 pop esi
LOAD:08210914 leave
LOAD:08210915 retn
LOAD:08210915 ; ---------------------------------------------------------------------------
LOAD:08210916 align 4
LOAD:08210918
LOAD:08210918 loc_8210918: ; CODE XREF: sub_8210884+19j
LOAD:08210918 cmp ebp, ds:dword_84B8844
LOAD:0821091E mov eax, ebp
LOAD:08210920 mov esi, offset unk_83A44C0
LOAD:08210925 jnb short loc_8210940
LOAD:08210927 cmp ebp, ds:dword_84B883C
LOAD:0821092D jnb short loc_82109A6
LOAD:0821092F
LOAD:0821092F loc_821092F: ; CODE XREF: sub_8210884+12Fj
LOAD:0821092F mov esi, ds:dword_84B8820
LOAD:08210935 test esi, esi
LOAD:08210937 jz short loc_82109B8
LOAD:08210939 call search_in_array_84B8880
LOAD:0821093E mov esi, eax
LOAD:08210940
LOAD:08210940 loc_8210940: ; CODE XREF: sub_8210884+A1j
LOAD:08210940 ; sub_8210884+12Dj ...
LOAD:08210940 cmp [ebx+8], esi
LOAD:08210943 mov eax, 23h
LOAD:08210948 jz loc_82108AD
LOAD:0821094E sub esp, 8
LOAD:08210951 lea eax, [ebx+10h]
LOAD:08210954 push esi
LOAD:08210955 push eax
LOAD:08210956 call sub_82137F0
LOAD:0821095B xor eax, eax
LOAD:0821095D mov [ebx+8], esi
LOAD:08210960 jmp short loc_821090F
LOAD:08210962 ; ---------------------------------------------------------------------------
LOAD:08210962
LOAD:08210962 loc_8210962: ; CODE XREF: sub_8210884+1Ej
LOAD:08210962 lea eax, [ebx+10h]
LOAD:08210965 xor edx, edx
LOAD:08210967 call sub_8213CC8
LOAD:0821096C xor eax, eax
LOAD:0821096E jmp short loc_821090F
LOAD:08210970 ; ---------------------------------------------------------------------------
LOAD:08210970
LOAD:08210970 loc_8210970: ; CODE XREF: sub_8210884+10j
LOAD:08210970 test eax, eax
LOAD:08210972 jnz loc_82108A8
LOAD:08210978 sub esp, 8
LOAD:0821097B push 0
LOAD:0821097D lea ecx, [ebx+10h]
LOAD:08210980 push ecx
LOAD:08210981 call sub_82137F0
LOAD:08210986 xor eax, eax
LOAD:08210988 jmp short loc_821090F
LOAD:08210988 ; ---------------------------------------------------------------------------
LOAD:0821098A align 4
LOAD:0821098C
LOAD:0821098C loc_821098C: ; CODE XREF: sub_8210884+6Fj
LOAD:0821098C inc dword ptr [ebx+4]
LOAD:0821098F xor eax, eax
LOAD:08210991 jmp loc_821090F
LOAD:08210996 ; ---------------------------------------------------------------------------
LOAD:08210996
LOAD:08210996 loc_8210996: ; CODE XREF: sub_8210884+5Cj
LOAD:08210996 or eax, 1FFFFFh
LOAD:0821099B lea esi, [eax-41Fh]
LOAD:082109A1 jmp loc_82108F0
LOAD:082109A6 ; ---------------------------------------------------------------------------
LOAD:082109A6
LOAD:082109A6 loc_82109A6: ; CODE XREF: sub_8210884+A9j
LOAD:082109A6 cmp ebp, ds:dword_84B8854
LOAD:082109AC mov esi, offset unk_83A40A0
LOAD:082109B1 jb short loc_8210940
LOAD:082109B3 jmp loc_821092F
LOAD:082109B8 ; ---------------------------------------------------------------------------
LOAD:082109B8
LOAD:082109B8 loc_82109B8: ; CODE XREF: sub_8210884+B3j
LOAD:082109B8 or eax, 1FFFFFh
LOAD:082109BD lea esi, [eax-41Fh]
LOAD:082109C3 jmp loc_8210940
LOAD:082109C3 sub_8210884 endp
LOAD:082109C3
答案 0 :(得分:1)
cmp ebp,ds:dword_84B8844告诉我们存储在ebp中的值与存储在DS:dword_84B8844(由dword_84B4884命名的dword)中存储的值进行比较(或者如果指令尚未执行),dword_84B8844将包含一个值并使用该值(cfr.variablename,variablevalue)