我有一个代码汇编,我认为这段代码在地址[ebp+0x8]中返回olly值
是0xa254。但是回答错了。我想念什么?
.intel_syntax noprefix
.bits 32
.global asm2
asm2:
push ebp
mov ebp,esp
sub esp,0x10
mov eax,DWORD PTR [ebp+0xc]
mov DWORD PTR [ebp-0x4],eax
mov eax,DWORD PTR [ebp+0x8]
mov DWORD PTR [ebp-0x8],eax
jmp part_b
part_a:
add DWORD PTR [ebp-0x4],0x1
add DWORD PTR [ebp+0x8],0x76
part_b:
cmp DWORD PTR [ebp+0x8],0xa1de
jle part_a
mov eax,DWORD PTR [ebp-0x4]
mov esp,ebp
pop ebp
ret
答案 0 :(得分:1)
一步一步
.intel_syntax noprefix
.bits 32
.global asm2
asm2:
push ebp
mov ebp,esp
sub esp,0x10
mov eax,DWORD PTR [ebp+0xc]
mov DWORD PTR [ebp-0x4],eax
mov eax,DWORD PTR [ebp+0x8]
mov DWORD PTR [ebp-0x8],eax
jmp part_b
part_a:
add DWORD PTR [ebp-0x4],0x1
add DWORD PTR [ebp+0x8],0x76
part_b:
cmp DWORD PTR [ebp+0x8],0xa1de
jle part_a
mov eax,DWORD PTR [ebp-0x4]
mov esp,ebp
pop ebp
ret
首先让调用参数重命名为“ a”,“ b”,将本地变量重命名为“ x”和“ y”
asm2:
push ebp
mov ebp,esp
sub esp,0x10
mov eax,a
mov x,eax
mov eax,b
mov y,eax
jmp part_b
part_a:
add x,0x1
add b,0x76
现在看看发生了什么
asm2:
push ebp
mov ebp,esp ; stack frame
sub esp,0x10 ; make some room for locals
mov eax,a
mov x,eax ; x = a
mov eax,b
mov y,eax ; y = b
jmp part_b ; while (b <= 0xa1de) { // condition see below
part_a:
add x,0x1 ; x++;
add b,0x76 ; b+=76;
part_b:
cmp b,0xa1de ; } // condition for while: (b <= 0xa1de)
jle part_a
mov eax,x ; return x;
mov esp,ebp ; remove stackframe
pop ebp
ret
所以您需要知道什么参数才能知道返回了什么。我所看到的就像a+(0xa1de-b)/0x76