废话不多说。。
#include<stdio.h>
class CNumber
{
public:
CNumber()
{
m_nOne = 1;
m_nTwo = 2;
}
int __stdcall GetNumberOne()
{
return m_nOne;
}
int GetNumberTwo()
{
return m_nTwo;
}<pre name="code" class="plain">1: #include<stdio.h>
2:
3: class CNumber
4: {
5: public:
6: CNumber()
00401060 push ebp
00401061 mov ebp,esp
00401063 sub esp,44h
00401066 push ebx
00401067 push esi
00401068 push edi
00401069 push ecx
0040106A lea edi,[ebp-44h]
0040106D mov ecx,11h
00401072 mov eax,0CCCCCCCCh
00401077 rep stos dword ptr [edi]
00401079 pop ecx
0040107A mov dword ptr [ebp-4],ecx
7: {
8: m_nOne = 1;
0040107D mov eax,dword ptr [ebp-4]
00401080 mov dword ptr [eax],1
9: m_nTwo = 2;
00401086 mov ecx,dword ptr [ebp-4]
00401089 mov dword ptr [ecx+4],2
10: }
00401090 mov eax,dword ptr [ebp-4]
00401093 pop edi
00401094 pop esi
00401095 pop ebx
00401096 mov esp,ebp
00401098 pop ebp
00401099 ret
11: int GetNumberOne()
12: {
13: return m_nOne;
14: }
15: int GetNumberTwo()
16: {
17: return m_nTwo;
18: }
19: private:
20: int m_nOne;
21: int m_nTwo;
22: };
23: int main()
24: {
00401020 push ebp
00401021 mov ebp,esp
00401023 sub esp,48h
00401026 push ebx
00401027 push esi
00401028 push edi
00401029 lea edi,[ebp-48h]
0040102C mov ecx,12h
00401031 mov eax,0CCCCCCCCh
00401036 rep stos dword ptr [edi]
25: CNumber number;
00401038 lea ecx,[ebp-8]
0040103B call @ILT+0(CNumber::CNumber) (00401005)
26: return 0;
00401040 xor eax,eax
27: }
00401042 pop edi
00401043 pop esi
00401044 pop ebx
00401045 add esp,48h
00401048 cmp ebp,esp
0040104A call __chkesp (004010b0)
0040104F mov esp,ebp
00401051 pop ebp
00401052 ret
1: #include<stdio.h>
2:
3: struct A
4: {
5: int m_nInt;
6: float m_fFloat;
7: };
8:
9: int main()
10: {
004011A0 push ebp
004011A1 mov ebp,esp
004011A3 sub esp,4Ch
004011A6 push ebx
004011A7 push esi
004011A8 push edi
004011A9 lea edi,[ebp-4Ch]
004011AC mov ecx,13h
004011B1 mov eax,0CCCCCCCCh
004011B6 rep stos dword ptr [edi]
11: A a;
12: A *pA = &a;
004011B8 lea eax,[ebp-8]
004011BB mov dword ptr [ebp-0Ch],eax
13: printf("%p\n" , pA);
004011BE mov ecx,dword ptr [ebp-0Ch]
004011C1 push ecx
004011C2 push offset string "%p\n" (0042601c)
004011C7 call printf (00401210)
004011CC add esp,8
14: printf("%p\n" , &pA->m_fFloat);
004011CF mov edx,dword ptr [ebp-0Ch]
004011D2 add edx,4 偏移地址
004011D5 push edx
004011D6 push offset string "%p\n" (0042601c)
004011DB call printf (00401210)
004011E0 add esp,8
15: return 0;
004011E3 xor eax,eax
16: }
004011E5 pop edi
004011E6 pop esi
004011E7 pop ebx
004011E8 add esp,4Ch
004011EB cmp ebp,esp
004011ED call __chkesp (00401340)
004011F2 mov esp,ebp
004011F4 pop ebp
004011F5 ret
__stdcall不用ecx传递this指针,而是使用栈传递。
11: int __stdcall GetNumberOne()
12: {
00401160 push ebp
00401161 mov ebp,esp
00401163 sub esp,40h
00401166 push ebx
00401167 push esi
00401168 push edi
00401169 lea edi,[ebp-40h]
0040116C mov ecx,10h
00401171 mov eax,0CCCCCCCCh
00401176 rep stos dword ptr [edi]
13: return m_nOne;
00401178 mov eax,dword ptr [ebp+8] this
0040117B mov eax,dword ptr [eax]
14: }
0040117D pop edi
0040117E pop esi
0040117F pop ebx
00401180 mov esp,ebp
00401182 pop ebp
00401183 ret 4
15: int GetNumberTwo()
16: {
00410AE0 push ebp
00410AE1 mov ebp,esp
00410AE3 sub esp,44h
00410AE6 push ebx
00410AE7 push esi
00410AE8 push edi
00410AE9 push ecx
00410AEA lea edi,[ebp-44h]
00410AED mov ecx,11h
00410AF2 mov eax,0CCCCCCCCh
00410AF7 rep stos dword ptr [edi]
00410AF9 pop ecx this
00410AFA mov dword ptr [ebp-4],ecx
17: return m_nTwo;
00410AFD mov eax,dword ptr [ebp-4]
00410B00 mov eax,dword ptr [eax+4]
18: }
00410B03 pop edi
00410B04 pop esi
00410B05 pop ebx
00410B06 mov esp,ebp
00410B08 pop ebp
00410B09 ret
反汇编分析
1: #include<stdio.h>
2:
3: class CStatic
4: {
5: public:
6: void ShowNumber();
7: int m_nInt;
8: static int m_snInt;
9: };
10: void CStatic :: ShowNumber()
11: {
00401290 push ebp
00401291 mov ebp,esp
00401293 sub esp,44h
00401296 push ebx
00401297 push esi
00401298 push edi
00401299 push ecx
0040129A lea edi,[ebp-44h]
0040129D mov ecx,11h
004012A2 mov eax,0CCCCCCCCh
004012A7 rep stos dword ptr [edi]
004012A9 pop ecx
004012AA mov dword ptr [ebp-4],ecx
12: printf("m_nInt = %d , m_snInt = %d\n" , m_nInt , m_snInt);
004012AD mov eax,[CStatic::m_snInt (00428a30)]
004012B2 push eax
004012B3 mov ecx,dword ptr [ebp-4]
004012B6 mov edx,dword ptr [ecx]
004012B8 push edx
004012B9 push offset string "m_nInt = %d , m_snInt = %d\n" (00426024)
004012BE call printf (00401340)
004012C3 add esp,0Ch
13: }
004012C6 pop edi
004012C7 pop esi
004012C8 pop ebx
004012C9 add esp,44h
004012CC cmp ebp,esp
004012CE call __chkesp (00401470)
004012D3 mov esp,ebp
004012D5 pop ebp
004012D6 ret
14: int CStatic::m_snInt = 9;
15: int main()
16: {
004012F0 push ebp
004012F1 mov ebp,esp
004012F3 sub esp,44h
004012F6 push ebx
004012F7 push esi
004012F8 push edi
004012F9 lea edi,[ebp-44h]
004012FC mov ecx,11h
00401301 mov eax,0CCCCCCCCh
00401306 rep stos dword ptr [edi]
17: CStatic sta;
18: sta.m_nInt = 2;
00401308 mov dword ptr [ebp-4],2
19: sta.ShowNumber();
0040130F lea ecx,[ebp-4]
00401312 call @ILT+5(CStatic::ShowNumber) (0040100a)
20: return 0;
00401317 xor eax,eax
21: }
00401319 pop edi
0040131A pop esi
0040131B pop ebx
0040131C add esp,44h
0040131F cmp ebp,esp
00401321 call __chkesp (00401470)
00401326 mov esp,ebp
00401328 pop ebp
00401329 ret
1: #include<stdio.h>
2:
3: class CFunTest
4: {
5: public:
6: int m_nOne;
7: int m_nTwo;
8: };
9: void ShowFuncTest(CFunTest fun)
10: {
00401350 push ebp
00401351 mov ebp,esp
00401353 sub esp,40h
00401356 push ebx
00401357 push esi
00401358 push edi
00401359 lea edi,[ebp-40h]
0040135C mov ecx,10h
00401361 mov eax,0CCCCCCCCh
00401366 rep stos dword ptr [edi]
11: printf("m_nOne = %d , m_nTwo = %d\n" , fun.m_nOne , fun.m_nTwo);
00401368 mov eax,dword ptr [ebp+0Ch]
0040136B push eax
0040136C mov ecx,dword ptr [ebp+8]
0040136F push ecx
00401370 push offset string "m_nOne = %d , m_nTwo = %d\n" (00426048)
00401375 call printf (00401400)
0040137A add esp,0Ch
12: }
0040137D pop edi
0040137E pop esi
0040137F pop ebx
00401380 add esp,40h
00401383 cmp ebp,esp
00401385 call __chkesp (00401530)
0040138A mov esp,ebp
0040138C pop ebp
0040138D ret
13: void main()
14: {
004013A0 push ebp
004013A1 mov ebp,esp
004013A3 sub esp,48h
004013A6 push ebx
004013A7 push esi
004013A8 push edi
004013A9 lea edi,[ebp-48h]
004013AC mov ecx,12h
004013B1 mov eax,0CCCCCCCCh
004013B6 rep stos dword ptr [edi]
15: CFunTest fun;
16: fun.m_nOne = 9;
004013B8 mov dword ptr [ebp-8],9
17: fun.m_nTwo = 99;
004013BF mov dword ptr [ebp-4],63h
18: ShowFuncTest(fun);
004013C6 mov eax,dword ptr [ebp-4]
004013C9 push eax
004013CA mov ecx,dword ptr [ebp-8]
004013CD push ecx
004013CE call @ILT+0(ShowFuncTest) (00401005)
004013D3 add esp,8
19: }
004013D6 pop edi
004013D7 pop esi
004013D8 pop ebx
004013D9 add esp,48h
004013DC cmp ebp,esp
004013DE call __chkesp (00401530)
004013E3 mov esp,ebp
004013E5 pop ebp
004013E6 ret
1: #include<stdio.h>
2: #include<string.h>
3: class CFunTest
4: {
5: public:
6: int m_nOne;
7: int m_nTwo;
8: char m_szName[32];
9: };
10: void ShowFuncTest(CFunTest fun)
11: {
00401350 push ebp
00401351 mov ebp,esp
00401353 sub esp,40h
00401356 push ebx
00401357 push esi
00401358 push edi
00401359 lea edi,[ebp-40h]
0040135C mov ecx,10h
00401361 mov eax,0CCCCCCCCh
00401366 rep stos dword ptr [edi]
12: printf("m_nOne = %d , m_nTwo = %d , m_szName = %s\n" , fun.m_nOne , fun.m_nTwo , fun.m_szName);
00401368 lea eax,[ebp+10h] //m_szName
0040136B push eax
0040136C mov ecx,dword ptr [ebp+0Ch] //m_nTwo
0040136F push ecx
00401370 mov edx,dword ptr [ebp+8] //m_nOne
00401373 push edx
00401374 push offset string "m_nOne = %d , m_nTwo = %d , m_sz"... (00427050)
00401379 call printf (00401400)
0040137E add esp,10h
13: }
00401381 pop edi
00401382 pop esi
00401383 pop ebx
00401384 add esp,40h
00401387 cmp ebp,esp
00401389 call __chkesp (00401530)
0040138E mov esp,ebp
00401390 pop ebp
00401391 ret
14: void main()
15: {
004013A0 push ebp
004013A1 mov ebp,esp
004013A3 sub esp,68h
004013A6 push ebx
004013A7 push esi
004013A8 push edi
004013A9 lea edi,[ebp-68h]
004013AC mov ecx,1Ah
004013B1 mov eax,0CCCCCCCCh
004013B6 rep stos dword ptr [edi]
16: CFunTest fun;
17: fun.m_nOne = 9;
004013B8 mov dword ptr [ebp-28h],9
18: fun.m_nTwo = 99;
004013BF mov dword ptr [ebp-24h],63h
19: strcpy(fun.m_szName , "NAME");
004013C6 push offset string "NAME" (00426040)
004013CB lea eax,[ebp-20h] ebp-32 m_szName
004013CE push eax
004013CF call strcpy (00407c80)
20: ShowFuncTest(fun);
004013D4 add esp,0E0h //sub esp , 68h add esp , 0e0h
004013D7 mov ecx,0Ah
004013DC lea esi,[ebp-28h]
004013DF mov edi,esp
004013E1 rep movs dword ptr [edi],dword ptr [esi] 40BYTE
004013E3 call @ILT+0(ShowFuncTest) (00401005)
004013E8 add esp,28h 40BYTE
21: }
004013EB pop edi
004013EC pop esi
004013ED pop ebx
004013EE add esp,68h
004013F1 cmp ebp,esp
004013F3 call __chkesp (00401530)
004013F8 mov esp,ebp
004013FA pop ebp
004013FB ret
004013D4 add esp,0E0h
004013D7 mov ecx,0Ah
004013DC lea esi,[ebp-28h]
004013DF mov edi,esp edi即是esp栈顶 此处进行值传递
004013E1 rep movs dword ptr [edi],dword ptr [esi]
004013E3 call @ILT+0(ShowFuncTest) (00401005)
004013E8 add esp,28h
EAX = 0018FF28 EBX = 7EFDE000
ECX = 00000000 EDX = 00000000
ESI = 0018FF48 EDI = 0018FED4
EIP = 004013E3 ESP = 0018FEAC
EBP = 0018FF48 EFL = 00000207
0018FEAC 09 00 00 00 63 00 00 00 4E 41 4D ...c...NAM
0018FEB7 45 00 CC CC CC CC CC CC CC CC CC E.烫烫烫烫.
0018FEC2 CC CC CC CC CC CC CC CC CC CC CC 烫烫烫烫烫.
0018FECD CC CC CC CC CC CC CC 00 00 00 00 烫烫烫.....
0018FED8 00 00 00 00 00 E0 FD 7E CC CC CC .....帻~烫.
0018FEE3 CC CC CC CC CC CC CC CC CC CC CC 烫烫烫烫烫.
private:int m_nOne;int m_nTwo;};struct tagTest{char m_cChar;double m_dDouble;int m_nInt;float m_fFloat;};int main1(){CNumber number;printf("%d\n" , number.GetNumberOne());printf("%d\n" , number.GetNumberTwo());tagTest tag;tag.m_dDouble = 1.0;printf("%d\n" ,
sizeof(tagTest));printf("%p\n" , &tag.m_cChar);printf("%p\n" , &tag.m_dDouble);printf("%p\n" , &tag.m_nInt);printf("%p\n" , &tag.m_fFloat);return 0;}
另一个例子
#include<stdio.h>
class CReturn
{
public:
int m_nNumber;
int m_nArray[10];
};
CReturn GetReturn()
{
CReturn ret;
ret.m_nNumber = 0;
for(int i = 0; i < 10; ++i)
{
ret.m_nArray[i] = i + 1;
}
return ret;
}
void main()
{
CReturn objA;
objA = GetReturn();
printf("%d %d %d\n" , objA.m_nNumber , objA.m_nArray[0] , objA.m_nArray[9]);
}
反汇编分析
1: #include<stdio.h>
2:
3: class CReturn
4: {
5: public:
6: int m_nNumber;
7: int m_nArray[10];
8: };
9: CReturn GetReturn()
10: {
004016F0 push ebp ebp=ebp0-2ch-8h
004016F1 mov ebp,esp
004016F3 sub esp,70h
004016F6 push ebx
004016F7 push esi
004016F8 push edi
004016F9 lea edi,[ebp-70h]
004016FC mov ecx,1Ch
00401701 mov eax,0CCCCCCCCh
00401706 rep stos dword ptr [edi]
11: CReturn ret;
12: ret.m_nNumber = 0;
00401708 mov dword ptr [ebp-2Ch],0
13: for(int i = 0; i < 10; ++i)
0040170F mov dword ptr [ebp-30h],0 i
00401716 jmp GetReturn+31h (00401721)
00401718 mov eax,dword ptr [ebp-30h]
0040171B add eax,1
0040171E mov dword ptr [ebp-30h],eax
00401721 cmp dword ptr [ebp-30h],0Ah i < 10
00401725 jge GetReturn+46h (00401736)
14: {
15: ret.m_nArray[i] = i + 1;
00401727 mov ecx,dword ptr [ebp-30h]
0040172A add ecx,1
0040172D mov edx,dword ptr [ebp-30h]
00401730 mov dword ptr [ebp+edx*4-28h],ecx //m_nArray[i] = i + 1
16: }
00401734 jmp GetReturn+28h (00401718)
17: return ret;
00401736 mov ecx,0Bh //0B 11 44字节
0040173B lea esi,[ebp-2Ch]
0040173E mov edi,dword ptr [ebp+8] //传送数据 返回值
00401741 rep movs dword ptr [edi],dword ptr [esi]
00401743 mov eax,dword ptr [ebp+8]
18: }
00401746 pop edi
00401747 pop esi
00401748 pop ebx
00401749 mov esp,ebp
0040174B pop ebp
0040174C ret
19: void main()
20: {
00401770 push ebp
00401771 mov ebp,esp
00401773 sub esp,0C4h //预留栈空间 12*16+4
00401779 push ebx
0040177A push esi
0040177B push edi
0040177C lea edi,[ebp-0C4h]
00401782 mov ecx,31h
00401787 mov eax,0CCCCCCCCh
0040178C rep stos dword ptr [edi]
21: CReturn objA; //44 11*4 2ch ebp-2ch
22: objA = GetReturn();
0040178E lea eax,[ebp-84h] //8*16+4 44+44
00401794 push eax //返回地址压栈
00401795 call @ILT+45(GetReturn) (00401032)
0040179A add esp,4 //eax栈平衡
0040179D mov esi,eax //返回值地址
0040179F mov ecx,0Bh
004017A4 lea edi,[ebp-58h]
004017A7 rep movs dword ptr [edi],dword ptr [esi] //传送至临时对象 临时对象释放时,可能存在多次释放资源现象。
004017A9 mov ecx,0Bh
004017AE lea esi,[ebp-58h]
004017B1 lea edi,[ebp-2Ch]
004017B4 rep movs dword ptr [edi],dword ptr [esi]
23: printf("%d %d %d\n" , objA.m_nNumber , objA.m_nArray[0] , objA.m_nArray[9]);
004017B6 mov ecx,dword ptr [ebp-4]
004017B9 push ecx
004017BA mov edx,dword ptr [ebp-28h]
004017BD push edx
004017BE mov eax,dword ptr [ebp-2Ch]
004017C1 push eax
004017C2 push offset string "%d %d %d\n" (00429090)
004017C7 call printf (00401800)
004017CC add esp,10h
24:
25: }
004017CF pop edi
004017D0 pop esi
004017D1 pop ebx
004017D2 add esp,0C4h
004017D8 cmp ebp,esp
004017DA call __chkesp (00401930)
004017DF mov esp,ebp
004017E1 pop ebp
004017E2 ret
例子
#include<stdio.h>
#include<string.h>
class CMyString
{
public:
CMyString()
{
m_pString = new char[10];
if(NULL == m_pString)
{
return ;
}
strcpy(m_pString , "Hello");
}
~CMyString()
{
if(m_pString != NULL)
{
delete [] m_pString;
m_pString = NULL;
}
}
char * GetString()
{
return m_pString;
}
private:
char *m_pString;
};
void ShowMyString(CMyString str)
{
printf("%s\n" , str.GetString());
}
int main5()
{
CMyString str;
ShowMyString(str); //
return 0;
}
反汇编分析
1: #include<stdio.h>
2: #include<string.h>
3:
4: class CMyString
5: {
6: public:
7: CMyString()
00401660 push ebp
00401661 mov ebp,esp
00401663 sub esp,48h
00401666 push ebx
00401667 push esi
00401668 push edi
00401669 push ecx
0040166A lea edi,[ebp-48h]
0040166D mov ecx,12h
00401672 mov eax,0CCCCCCCCh
00401677 rep stos dword ptr [edi]
00401679 pop ecx
0040167A mov dword ptr [ebp-4],ecx
8: {
9: m_pString = new char[10];
0040167D push 0Ah
0040167F call operator new (00401ea0)
00401684 add esp,4
00401687 mov dword ptr [ebp-8],eax
0040168A mov eax,dword ptr [ebp-4]
0040168D mov ecx,dword ptr [ebp-8]
00401690 mov dword ptr [eax],ecx
10: if(NULL == m_pString)
00401692 mov edx,dword ptr [ebp-4]
00401695 cmp dword ptr [edx],0
00401698 jne CMyString::CMyString+3Ch (0040169c)
11: {
12: return ;
0040169A jmp CMyString::CMyString+4Fh (004016af)
13: }
14: strcpy(m_pString , "Hello");
0040169C push offset string "Hello" (00429088)
004016A1 mov eax,dword ptr [ebp-4]
004016A4 mov ecx,dword ptr [eax]
004016A6 push ecx
004016A7 call strcpy (00401850)
004016AC add esp,8
15: }
004016AF mov eax,dword ptr [ebp-4]
004016B2 pop edi
004016B3 pop esi
004016B4 pop ebx
004016B5 add esp,48h
004016B8 cmp ebp,esp
004016BA call __chkesp (00401810)
004016BF mov esp,ebp
004016C1 pop ebp
004016C2 ret
16: ~CMyString()
17: {
00401510 push ebp
00401511 mov ebp,esp
00401513 sub esp,48h
00401516 push ebx
00401517 push esi
00401518 push edi
00401519 push ecx
0040151A lea edi,[ebp-48h]
0040151D mov ecx,12h
00401522 mov eax,0CCCCCCCCh
00401527 rep stos dword ptr [edi]
00401529 pop ecx
0040152A mov dword ptr [ebp-4],ecx
18: if(m_pString != NULL)
0040152D mov eax,dword ptr [ebp-4]
00401530 cmp dword ptr [eax],0
00401533 je CMyString::~CMyString+42h (00401552)
19: {
20: delete [] m_pString;
00401535 mov ecx,dword ptr [ebp-4]
00401538 mov edx,dword ptr [ecx]
0040153A mov dword ptr [ebp-8],edx
0040153D mov eax,dword ptr [ebp-8]
00401540 push eax
00401541 call operator delete (00401e10)
00401546 add esp,4
21: m_pString = NULL;
00401549 mov ecx,dword ptr [ebp-4]
0040154C mov dword ptr [ecx],0
22: }
23: }
00401552 pop edi
00401553 pop esi
00401554 pop ebx
00401555 add esp,48h
00401558 cmp ebp,esp
0040155A call __chkesp (00401810)
0040155F mov esp,ebp
00401561 pop ebp
00401562 ret
24: char * GetString()
25: {
00401580 push ebp
00401581 mov ebp,esp
00401583 sub esp,44h
00401586 push ebx
00401587 push esi
00401588 push edi
00401589 push ecx
0040158A lea edi,[ebp-44h]
0040158D mov ecx,11h
00401592 mov eax,0CCCCCCCCh
00401597 rep stos dword ptr [edi]
00401599 pop ecx
0040159A mov dword ptr [ebp-4],ecx
26: return m_pString;
0040159D mov eax,dword ptr [ebp-4] eax相当于二维指针
004015A0 mov eax,dword ptr [eax]
27: }
004015A2 pop edi
004015A3 pop esi
004015A4 pop ebx
004015A5 mov esp,ebp
004015A7 pop ebp
004015A8 ret
28: private:
29: char *m_pString;
30: };
31:
32: void ShowMyString(CMyString str)
33: {
00401470 push ebp
00401471 mov ebp,esp
00401473 push 0FFh
00401475 push offset [email protected]@[email protected]@@Z (00417769)
0040147A mov eax,fs:[00000000]
00401480 push eax
00401481 mov dword ptr fs:[0],esp
00401488 sub esp,40h
0040148B push ebx
0040148C push esi
0040148D push edi
0040148E lea edi,[ebp-4Ch]
00401491 mov ecx,10h
00401496 mov eax,0CCCCCCCCh
0040149B rep stos dword ptr [edi]
0040149D mov dword ptr [ebp-4],0
34: printf("%s\n" , str.GetString());
004014A4 lea ecx,[ebp+8]
004014A7 call @ILT+0(CMyString::GetString) (00401005) ECX = 0018FEE4
004014AC push eax
004014AD push offset string "%s\n" (00429084)
004014B2 call printf (004016e0)
004014B7 add esp,8
35: }
004014BA mov dword ptr [ebp-4],0FFFFFFFFh
004014C1 lea ecx,[ebp+8] ECX = 0018FEE4
004014C4 call @ILT+60(CMyString::~CMyString) (00401041) //释放资源
004014C9 mov ecx,dword ptr [ebp-0Ch]
004014CC mov dword ptr fs:[0],ecx
004014D3 pop edi
004014D4 pop esi
004014D5 pop ebx
004014D6 add esp,4Ch
004014D9 cmp ebp,esp
004014DB call __chkesp (00401810)
004014E0 mov esp,ebp
004014E2 pop ebp
004014E3 ret
36: int main()
37: {
004015C0 push ebp
004015C1 mov ebp,esp
004015C3 push 0FFh
004015C5 push offset __ehhandler$_main (00417789)
004015CA mov eax,fs:[00000000]
004015D0 push eax
004015D1 mov dword ptr fs:[0],esp
004015D8 sub esp,48h
004015DB push ebx
004015DC push esi
004015DD push edi
004015DE lea edi,[ebp-54h]
004015E1 mov ecx,12h
004015E6 mov eax,0CCCCCCCCh
004015EB rep stos dword ptr [edi]
38: CMyString str;
004015ED lea ecx,[ebp-10h]
004015F0 call @ILT+30(CMyString::CMyString) (00401023)
004015F5 mov dword ptr [ebp-4],0
39: ShowMyString(str); //
004015FC mov eax,dword ptr [ebp-10h]
004015FF push eax
00401600 call @ILT+55(ShowMyString) (0040103c)
00401605 add esp,4
40: return 0;
00401608 mov dword ptr [ebp-14h],0
0040160F mov dword ptr [ebp-4],0FFFFFFFFh
00401616 lea ecx,[ebp-10h]
00401619 call @ILT+60(CMyString::~CMyString) (00401041) ECX = 0018FF38
0040161E mov eax,dword ptr [ebp-14h]
41: }
00401621 mov ecx,dword ptr [ebp-0Ch]
00401624 mov dword ptr fs:[0],ecx
0040162B pop edi
0040162C pop esi
0040162D pop ebx
0040162E add esp,54h
00401631 cmp ebp,esp
00401633 call __chkesp (00401810)
00401638 mov esp,ebp
0040163A pop ebp
0040163B ret
ShowMyString EAX = 00713A48 == [ebp - 10h]
00713A48 48 65 6C 6C 6F 00 CD CD CD CD FD Hello.屯屯.
00713A53 FD FD FD AD BA AB AB AB AB AB AB 韩.
00713A5E AB AB 00 00 00 00 00 00 00 00 D8 .........
00713A69 47 B3 B5 B1 93 00 00 08 0F 71 00 G车睋....q.
00713A74 C4 00 71 00 EE FE EE FE EE FE EE ..q.铪铪铪.
00713A7F FE EE FE EE FE EE FE EE FE EE FE .
lea ecx,[ebp+8] ECX = 0018FEE4
0040159A mov dword ptr [ebp-4],ecx ECX = 0018FEE4
EBP = 0018FEDC
0018FED1 FF 18 00 69 77 41 00 00 00 00 00 ...iwA.....
0018FEDC 48 FF 18 00 05 16 40 00 48 3A 71 [email protected]:q
0018FEE7 00 00 00 00 00 00 00 00 00 00 E0 ...........
0040152A mov dword ptr [ebp-4],ecx ECX = 0018FEE4
EAX = 0018FEE4 EBX = 7EFDE000
ECX = 0018FEE4 EDX = 0042BCA0
ESI = 00000000 EDI = 0018FE7C
EIP = 00401538 ESP = 0018FE28
EBP = 0018FE7C EFL = 00000206
00401535 mov ecx,dword ptr [ebp-4]
00401538 mov edx,dword ptr [ecx]
0040153A mov dword ptr [ebp-8],edx
0040153D mov eax,dword ptr [ebp-8]
00401540 push eax
00401541 call operator delete (00401e10)
00401546 add esp,4
0018FE63 CC CC CC CC CC CC CC CC CC CC CC 烫烫烫烫烫.
0018FE6E CC CC CC CC CC CC CC CC CC CC E4 烫烫烫烫烫.
0018FE79 FE 18 00 DC FE 18 00 C9 14 40 00 ...荥[email protected]
0018FE84 3C FF 18 00 00 00 00 00 00 E0 FD <........帻
0018FE8F 7E CC CC CC CC CC CC CC CC CC CC ~烫烫烫烫烫
0018FE63 CC CC CC CC CC CC CC CC CC CC CC 烫烫烫烫烫.
0018FE6E CC CC CC CC CC CC 48 3A 71 00 E4 烫烫烫H:q..
0018FE79 FE 18 00 DC FE 18 00 C9 14 40 00 ...荥[email protected]
0018FE84 3C FF 18 00 00 00 00 00 00 E0 FD <........帻
0018FE6E CC CC CC CC CC CC 48 3A 71 00 E4 烫烫烫H:q..
0018FE79 FE 18 00 DC FE 18 00 C9 14 40 00 ...荥[email protected]
0018FE84 3C FF 18 00 00 00 00 00 00 E0 FD <........帻
EAX = 00000001 EBX = 7EFDE000
ECX = 0018FF3C EDX = 0071015C
ESI = 00000000 EDI = 0018FF3C
EIP = 00401616 ESP = 0018FEE8
EBP = 0018FF48 EFL = 00000206
40: return 0;
00401608 mov dword ptr [ebp-14h],0
0040160F mov dword ptr [ebp-4],0FFFFFFFFh
00401616 lea ecx,[ebp-10h]
00401619 call @ILT+60(CMyString::~CMyString) (00401041)
0040161E mov eax,dword ptr [ebp-14h]
41: }
EAX = 00000001 EBX = 7EFDE000
ECX = 0018FF38 EDX = 0071015C
ESI = 00000000 EDI = 0018FF3C
EIP = 00401619 ESP = 0018FEE8
EBP = 0018FF48 EFL = 00000206
00401529 pop ecx
0040152A mov dword ptr [ebp-4],ecx
18: if(m_pString != NULL)
0040152D mov eax,dword ptr [ebp-4]
00401530 cmp dword ptr [eax],0
00401533 je CMyString::~CMyString+42h (00401552)
19: {
20: delete [] m_pString;
00401535 mov ecx,dword ptr [ebp-4]
00401538 mov edx,dword ptr [ecx]
0040153A mov dword ptr [ebp-8],edx
0040153D mov eax,dword ptr [ebp-8]
00401540 push eax
00401541 call operator delete (00401e10)
00401546 add esp,4
21: m_pString = NULL;
00401549 mov ecx,dword ptr [ebp-4]
0040154C mov dword ptr [ecx],0
22: }
23: }
EAX = CCCCCCCC EBX = 7EFDE000
ECX = 0018FF38 EDX = 0071015C
ESI = 00000000 EDI = 0018FEE0
EIP = 0040152A ESP = 0018FE8C
EBP = 0018FEE0 EFL = 00000212
00401535 mov ecx,dword ptr [ebp-4]
EAX = 0018FF38 EBX = 7EFDE000
ECX = 0018FF38 EDX = 0071015C
ESI = 00000000 EDI = 0018FEE0
EIP = 00401538 ESP = 0018FE8C
EBP = 0018FEE0 EFL = 00000206
00401538 mov edx,dword ptr [ecx]
EAX = 0018FF38 EBX = 7EFDE000
ECX = 0018FF38 EDX = 00713A48
ESI = 00000000 EDI = 0018FEE0
EIP = 0040153A ESP = 0018FE8C
EBP = 0018FEE0 EFL = 00000206
00401540 push eax
00401541 call operator delete (00401e10)
EAX = 00713A48 EBX = 7EFDE000
ECX = 0018FF38 EDX = 00713A48
ESI = 00000000 EDI = 0018FEE0
EIP = 00401541 ESP = 0018FE88
EBP = 0018FEE0 EFL = 00000206
时间: 2024-10-14 23:07:24