|
#2
东海一鱼2009-09-09 08:51
|
程序代码:.386
.model flat,stdcall
option casemap:none
include windows.inc
include gdi32.inc
includelib gdi32.lib
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
.data
.code
odtest proc
local @a:BYTE ;这里是一个字节 8位
local @aa:DWORD ;双字 四个字节
local @aaa ;双字四个字节 ;注:32位默认是双字对齐的,这时存取最快
mov al,@a
mov eax,@aa
mov eax,@aaa
ret
odtest endp
start:
call odtest
invoke ExitProcess,NULL
end start
上面的反汇编代码.model flat,stdcall
option casemap:none
include windows.inc
include gdi32.inc
includelib gdi32.lib
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
.data
.code
odtest proc
local @a:BYTE ;这里是一个字节 8位
local @aa:DWORD ;双字 四个字节
local @aaa ;双字四个字节 ;注:32位默认是双字对齐的,这时存取最快
mov al,@a
mov eax,@aa
mov eax,@aaa
ret
odtest endp
start:
call odtest
invoke ExitProcess,NULL
end start
程序代码:00401000 /$ 55 push ebp
00401001 |. 8BEC mov ebp, esp
00401003 |. 83C4 F4 add esp, -0C
00401006 |. 8A45 FF mov al, byte ptr [ebp-1]
00401009 |. 8B45 F8 mov eax, dword ptr [ebp-8]
0040100C |. 8B45 F4 mov eax, dword ptr [ebp-C]
0040100F |. C9 leave
00401010 \. C3 retn
00401011 >/$ E8 EAFFFFFF call 00401000 ;程序入口在这里 call上面的地址
00401016 |. 6A 00 push 0 ; /ExitCode = 0
00401018 \. E8 01000000 call <jmp.&kernel32.ExitProcess> ; \ExitProcess
0040101D CC int3
0040101E .- FF25 00204000 jmp dword ptr [<&kernel32.ExitProces>; kernel32.ExitProcess
00401001 |. 8BEC mov ebp, esp
00401003 |. 83C4 F4 add esp, -0C
00401006 |. 8A45 FF mov al, byte ptr [ebp-1]
00401009 |. 8B45 F8 mov eax, dword ptr [ebp-8]
0040100C |. 8B45 F4 mov eax, dword ptr [ebp-C]
0040100F |. C9 leave
00401010 \. C3 retn
00401011 >/$ E8 EAFFFFFF call 00401000 ;程序入口在这里 call上面的地址
00401016 |. 6A 00 push 0 ; /ExitCode = 0
00401018 \. E8 01000000 call <jmp.&kernel32.ExitProcess> ; \ExitProcess
0040101D CC int3
0040101E .- FF25 00204000 jmp dword ptr [<&kernel32.ExitProces>; kernel32.ExitProcess
||
||
||
||
