|
#2
zklhp2011-09-27 19:04
|
程序代码:.386
.Model Flat, StdCall
Option Casemap :None
Include windows.inc
Include kernel32.inc
IncludeLib kernel32.lib
Include user32.inc
IncludeLib user32.lib
.DATA
lpFomat db "%lu",0
.DATA?
hInstance dd ?
AA byte 16 dup (?)
BB byte 16 dup (?)
.CODE
L1:
call L2 ;向后面标号CALL时L2-L1=10,向前面标号CALL时L2-L1=5,为什么,怎么解决?
L2:
pop eax
ret
START:
;原始写法----------------------------------------------------
push L2-L1 ;这里L2-L1算出的是 5
push offset lpFomat
push offset AA
call wsprintf
add esp,0Ch
;伪指令invoke写法--------------------------------------------
invoke wsprintf,offset BB,offset lpFomat,L2-L1 ;这里L2-L1算出的是 10
invoke MessageBox,0,offset AA,offset BB,0 ;为了直观用信息框显示
invoke ExitProcess,0
END START
再贴上反汇编的代码:.Model Flat, StdCall
Option Casemap :None
Include windows.inc
Include kernel32.inc
IncludeLib kernel32.lib
Include user32.inc
IncludeLib user32.lib
.DATA
lpFomat db "%lu",0
.DATA?
hInstance dd ?
AA byte 16 dup (?)
BB byte 16 dup (?)
.CODE
L1:
call L2 ;向后面标号CALL时L2-L1=10,向前面标号CALL时L2-L1=5,为什么,怎么解决?
L2:
pop eax
ret
START:
;原始写法----------------------------------------------------
push L2-L1 ;这里L2-L1算出的是 5
push offset lpFomat
push offset AA
call wsprintf
add esp,0Ch
;伪指令invoke写法--------------------------------------------
invoke wsprintf,offset BB,offset lpFomat,L2-L1 ;这里L2-L1算出的是 10
invoke MessageBox,0,offset AA,offset BB,0 ;为了直观用信息框显示
invoke ExitProcess,0
END START
程序代码:00401000 . E8 00000000 call 00401005
00401005 /$ 58 pop eax
00401006 \. C3 retn
00401007 >/$ 68 05000000 push 5 ; /<%lu> = 5 直接L2-L1,结果是5
0040100C |. 68 00304000 push 00403000 ; |Format = "%lu"
00401011 |. 68 08304000 push 00403008 ; |s = test1.00403008
00401016 |. E8 3B000000 call <jmp.&USER32.wsprintfA> ; \wsprintfA
0040101B |. 83C4 0C add esp, 0C
0040101E |. 68 0A000000 push 0A ; /<%lu> = A (10.)
00401023 |. 68 00304000 push 00403000 ; |Format = "%lu"
00401028 |. 68 18304000 push 00403018 ; |s = test1.00403018
0040102D |. E8 24000000 call <jmp.&USER32.wsprintfA> ; \wsprintfA
00401032 |. 83C4 0C add esp, 0C ; invoke这里计算的是10
00401035 |. 6A 00 push 0 ; /Style = MB_OK|MB_APPLMODAL
00401037 |. 68 18304000 push 00403018 ; |Title = ""
0040103C |. 68 08304000 push 00403008 ; |Text = ""
00401041 |. 6A 00 push 0 ; |hOwner = NULL
00401043 |. E8 14000000 call <jmp.&USER32.MessageBoxA> ; \MessageBoxA
00401048 |. 6A 00 push 0 ; /ExitCode = 0
0040104A \. E8 01000000 call <jmp.&KERNEL32.ExitProcess> ; \ExitProcess
00401005 /$ 58 pop eax
00401006 \. C3 retn
00401007 >/$ 68 05000000 push 5 ; /<%lu> = 5 直接L2-L1,结果是5
0040100C |. 68 00304000 push 00403000 ; |Format = "%lu"
00401011 |. 68 08304000 push 00403008 ; |s = test1.00403008
00401016 |. E8 3B000000 call <jmp.&USER32.wsprintfA> ; \wsprintfA
0040101B |. 83C4 0C add esp, 0C
0040101E |. 68 0A000000 push 0A ; /<%lu> = A (10.)
00401023 |. 68 00304000 push 00403000 ; |Format = "%lu"
00401028 |. 68 18304000 push 00403018 ; |s = test1.00403018
0040102D |. E8 24000000 call <jmp.&USER32.wsprintfA> ; \wsprintfA
00401032 |. 83C4 0C add esp, 0C ; invoke这里计算的是10
00401035 |. 6A 00 push 0 ; /Style = MB_OK|MB_APPLMODAL
00401037 |. 68 18304000 push 00403018 ; |Title = ""
0040103C |. 68 08304000 push 00403008 ; |Text = ""
00401041 |. 6A 00 push 0 ; |hOwner = NULL
00401043 |. E8 14000000 call <jmp.&USER32.MessageBoxA> ; \MessageBoxA
00401048 |. 6A 00 push 0 ; /ExitCode = 0
0040104A \. E8 01000000 call <jmp.&KERNEL32.ExitProcess> ; \ExitProcess
[ 本帖最后由 xietao1233 于 2011-9-27 16:59 编辑 ]
?