C&汇编基础-if语句
9unk Lv5
  2021-04-01 14:18:28 2021-04-01 14:18    3.2k 字  17 分钟

if语句逆向分析

  1. 源码
1
2
3
4
5
6
7
8
9
10
11
void Function()
{
	int a=1;
	int b=2;
	int max=0;

	if(a<b)
	{
		max=b;
	}
}
  1. 反汇编
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
00401020   push        ebp
00401021   mov         ebp,esp
00401023   sub         esp,4Ch
00401026   push        ebx
00401027   push        esi
00401028   push        edi
00401029   lea         edi,[ebp-4Ch]
0040102C   mov         ecx,13h
00401031   mov         eax,0CCCCCCCCh
00401036   rep stos    dword ptr [edi]

00401038   mov         dword ptr [ebp-4],1
0040103F   mov         dword ptr [ebp-8],2
00401046   mov         dword ptr [ebp-0Ch],0

0040104D   mov         eax,dword ptr [ebp-4]
00401050   cmp         eax,dword ptr [ebp-8]
00401053   jge         Function+3Bh (0040105b)
00401055   mov         ecx,dword ptr [ebp-8]
00401058   mov         dword ptr [ebp-0Ch],ecx

0040105B   pop         edi
0040105C   pop         esi
0040105D   pop         ebx
0040105E   mov         esp,ebp
00401060   pop         ebp

if 语句的表现形式:先用 cmp 指令比较影响标志位,然后再使用 JCC 指令跳转到程序结束的位置。这里的跳转指令 jge(jmp greater or equal) 表示 “大于等于就跳转”,与源码中的判断是相反的。

连续的 if 语句

  1. 源码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
void Function()
{
	int a=1;
	int b=2;
	int max=0;

	if(a<b)
	{
		max=b;
	}
	if(a>b)
	{
		max=a;
	}
}
  1. 反汇编
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
00401020   push        ebp
00401021   mov         ebp,esp
00401023   sub         esp,4Ch
00401026   push        ebx
00401027   push        esi
00401028   push        edi
00401029   lea         edi,[ebp-4Ch]
0040102C   mov         ecx,13h
00401031   mov         eax,0CCCCCCCCh
00401036   rep stos    dword ptr [edi]

00401038   mov         dword ptr [ebp-4],1
0040103F   mov         dword ptr [ebp-8],2
00401046   mov         dword ptr [ebp-0Ch],0

0040104D   mov         eax,dword ptr [ebp-4]
00401050   cmp         eax,dword ptr [ebp-8]
00401053   jge         Function+3Bh (0040105b)
00401055   mov         ecx,dword ptr [ebp-8]
00401058   mov         dword ptr [ebp-0Ch],ecx

0040105B   mov         edx,dword ptr [ebp-4]
0040105E   cmp         edx,dword ptr [ebp-8]
00401061   jle         Function+49h (00401069)
00401063   mov         eax,dword ptr [ebp-4]
00401066   mov         dword ptr [ebp-0Ch],eax

00401069   pop         edi
0040106A   pop         esi
0040106B   pop         ebx
0040106C   mov         esp,ebp
0040106E   pop         ebp
0040106F   ret

连续的 if 语句表现形式:如果不跳转就会执行完第一个判断,再执行第二个判断,如果跳转直接执行第二个判断。接着最后一个判断跳到程序结束位置。同样 JCC 判断指令和源码中的判断是相反的。

if…else…语句逆向分析

  1. 源码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
void Function()
{
	int a=1;
	int b=2;
	int max=0;

	if(a<b)
	{
		max=b;
	}
	else
	{
		max=a;
	}
}
  1. 反汇编
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
00401020   push        ebp
00401021   mov         ebp,esp
00401023   sub         esp,4Ch
00401026   push        ebx
00401027   push        esi
00401028   push        edi
00401029   lea         edi,[ebp-4Ch]
0040102C   mov         ecx,13h
00401031   mov         eax,0CCCCCCCCh
00401036   rep stos    dword ptr [edi]

00401038   mov         dword ptr [ebp-4],1
0040103F   mov         dword ptr [ebp-8],2
00401046   mov         dword ptr [ebp-0Ch],0

0040104D   mov         eax,dword ptr [ebp-4]
00401050   cmp         eax,dword ptr [ebp-8]
00401053   jge         Function+3Dh (0040105d)
00401055   mov         ecx,dword ptr [ebp-8]
00401058   mov         dword ptr [ebp-0Ch],ecx

0040105B   jmp         Function+43h (00401063)
0040105D   mov         edx,dword ptr [ebp-4]
00401060   mov         dword ptr [ebp-0Ch],edx

00401063   pop         edi
00401064   pop         esi
00401065   pop         ebx
00401066   mov         esp,ebp
00401068   pop         ebp
00401069   ret

if…else 语句的表现形式:如果不跳转就会执行到 jmp 处,jmp 直接跳转到程序结束位置;如果跳转,则会直接跳过 jmp 直接执行后面的代码。第一个 JCC 跳转的地址前面是一个 jmp,可以判断是 if…else 语句

if…else if…else逆向分析

  1. 源码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
void Function()
{
	int a=1;
	int b=2;
	int max=0;

	if(a<b)
	{
		max=b;
	}
	else if(a>b)
	{
		max=a;
	}
	else
	{
		b=a;
	}
}
  1. 反汇编
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
00401020   push        ebp
00401021   mov         ebp,esp
00401023   sub         esp,4Ch
00401026   push        ebx
00401027   push        esi
00401028   push        edi
00401029   lea         edi,[ebp-4Ch]
0040102C   mov         ecx,13h
00401031   mov         eax,0CCCCCCCCh
00401036   rep stos    dword ptr [edi]

00401038   mov         dword ptr [ebp-4],1
0040103F   mov         dword ptr [ebp-8],2
00401046   mov         dword ptr [ebp-0Ch],0

0040104D   mov         eax,dword ptr [ebp-4]
00401050   cmp         eax,dword ptr [ebp-8]
00401053   jge         Function+3Dh (0040105d)
00401055   mov         ecx,dword ptr [ebp-8]
00401058   mov         dword ptr [ebp-0Ch],ecx

0040105B   jmp         Function+53h (00401073)
0040105D   mov         edx,dword ptr [ebp-4]
00401060   cmp         edx,dword ptr [ebp-8]
00401063   jle         Function+4Dh (0040106d)
00401065   mov         eax,dword ptr [ebp-4]
00401068   mov         dword ptr [ebp-0Ch],eax

0040106B   jmp         Function+53h (00401073)
0040106D   mov         ecx,dword ptr [ebp-4]
00401070   mov         dword ptr [ebp-8],ecx

00401073   pop         edi
00401074   pop         esi
00401075   pop         ebx
00401076   mov         esp,ebp
00401078   pop         ebp
00401079   ret

if…else if…else表现形式:当每个条件跳转指令要跳转的地址前面都有 jmp 指令,而且 jmp 指令跳转的地址都是一样的(程序结束地址),说明这是一个 else if 语句。如果某个分支没有条件判断,则为 else 部分。

if…else 嵌套语句

  1. 源码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
void Function()
{
	int a=1;
	int b=2;
	int c=3;
	int max=0;

	if(a<b)
	{
		max=b;

		if(b<c)
		{
			max=c;
		}
		else
		{
			max=b;
		}
	}
	else
	{
		max=a;

		if(b>c)
		{
			max=b;
		}
		else
		{
			max=c;
		}
	}
}
  1. 反汇编
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
00401020   push        ebp
00401021   mov         ebp,esp
00401023   sub         esp,50h
00401026   push        ebx
00401027   push        esi
00401028   push        edi
00401029   lea         edi,[ebp-50h]
0040102C   mov         ecx,14h
00401031   mov         eax,0CCCCCCCCh
00401036   rep stos    dword ptr [edi]

00401038   mov         dword ptr [ebp-4],1
0040103F   mov         dword ptr [ebp-8],2
00401046   mov         dword ptr [ebp-0Ch],3
0040104D   mov         dword ptr [ebp-10h],0

00401054   mov         eax,dword ptr [ebp-4]
00401057   cmp         eax,dword ptr [ebp-8]
0040105A   jge         Function+5Ah (0040107a)
0040105C   mov         ecx,dword ptr [ebp-8]
0040105F   mov         dword ptr [ebp-10h],ecx

00401062   mov         edx,dword ptr [ebp-8]
00401065   cmp         edx,dword ptr [ebp-0Ch]
00401068   jge         Function+52h (00401072)
0040106A   mov         eax,dword ptr [ebp-0Ch]
0040106D   mov         dword ptr [ebp-10h],eax

00401070   jmp         Function+58h (00401078)
00401072   mov         ecx,dword ptr [ebp-8]
00401075   mov         dword ptr [ebp-10h],ecx

00401078   jmp         Function+76h (00401096)
0040107A   mov         edx,dword ptr [ebp-4]
0040107D   mov         dword ptr [ebp-10h],edx

00401080   mov         eax,dword ptr [ebp-8]
00401083   cmp         eax,dword ptr [ebp-0Ch]
00401086   jle         Function+70h (00401090)
00401088   mov         ecx,dword ptr [ebp-8]
0040108B   mov         dword ptr [ebp-10h],ecx

0040108E   jmp         Function+76h (00401096)
00401090   mov         edx,dword ptr [ebp-0Ch]
00401093   mov         dword ptr [ebp-10h],edx

00401096   pop         edi
00401097   pop         esi
00401098   pop         ebx
00401099   mov         esp,ebp
0040109B   pop         ebp
0040109C   ret

if…else嵌套语句:其基本形式和 if…else 一样。if语句中内嵌的 else 会跳转到外面的 else 语句中。else语句中内嵌的 else 会跳到同一个地址(程序结束位置)


练习

正向代码

  1. 定义 4 个 int 类型的全局变量,分别是 g_x, g_y, g_z, g_r,使用 if..else.. 分支语句,将最大的值存储到 g_r 中
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#include "stdafx.h"

int g_x = 5;
int g_y = 4;
int g_z = 7;
int g_r = 0;


int max()
{
	if(g_x>g_y)
	{
		if(g_x>g_z)
		{
			g_r=g_x;
		}
		else
		{
			g_r=g_z;
		}
	}
	else
	{
		if(g_y>g_z)
		{
			g_r=g_y;
		}
		else
		{
			g_r=g_z;
		}
	}

	return g_r;
}

int main(int argc, char* argv[])
{
	printf("%d",max());
    return 0;    
}

  1. 找出数组里面最大的值,并存储到全局变量中
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#include "stdafx.h"

int arr[4]={2,5,7,9};
int g_r;

int ArrMax()
{
	int i,j,a,b;


	for(i=0;i<=4;i++)
	{
		j=i+1;
		a=arr[i];
		b=arr[j];
		if(j<=4)
		{
			if(a>b)
			{
				g_r=a;
			}
			else
			{
				g_r=b;
			}
		}

	}
 

	return g_r;
}

int main(int argc, char* argv[])
{

	printf("%d",ArrMax());
	
    return 0;    
}
  1. 将数组所有的元素相加,将结果存储到g_r中
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#include "stdafx.h"

int arr[10]={2,5,7,9,22,4,8,22,3,18};
int g_r;

int ArrMax()
{
	int i;
	int sum=0;

	for(i=0;i<=10;i++)
	{
		sum=arr[i]+sum;
		
	}

	return sum;
}


int main(int argc, char* argv[])
{	
	printf("%d",ArrMax());
    return 0;    
}
  1. 俩俩比较数组的值,将最大的一个存储到数组的最后一个位置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#include "stdafx.h"

int arr[10]={2,7,5,9,22,4,8,22,3,18};
int g_r;

int ArrMax()
{
	int i,j,a,b,k;
	for(i=0;i<=9;i++)
	{
		j=i+1;
		if(j<=9)
		{
			a=arr[i];
			b=arr[j];
			if(a>b)
			{
				arr[i]=b;
				arr[j]=a;
			}
		}
	}

	for(k=0;k<=9;k++)
	{
		printf("%d ",arr[k]);
	}

	return 0;
}


int main(int argc, char* argv[])
{	
	printf("%d",ArrMax());
    return 0;    
}

代码还原练习

if 语句还原

  1. 反汇编
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
调用处代码:

push        5
push        4
call        0040100f
add         esp,8

函数内部:


00401030   push        ebp
00401031   mov         ebp,esp
00401033   sub         esp,44h
00401036   push        ebx
00401037   push        esi
00401038   push        edi
00401039   lea         edi,[ebp-44h]
0040103C   mov         ecx,11h
00401041   mov         eax,0CCCCCCCCh
00401046   rep stos    dword ptr [edi]
00401048   mov         eax,[004225c4]
0040104D   mov         dword ptr [ebp-4],eax
00401050   mov         ecx,dword ptr [ebp+8]
00401053   cmp         ecx,dword ptr [ebp+0Ch]
00401056   jg          00401064
00401058   mov         edx,dword ptr [ebp+0Ch]
0040105B   add         edx,dword ptr [ebp-4]
0040105E   mov         dword ptr [004225c4],edx
00401064   pop         edi
00401065   pop         esi
00401066   pop         ebx
00401067   mov         esp,ebp
00401069   pop         ebp
0040106A   ret

  1. 还原步骤
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
截取真正的程序代码:

00401048   mov         eax,[004225c4]
0040104D   mov         dword ptr [ebp-4],eax
00401050   mov         ecx,dword ptr [ebp+8]
00401053   cmp         ecx,dword ptr [ebp+0Ch]
00401056   jg          00401064
00401058   mov         edx,dword ptr [ebp+0Ch]
0040105B   add         edx,dword ptr [ebp-4]
0040105E   mov         dword ptr [004225c4],edx

分析参数:

1、有两个 push 指令
2、外平栈:esp+8(__cdecl)
3、说明这里用了 2 个参数。分别命名为:x、y
4、参数在函数中的格式为:[ebp+xxx]

分析局部变量:

1、局部变量的格式为:[ebp-xxx](不固定,这只是其中一种表现形式)
2、有局部变量 [ebp-4],重命名为 i


分析全局变量:

1、全局变量是一个虚拟地址,通常传递值的过程使用:mov 寄存器,虚拟地址
2、在程序中使用了 [004225c4] 这个全局变量,重命名为 z


功能分析:
1、全局变量的值赋给局部变量:i=z
2、将 参数1 和 参数2 进行比较,如果 参数1 大于(jg) 参数2 就会跳转到结尾处。也就是说 参数1 小于等于 参数2,就会执行程序功能。
3、程序功能:全局变量 = 参数2 + 局部变量


返回值分析:
返回值都是固定存到 eax 中,最后没有使用到 eax 寄存器,因此返回值:无

  1. 代码还原
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#include "stdafx.h"

int z;

void plus1(int x,int y)
{
	int i;
	i = z;

	if(x<=y)
	{
		z=i+y;
	}

	return 0;
}
int main()
{
	plus1(4,5);
}

if…else语句还原

  1. 反汇编
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
004010B0   push        ebp
004010B1   mov         ebp,esp
004010B3   sub         esp,48h
004010B6   push        ebx
004010B7   push        esi
004010B8   push        edi
004010B9   lea         edi,[ebp-48h]
004010BC   mov         ecx,12h
004010C1   mov         eax,0CCCCCCCCh
004010C6   rep stos    dword ptr [edi]
004010C8   mov         eax,[004225c4]
004010CD   mov         dword ptr [ebp-4],eax
004010D0   mov         dword ptr [ebp-8],2
004010D7   mov         ecx,dword ptr [ebp+8]
004010DA   cmp         ecx,dword ptr [ebp+0Ch]
004010DD   jl          004010e8
004010DF   mov         edx,dword ptr [ebp-8]
004010E2   add         edx,1
004010E5   mov         dword ptr [ebp-8],edx
004010E8   mov         eax,dword ptr [ebp+8]
004010EB   cmp         eax,dword ptr [ebp+0Ch]
004010EE   jge         004010fb
004010F0   mov         ecx,dword ptr [ebp-8]
004010F3   mov         dword ptr [004225c4],ecx
004010F9   jmp         00401107
004010FB   mov         edx,dword ptr [ebp-4]
004010FE   add         edx,dword ptr [ebp-8]
00401101   mov         dword ptr [004225c4],edx
00401107   pop         edi
00401108   pop         esi
00401109   pop         ebx
0040110A   mov         esp,ebp
0040110C   pop         ebp
0040110D   ret
  1. 还原步骤
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
程序代码:

004010C8   mov         eax,[004225c4]
004010CD   mov         dword ptr [ebp-4],eax
004010D0   mov         dword ptr [ebp-8],2
004010D7   mov         ecx,dword ptr [ebp+8]
004010DA   cmp         ecx,dword ptr [ebp+0Ch]
004010DD   jl          004010e8
004010DF   mov         edx,dword ptr [ebp-8]
004010E2   add         edx,1
004010E5   mov         dword ptr [ebp-8],edx
004010E8   mov         eax,dword ptr [ebp+8]
004010EB   cmp         eax,dword ptr [ebp+0Ch]
004010EE   jge         004010fb
004010F0   mov         ecx,dword ptr [ebp-8]
004010F3   mov         dword ptr [004225c4],ecx
004010F9   jmp         00401107
004010FB   mov         edx,dword ptr [ebp-4]
004010FE   add         edx,dword ptr [ebp-8]
00401101   mov         dword ptr [004225c4],edx



分析参数:

[ebp+8]:x
[ebp+0Ch]:y



分析局部变量:

[ebp-4]:i
[ebp-8]:j



分析全局变量:

[004225c4]:z



功能分析:
1、全局变量赋给局部变量i:i=z
2、局部变量j赋值2:j=2
3、x 和 y 进行比较,如果 x >= y(if 语句的判断与反汇编中的跳转是相反的),j=j+1
4、如果 x < y,z=i+j
5else,z=j

else 结尾是以 jmp 结尾的,所以当看到 if 跳转前面是 jmp 指令的话,说明上面的是 else 语句。

返回值分析:

  1. 代码还原
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#include "stdafx.h"

int z;

void plus1(int x,int y)
{
	int i,j;
	i = z;
	j = 2;

	if(x>=y)
	{
		j=j+1;
		
	}
	if(x<y)
	{
		z=j+i;			
	}
	else
	{
		z=j;
	}

	return 0;
}

if…else if…else 还原

  1. 反汇编

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    004010B0   push        ebp
    004010B1   mov         ebp,esp
    004010B3   sub         esp,4Ch
    004010B6   push        ebx
    004010B7   push        esi
    004010B8   push        edi
    004010B9   lea         edi,[ebp-4Ch]
    004010BC   mov         ecx,13h
    004010C1   mov         eax,0CCCCCCCCh
    004010C6   rep stos    dword ptr [edi]
    004010C8   mov         dword ptr [ebp-4],0
    004010CF   mov         dword ptr [ebp-8],1
    004010D6   mov         dword ptr [ebp-0Ch],2
    004010DD   mov         eax,dword ptr [ebp+8]
    004010E0   cmp         eax,dword ptr [ebp+0Ch]
    004010E3   jg         004010f0
    004010E5   mov         ecx,dword ptr [ebp-8]
    004010E8   sub         ecx,1
    004010EB   mov         dword ptr [ebp-4],ecx
    004010EE   jmp         00401123
    004010F0   mov         edx,dword ptr [ebp+0Ch]
    004010F3   cmp         edx,dword ptr [ebp+10h]
    004010F6   jl          00401103
    004010F8   mov         eax,dword ptr [ebp-0Ch]
    004010FB   add         eax,1
    004010FE   mov         dword ptr [ebp-4],eax
    00401101   jmp         00401123
    00401103   mov         ecx,dword ptr [ebp+8]
    00401106   cmp         ecx,dword ptr [ebp+10h]
    00401109   jle         00401116
    0040110B   mov         edx,dword ptr [ebp-8]
    0040110E   add         edx,dword ptr [ebp-0Ch]
    00401111   mov         dword ptr [ebp-4],edx
    00401114   jmp         00401123
    00401116   mov         eax,dword ptr [ebp-0Ch]
    00401119   mov         ecx,dword ptr [ebp-8]
    0040111C   lea         edx,[ecx+eax-1]
    00401120   mov         dword ptr [ebp-4],edx
    00401123   mov         eax,dword ptr [ebp-4]
    00401126   add         eax,1
    00401129   pop         edi
    0040112A   pop         esi
    0040112B   pop         ebx
    0040112C   mov         esp,ebp
    0040112E   pop         ebp
    0040112F   ret

  2. 还原步骤

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
程序代码:
004010C8   mov         dword ptr [ebp-4],0
004010CF   mov         dword ptr [ebp-8],1
004010D6   mov         dword ptr [ebp-0Ch],2

004010DD   mov         eax,dword ptr [ebp+8]
004010E0   cmp         eax,dword ptr [ebp+0Ch]
004010E3   jg         004010f0
004010E5   mov         ecx,dword ptr [ebp-8]
004010E8   sub         ecx,1
004010EB   mov         dword ptr [ebp-4],ecx


004010EE   jmp         00401123
004010F0   mov         edx,dword ptr [ebp+0Ch]
004010F3   cmp         edx,dword ptr [ebp+10h]
004010F6   jl          00401103
004010F8   mov         eax,dword ptr [ebp-0Ch]
004010FB   add         eax,1
004010FE   mov         dword ptr [ebp-4],eax


00401101   jmp         00401123
00401103   mov         ecx,dword ptr [ebp+8]
00401106   cmp         ecx,dword ptr [ebp+10h]
00401109   jle         00401116
0040110B   mov         edx,dword ptr [ebp-8]
0040110E   add         edx,dword ptr [ebp-0Ch]
00401111   mov         dword ptr [ebp-4],edx



00401114   jmp         00401123
00401116   mov         eax,dword ptr [ebp-0Ch]
00401119   mov         ecx,dword ptr [ebp-8]
0040111C   lea         edx,[ecx+eax-1]
00401120   mov         dword ptr [ebp-4],edx

00401123   mov         eax,dword ptr [ebp-4]
00401126   add         eax,1


分析参数:
[ebp+8]:x
[ebp+0Ch]:y
[ebp+10h]:z


分析局部变量:
[ebp-4]:i
[ebp-8]:j
[ebp-0Ch]:n

分析全局变量:


程序功能:
i=0;j=1;n=2
if x<=y;i=j-1
else if y>=z;i=n+1
else if x>z;i=j+n
else i=n+j-1

返回值:
i+1
  1. 代码还原
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
#include "stdafx.h"

int z;

int plus1(int x,int y,int z)
	int i=0;
	int j=1;
	int n=2;

	if(x<=y)
	{
		i=j-1;
		
	}
	else if(y>=z)
	{
		i=n+1;			
	}
	else if(x>z)
	{
		i=j+n;
	}
	else
	{
		i=n+j-1	;	
	}

	return i+1;
}
  • 本文标题:C&汇编基础-if语句
  • 本文作者:9unk
  • 创建时间:2021-04-01 14:18:28
  • 本文链接:https://9unkk.github.io/2021/04/01/c-hui-bian-ji-chu-if-yu-ju/
  • 版权声明:本博客所有文章除特别声明外,均采用 BY-NC-SA 许可协议。转载请注明出处!