x86汇编堆栈第二个案例
x86汇编堆栈第二个案例
x86汇编堆栈第二个案例
1)案例介绍
咱们上节课先把常见的x86下的堆栈过了一遍,包括基本指令对吧,除了上一个案例咱们还可以做什么使用现在学到的内容?既然咱们知道了“后进先出(LIFO)的原则”,咱们是不是可以把一个字符串倒叙输出呢哈哈哈?好既然知道原理以后咱们开始进行今天的第二个案例编写哦。
观察ESP栈顶和EBP栈底
0040101F . 52 PUSH EDX
00401020 . 6A 00 PUSH 0 ; /pModule = NULL
00401022 . E8 4BE00A00 CALL <JMP.&KERNEL32.GetModuleHandleA> ; \GetModuleHandleA
画堆栈图案例并进行分析
00F017F2 6A 02 PUSH 2 ;传参
00F017F4 6A 01 PUSH 1
00F017F6 E8 C6FAFFFF CALL Project1.00F012C1 add(00F01770); 调用 add 函数(实际执行地址 00F01770)
00F017FB 83C4 08 ADD ESP,8 ; 调用后清理栈(2个参数各占4字节,共8字节)
00F01770 > 55 PUSH EBP ;提升堆栈/0C0
00F01771 8BEC MOV EBP,ESP
00F01773 81EC C0000000 SUB ESP,0C0
00F01779 53 PUSH EBX ;
00F0177A 56 PUSH ESI
00F0177B 57 PUSH EDI
00F0177C 8BFD MOV EDI,EBP
00F0177E 33C9 XOR ECX,ECX
00F01780 B8 CCCCCCCC MOV EAX,CCCCCCCC
00F01785 F3:AB REP STOS DWORD PTR ES:[EDI]
00F01787 B9 08C0F000 MOV ECX,Project1.00F0C008
00F0178C E8 8FFBFFFF CALL Project1.00F01320
00F01791 90 NOP
00F01792 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] ;获取push参数1
00F01795 0345 0C ADD EAX,DWORD PTR SS:[EBP+C] ;eax + 获取push参数2
00F01798 5F POP EDI ;恢复现场
00F01799 5E POP ESI
00F0179A 5B POP EBX
00F0179B 81C4 C0000000 ADD ESP,0C0
00F017A1 3BEC CMP EBP,ESP
00F017A3 E8 97FAFFFF CALL Project1.00F0123F
00F017A8 8BE5 MOV ESP,EBP
00F017AA 5D POP EBP ;恢复栈底
00F017AB C3 RETN ;函数执行完毕,返回
2)案例
;sdk ;https://masm32.com/download.htm ;Project mouse rigth propertis ;Microsoft Macro Assembler -> General -> Include Paths ;C:\masm32\include ;Linker -> General -> Additional Library Directories ;C:\masm32\lib ;Project mouse right -> Build Dependencies -> Build Customizations ;Project mouse file.asm -> propertis -> item type -> Microsoft Macro Assembler ;vs2022 is error ;masm build ;cmd ;C:\masm32\bin\ml.exe /c /nologo /Zi /Fo"Debug\asm2masm32InputOut.obj" /I "C:\masm32\include" /W3 /coff /Cp /TaD:\asm2masm32InputOut.asm ;cd Project4 ;C:\masm32\bin\link.exe /SUBSYSTEM:CONSOLE /LIBPATH:C:\masm32\lib Debug\asm2masm32InputOut.obj user32.lib kernel32.lib /OUT:asm2masm32InputOut.exe ;or ;*.asm mouse rigth find propertis -> Item type select "Cutom Build Tool" -> In General "Command Line" input ;C:\masm32\bin\ml.exe /c /nologo /Zi /Fo"$(OutDir)\$(FileName).obj" /I "C:\masm32\include" /W3 /Ta"$(ProjectDir)asm2masm32InputOut.asm" ;or finally done change error code ;alrt_eventname WCHAR (EVLEN + 1) dup(?) ;alrt_servicename WCHAR (SNLEN + 1) dup(?) .586 ;Instruction set .MODEL flat,stdcall ; Call convention option casemap:none ; Case-sensitive naming matches Windows API ; Link core Windows libraries include windows.inc include user32.inc include kernel32.inc include msvcrt.inc includelib user32.lib includelib kernel32.lib includelib msvcrt.lib .data szStr byte "Hello World",0 ; Source string szStrSize = ($ - szStr) - 1 ; Calculate valid string length ; Output strings 0ah = newline, 0 = null terminator szBefore db 'Before: Hello World', 0ah ,0 ; String before modification szAfter db 'After : %s', 0ah , 0 ; String after modification format specifier .code _mainCRTStartup PROC _mainCRTStartup ENDP END _mainCRTStartup END _mainCRTStartup其他案例请查看,aes解码,密钥123456789,密文U2FsdGVkX1/Bd4k8ZAij4D8oMKFwS3bBvmalzk3NT7UEJTw7/qemqhDLwG4nl9H9/nO3Xk0Ebmv0W50P9akHkb0F2ubxR31a6lldXh/T1P5UbUFht0mf2SUJwAKMq1bg