甲鱼哥帮忙分析一下这个函数
Disassembly of public: virtual unsigned int __thiscall PakInterface::FRead (0x101047E0); Section: .text
;= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
; EXP: public: virtual unsigned int __thiscall PakInterface::FRead(void *,int,int,struct PFILE *) - ?FRead@PakInterface@@UAEIPAXHHPAUPFILE@@@Z (626)
0x101047E0: 8B442410 MOV EAX,DWORD PTR
0x101047E4: 8B08 MOV ECX,DWORD PTR
0x101047E6: 85C9 TEST ECX,ECX
0x101047E8: 8B542408 MOV EDX,DWORD PTR
0x101047EC: 0F8481000000 JZ 0x10104873 ; (*+0x87)
0x101047F2: 0FAF54240C IMUL EDX,DWORD PTR
0x101047F7: 8B4004 MOV EAX,DWORD PTR
0x101047FA: 53 PUSH EBX
0x101047FB: 55 PUSH EBP
0x101047FC: 56 PUSH ESI
0x101047FD: 8B712C MOV ESI,DWORD PTR
0x10104800: 2BF0 SUB ESI,EAX
0x10104802: 3BD6 CMP EDX,ESI
0x10104804: 57 PUSH EDI
0x10104805: 8BDA MOV EBX,EDX
0x10104807: 7C02 JL 0x1010480B ; (*+0x4)
0x10104809: 8BDE MOV EBX,ESI
0x1010480B: 8B5128 MOV EDX,DWORD PTR ; <==0x10104807(*-0x4)
0x1010480E: 8B09 MOV ECX,DWORD PTR
0x10104810: 8B4908 MOV ECX,DWORD PTR
0x10104813: 8B2D0C851A10 MOV EBP,DWORD PTR ; .data: ; .text:0xB8 0x0C 0x6E 0x13
0x10104819: 03CA ADD ECX,EDX
0x1010481B: 03C8 ADD ECX,EAX
0x1010481D: 03C2 ADD EAX,EDX
0x1010481F: 99 CDQ
0x10104820: F7FD IDIV EBP
0x10104822: 85DB TEST EBX,EBX
0x10104824: 8B742414 MOV ESI,DWORD PTR
0x10104828: 8BFA MOV EDI,EDX
0x1010482A: 7E32 JLE 0x1010485E ; (*+0x34)
0x1010482C: 895C241C MOV DWORD PTR ,EBX
0x10104830: 8BC7 MOV EAX,EDI ; <==0x1010485C(*+0x2C)
0x10104832: 99 CDQ
0x10104833: F7FD IDIV EBP
0x10104835: 833D10851A1010 CMP DWORD PTR ,0x10; .data: ; .text:0xB8 0x0C 0x6E 0x13
0x1010483C: A1FC841A10 MOV EAX,DWORD PTR ; .data: 0x1011A4E0 ; .text:0xB8 0x0C 0x6E 0x13
0x10104841: 7305 JAE 0x10104848 ; (*+0x7)
0x10104843: B8FC841A10 MOV EAX,0x101A84FC ; .data: 0x1011A4E0 ; .text:0xB8 0x0C 0x6E 0x13
0x10104848: 8A1410 MOV DL,BYTE PTR ; <==0x10104841(*-0x7)
0x1010484B: 3211 XOR DL,BYTE PTR
0x1010484D: 8B44241C MOV EAX,DWORD PTR
0x10104851: 46 INC ESI
0x10104852: 8856FF MOV BYTE PTR ,DL
0x10104855: 47 INC EDI
0x10104856: 41 INC ECX
0x10104857: 48 DEC EAX
0x10104858: 8944241C MOV DWORD PTR ,EAX
0x1010485C: 75D2 JNZ 0x10104830 ; (*-0x2C)
0x1010485E: 8B442420 MOV EAX,DWORD PTR ; <==0x1010482A(*-0x34)
0x10104862: 015804 ADD DWORD PTR ,EBX
0x10104865: 5F POP EDI
0x10104866: 8BC3 MOV EAX,EBX
0x10104868: 5E POP ESI
0x10104869: 99 CDQ
0x1010486A: F77C2410 IDIV DWORD PTR
0x1010486E: 5D POP EBP
0x1010486F: 5B POP EBX
0x10104870: C21000 RET 0x10
;
0x10104873: 8B4008 MOV EAX,DWORD PTR ; <==0x101047EC(*-0x87)
0x10104876: 8B4C240C MOV ECX,DWORD PTR
0x1010487A: 50 PUSH EAX
0x1010487B: 8B442408 MOV EAX,DWORD PTR
0x1010487F: 51 PUSH ECX
0x10104880: 52 PUSH EDX
0x10104881: 50 PUSH EAX
0x10104882: FF1538C21110 CALL DWORD PTR ; (0x1011C238)
0x10104888: 83C410 ADD ESP,0x10
0x1010488B: C21000 RET 0x10
0x1010488E: CC INT
0x1010488F: CC INT
这是个静态反汇编出来的函数
看得懂的朋友能不能说说这个函数的算法
给小弟指点迷津
int nid=0;
int f_read(char* thePtr, int theElemSize, int theCount,FILE* fp)
{
int nread = fread(thePtr, theElemSize, theCount, fp);
const char *pKey = "#$#SDFSF$%$%QAqw";
int nLen=strlen(pKey);
int nsize = theElemSize*theCount;
for (int i=0;i<nsize;i++)
{
thePtr = thePtr ^ pKey;
nid++;
if (nid==nLen)
{
nid=0;
}
}
return nread;
}大致被我折腾出来了,用了od这里整整,那里看看
谢谢甲鱼哥的视频
小弟弟先谢了 求教下,哥们,你咋看懂的,我咋看的眼晕!看懂这个都要学会啥:sweat: ~逆天~ 发表于 2013-12-9 16:55 static/image/common/back.gif
求教下,哥们,你咋看懂的,我咋看的眼晕!看懂这个都要学会啥
用OD调试的啊,看看甲鱼哥的视频就行了啊,主要是甲鱼哥讲得确实不错,功德无量 我是说:你怎么能看着反汇编分析出的C语言,这需要什么功力啊? 用od调试运行的,哈哈,看寄存器,内存,cpu 小甲鱼哪个课程,第几章讲的这个? 汇编语言,从头开始耐心听吧,还有od使用也有相关的视频的 帮你顶个贴 确实讲得不错,目前仍在观看中,没什么结果,但仍在努力中
页:
[1]