|
发表于 2018-6-25 19:34:36
|
显示全部楼层
出于兴趣,那就看看反汇编吧 ^_^
- #include <stdio.h>
- int main(void)
- {
- 00E68FB0 55 push ebp
- 00E68FB1 8B EC mov ebp,esp
- 00E68FB3 81 EC 00 01 00 00 sub esp,100h
- 00E68FB9 53 push ebx
- 00E68FBA 56 push esi
- 00E68FBB 57 push edi
- 00E68FBC 8D BD 00 FF FF FF lea edi,[ebp-100h]
- 00E68FC2 B9 40 00 00 00 mov ecx,40h
- 00E68FC7 B8 CC CC CC CC mov eax,0CCCCCCCCh
- 00E68FCC F3 AB rep stos dword ptr es:[edi]
- 00E68FCE A1 20 70 F1 00 mov eax,dword ptr [__security_cookie (0F17020h)]
- 00E68FD3 33 C5 xor eax,ebp
- 00E68FD5 89 45 FC mov dword ptr [ebp-4],eax
- char str[] = "hello world!";
- 00E68FD8 A1 40 41 EF 00 mov eax,dword ptr [string "hello world!" (0EF4140h)]
- 00E68FDD 89 45 E8 mov dword ptr [str],eax
- 00E68FE0 8B 0D 44 41 EF 00 mov ecx,dword ptr ds:[0EF4144h]
- 00E68FE6 89 4D EC mov dword ptr [ebp-14h],ecx
- 00E68FE9 8B 15 48 41 EF 00 mov edx,dword ptr ds:[0EF4148h]
- 00E68FEF 89 55 F0 mov dword ptr [ebp-10h],edx
- 00E68FF2 A0 4C 41 EF 00 mov al,byte ptr ds:[00EF414Ch]
- 00E68FF7 88 45 F4 mov byte ptr [ebp-0Ch],al
- const unsigned char key = 0xA5; // 密匙
- 00E68FFA C6 45 DF A5 mov byte ptr [key],0A5h
- for(int i = 0; str[i]; ++i)
- 00E68FFE C7 45 D0 00 00 00 00 mov dword ptr [ebp-30h],0
- 00E69005 EB 09 jmp main+60h (0E69010h)
- 00E69007 8B 45 D0 mov eax,dword ptr [ebp-30h]
- 00E6900A 83 C0 01 add eax,1
- 00E6900D 89 45 D0 mov dword ptr [ebp-30h],eax
- 00E69010 8B 45 D0 mov eax,dword ptr [ebp-30h]
- 00E69013 0F BE 4C 05 E8 movsx ecx,byte ptr str[eax]
- 00E69018 85 C9 test ecx,ecx
- 00E6901A 74 17 je main+83h (0E69033h)
- str[i] ^= key; // 用密匙加密
- 00E6901C 0F B6 45 DF movzx eax,byte ptr [key]
- 00E69020 8B 4D D0 mov ecx,dword ptr [ebp-30h]
- 00E69023 0F BE 54 0D E8 movsx edx,byte ptr str[ecx]
- 00E69028 33 D0 xor edx,eax
- 00E6902A 8B 45 D0 mov eax,dword ptr [ebp-30h]
- 00E6902D 88 54 05 E8 mov byte ptr str[eax],dl
- 00E69031 EB D4 jmp main+57h (0E69007h)
- printf("%s\n", str);
- 00E69033 8D 45 E8 lea eax,[str]
- 00E69036 50 push eax
- 00E69037 68 F0 3E EF 00 push offset string "%s\n" (0EF3EF0h)
- 00E6903C E8 5F 2D FF FF call _printf (0E5BDA0h)
- 00E69041 83 C4 08 add esp,8
- for(int i = 0; str[i]; ++i)
- 00E69044 C7 45 C4 00 00 00 00 mov dword ptr [ebp-3Ch],0
- 00E6904B EB 09 jmp main+0A6h (0E69056h)
- 00E6904D 8B 45 C4 mov eax,dword ptr [ebp-3Ch]
- 00E69050 83 C0 01 add eax,1
- 00E69053 89 45 C4 mov dword ptr [ebp-3Ch],eax
- 00E69056 8B 45 C4 mov eax,dword ptr [ebp-3Ch]
- 00E69059 0F BE 4C 05 E8 movsx ecx,byte ptr str[eax]
- 00E6905E 85 C9 test ecx,ecx
- 00E69060 74 17 je main+0C9h (0E69079h)
- str[i] ^= key; // 用密匙解密
- 00E69062 0F B6 45 DF movzx eax,byte ptr [key]
- 00E69066 8B 4D C4 mov ecx,dword ptr [ebp-3Ch]
- 00E69069 0F BE 54 0D E8 movsx edx,byte ptr str[ecx]
- 00E6906E 33 D0 xor edx,eax
- 00E69070 8B 45 C4 mov eax,dword ptr [ebp-3Ch]
- 00E69073 88 54 05 E8 mov byte ptr str[eax],dl
- 00E69077 EB D4 jmp main+9Dh (0E6904Dh)
- printf("%s\n", str);
- 00E69079 8D 45 E8 lea eax,[str]
- 00E6907C 50 push eax
- 00E6907D 68 F0 3E EF 00 push offset string "%s\n" (0EF3EF0h)
- 00E69082 E8 19 2D FF FF call _printf (0E5BDA0h)
- 00E69087 83 C4 08 add esp,8
-
- return 0;
- 00E6908A 33 C0 xor eax,eax
- }
- 00E6908C 52 push edx
- 00E6908D 8B CD mov ecx,ebp
- 00E6908F 50 push eax
- 00E69090 8D 15 BC 90 E6 00 lea edx,ds:[0E690BCh]
- 00E69096 E8 AB 22 FF FF call @_RTC_CheckStackVars@8 (0E5B346h)
- 00E6909B 58 pop eax
- 00E6909C 5A pop edx
- 00E6909D 5F pop edi
- 00E6909E 5E pop esi
- 00E6909F 5B pop ebx
- 00E690A0 8B 4D FC mov ecx,dword ptr [ebp-4]
- 00E690A3 33 CD xor ecx,ebp
- 00E690A5 E8 87 23 FF FF call @__security_check_cookie@4 (0E5B431h)
- 00E690AA 81 C4 00 01 00 00 add esp,100h
- 00E690B0 3B EC cmp ebp,esp
- 00E690B2 E8 CC 12 FF FF call __RTC_CheckEsp (0E5A383h)
- 00E690B7 8B E5 mov esp,ebp
- 00E690B9 5D pop ebp
- 00E690BA C3 ret
复制代码
这是加密部分
- str[i] ^= key; // 用密匙加密
- 00E6901C 0F B6 45 DF movzx eax,byte ptr [key]
- 00E69020 8B 4D D0 mov ecx,dword ptr [ebp-30h]
- 00E69023 0F BE 54 0D E8 movsx edx,byte ptr str[ecx]
- 00E69028 33 D0 xor edx,eax
- 00E6902A 8B 45 D0 mov eax,dword ptr [ebp-30h]
- 00E6902D 88 54 05 E8 mov byte ptr str[eax],dl
- 00E69031 EB D4 jmp main+57h (0E69007h)
复制代码
这是解密部分
- str[i] ^= key; // 用密匙解密
- 00E69062 0F B6 45 DF movzx eax,byte ptr [key]
- 00E69066 8B 4D C4 mov ecx,dword ptr [ebp-3Ch]
- 00E69069 0F BE 54 0D E8 movsx edx,byte ptr str[ecx]
- 00E6906E 33 D0 xor edx,eax
- 00E69070 8B 45 C4 mov eax,dword ptr [ebp-3Ch]
- 00E69073 88 54 05 E8 mov byte ptr str[eax],dl
- 00E69077 EB D4 jmp main+9Dh (0E6904Dh)
复制代码
然后,你发现了什么? ^_^
|
|