马上注册,结交更多好友,享用更多功能^_^
您需要 登录 才可以下载或查看,没有账号?立即注册
x
本帖最后由 sirliu 于 2011-5-1 17:48 编辑
原帖地址目录
bbs.pediy.c o m/showpost.php?p=514657&postcount=4
作 者: kanghtta
我手动COPY整理出来的:
文本量很大,发布不了(进发布部分供预览),直接上附件....
【翻译】Win32asm tutorial.rar
(163.26 KB, 下载次数: 77)
Tutorial 2: MessageBox
第二课:消息框
________________________________________
In this tutorial, we will create a fully functional Windows program that displays a message box saying "Win32 assembly is great!".
在这一课,我们将要创建一个完整的windows窗口程序用来弹出一个消息框并显示“Win32 assembly is great!”
Download the example file here.
从这里下载这个例子文件
Theory:
原理:
Windows prepares a wealth of resources for Windows programs. Central to this is the Windows API (Application Programming Interface). Windows API is a huge collection of very useful functions that reside in Windows itself, ready for use by any Windows programs. These functions are stored in several dynamic-linked libraries (DLLs) such as kernel32.dll, user32.dll and gdi32.dll. Kernel32.dll contains API functions that deal with memory and process management. User32.dll controls the user interface aspects of your program. Gdi32.dll is responsible for graphics operations. Other than "the main three", there are other DLLs that your program can use, provided you have enough information about the desired API functions.
Windows 为窗口程序准备了大量的资源,Windows API (应用程序接口)是其中最重要的一种。Windows API是一个宠大的非常有用的函数集合,这些函数驻留在windows内部,并且时刻准备着被windows程序调用。这些函数被存储在几个动态链接库中(dlls )如kernel32.dll, user32.dll and gdi32.dll。 kernel32.dll包含的API函数用来处理内存和进程管理。User32。dll 控制并管理用户程序的界面外观。Gdi32。dll 为图形操作负责。除了这三个主要的,你也可以在程序中用其他的DLLS 假如你有足够的信息来描述这些API 函数。
Windows programs dynamically link to these DLLs, ie. the codes of API functions are not included in the Windows program executable file. In order for your program to know where to find the desired API functions at runtime, you have to embed that information into the executable file. The information is in import libraries. You must link your programs with the correct import libraries or they will not be able to locate API functions.
Windows 程序在执行的动态链接这些dlls 文件,动态链接库里的API函数代码并不真正的包含在windows 程序的可执行文件中。 为了让你的程序在运行时知道在那儿能找到它想要的API函数。这些信息被输入到程序库文件中。你必须将你的程序和输入库文件准确的连接,否则它们将不能当作局部API函数使用。
When a Windows program is loaded into memory, Windows reads the information stored in the program. That information includes the names of functions the program uses and the DLLs those functions reside in. When Windows finds such info in the program, it'll load the DLLs and perform function address fixups in the program so the calls will transfer control to the right function.
当一个WINDOWS程序被装进内存的时候,windows操作系统读这存储在这个程序中的信息。这些信息包括程序使用的函数名和这些函数驻留在那些dll 中,当windows操作系统在程序中找到了这些信息,windows将 装入这个dll 并且修正函数的执行地址,这样在调用时才能正确的将控制权转移到函数内部。
There are two categories of API functions: One for ANSI and the other for Unicode. The names of API functions for ANSI are postfixed with "A", eg. MessageBoxA. Those for Unicode are postfixed with "W" (for Wide Char, I think). Windows 95 natively supports ANSI and Windows NT Unicode.
We are usually familiar with ANSI strings, which are arrays of characters terminated by NULL. ANSI character is 1 byte in size. While ANSI code is sufficient for European languages, it cannot handle several oriental languages which have several thousands of unique characters. That's why UNICODE comes in. A UNICODE character is 2 bytes in size, making it possible to have 65536 unique characters in the strings.
But most of the time, you will use an include file which can determine and select the appropriate API functions for your platform. Just refer to API function names without the postfix.
这里有两种类别的API函数:一种是ANSI (美国国家标准协会)另一种是统一字符编码标准。ANSI标准的API函数名字后缀是A 如:MessageBoxA 。而Unicode的后缀是 W (因为是宽字符,我认为),windows95 天然的支持ANSI和Windows NT支持 Unicode.我们通常熟悉的是ANSI字串串是以NULL为结束符的字符数组。ANSI字符占一个字节。虽然ANSI编码对于欧洲语言来说已经足够。但对于有几千个唯一字符的东方语言体系而言,就只能用UNICODE了。一个unicode占两个字节。这样就可以在一个字串中表示65546个unicode字符了。
但是大多数时候,你将用以个include文件就能为你的平台确定并选择适当的API函数。不过访问的API函数已经没有后缀。
{
实际上是在定义 .h 头文件时,我们用了预处理命令来告诉编译器应该选择那种类别的API函数 如:
#ifdef UNICODE
#define foo() fooW()
#else
#define foo() fooA()
#endif
}
Example:
I'll present the bare program skeleton below. We will flesh it out later.
我将在下面介绍一个空的程序框架,稍后,我们再充实它。
.386
.model flat, stdcall
.data
.code
start:
end start
The execution starts from the first instruction immediately below the label specified after end directive. In the above skeleton, the execution will start at the first instruction immediately below start label. The execution will proceed instruction by instruction until some flow-control instructions such as jmp, jne, je, ret etc is found. Those instructions redirect the flow of execution to some other instructions. When the program needs to exit to Windows, it should call an API function, ExitProcess.
可执行文件从END后面那个标号指定的第一条指令处开始执行。在上面的框架中,可执行文件将立即起始于START标号后的第一条指令,然后顺序地执行后续指令直到如 JMP, JNE,JE,这样一些控制跳转指令被发现。这些指令将使程序将执行控制权转移给其它指令。 (即,跳到跳转指令后面的指令处执行)当一个程序需要退出WINDOWS时 ,它应该调用Exitprocess 这个API函数
.................
|