马上注册,结交更多好友,享用更多功能^_^
您需要 登录 才可以下载或查看,没有账号?立即注册
x
本帖最后由 kangels 于 2013-3-19 10:23 编辑 7 _1 Q W8 E/ i. z
: Q7 d; R$ G/ V! ^: w" {丢失的类型信息5 x) T4 T: K. Y% }7 B
猜测
- N( }( z( Z4 m指针变量应该存储两方面的信息:地址,类型信息, O9 q0 U a. a# R4 g( `9 J( i
& _7 }5 h( I7 \2 Y. f
实证
* U/ P- g4 H& R+ g `; i; N用sizeof(),float *,int*,double *....都是4字节没有存储类型信息只有地址信息9 u% r+ ^* v0 _7 K3 q: p
反汇编一段代码来看看/ J, S$ x& T Z! @+ ?( T
实例1:
3 q o1 ~" ]' f#include <stdio.h> int gi; int * pi; void main(int argc, char **argv) { pi = &gi; *pi = 12; } 1: #include <stdio.h> 2: int gi; 3: int * pi; 4: void main(int argc, char **argv) 5: { 00411370 push ebp 00411371 mov ebp,esp 00411373 sub esp,0C0h 00411379 push ebx 0041137A push esi 0041137B push edi 0041137C lea edi,[ebp+FFFFFF40h] 00411382 mov ecx,30h 00411387 mov eax,0CCCCCCCCh 0041138C rep stos dword ptr es:[edi] 6: pi = &gi; 0041138E mov dword ptr ds:[00417140h],417144h 7: *pi = 12; 00411398 mov eax,dword ptr ds:[00417140h] 0041139D mov dword ptr [eax],0Ch 8: } 004113A3 xor eax,eax 004113A5 pop edi 004113A6 pop esi 004113A7 pop ebx 004113A8 mov esp,ebp 004113AA pop ebp 004113AB ret 3 \3 ^6 t: A* w/ Q, J4 Q/ o
^' `" t+ s) h n: U% C/ ?9 {实例2:
1 ]$ {7 ~1 b0 K3 T) B#include <stdio.h> short gs; short * ps; void main(int argc, char **argv) { ps = &gs; *ps = 12; }
# H. c( R7 d0 H% @; k) M) H6 | 1: #include <stdio.h> 2: short gs; 3: short * ps; 4: void main(int argc, char **argv) 5: { 00411370 push ebp 00411371 mov ebp,esp 00411373 sub esp,0C0h 00411379 push ebx 0041137A push esi 0041137B push edi 0041137C lea edi,[ebp+FFFFFF40h] 00411382 mov ecx,30h 00411387 mov eax,0CCCCCCCCh 0041138C rep stos dword ptr es:[edi] 6: ps = &gs; 0041138E mov dword ptr ds:[00417140h],417144h 7: *ps = 12; 00411398 mov eax,0Ch 0041139D mov ecx,dword ptr ds:[00417140h] 004113A3 mov word ptr [ecx],ax 8: } 004113A6 xor eax,eax 004113A8 pop edi 004113A9 pop esi 004113AA pop ebx 004113AB mov esp,ebp 004113AD pop ebp 004113AE ret # b: U0 L$ e5 K3 k, D& j: {2 b
6 F9 L: v) j" p& o- V6 J+ V% @实例3:/ U# q D, r% l" q: [' @$ X
#include <stdio.h> char gc; char * pc; void main(int argc, char **argv) { pc = &gc; *pc = 12; }
' k2 c' _* v3 A' ~, K# O9 C4 q8 G# |2 p 1: #include <stdio.h> 2: char gc; 3: char * pc; 4: void main(int argc, char **argv) 5: { 00411370 push ebp 00411371 mov ebp,esp 00411373 sub esp,0C0h 00411379 push ebx 0041137A push esi 0041137B push edi 0041137C lea edi,[ebp+FFFFFF40h] 00411382 mov ecx,30h 00411387 mov eax,0CCCCCCCCh 0041138C rep stos dword ptr es:[edi] 6: pc = &gc; 0041138E mov dword ptr ds:[00417140h],417144h 7: *pc = 12; 00411398 mov eax,dword ptr ds:[00417140h] 0041139D mov byte ptr [eax],0Ch 8: } 004113A0 xor eax,eax 004113A2 pop edi 004113A3 pop esi 004113A4 pop ebx 004113A5 mov esp,ebp 004113A7 pop ebp 004113A8 ret
9 p" e5 G% u3 L7 G6 m
: b! l; k/ l9 d" ~1 W9 W可以看出指针的类型信息决定了赋值/读取时读/写多少个字节。
" j- L# v# Z# x* V. m3 h读/写多少字节的信息不是存放在指针变量中,而是放到了与该地址相关的赋值指令中。
/ E" m3 h, ~3 V, a' y6 q9 ?0 M | 
( 粤ICP备18085999号-1 | 粤公网安备 44051102000585号)
狗仔卡
发表于 2013-3-12 20:59:39
置顶卡
千斤顶
显身卡
貌似很高深的反汇编
楼主
; b* e$ \; |2 ?0 F7 g$ i$ d