Reverse Assembly _ ifelse statement Disassembly

Reverse Assembly _ ifelse statement Disassembly

By: for example

Chapter 5 reverse disassembly, ifelse statement disassembly:
Sample Code:

 

 1  #include"stdio.h" 2 int function(int a,int b) 3 { 4     int c=a+b; 5      6     if(c>0&&c<10) 7     { 8         printf("c>0"); 9     }10     else if(c>10&&c<100)11     {12         printf("c>10&&c<100");13     }14     else15     {16         printf("c>10&&c<100");17     }18     return c;19 }20 void main()21 {22     function(1,2);23 }

Disassembly result:

1 #include "stdio.h"2 3 int function(int a,int b)4 {

00e12fe0 push EBP 00e12fe1 mov EBP, ESP 00e12fe3 sub ESP, 0cch 00e12fe9 push EBX 00e12fea push ESI 00e12feb push EDI 00e12fec Lea EDI, [ebp-0CCh] 00e12ff2 mov ECx, 33 H 00e12ff7 mov eax, 0 cccccccch 00e12ffc rep STOs dword ptr es: [EDI]; start allocating 33 4-byte space, locate EDI, EDI is from [ebp-0CCh], locate buffer header and initialize to CC, 

1   int c=a+b;

00e12ffe mov eax, dword ptr [a] variable A is put into eax, 00e13001 add eax, dword ptr [B]; variable B is added with variable, the result is put into eax00e13004 mov dword ptr [c], eax; variable C is equal to variable A + variable B, equal to C = A + B;
 

1 if(c>0&&c<10)

00e13007 cmp dword ptr [c], 0 00e1300b jle Function + 4ch (0e1302ch); compare whether variable C is greater than or equal to 0, 00e1300d cmp dword ptr [c], 0ah; compare whether variable C is less than or equal to 0x0a (hexadecimal) 00e13011 jge Function + 4ch (0e1302ch)

 

1 {2      printf("c>0");

00e13013 mov ESI, esp; if it is greater than 0 and less than or equal to 0x0a (hexadecimal)

00e13015 push offset string "C> 0" (0e1573ch); call the printf function and output the character "C> 0 ", otherwise, jump to 0x00e1302ch00e1301a call dword ptr [_ imp _ printf (0e182b8h)] 00e13020 add ESP, 4 00e13023 cmp esi, esp 00e13025 call @ ILT + 315 (_ rtc_checkesp) (0e11140h) 00e1302a JMP Function + 88 h (0e13068h)

 

1  {2      printf("c>10&&c<100");

00e13038 mov ESI, ESP

00e1303a push offset string "C> 10 & C <100" (0e157a0h); if it is greater than 0x0a (hexadecimal) and less than or equal to 0x64 h (hexadecimal) 00e1303f call dword ptr [_ imp _ printf (0e182b8h)]; call the printf function and output the character "C> 10 & C <100 ", otherwise, the system will jump to 00e13051h at 0x00e13045 add ESP, 4 00e13048 cmp esi, esp 00e1304a call @ ILT + 315 (_ rtc_checkesp) (0e11140h)

 

1  }    else

00e1304f JMP Function + 88 h (0e13068h)

 

 {     printf("c>10&&c<100");

00e13051 mov ESI and ESP; if none of the above conditions is met, call the printf function directly. 00e13053 push offset string "C> 10 & C <100" (0e157a0h ); note that after the comparison function is executed, there will be a JMP command. If the jump address of the JMP command is below, it will be the if else statement. If the jump goes up, this is a while statement. Do while statement 00e13058 call dword ptr [_ imp _ printf (0e182b8h)] 00e1305e add ESP, 4 00e13061 cmp esi, ESP 00e13063 call @ ILT + 315 (_ rtc_checkesp) (0e11140h)

1    }2     return c;

00e13068 mov eax, dword ptr [c]} 00e1306b pop EDI primary pop ESI 00e1306d pop EBX 00e1306e add ESP, 0cch 00e13074 cmp ebp, esp 00e13076 call @ ILT + 315 (_ rtc_checkesp) (0e11140h) 00e1307b mov ESP, EBP 00e1307d pop EBP

00e1307e RET

 

 

 

 

Damn typographical, annoying