"Copyright Notice: respect for the original, reproduced please retain the source: blog.csdn.net/shallnet, the article only for learning Exchange, do not use for commercial purposes"the CMPS directive is used to compare string values, and the CMPS directive has three formats: CMPSB, CMPSW, CMPSL. The implied source operand and target operand locations are stored in the ESI and EDI registers, and each time the cmps instruction is executed, the ESI and
).
So the different compilers of different platforms have to be treated differently. The above is the last insufficient supplement.
Here's a look at the array:
test.c Example:
Copy Code code as follows:
void Hello1 ()
{
int a[3]={1,2,3};
int b=a[1];
}
void Hello2 ()
{
int a[3]={1,2,3};
int b=* (a+1);
}
void Hello3 ()
{
int a[3]={1,2,3};
int B=1[a]; Is that right?
}
If you look carefully, the difference between the three functions is that of the
sequence parameter, letting the server know that we expect the next message to be numbered this way. For example, when we receive a message with the sequence property of 836, the next call to wait () is passed to server 837. Server side should now keep the message number 836 on the first, if the client continues to request message No. 836, prove that it last confiscated, this time still send No. 836 messages to it; If the client requests No.
[Debugging environment]: WinXP, Ollydbg1.10C, WinHex, LordPE, UPXAngela, ImportREC
---------------------------------[Shelling Process ]:
In fact, this article is just an Ollydbg version of UPX in "encryption and decryption" 2nd.It is very convenient for Ollydbg1.10C and UPXAngela to remove the upx dll.---------------------------------1. Get the relocated table RVA and OEP
Code :--------------------------------------------------------------------------------003B8100 807C24 08 01 cmp byte ptr ss:
, dword ptr ds: [403236]; the first address of the user name is to esi00401627 8D3D 58324000 lea edi, dword ptr ds: [403258]; place the calculated User Name0040162D B9 0A000000 mov ecx, 0A; ecx = 1000401632 0FBE041E movsx eax, byte ptr ds: [ESI + EBX]; eax = the first character of the user name00401636 99 CDQ00401637 F7F9 idiv ecx; division operation, eax = 122/10 = 12 = ch, edx (remainder) 122% 10 = 200401639 33D3 xor edx, EBX; abnormal or operate ed
Once the original program encounters a 0-byte file, it will be suspended. Here I added the seh error handling code, which perfectly solved the problem!
. 386
. Model flat, stdcall
Option Casemap: None
Include windows. inc
Include user32.inc
Includelib user32.lib
Include kernel32.inc
Includelib kernel32.lib
. Data?
Hfile dd?
Hmapfile dd?
Lpfile dd?
. Const
Szerr DB "is not a valid 32-bit program! ", 0
Szok db "is an executable file! ", 0
Szno DB "failed to open the file! ", 0
Szname DB "D:. EXE
This is even a boring time to track part of Kingsoft Ranger's code, and write the complete code according to the program process with the compilation. Let's be a trainer!
0041ec32/. 55 push EBP; Use EBP to read the stack and find external parameters. Therefore, save EBP first.0041ec33 |. 8bec mov EBP, esp; Use EBP to read the stack, so that ESP is constantly changing0041ec35 |. 51 push ECx0041ec36 |. 56 push ESI0041ec37 |. 57 push EDI; values of the a
will break down the BPX shell_policyicona breakpoint and use F12 to check if the software is called and the parameters are used!
First come to the following:
Here is where the software is called at startup:
* Possible reference to string resource id = 00114: "CCProxy"|: 00408770 6a72 push 00000072: 00408772 51 push ECx: 00408773 c681_f0000000005 mov byte PTR [esp + 000024f4], 05: 0040877b e8c0890100 call 00421140: 00408780 83c408 add ESP, 00000008: 00408783 50 push eax: 00408784 8d4c2414 Lea EC
int goo(int a, int b){return a + b;}void foo(){int a[] = {1, 2, 3};int result = goo(a[1], a[2]);printf("result: %d", result);}
Compile in vs2010
Foo function assembly:
00EB3890 push ebp 00EB3891 mov ebp,esp 00EB3893 sub esp,0E4h 00EB3899 push ebx 00EB389A push esi 00EB389B push edi 00EB389C lea edi,[ebp-0E4h] 00EB38A2 mov ecx,39h
Binary XML has aroused a lot of discussion. One reason is that relatively compact transmission formats are needed, especially for Web Services. The existing ready-to-use solution is compression. This tip illustrates how to use compression to prepare XML files for transmission in Web Services.In the discussion of XML, the view of binary XML has always been heard. Due to its traditional text and the rules required to make international texts more friendly, XML is very lengthy. The equivalent binar
virtual function of the subclass is called through the constructor of the parent class, and this virtual function may fail to access data members of the subclass.
Let's take a look at the compiled code generated by vc7.1 to easily understand this behavior.
This is the c190 constructor:
01 000000fe0 push EBP 02 000000fe1 mov EBP, esp 03 000000fe3 sub ESP, 0cch 04 00426fe9 push EBX 05 00426fea push ESI 06 00426feb push EDI 07 00426fec push
bug correction used in the code, see the article "GDI + for VCL basics-GDI + and VCL". (8.8.18)Data Type:
Type
// Image data structure compatible with the GDI + tbitmapdata Structure
Timagedata = packed record
Width: longword; // The image width.
Height: longword; // Image Height
Stride: longword; // The length of the scanned line of the image in bytes.
Pixelformat: longword; // unused
Scan0: pointer; // image data address
Reserved: longword; // Reserved
End;
Pimagedata = ^ timaged
constant Stack (Stack Space ). Why does tail recursion achieve constant stack space? We use the famous fibonacci series as an example to illustrate this. The implementation method of the fibonacci series is generally like this. int FibonacciRecur (int n) {if (0 = n) return 0; if (1 = n) return 1; return FibonacciRecur (n-1) + FibonacciRecur (n-2);} but note that this implementation method is not tail recursion, because the last action of tail recursion must be called itself, the final action he
parameters are ejected, here is not, really strange!Then we'll track into the dark alley and see what he's done!37:int __stdcall fnstandardcall (int arg1, short arg2, char arg3, void *arg4): {00401200 push ebp00401201 MOV ebp,esp00401203 sub esp,50h00401206 push ebx00401207 push esi00401208 push edi00401209 Lea edi,[ebp-50h]0040120c mov ecx,14h00401211 mov eax,0cccccccch00401216 re P STOs DWORD ptr [Edi
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.