convert the value in Edx:eax to a decimal output form string, which is familiar, as in the previous example!; For example: edx=0,eax=01234567h, the converted string is:; -> ' 19088743 ', 0OUTEDXEAX proc uses ebx esi edi,lpstringMOV edi,lpstring points to the address where the results are storedMOV esi,lpstringmov ecx,10 converted into decimal. While eax!=0 | | Edx!=0Push EAXMOV Eax,edxXOR Edx,edxdiv ECXMOV
: Manual construction Stack Practice-How to manually construct the call stack ============ first illustrate the characteristics of the stack with a few pictures to help you understand. 1. Stack to low address growth. 2. Press the data into the stack, in the case of the stack. 3. Read the full textView the command summary for the disassembly code of the function in windbg: Command ========== U. U $ip the two commands above are the same effect, and disassemble the 8 commands on the current $IP add
simple.The main function first calls ProcCommandLine () to analyze the command line, obtain the Service Group to be started, and then calls SvcHostOptions () to query the options of the Service Group and all services of the Service Group, use a Data Structure svcTable to save the DLL of these services and their services, call the PrepareSvcTable () function to create the SERVICE_TABLE_ENTRY structure, and direct all processing functions SERVICE_MAIN_FUNCTION to one of your own functions FuncSer
Article Title: linux memory management initialization. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
ENTRY (startup_32)
/*
* Set segments to known values.
*/
Cld
Lgdt boot_gdt_descr-_ PAGE_OFFSET/* set the segment register */
Movl $ (_ BOOT_DS), % eax
Movl % eax, % ds
Movl % eax, % es
Movl % eax, % fs
Movl % eax, % gs
/*
* Clear BSS first so that there are
data members of the subclass.Let's take a look at VC7.1The generated assembly code can easily understand this behavior.This is the C190 constructor:01 00426FE0 push ebp 02 00426FE1 mov ebp,esp 03 00426FE3 sub esp,0CCh 04 00426FE9 push ebx 05 00426FEA push esi 06 00426FEB push edi 07 00426FEC push ecx 08 00426FED lea edi,[ebp+FFFFFF34h] 09 00426FF3 mov ecx,33h 10 00426FF8 mov eax ,0CCCCCCCCh 11 00426FFD rep
push edi
00402099 lea edi, [ebp-40h]
0040209C mov ecx, 10 h
004020A1 mov eax, 0 CCCCCCCCh
004020A6 rep stos dword ptr [edi]
252: return 0;
004020A8 xor eax, eax
253 :}
004020AA pop edi
004020AB pop esi
004020AC pop ebx
004020AD mov esp, ebp
004020AF pop ebp
004020B0 ret
250: static int process ()
251 :{
00402090 push
issue CCDebuger has been very clear. If you have any questions, read the article. We directly open the RUN trace, add the "entry to all function processes", and return to the "Check" button in the program. In this case, open the RUN trace record in OllyDBG to find the key location, then you can break down at this position. The program is broken here.004010E2 |. 8BFE mov edi, ESIUser name is sent to edi004010E4 |. 03F8 add
It turns out that there have been checksum-related cracking on the internet. I will interview the checksum compilation code and the vb version for cracking.Currently, I am using the checksum code of vb.Assembly Code of checksum:GOOGLECHECK proc nearVar_8 = dword ptr-8Var_4 = dword ptr-4Url_offset = dword ptr 8Url_length = dword ptr 0ChMagic_dword = dword ptr 10 hPush ebpMov ebp, espPush ecxPush ecxMov eax, [ebp + url_length]Cmp eax, 0ChPush ebxPush esiMov esi, [ebp + magic_dword]; = 0xE6359A60Pu
to the string lengthAdd ECx, Len // Add the character LengthINC ECxAdd ECx, 4 // Add the original entry RVA ValueAdd ECx, 4 // Add four bytes of the getmodulhand addressMoV dword ptr [ESI + 28 h], ECxLea ESI, ChaoMoV EDI, dword ptr [eax + 14 H]Add EDI, imagebaseMoV ECx, LenINC ECxClDRep movs byte PTR [EDI], byte PTR [esi]Lea ESI, address // address for writing g
temporary base address in the item bar where the person involved is located.0dd97468, search for this address to get several codes to monitor the access respectively. Move the mouse to change the person's character to get the code:0076b9d1-3B 3D 64811003-cmp edi, [03108164]0076b9d7-75 2a-JNE 0076ba030076b9d9-8B 84 B7 04040000-mov eax, [EDI + ESI * 4 + 00000404]Obviously [
Tags: OS SP Div code BS as method simple functionSTOs includes stosb stosw stosd. The registers involved are eax and EDI. The functions are as follows: stosb copies values in Al to byte ptr es: [EDI, at the same time, EDI ++ stosw copies the value in ax to word ptr es: [EDI], and E
in the operation, such as Movl $foo,%eax equivalent to Intel's mov eax, word ptr foo
Long jumps and calls are different in format, att for ljmp $section, $offset, while Intel is JMP Section:offset
The main difference is these, the other details are many, here is a concrete example to illustrate
#cpuid. S Sample Program
. Section. Data
Output
. ASCII "The processor vendor ID is ' xxxxxxxxxxxx '/n '
. section. Text
. globl _start
_start:
MOVL $,%eax
Cpuid
MOVL $output,%
ptr [ebp-4]14.013b1059 Add Eax,esi15.013b105b Add Eax,edx16.013B105D mov edx,dword ptr [__imp_std::endl (13B204CH)]17.013b1063 Add Ecx,eax//The top 3 Add instructions add Ebx,ecx,edx,edi to ECX, that is, the ECX is the cumulative result
Visible compiler generated code is the best code, eliminate the intermediate variable i, reduce the number of cycles, eliminate the CPU can not be disorderly execution of the factors.
BTW:
One might have a question: i
loadRetDllentry ENDP
To convert the value in Edx:eax to a decimal output form string, which is familiar, as in the previous example!OUTEDXEAX proc \; For example: edx=0,eax=01234567h, the converted string is:Uses ebx esi edi,lpstring; -> ' 19088743 ', 0mov edi,lpstring; point to address where results are storedMOV esi,lpstring
mov ecx,10; convert to Decimal. While eax!=0 | | Edx!=0Push EAXMOV Eax,edxXOR
1 parameter passing (default calling convention)
Use VC6.0 to create a new empty console application, create a new source file Main.c, write the following code, pay attention to debug compile, do not use release, lest the code by VC optimization, disassembly does not correspond.
int addint (int a, int b)
{
int c = a+b;
return c;
}
int main ()
{
int x = AddInt (1, 3);
return 0;
}
In the main function into the braces down, press F5 run, the program is broken, then press the combination of
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.