injected in a very much way5. Counter-debug technology anti-virtual machine detection Flower Instruction solution IDC Script network data analysis debugging method6. A certain compilation of knowledge1.mov edi,ediis a two-byte NOP, which is the same as NOP in the program.Then why use MOV edi,edi not two NOP?Because NOP CPU clock cycle is longer than with MOV
First, through the anti-assembly language, let's look at the simplest recursive function and the relationship between the stack.How to get anti-assembly language, in Visual Studio 2008, in the debug environment, you can view the post-disassembly languages in debug/windows/disassembly. Now let's take a look at factorial n! The implementationIts C language implementation code is as follows[CPP]View Plaincopy
#include
int factorial (int n);
int main (void)
{
int fact;
Fact = factor
..Parameter Pass Order1. Right-to-left in the stack: __stdcall,__cdecl,__thiscall,__fastcall2. From left to right into the stack: __pascalMain description __stdcall and __cdecl difference1...__stdcall The called function itself is responsible for stack balancing2...__CDECL Call function is responsible for the stack balance of the functionThe __stdcall function itself is responsible for stack balancing *********************////////////////Int__stdcalla (intv1,intxx) {return5;} Intmain () {intt=a
", "O" -- indicates the memory unit "R" -- indicates any register "Q" -- indicates the registers eax, EBX, ECx, one of edX's "I" and "H" -- represents the direct operands "E" and "F" -- represents the floating point "G" -- represents any "A", "B ", "C", "D" -- indicate that registers eax, EBX, ECx, and EDX "S" are required ", "D" -- requires the use of register ESI or EDI "I" -- represents a constant (0-31)
In addition, if an operand requires the sam
The ustring macro in the Dialog. inc file in MASM32 is faulty. As a result, a problem occurs when a Dialog box containing Chinese characters is displayed using a macro related to the Dialog box. The original code is as follows:
; ------------------------------------------------ ; write unicode string at current location in EDI ; ------------------------------------------------ ustring MACRO quoted_text LOCAL asc_txt .data
most cases, \ n is followed by a \ t, where \ n is for line feed, \ t is to empty a tab width space) to separate them. For example:
_ ASM _ ("movl % eax, % EBXSTIPopl % EDISubl % ECx, % EBX ");
_ ASM _ ("movl % eax, % EBX; STIPopl % EDI; subl % ECx, % EBX ");
_ ASM _ ("movl % eax, % EBX; STI \ n \ t popl % EDISubl % ECx, % EBX ");
All are legal statements. If you place the instruction in multiple pair quotation marks, a semicolon (;) or (\ n) must be
commands can only be used in specific registers. For example, the in and out commands are hardware-fixed and can only be used in the eax registers. ECx is used for cyclic counters, and EDI and ESI are used for index commands and string commands. The addressing mode can only be used in specific registers.
The i-386 family has six General registers, eax, EBX, ECx, EDX, EDI, ESI. each register starts with t
], 4 );Move (XX, a [0], 4 );End;
By the way, explain the Pascal source code of move (Windows XP SP2 DELPHI6 + update2 ):
Procedure move (const source; var DEST; count: integer );{$ Ifdef purepascal}VaRS, D: pchar;I: integer;BeginS: = pchar (@ source );D: = pchar (@ DEST );If S = d then exit;If Cardinal (d)> Cardinal (s) Then // essence 1: Be careful, don't overwrite SourceFor I: = count-1 downto 0 doD [I]: = s [I]ElseFor I: = 0 to count-1 doD [I]: = s [I];End;
{$ Else}ASM{-> Eax pointer to sourc
called Based on the address of the System Service stored in this SSDT item. For example, the system service corresponding to the address stored in the KeServiceDescriptorTable [105 h] is called, that is, NtQuerySystemInformation under Ring0.
Differences between Zw and Nt functions in the kernel
Lkd> u ZwQuerySystemInformation
Nt! ZwQuerySystemInformation:
84456c38 b805010000 mov eax, 105 h // put 105 h into Register eax
84456c3d 8d542404 lea edx, [esp + 4]
84456c41 9c pushfd
84456c42 6a08 pus
positive and negative differences;
7. The original pixel is added with the positive difference value minus the negative difference value, and the sharpening is completed.
The following is the USM sharpening code, including the Gaussian fuzzy code (for details about Gaussian blur, see the article 《Delphi Image Processing-Gaussian blur, The following Gaussian fuzzy code is also copied from this article ):
Procedure crossblur (var dest: timagedata; const Source: timagedata; weights: pointer; radiu
First, through the disassembly language, let's take a look at the relationship between the simplest recursive function and the stack.
In Visual Studio 2008 and debug environments, you can view the language after disassembly in debug/Windows/disassembly. Now let's take a look at factorial n! Implementation
The C language implementation code is as follows:
#include
The language after disassembly is as follows:
Main Program
int main(void){00DB1FD0 push ebp 00DB1FD1 mov ebp,esp
at the disassembly below:C code same as above Ubuntu +Bit disassembly:intMain () {804846D: - Push %EBP 804846E: theE5 mov%esp,%EBP 8048470: theE4 f0 and $Xfffffff0,%esp 8048473: theEcTen Sub $0x10,%esp Test (1, 2); 8048476: C7 - - Geneva Geneva xx xxMovl $X2,0x4(%esp)804847D:xx 804847E:c7Geneva - on xx xx xxMovl $X1, (%esp)8048485: E88A FF FF call8048414return 0;804848A:b8xx xx xx xxmov $x0,%eax}intTestintAintb) {8048414: -
of instruction (below) are to assign a value of 0CCCCCCCCh to the memory area of the 48h that was just left out.00401039 Lea edi,[ebp-48h]0040103C mov ecx,12h00401041 mov eax,0cccccccch00401046 Rep stos dword ptr [edi].The next three stack instructions, respectively, Ebx,esi,edi into the stack, which is also part of the "protection scene", these are part of the
MOV Esi,offset @s1MOV Edi,offset @s2MOV ecx,10CldRep Movsd1.Rep Movsd every ecx! =0 executes Movsd, then ecx=ecx-1 movsd move Ds:[si] to Es:[di], in 32-bit assembler can replace the Si,edi with ESI instead of Di
2. at the same time because in general exe DS = ES program starting position so another ESI = offset @s1 can find the variable s1, edi= offset @s2 can f
locate the memory segment Descriptor mov es, ax xor edi, edi mov edi, (up to ten +) //screen 10th, No. 0 column br> mov ah, 0ch //0000: Black bottom 1100: Red word mov al, ' G ' mov [es:edi],ax jmp $nbs P LenOfCode32 equ $-label_code32 ===================================
The approximate meaning of this piece of code is:First in the 16-bit code segment
. section. DataOutput: . ASCII "The processor Vendor ID is ' xxxxxxxxxxxx ' \ n". Section. Text.globl _start_start: MOVL $%eax cpuid # Create a pointer to handle an output variable declared in memory using this pointer # The memory location of the output tag is loaded into the EDI register # contains three registers of the vendor ID string fragment The content of the device is placed in the correct position o
Lea edx,[ebp-14h]0040142b Push edx0040142c push 15h0040142e push 14h00401430 push 13h00401432 call @ILT +15 (Fnnakedcall) (00401014) 00401437 add esp,10h0040143a mov dword ptr [ebp-18h],eax133:You can see that the calling convention conforms to the __CDECL convention, so keep a look:68:69: __declspec (naked) int __cdecl fnnakedcall (int arg1, short arg2, char arg3, void *arg4): {004012d0 push EBP71://1. The value of all
the key to successful business-to-business integration. With Web service, your company can expose critical business applications to designated suppliers and customers. For example, if you expose your electronic billing system and electronic invoice system, your customer can send you a purchase order electronically, and your supplier can send you an electronic invoice to purchase the raw materials. Of course, this is not a new concept: Electronic document interchange (
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.