IDA简易教程(6)

来源：网络收集时间：2019-08-28 下载这篇文档手机版

说明：文章内容仅供预览，部分内容可能不全，需要完整文档或者需要复制内容，请下载word后使用。下载word有问题请添加微信号:或QQ：处理（尽可能给您提供完整文档），感谢您的支持与谅解。

TOP

-------------------------------------------------------------------------------------------------------- 第十四节：地址偏移量

IDA也可以重新定义操作数。在下面的例子中，桔黄色的部分显示一个可能存在的参考~

使用Operands 工具栏上的Offset 按钮就可以进行转换。

TOP

--------------------------------------------------------------------------------------------------------------------

第十五节：最终逆向结果

To end this tutorial, we propose you a visual comparison of the original C source code and our final interactively disassembled code. 来look look我们用IDA整理的结果把

struct customer_t { long id;

char name[32]; char sex; }

struct softwares_t { long count;

software_t softs[]; };

; -------------------------------------------------------------

customer_t struc ; (sizeof=0x28) id dd ?

name db 32 dup(?) ; string(C) sex dd ? ; char customer_t ends

; -------------------------------------------------------------

softwares_t struc ; (sizeof=0x4, variable size)

count dd ?

softs software_t 0 dup(?) softwares_t ends

; -------------------------------------------------------------

book_t struc ; (sizeof=0x80) title db 128 dup(?) ; string(C) book_t ends

; -------------------------------------------------------------

software_t struc ; (sizeof=0x24)

info dd ? ; enum software_info_t name db 32 dup(?) ; string(C) software_t ends

; ----------------------------------------

struct book_t { char title[128]; };

struct software_t { software_info_t info; char name[32]; };

union product_u { book_t book; software_t software; };

---------------------

product_u union ; (sizeof=0x80) book book_t ?

software software_t ? product_u ends

; -------------------------------------------------------------

product_t struc ; (sizeof=0x88) id dd ?

category dd ? ; enum product_category_t p product_u ? product_t ends

struct product_t { long id;

product_category_t category;

product_u p; };

; ----------------------------------------enum product_category_t { --------------------- BOOK, ; enum product_category_t SOFTWARE, BOOK = 0 HARDWARE SOFTWARE = 1 }; HARDWARE = 2

; ----------------------------------------struct software_info_t { --------------------- unsigned int ; enum software_info_t (bitfield) plateform : 2;

#define PC 0x1 PC = 1 // 0x01 MAC = 2 #define MAC 0x2 // 0x02 WINDOWS = 4 unsigned int os : 3; DOS = 8 #define WINDOWS 0x1 OS_X = 10h // 0x04 category = 60h #define DOS 0x2 DISASSEMBLY = 20h // 0x08 RECOVERY = 40h #define OS_X 0x4 CRYPTOGRAPHY = 60h // 0x10 unsigned int category : 2;

#define DISASSEMBLY 0x1 // 0x20

#define RECOVERY 0x2

// 0x40

#define CRYPTOGRAPHY 0x3 // 0x60 };

; +------------------------------------------------------------+

; |This file is generated by The Interactive Disassembler (IDA)|

; | Licensed to: Eric |

; +------------------------------------------------------------+ ;

; File Name :

C:\\IDA\\Presentations\\Data\\data.exe

; Format : Portable executable for IBM PC (PE)

; Section 1. (virtual address 00001000) ; Virtual size : 00009000 ( 36864.)

; Section size in file : 00008E00 ( 36352.)

; Offset to raw data for section: 00000600 ; Flags 60000020: Text Executable Readable ; Alignment : 16 bytes ?

unicode macro page,string,zero irpc c, db '&c', page endm

ifnb dw zero endif endm

model flat

; --------------------------------------------------------------

; Segment type: Pure code

; Segment permissions: Read/Execute _text segment para public 'CODE' use32 assume cs:_text ;org 401000h

; [COLLAPSED AREA .text1. PRESS KEYPAD \TO EXPAND]

int

check_software(software_info_t

software_info) {

bool valid = true; if

(software_info.plateform & PC) {

if (!

(software_info.plateform & MAC)

(software_info.os & OS_X))

valid = false; }

; ||||||||||||||| S U B R O U T I N E ||||||||||||||||||||||||||

; Attributes: bp-based frame

; int __cdecl

check_software(software_info_t software_info)

check_software proc near ; CODE XREF: main+108p

software_info= byte ptr 8 push ebp

mov ebp, esp mov al, 1

mov dl, [ebp+software_info] and edx, PC or MAC test dl, PC

jz short not_PC

mov cl, [ebp+software_info] and ecx, PC or MAC test cl, MAC jnz short end

mov dl, [ebp+software_info] shr edx, 2

and edx, (WINDOWS or DOS or OS_X) >> 2 test dl, OS_X >> 2 jz short end xor eax, eax jmp short end

; --------------------------------------------------------------

not_PC: ; CODE XREF:

百度搜索“77cn”或“免费范文网”即可找到本站免费阅读全部范文。收藏本站方便下次阅读，免费范文网，提供经典小说教育文库IDA简易教程(6)在线全文阅读。

IDA简易教程(6).doc 将本文的Word文档下载到电脑，方便复制、编辑、收藏和打印下载失败或者文档不完整，请联系客服人员解决！

下载这篇word文档

本文链接：https://www.77cn.com.cn/wenku/jiaoyu/688581.html（转载请注明文章来源）

上一篇：九九乘法口诀练习题（A4打印版）
下一篇：高频课设--调频发射机 - 图文