今天晚上做的,文字就不写了,没什么技术含量,免得被人拍砖,源代码和反汇编代码附上
lea ebx, [esp+38h+var_28]
lea edi, [esp+38h+var_20] 这两处应该是ESP+38代表了一个堆栈地址,+28H应该是代表了这个地址的起始大小,下面那个add ebx, 2 和add edi, 8是它们的内容+2和 +8
这两个寄存器里面存放的是Address,所以是地址+2和+8
代码:
.text:00401000 83 EC 28 sub esp, 28h ; ESP=128,ESP-28=100 .text:00401003 53 push ebx ; ESP-4,100-4=96 .text:00401004 55 push ebp ; ESP-8,100-8=92 .text:00401005 56 push esi ; ESP-C,100-C=88 .text:00401006 57 push edi ; ESP-F,100-F=84 .text:00401007 68 5C 70 40 00 push offset aDouble ; "double" .text:0040100C 68 54 70 40 00 push offset aShort ; "short" .text:00401011 68 48 70 40 00 push offset a23s10s ; "%23s %10s\n" .text:00401016 E8 45 00 00 00 call printf .text:0040101B 83 C4 0C add esp, 0Ch ; renew wareroom,72+12=84,now wareroom originate address be EDI pointer of address .text:0040101E 33 F6 xor esi, esi ; esi zero .text:00401020 8D 5C 24 10 lea ebx, [esp+38h+var_28] ; Load ESP+38h+28,This We Can Conceive Is Load ESP+38 of Store Address,at+28 Of Offset Address .text:00401024 8D 7C 24 18 lea edi, [esp+38h+var_20] ; Load ESP+38H+20,This Me Can Conceive Is Load ESP+38 Of AnotherSide Address,Endure Look Next .text:00401028 BD 04 00 00 00 mov ebp, 4 ; EBP Load Constant 4 .text:0040102D .text:0040102D loc_40102D: ; CODE XREF: _main+45j .text:0040102D 57 push edi ; EDI Enter Corral ESP-4,84-4=80 .text:0040102E 53 push ebx ; EBX Enter Corral ESP-8, 84-8=76 .text:0040102F 56 push esi ; ESI Enter Corral ESP-C,84-C=72 .text:00401030 68 30 70 40 00 push offset aPointerD10p10p ; "pointer +%d: %10p %10p\n" .text:00401035 E8 26 00 00 00 call printf ; CALL Printf Function .text:0040103A 83 C4 10 add esp, 10h ; Resume Corral .text:0040103D 46 inc esi ; Inc ESI ESI Now Is ESI+1 .text:0040103E 83 C7 08 add edi, 8 ; Just Is Use Lea Load Into EDI Address,Add EDI+8 Equal EDI Address+8 .text:00401041 83 C3 02 add ebx, 2 ; Ditto .text:00401044 4D dec ebp ; Ebp-1 .text:00401045 75 E6 jnz short loc_40102D ; Unknown Not Learned How This .text:00401047 5F pop edi .text:00401048 5E pop esi .text:00401049 5D pop ebp