// 流程控制语句反汇编 //Author:乾卦 Date:2014-5-8 #include<stdio.h> int main() { int a=1,b=10; if(a>b) { a=b; } a=2; b=11; return 0; } //if语句的反汇编 #include<stdio.h> int main() { 000000013F711010 push rdi 000000013F711012 sub rsp,10h 000000013F711016 mov rdi,rsp 000000013F711019 mov ecx,4 000000013F71101E mov eax,0CCCCCCCCh 000000013F711023 rep stos dword ptr [rdi] int a=1,b=10; 000000013F711025 mov dword ptr [rsp],1 000000013F71102C mov dword ptr [b],0Ah if(a>b) 000000013F711034 mov eax,dword ptr [b] 000000013F711038 cmp dword ptr [rsp],eax //如果a<=b 则跳过语句块 000000013F71103B jle main+34h (013F711044h) { a=b; 000000013F71103D mov eax,dword ptr [b] 000000013F711041 mov dword ptr [rsp],eax } a=2; 000000013F711044 mov dword ptr [rsp],2 b=11; 000000013F71104B mov dword ptr [b],0Bh return 0; 000000013F711053 xor eax,eax } 000000013F711055 add rsp,10h 000000013F711059 pop rdi 000000013F71105A ret
if规定是满足条件则执行if语句块。
而汇编与其相反,是满足条件则跳转,绕过某些代码块,这一点要注意。
if-else
// 流程控制语句反汇编 //Author:乾卦 Date:2014-5-8 #include<stdio.h> int main() { int a=1,b=10; if(a>b) { a=b; } else { b=a; } a=2; b=11; return 0; } //if-else语句的反汇编 #include<stdio.h> int main() { 000000013FF31010 push rdi 000000013FF31012 sub rsp,10h 000000013FF31016 mov rdi,rsp 000000013FF31019 mov ecx,4 000000013FF3101E mov eax,0CCCCCCCCh 000000013FF31023 rep stos dword ptr [rdi] int a=1,b=10; 000000013FF31025 mov dword ptr [rsp],1 000000013FF3102C mov dword ptr [b],0Ah if(a>b) 000000013FF31034 mov eax,dword ptr [b] 000000013FF31038 cmp dword ptr [rsp],eax //这是执行else的跳转语句 也是else的执行条件 000000013FF3103B jle main+36h (013FF31046h) { a=b; 000000013FF3103D mov eax,dword ptr [b] 000000013FF31041 mov dword ptr [rsp],eax } else //这是执行完if语句块跳转到else后的跳转 000000013FF31044 jmp main+3Dh (013FF3104Dh) { b=a; 000000013FF31046 mov eax,dword ptr [rsp] 000000013FF31049 mov dword ptr [b],eax } a=2; 000000013FF3104D mov dword ptr [rsp],2 b=11; 000000013FF31054 mov dword ptr [b],0Bh return 0; 000000013FF3105C xor eax,eax } 000000013FF3105E add rsp,10h 000000013FF31062 pop rdi 000000013FF31063 ret
if的反汇编仍然没变,但是else有个jmp。
if-else语句的逻辑:if成功,else就不执行。
汇编的逻辑:if失败,跳转到else。否则执行if语句块,在else之前跳到if-else语句末尾。
两者有且只有一个执行。下面来自:《c++反汇编与逆向分析技术揭秘》作者: 钱松林
if-else if-else:
// 流程控制语句反汇编 //Author:乾卦 Date:2014-5-8 #include<stdio.h> int main() { int a=1,b=10; if(a>b) { a=b; } else if(a==3) { b=a; } else if(b<2) { b=30; } else { a=a+b; } a=2; b=11; return 0; } //if-else if-else #include<stdio.h> int main() { 000000013FAD31E0 push rdi 000000013FAD31E2 sub rsp,10h 000000013FAD31E6 mov rdi,rsp 000000013FAD31E9 mov ecx,4 000000013FAD31EE mov eax,0CCCCCCCCh 000000013FAD31F3 rep stos dword ptr [rdi] int a=1,b=10; 000000013FAD31F5 mov dword ptr [rsp],1 000000013FAD31FC mov dword ptr [b],0Ah if(a>b) 000000013FAD3204 mov eax,dword ptr [b] 000000013FAD3208 cmp dword ptr [rsp],eax //跳到下一个判断语句 000000013FAD320B jle main+36h (013FAD3216h) { a=b; 000000013FAD320D mov eax,dword ptr [b] 000000013FAD3211 mov dword ptr [rsp],eax 000000013FAD3214 jmp main+64h (013FAD3244h) } else if(a==3) 000000013FAD3216 cmp dword ptr [rsp],3 000000013FAD321A jne main+45h (013FAD3225h) { b=a; 000000013FAD321C mov eax,dword ptr [rsp] 000000013FAD321F mov dword ptr [b],eax 000000013FAD3223 jmp main+64h (013FAD3244h) } else if(b<2) 000000013FAD3225 cmp dword ptr [b],2 000000013FAD322A jge main+56h (013FAD3236h) { b=30; 000000013FAD322C mov dword ptr [b],1Eh } else 000000013FAD3234 jmp main+64h (013FAD3244h) { a=a+b; 000000013FAD3236 mov eax,dword ptr [b] 000000013FAD323A mov ecx,dword ptr [rsp] 000000013FAD323D add ecx,eax 000000013FAD323F mov eax,ecx 000000013FAD3241 mov dword ptr [rsp],eax } a=2; 000000013FAD3244 mov dword ptr [rsp],2 b=11; 000000013FAD324B mov dword ptr [b],0Bh return 0; 000000013FAD3253 xor eax,eax } 000000013FAD3255 add rsp,10h 000000013FAD3259 pop rdi 000000013FAD325A ret
注:红色是一种跳,蓝色是一种跳。
if与else if都是若条件不满足则跳到下一个判断。最后一个else if则是跳到else语句块。else跟以前一样。
