当前位置:网站首页>IDA PRO中汇编结构体识别
IDA PRO中汇编结构体识别
2022-07-31 21:33:00 【不会写代码的丝丽】
概述
我们有如下一段代码:
#include<stdio.h>
struct My_Struct
{
char name[500];
int age;
int height;
};
struct My_Struct obtainStruct() {
struct My_Struct p = {
"sdsdsds",2,3 };
printf("%s\r\n", p.name);
printf("diff %d\r\n", (size_t)&p.age-(size_t)&p.name);
printf("%d\r\n", p.height);
return p;
}
int main()
{
struct My_Struct p =obtainStruct();
printf("%s\r\n", p.name);
printf("%d\r\n", p.age);
printf("%d\r\n", p.height);
return 0;
}
我们首先把一些call调用的函数名称加上
首先我们注意到个细节 栈区有两个变量默认名称分别为var_3fc和ArgList刚好相差508个字节。而这个字节大小正好是我们定义My_Struct结构体的大小。
另外这里都是 IDA提示都是负数并且都是基于EBP进行加减得到,所以这两个数都是本地变量,而不是函数调用传入的。
举个例子:
具体原因也比较简单:
你可以参阅以下图的栈图结构:
从上图可知 栈区临时定义的变量会在EBP之下,传入的参数会在EBP之上。EBP-xxx 可以得到临时变量 ,而EBP+可以得到传入参数等。
我们打开IDA PRO的结构体视图按下insert键插入一个新的自定义结构体
在上面右键可以添加相对应字段
我们最后利用IDA 看看这段代码的本质含义:
边栏推荐
- -xms -xmx(information value)
- BM3 将链表中的节点每k个一组翻转
- Given an ip address, how does the subnet mask calculate the network number (how to get the ip address and subnet mask)
- STM32 full series development firmware installation guide under Arduino framework
- Realize serial port receiving data based on STM32 ring queue
- Douyin fetches video list based on keywords API
- 利用反射实现一个管理对象信息的简单框架
- Efficient Concurrency: A Detailed Explanation of Synchornized's Lock Optimization
- Verilog implements a divide-by-9 with a duty cycle of 5/18
- c语言解析json字符串(json对象转化为字符串)
猜你喜欢
高效并发:Synchornized的锁优化详解
Tkinter 入门之旅
Structure of the actual combat battalion module eight operations
程序员如何学习开源项目,这篇文章告诉你
【PIMF】OpenHarmony 啃论文俱乐部—盘点开源鸿蒙三方库【3】
Three. Introduction to js
Poker Game in C# -- Introduction and Code Implementation of Blackjack Rules
Student management system on the first day: complete login PyQt5 + MySQL5.8 exit the operation logic
Unity 之 音频类型和编码格式介绍
![[NLP] What is the memory of the model!](/img/d8/a367c26b51d9dbaf53bf4fe2a13917.png)
[NLP] What is the memory of the model!
随机推荐
Daily practice——Randomly generate an integer between 1-100 and see how many times you can guess.Requirements: The number of guesses cannot exceed 7 times, and after each guess, it will prompt "bigger"
Thymeleaf是什么?该如何使用。
iNeuOS industrial Internet operating system, equipment operation and maintenance business and "low-code" form development tools
Basic Grammar Introduction of Carbon Tutorial (Tutorial)
Pytorch lstm time series prediction problem stepping on the pit "recommended collection"
如何才能真正的提高自己,成为一名出色的架构师?
matplotlib ax bar color Set the color, transparency, label legend of the ax bar
[Code Hoof Set Novice Village 600 Questions] Merge two numbers without passing a character array
Qualcomm cDSP simple programming example (to query Qualcomm cDSP usage, signature), RK3588 npu usage query
【AcWing】The 62nd Weekly Match 【2022.07.30】
Made with Flutter and Firebase!counter application
Three.js入门
How programmers learn open source projects, this article tells you
useragent online lookup
multithreaded lock
广汽本田安全体验营:“危险”是最好的老师
深度学习中的batch(batch size,full batch,mini batch, online learning)、iterations与epoch
Carbon教程之 基本语法入门大全 (教程)
AI automatic code writing plugin Copilot (co-pilot)
Several methods of mysql backup table