为了分析的简便,代码采用以下方式风格:
#include "iostream" void main() { int a,b; a=1; b=2; std::cout<<"Hello World"<<std::endl; std::cout<<"HHHHHHHHHHHH"<<std::endl; std::cout<<a+b<<std::endl; system("pause"); }ollydeb分析如下:
地址 HEX数据 反汇编 注释
00401570 > > \55 PUSH EBP 00401571 . 8BEC MOV EBP,ESP 00401573 . 83EC 48 SUB ESP,48 00401576 . 53 PUSH EBX 00401577 . 56 PUSH ESI 00401578 . 57 PUSH EDI 00401579 . 8D7D B8 LEA EDI,DWORD PTR SS:[EBP-48] 0040157C . B9 12000000 MOV ECX,12 00401581 . B8 CCCCCCCC MOV EAX,CCCCCCCC 00401586 . F3:AB REP STOS DWORD PTR ES:[EDI] 00401588 . C745 FC 01000000 MOV DWORD PTR SS:[EBP-4],1 ; 将1赋值到a中 0040158F . C745 F8 02000000 MOV DWORD PTR SS:[EBP-8],2 ; 将2赋值到b中 00401596 . 68 C8104000 PUSH test1.004010C8 0040159B . 68 34004700 PUSH OFFSET test1.??_C@_0M@FEIK@Hello?5Worl>; hello world 004015A0 . 68 A0DE4700 PUSH OFFSET test1.std::cout ; std::cout函数 004015A5 . E8 DBFCFFFF CALL test1.00401285 004015AA . 83C4 08 ADD ESP,8 004015AD . 8BC8 MOV ECX,EAX 004015AF . E8 2CFCFFFF CALL test1.004011E0 004015B4 . 68 C8104000 PUSH test1.004010C8 004015B9 . 68 24004700 PUSH OFFSET test1.??_C@_0N@DPFC@HHHHHHHHHHH>; hhhhhhhhhhhh 004015BE . 68 A0DE4700 PUSH OFFSET test1.std::cout ; std::cout函数 004015C3 . E8 BDFCFFFF CALL test1.00401285 004015C8 . 83C4 08 ADD ESP,8 004015CB . 8BC8 MOV ECX,EAX 004015CD . E8 0EFCFFFF CALL test1.004011E0 004015D2 . 68 C8104000 PUSH test1.004010C8 004015D7 . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] ; 存放变量a到EAX中 004015DA . 0345 F8 ADD EAX,DWORD PTR SS:[EBP-8] ; 执行加操作 将b变量的值加到EAX中 004015DD . 50 PUSH EAX 004015DE B9 DB B9 004015DF . A0DE4700 DD OFFSET test1.std::cout ; std::out 输出相加后的数值 004015E3 . E8 17FBFFFF CALL test1.004010FF 004015E8 . 8BC8 MOV ECX,EAX 004015EA . E8 F1FBFFFF CALL test1.004011E0 004015EF . 68 1C004700 PUSH OFFSET test1.??_C@_05PBCN@pause?$AA@ ; /pause 004015F4 . E8 97F30100 CALL test1.system ; \system 004015F9 . 83C4 04 ADD ESP,4
