一、等号返回值
一直不敢用while(c=getc())i++;此类的东西,因为不敢确定等号返回值,说要自己试一下建立一下信任自己,等号返回的是等号右边的值:
#include <iostream>
using namespace std;
int main()
{
int i;
cout <<(i=getchar());
return 0;
}
二、Reverseengineerafunction
近日在一个讲调试技术的博客中看到了一个关于逆向工程的文章,个人觉得这个作为初学者入门相当有价值,于是就贴出来供大家学习和交流之用,并在后面附带了相应的答案:
Examine the following code, registers, and stack values to determine the following:
1. When the function “DoTheWork” returns, what is the return value from that function?
2. Bonus: what is the mathematical operation that “DoTheWork” performs?
Hints:
1. The bracket notation [] in the assembly means to treat the value in brackets as a memory address, and access the value at that address.
2. 32-bit integer return values are stored in eax
// Code
0:000> uf eip
demo2!DoTheWork:
0040101c 55 push ebp
0040101d 8bec mov ebp,esp
0040101f 8b4d08 mov ecx,dword ptr [ebp+8]
00401022 8bc1 mov eax,ecx
00401024 49 dec ecx
00401025 0fafc1 imul eax,ecx
00401028 83f902 cmp ecx,2
0040102b 7ff7 jg demo2!DoTheWork+0x8 (00401024)
0040102d 5d pop ebp
0040102e c3 ret
// Current register state
0:000> r
eax=00000007 ebx=7ffd9000 ecx=ffffffff edx=00000007 esi=00001771 edi=00000000
eip=0040101c esp=0012fe9c ebp=0012feac iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
demo2!DoTheWork:
0040101c 55 push ebp
// Current stack values for this thread
0:000> dps esp
0012fe9c 00406717 demo2!main+0x27
0012fea0 00000007
0012fea4 82059a87
0012fea8 00000007
0012feac 0012ff88
0012feb0 004012b2 demo2!mainCRTStartup+0x170
0012feb4 00000002
0012feb8 00980e48
0012febc 00980e80
0012fec0 00000094
0012fec4 00000006
0012fec8 00000000
0012fecc 00001771
0012fed0 00000002
0012fed4 76726553
0012fed8 20656369
0012fedc 6b636150
0012fee0 00003120
0012fee4 00000000
0012fee8 00000000
0012feec 00000000
0012fef0 00000000
0012fef4 00000000
0012fef8 00000000
0012fefc 00000000
0012ff00 00000000
0012ff04 00000000
0012ff08 00000000
0012ff0c 00000000
0012ff10 00000000
0012ff14 00000000
0012ff18 00000000
