一个简单程序的汇编及其反汇编

 1 .386
 2 .model flat,stdcall
 3 option casemap:none
 4 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 5 ;包含的文件
 6 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 7 include windows.inc
 8 include user32.inc
 9 include kernel32.inc
10 
11 includelib user32.lib
12 includelib kernel32.lib
13 
14 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
15 ;数据段
16 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
17 .data
18 wHour             dw     ?                   ;word 型变量类型，未初始化
19 wMinute         dw  10                  ;已初始化变量
20 _hWnd           dd  ?                   ;dword变量，未初始化
21 word_Buffer     dw  100 dup (1,2)       ;定义了一组字
22 szBuffer         byte 1024 dup (?)       ;1024字节的缓冲区
23 szText             db     'Hello World',0       ;字符串
24 szCaption       db  'Caption',0
25 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
26 .code
27 start:
28 invoke MessageBox,NULL,addr szText,addr szCaption,MB_OK
29 invoke ExitProcess,NULL
30 end start

这里是为了学习变量的定义而做的一次测试

我们来看看反汇编代码

1 00401000 >/$  6A 00         push    0                                ; /Style = MB_OK|MB_APPLMODAL
2 00401002  |.  68 A4354000   push    004035A4                         ; |Title = "Caption"
3 00401007  |.  68 98354000   push    00403598                         ; |Text = "Hello World"
4 0040100C  |.  6A 00         push    0                                ; |hOwner = NULL
5 0040100E      E8 07000000   call    <jmp.&user32.MessageBoxA>
6 00401013  |.  6A 00         push    0                                ; /ExitCode = 0
7 00401015  \.  E8 06000000   call    <jmp.&kernel32.ExitProcess>      ; \ExitProcess
8 0040101A   $- FF25 08204000 jmp     dword ptr [<&user32.MessageBoxA>>;  user32.MessageBoxA
9 00401020   .- FF25 00204000 jmp     dword ptr [<&kernel32.ExitProces>;  kernel32.ExitProcess

首先我们用PEiD查看，发现数据段RVA：3000，大小为5AC

然后在OD的数据区Ctrl+G，然后输入00403000查看数据

 1 00403000  00 00 0A 00 00 00 00 00 01 00 02 00 01 00 02 00   ............
 2 00403010  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
 3 00403020  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
 4 00403030  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
 5 00403040  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
 6 00403050  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
 7 00403060  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
 8 00403070  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
 9 00403080  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
10 00403090  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
11 004030A0  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
12 004030B0  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
13 004030C0  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
14 004030D0  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
15 004030E0  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
16 004030F0  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
17 00403100  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
18 00403110  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
19 00403120  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
20 00403130  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
21 00403140  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
22 00403150  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
23 00403160  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
24 00403170  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
25 00403180  01 00 02 00 01 00 02 00 01 00 02 00 01 00 02 00   ........
26 00403190  01 00 02 00 01 00 02 00 00 00 00 00 00 00 00 00   ............
27 004031A0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
28 004031B0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
29 004031C0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
30 004031D0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
31 004031E0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
32 004031F0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
33 00403200  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
34 00403210  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
35 00403220  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
36 00403230  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
37 00403240  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
38 00403250  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
39 00403260  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
40 00403270  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
41 00403280  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
42 00403290  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
43 004032A0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
44 004032B0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
45 004032C0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
46 004032D0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
47 004032E0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
48 004032F0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
49 00403300  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
50 00403310  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
51 00403320  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
52 00403330  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
53 00403340  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
54 00403350  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
55 00403360  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
56 00403370  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
57 00403380  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
58 00403390  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
59 004033A0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
60 004033B0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
61 004033C0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
62 004033D0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
63 004033E0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
64 004033F0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
65 00403400  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
66 00403410  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
67 00403420  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
68 00403430  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
69 00403440  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
70 00403450  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
71 00403460  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
72 00403470  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
73 00403480  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
74 00403490  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
75 004034A0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
76 004034B0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
77 004034C0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
78 004034D0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
79 004034E0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
80 004034F0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
81 00403500  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
82 00403510  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
83 00403520  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
84 00403530  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
85 00403540  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
86 00403550  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
87 00403560  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
88 00403570  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
89 00403580  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
90 00403590  00 00 00 00 00 00 00 00 48 65 6C 6C 6F 20 57 6F   ........Hello Wo
91 004035A0  72 6C 64 00 43 61 70 74 69 6F 6E 00               rld.Caption.

第二个变量

。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。

这些慢慢看就OK了。

我们来看0040100E处的CALL，其实只是一个跳转，跳到下面的0040101A处，而0040101A又跳转到真正的部分。

程序把需要的dll加载进入程序空间，0040101A就跳转到这个真正的执行部分。

相关阅读:
关于排序算法的记录
 java获取src下文件
 学习HashMap的笔记
 红黑树删除
 学习红黑树过程中的个人总结
 关于二叉树的记录
 关于自动装箱和自动拆箱
 学习函数的时候问题
 Oracle 实现拆分列数据的split()方法
 福大软工 · 最终作业
原文地址：https://www.cnblogs.com/tk091/p/2681628.html