char str[6] = {'a','b','c','d','e','f'};
char str[] = "ABCDEF";
char *str = "ABCDEF";
1、char str[6] = {'a','b','c','d','e','f'};,需要手动在结尾添'�,反汇编如下
可以发现进行地址处理的时候都是通过ebp来间接赋值的,不需要去依赖任何的东西,只需要有EBP寄存器作为参照物!在shellcode中利用也起到一部分的作用!
6: char str[6] = {'a','b','c','d','e','f'};
00401038 mov byte ptr [ebp-8],61h
0040103C mov byte ptr [ebp-7],62h
00401040 mov byte ptr [ebp-6],63h
00401044 mov byte ptr [ebp-5],64h
00401048 mov byte ptr [ebp-4],65h
0040104C mov byte ptr [ebp-3],66h
7: return 0;
00401050 xor eax,eax
8: }
2、char str[] = "ABCDEF";,编译器会自动帮忙结尾添'�',反汇编如下
可以明显发现与上面的写法的区别,ABCDEF是存储在内存地址中的!取值的时候是把本身的地址作为参照物!
6: char str[] = "ABCDEF";
00401038 mov eax,[string "ABCDEF" (00422fa4)]
0040103D mov dword ptr [ebp-8],eax
00401040 mov cx,word ptr [string "ABCDEF"+4 (00422fa8)]
00401047 mov word ptr [ebp-4],cx
0040104B mov dl,byte ptr [string "ABCDEF"+6 (00422faa)]
00401051 mov byte ptr [ebp-2],dl
7: return 0;
00401050 xor eax,eax
}
3、char *str = "ABCDEF";,反汇编如下
跟上面的差不多,都需要自身地址作为支撑,不同的地方是这个是一步到位,会直接格式化字符串然后存储到一个地址中!
5: int main(){
00401020 push ebp
00401021 mov ebp,esp
00401023 sub esp,44h
00401026 push ebx
00401027 push esi
00401028 push edi
00401029 lea edi,[ebp-44h]
0040102C mov ecx,11h
00401031 mov eax,0CCCCCCCCh
00401036 rep stos dword ptr [edi]
6: char *str = "ABCDEF"; //我在这里!
00401038 mov dword ptr [ebp-4],offset string "ABCDEF" (00422fa4)
7: return 0;
0040103F xor eax,eax
8: }