标签:
C语言 内嵌汇编
void main()
{
char ps[20] = "aaaaaaaaaa\n";
char *p1 =ps;
//用汇编语句改写下面2句代码
ps[3]=‘b‘;
printf(ps);
}
//等价的写法1:
void main()
{
char ps[20] = "aaaaaaaaaa\n";
char *p1 =ps;
HMODULE hmod =GetModuleHandle("msvcr90.DLL");
if (hmod)
{
PVOID pfun =GetProcAddress(hmod, "printf");
if (pfun)
{
__asm
{
//&p1才是存放指针p1的内存, [p1]表示取去p1的值。
//有点绕吧, 这里 p1是指针的实体, 不是要理解为它的值
mov eax, dword ptr [p1]
//[eax] 表示取eax 存放的内容. 现在eax为p1的值
mov byte ptr [eax+3],0x62
push dword ptr[p1]
call pfun
mov eax ,1
add esp,4
}
}
FreeLibrary(hmod);
}
}
//等价的写法2:
void main()
{
char ps[20] = "aaaaaaaaaa\n";
char *p1 =ps;
HMODULE hmod =GetModuleHandle("msvcr90.DLL");
if (hmod)
{
PVOID pfun =GetProcAddress(hmod, "printf");
if (pfun)
{
__asm
{
//[ps+3]表示取第3个元素,虽然C语言里面数组名就是指针,汇编里面不能直接写为等价
mov byte ptr [ps+3],0x62
push dword ptr[p1]
call pfun
mov eax ,1
pop ebx //相当于esp+=4
}
}
FreeLibrary(hmod);
}
}
//写法3:
void main()
{
char ps[20] = "aaaaaaaaaa\n";
char *p1 =ps;
HMODULE hmod =GetModuleHandle("msvcr90.DLL");
if (hmod)
{
PVOID pfun =GetProcAddress(hmod, "printf");
if (pfun)
{
__asm
{
mov ecx,10
mov ebx, 0
//把ps全部替换成bbbbbbbb
s: mov byte ptr [ps+ebx],0x62
inc ebx
loop s
push dword ptr[p1]
call pfun
mov eax ,1
pop ebx
}
}
FreeLibrary(hmod);
}
}
标签:
原文地址:http://www.cnblogs.com/mayingkun/p/4633655.html
