(defun C:TTT() (SETQ A 8)(PRINC "TTT")) (defun C:AAA() (PRINC "AA")) (defun C:ccc() (PRINC "c"))
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
00000000 0D 0A 20 46 41 53 34 2D 46 49 4C 45 20 3B 20 44 FAS4-FILE ; D
00000010 6F 20 6E 6F 74 20 63 68 61 6E 67 65 20 69 74 21 o not change it!
00000020 0D 0A 34 37 0D 0A 36 20 24 14 00 00 00 00 32 08 47 6 $ 2
00000030 06 05 00 09 04 00 35 01 03 00 03 16 14 00 00 00 5
00000040 00 09 02 00 35 01 03 00 03 16 14 00 00 00 00 09 5
00000050 01 00 35 01 03 00 03 16 24 0D 0A 32 34 36 20 39 5 $ 246 9
00000060 20 24 14 01 01 01 00 32 00 32 51 2A 39 01 00 5B $ 2 2Q*9 [
00000070 43 3A 43 43 43 00 43 3A 41 41 41 00 00 56 76 6C C:CCC C:AAA Vvl
00000080 2D 41 43 41 44 2D 64 65 66 75 6E 00 00 5B 43 3A -ACAD-defun [C:
00000090 54 54 54 00 00 01 01 43 00 00 06 00 0A 32 21 32 TTT C 2!2
000000A0 2F 2A 32 13 32 21 2A 32 00 32 13 2A 39 03 00 55 /*2 2!*2 2 *9 U
000000B0 02 00 01 00 63 02 00 41 41 5B 50 52 49 4E 43 00 c AA[PRINC
000000C0 00 55 01 00 03 00 54 54 54 5B 41 00 00 5C 00 00 U TTT[A
000000D0 43 00 00 06 00 0A 5C 00 00 32 21 5B 43 3A 43 43 C 2![C:CC
000000E0 43 00 00 3A 5C 00 00 32 13 5B 43 3A 41 41 41 00 C : 2 [C:AAA
000000F0 00 3A 5C 00 00 32 00 5B 43 3A 54 54 54 00 00 3A : 2 [C:TTT :
00000100 01 43 06 00 03 00 1C 14 01 00 00 00 09 05 00 0A C
00000110 57 00 00 00 00 09 08 00 06 04 00 09 04 00 35 01 W 5
00000120 03 00 01 0A 09 04 00 0A 57 00 00 00 00 09 07 00 W
00000130 06 02 00 09 02 00 35 01 03 00 01 0A 09 02 00 0A 5
00000140 57 00 00 00 00 09 06 00 06 01 00 09 01 00 35 01 W 5
00000150 03 00 01 0A 09 01 00 16 15 00 0A 58 3D EF 83 0A X=飪
00000160 3B 66 61 73 34 20 63 72 75 6E 63 68 0A 3B 24 3B ;fas4 crunch ;$;
00000170 41 31 32 2F 36 2F 31 38 A12/6/18
可以看出这三个自定义函数的代码如下:
14 00 00 00 00 32 08 06 05 00 09 04 00 35 01 03 00 03 16
14 00 00 00 00 09 02 00 35 01 03 00 03 16
14 00 00 00 00 09 01 00 35 01 03 00 03 16
在cad下加载,然后用感叹号获取函数的编号
命令: !c:ttt #<SUBR @165644ec C:TTT>
命令: !c:aaa #<SUBR @165644d8 C:AAA>
命令: !c:ccc #<SUBR @165644c4 C:CCC>
用od查看从165644c4开始的内存,很明显是个链表:
165644C4 04 62 C1 0F 00 00 00 00 20 35 55 16 F8 D7 EA 10 b?.... 5U�?
165644D4 21 00 00 00 04 62 C1 0F 00 00 00 00 68 12 83 15 !...b?....h?
165644E4 F8 D7 EA 10 13 00 00 00 04 62 C1 0F 00 00 00 00 �?...b?....
165644F4 80 12 83 15 F8 D7 EA 10 00 00 00 00 €?�?....b?
可以看出每个函数占用20个字节,对齐了看
c:ccc函数是: 165644C4: 04 62 C1 0F 00 00 00 00 20 35 55 16 F8 D7 EA 10 21 00 00 00
c:aaa函数: 165644D8: 04 62 C1 0F 00 00 00 00 68 12 83 15 F8 D7 EA 10 13 00 00 00
c:ttt函数: 165644EC: 04 62 C1 0F 00 00 00 00 80 12 83 15 F8 D7 EA 10 00 00 00 00
第一个字04 62 C1 0F是相同的,能找到好多个,远多于我们的函数个数3,应该是链表指针,和单个fas无关。 第二个字 00 00 00 00都是0,不研究 第三个字20 35 55 16 各不相同,推测可能存放的是函数名,实验中也找到了C:CCC,证明推测是对的。 第四个字F8 D7 EA 10只有三个是相同的,本程序定义了三个函数,这个字应该是和fas相关的,重点研究它。 第五个字21 00 00 00数字很小,推测应该是函数代码的偏移值,试验也证明了这一点,调用函数时会访问到这个地址。
用od看一下第四个字指向的内存地址,发现还是个链表:
10EAD7F8: F0 43 C1 0F 00 00 00 00 00 A4 62 16 47 00 00 00 06 00 00 00 第一个字F0 43 C1 0F应该是链表指针,不管它。 第二个字是0,也不管 第三个字是00 A4 62 16有点意思,重点研究 第四个字是47 00 00 00,很小,应该表示的是某个偏移、大小 第五个字是06 00 00 00,6?暂时不管 用od看第三个字指向的内存地址:
1662A400 C8 C9 5A 16 98 DF 55 16 A8 DF 55 16 58 79 7F 15 壬Z樳UㄟUXy 1662A410 B8 DF 55 16 98 12 83 15 14 00 00 00 00 32 08 06 高U??....2 1662A420 05 00 09 04 00 35 01 03 00 03 16 14 00 00 00 00 ...5..... 1662A430 09 02 00 35 01 03 00 03 16 14 00 00 00 00 09 01 ..5...... 1662A440 00 35 01 03 00 03 16 00 00 00 00 00 00 00 00 00 .5.......... 1662A450 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1662A460 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1662A470 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1662A480 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1662A490 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1662A4A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1662A4B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1662A4C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1662A4D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1662A4E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1662A4F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1662A500 68 C9 5A 16 20 35 55 16 68 12 83 15 E8 4F E4 10 h蒢 5Uh?鐿? 1662A510 80 12 83 15 00 00 00 00 C4 44 56 16 D8 44 56 16 €?....腄V谼V 1662A520 EC 44 56 16 14 01 01 01 00 32 00 32 51 2A 39 01 霥V.2.2Q*9 1662A530 00 5B 43 3A 43 43 43 00 43 3A 41 41 41 00 00 56 .[C:CCC.C:AAA..V 1662A540 76 6C 2D 41 43 41 44 2D 64 65 66 75 6E 00 00 5B vl-ACAD-defun..[ 1662A550 43 3A 54 54 54 00 00 01 01 43 00 00 06 00 0A 32 C:TTT..C....2 1662A560 21 32 2F 2A 32 13 32 21 2A 32 00 32 13 2A 39 03 !2/*22!*2.2*9 1662A570 00 55 02 00 01 00 63 02 00 41 41 5B 50 52 49 4E .U..c.AA[PRIN 1662A580 43 00 00 55 01 00 03 00 54 54 54 5B 41 00 00 5C C..U..TTT[A.. 1662A590 00 00 43 00 00 06 00 0A 5C 00 00 32 21 5B 43 3A ..C......2![C: 1662A5A0 43 43 43 00 00 3A 5C 00 00 32 13 5B 43 3A 41 41 CCC..:..2[C:AA 1662A5B0 41 00 00 3A 5C 00 00 32 00 5B 43 3A 54 54 54 00 A..:..2.[C:TTT. 1662A5C0 00 3A 01 43 06 00 03 00 1C 14 01 00 00 00 09 05 .:C...... 1662A5D0 00 0A 57 00 00 00 00 09 08 00 06 04 00 09 04 00 ..W......... 1662A5E0 35 01 03 00 01 0A 09 04 00 0A 57 00 00 00 00 09 5.....W..... 1662A5F0 07 00 06 02 00 09 02 00 35 01 03 00 01 0A 09 02 ....5... 1662A600 00 0A 57 00 00 00 00 09 06 00 06 01 00 09 01 00 ..W......... 1662A610 35 01 03 00 01 0A 09 01 00 16 5....
在这里看到我们熟悉的东西,但代码前面多了很多莫名其妙的数据