C语言 内嵌汇编
void main() { char ps[20] = "aaaaaaaaaa "; char *p1 =ps; //用汇编语句改写下面2句代码 ps[3]='b'; printf(ps); }
//等价的写法1:
void main() { char ps[20] = "aaaaaaaaaa "; char *p1 =ps; HMODULE hmod =GetModuleHandle("msvcr90.DLL"); if (hmod) { PVOID pfun =GetProcAddress(hmod, "printf"); if (pfun) { __asm { //&p1才是存放指针p1的内存, [p1]表示取去p1的值。 //有点绕吧, 这里 p1是指针的实体, 不是要理解为它的值 mov eax, dword ptr [p1] //[eax] 表示取eax 存放的内容. 现在eax为p1的值 mov byte ptr [eax+3],0x62 push dword ptr[p1] call pfun mov eax ,1 add esp,4 } } FreeLibrary(hmod); } }
//等价的写法2:
void main() { char ps[20] = "aaaaaaaaaa "; char *p1 =ps; HMODULE hmod =GetModuleHandle("msvcr90.DLL"); if (hmod) { PVOID pfun =GetProcAddress(hmod, "printf"); if (pfun) { __asm { //[ps+3]表示取第3个元素,虽然C语言里面数组名就是指针,汇编里面不能直接写为等价 mov byte ptr [ps+3],0x62 push dword ptr[p1] call pfun mov eax ,1 pop ebx //相当于esp+=4 } } FreeLibrary(hmod); } } //写法3: void main() { char ps[20] = "aaaaaaaaaa "; char *p1 =ps; HMODULE hmod =GetModuleHandle("msvcr90.DLL"); if (hmod) { PVOID pfun =GetProcAddress(hmod, "printf"); if (pfun) { __asm { mov ecx,10 mov ebx, 0 //把ps全部替换成bbbbbbbb s: mov byte ptr [ps+ebx],0x62 inc ebx loop s push dword ptr[p1] call pfun mov eax ,1 pop ebx } } FreeLibrary(hmod); } }