知识点: if else 逆向还原代码 一、了解if else结构 sub esp,8 00401029 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 0040102C |. 3B45 F8 CMP EAX,DWORD PTR SS:[EBP-8] 0040102F |. 7E 10 JLE SHORT ifelse01.00401041 //表示 else部分的开始 00401031 |. 68 FC204000 PUSH ifelse01.004020FC ; /format = "a>b" 00401036 |. FF15 A0204000 CALL DWORD PTR DS:[<&MSVCR90.printf>] ; printf 0040103C |. 83C4 04 ADD ESP,4 0040103F |. EB 0E JMP SHORT ifelse01.0040104F //结合前边的 jle 401041 判断是否有else部分 00401041 |> 68 00214000 PUSH ifelse01.00402100 ; /format = "b>=a" 00401046 |. FF15 A0204000 CALL DWORD PTR DS:[<&MSVCR90.printf>] ; printf 0040104C |. 83C4 04 ADD ESP,4 二、逆向还原代码 int a,b,c; //00401006 |. 68 F4204000 PUSH ifelse01.004020F4 ; /format = "begin" //0040100B |. FF15 A0204000 CALL DWORD PTR DS:[<&MSVCR90.printf>] ; printf //00401011 |. 83C4 04 ADD ESP,4 printf("begin"); //00401014 |. C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1 //0040101B |. C745 F8 02000>MOV DWORD PTR SS:[EBP-8],2 //00401022 |. C745 F4 03000>MOV DWORD PTR SS:[EBP-C],3 a=1,b=2,c=3; //00401029 |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] //0040102C |. 3B45 F8 CMP EAX,DWORD PTR SS:[EBP-8] //0040102F |. 7E 10 JLE SHORT ifelse01.00401041 if (a>b) { //00401031 |. 68 FC204000 PUSH ifelse01.004020FC ; /format = "a>b" //00401036 |. FF15 A0204000 CALL DWORD PTR DS:[<&MSVCR90.printf>] ; printf //0040103C |. 83C4 04 ADD ESP,4 //0040103F |. EB 0E JMP SHORT ifelse01.0040104F printf("a>b"); }else { //00401041 |> 68 00214000 PUSH ifelse01.00402100 ; /format = "b>=a" //00401046 |. FF15 A0204000 CALL DWORD PTR DS:[<&MSVCR90.printf>] ; printf //0040104C |. 83C4 04 ADD ESP,4 printf("b>=a"); } //0040104F |> 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; c //00401052 |. 3B4D F8 CMP ECX,DWORD PTR SS:[EBP-8] ; b //00401055 |. 7E 46 JLE SHORT ifelse01.0040109D ; if (c>b) if (c>b) { //00401057 |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C] c //0040105A |. 3B55 FC CMP EDX,DWORD PTR SS:[EBP-4] a //0040105D |. 7E 20 JLE SHORT ifelse01.0040107F if (c>a) { //0040105F |. 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] //00401062 |. 50 PUSH EAX ; /<%d> //00401063 |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; | //00401066 |. 51 PUSH ECX ; |<%d> //00401067 |. 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-8] ; | //0040106A |. 52 PUSH EDX ; |<%d> //0040106B |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C] ; | //0040106E |. 50 PUSH EAX ; |<%d> //0040106F |. 68 08214000 PUSH ifelse01.00402108 ; |format = "%d>%d,%d>%d" //00401074 |. FF15 A0204000 CALL DWORD PTR DS:[<&MSVCR90.printf>] ; printf //0040107A |. 83C4 14 ADD ESP,14 printf("%d>%d,%d>%d",c,b,c,a); //0040107D |. EB 1E JMP SHORT ifelse01.0040109D }else { //0040107F |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] //00401082 |. 51 PUSH ECX ; /<%d> //00401083 |. 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C] ; | //00401086 |. 52 PUSH EDX ; |<%d> //00401087 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] ; | //0040108A |. 50 PUSH EAX ; |<%d> //0040108B |. 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-C] ; | //0040108E |. 51 PUSH ECX ; |<%d> //0040108F |. 68 14214000 PUSH ifelse01.00402114 ; |format = "%d>%d,%d<=%d" //00401094 |. FF15 A0204000 CALL DWORD PTR DS:[<&MSVCR90.printf>] ; printf //0040109A |. 83C4 14 ADD ESP,14 printf("%d>%d,%d<=%d",c,b,c,a); } } //0040109D |> 33C0 XOR EAX,EAX