x86汇编堆栈第二个案例x86汇编堆栈第二个案例1案例介绍咱们上节课先把常见的x86下的堆栈过了一遍包括基本指令对吧除了上一个案例咱们还可以做什么使用现在学到的内容既然咱们知道了“后进先出LIFO的原则”咱们是不是可以把一个字符串倒叙输出呢哈哈哈好既然知道原理以后咱们开始进行今天的第二个案例编写哦。观察ESP栈顶和EBP栈底0040101F . 52 PUSH EDX00401020 . 6A 00 PUSH 0 ; /pModule NULL00401022 . E8 4BE00A00 CALL JMP.KERNEL32.GetModuleHandleA ; \GetModuleHandleA画堆栈图案例并进行分析00F017F2 6A 02 PUSH 2 传参00F017F4 6A 01 PUSH 100F017F6 E8 C6FAFFFF CALL Project1.00F012C1 add(00F01770) 调用 add 函数实际执行地址 00F0177000F017FB 83C4 08 ADD ESP,8 调用后清理栈2个参数各占4字节共8字节00F01770 55 PUSH EBP 提升堆栈/0C000F01771 8BEC MOV EBP,ESP00F01773 81EC C0000000 SUB ESP,0C000F01779 53 PUSH EBX 00F0177A 56 PUSH ESI00F0177B 57 PUSH EDI00F0177C 8BFD MOV EDI,EBP00F0177E 33C9 XOR ECX,ECX00F01780 B8 CCCCCCCC MOV EAX,CCCCCCCC00F01785 F3:AB REP STOS DWORD PTR ES:[EDI]00F01787 B9 08C0F000 MOV ECX,Project1.00F0C00800F0178C E8 8FFBFFFF CALL Project1.00F0132000F01791 90 NOP00F01792 8B45 08 MOV EAX,DWORD PTR SS:[EBP8] 获取push参数100F01795 0345 0C ADD EAX,DWORD PTR SS:[EBPC] eax 获取push参数200F01798 5F POP EDI 恢复现场00F01799 5E POP ESI00F0179A 5B POP EBX00F0179B 81C4 C0000000 ADD ESP,0C000F017A1 3BEC CMP EBP,ESP00F017A3 E8 97FAFFFF CALL Project1.00F0123F00F017A8 8BE5 MOV ESP,EBP00F017AA 5D POP EBP 恢复栈底00F017AB C3 RETN 函数执行完毕返回2案例;sdk ;https://masm32.com/download.htm ;Project mouse rigth propertis ;Microsoft Macro Assembler - General - Include Paths ;C:\masm32\include ;Linker - General - Additional Library Directories ;C:\masm32\lib ;Project mouse right - Build Dependencies - Build Customizations ;Project mouse file.asm - propertis - item type - Microsoft Macro Assembler ;vs2022 is error ;masm build ;cmd ;C:\masm32\bin\ml.exe /c /nologo /Zi /FoDebug\asm2masm32InputOut.obj /I C:\masm32\include /W3 /coff /Cp /TaD:\asm2masm32InputOut.asm ;cd Project4 ;C:\masm32\bin\link.exe /SUBSYSTEM:CONSOLE /LIBPATH:C:\masm32\lib Debug\asm2masm32InputOut.obj user32.lib kernel32.lib /OUT:asm2masm32InputOut.exe ;or ;*.asm mouse rigth find propertis - Item type select Cutom Build Tool - In General Command Line input ;C:\masm32\bin\ml.exe /c /nologo /Zi /Fo$(OutDir)\$(FileName).obj /I C:\masm32\include /W3 /Ta$(ProjectDir)asm2masm32InputOut.asm ;or finally done change error code ;alrt_eventname WCHAR (EVLEN 1) dup(?) ;alrt_servicename WCHAR (SNLEN 1) dup(?) .586 ;Instruction set .MODEL flat,stdcall ; Call convention option casemap:none ; Case-sensitive naming matches Windows API ; Link core Windows libraries include windows.inc include user32.inc include kernel32.inc include msvcrt.inc includelib user32.lib includelib kernel32.lib includelib msvcrt.lib .data szStr byte Hello World,0 ; Source string szStrSize ($ - szStr) - 1 ; Calculate valid string length ; Output strings 0ah newline, 0 null terminator szBefore db Before: Hello World, 0ah ,0 ; String before modification szAfter db After : %s, 0ah , 0 ; String after modification format specifier .code _mainCRTStartup PROC _mainCRTStartup ENDP END _mainCRTStartup END _mainCRTStartup其他案例请查看aes解码,密钥123456789密文U2FsdGVkX1/Bd4k8ZAij4D8oMKFwS3bBvmalzk3NT7UEJTw7/qemqhDLwG4nl9H9/nO3Xk0Ebmv0W50P9akHkb0F2ubxR31a6lldXh/T1P5UbUFht0mf2SUJwAKMq1bg