1. 首頁
  2. 問答
  3. 可執行文件的註釋反彙編

可執行文件的註釋反彙編

2014-06-15 31 views
4

將C程序編譯爲目標文件時,使用cl /Fa可以讓Microsoft編譯器輕鬆地爲您提供註釋的反彙編(函數和變量名稱,源代碼行號等)。可執行文件的註釋反彙編

我想從最終的鏈接可執行文件(假設該程序編譯時具有適當的調試信息)類似的東西,似乎更棘手; dumpbinobjdump似乎只提供非註釋拆卸。

獲得這個的最好方法是什麼?

來源

2014-06-15 rwallace

回答

3

,如果你有debuginfo軟WinDBG的編譯的程序應該提供一個功能的拆卸與行號

示例代碼編譯調試信息和與/ FA

C:\codesnips\comparesrc\debug>cl /Zi /Fa comparesrc.cpp /link /Debug 

comparesrc.cpp 

/out:comparesrc.exe 
/debug 
/Debug 
comparesrc.obj

的源生成的彙編文件上述彙編

C:\codesnips\comparesrc\debug>type comparesrc.cpp 
#include <stdio.h> // standard include file 
int main (void) 
{ // this line will become prolog 
    printf("hello my dear source compare\n"); // see str in .data section 
    puts("c"); // will put a char* with line break to console 
    puts("om"); 
    puts("pare"); 
    int a,b,c,d; 
    a = 2; b =3 ; c = 4; 
    d = a+b-c; // 2+3 -4 = 1 
    printf("%d\n",d); // should print 1 
    d = (a*b)/c; // 2*3 /4 = 6 /4 numerator = 1 
    printf("%d\n",d); // should printf 1 
    d = (a*b)%c; // 2 * 3 % 4 denominator = 2 
    printf("%d\n",d); // should print 2 
    return 0; // lets generate a cod file and see the assembly 
} // this line will get converted to epilog

裝配文件通過/ FA創建切換

C:\codesnips\comparesrc\debug>type comparesrc.asm 
; Listing generated by Microsoft (R) Optimizing Compiler Version 16.00.30319.01 


     TITLE C:\codesnips\comparesrc\debug\comparesrc.cpp 
     .686P 
     .XMM 
     include listing.inc 
     .model flat 

INCLUDELIB LIBCMT 
INCLUDELIB OLDNAMES 

CONST SEGMENT 
$SG3850 DB  'hello my dear source compare', 0aH, 00H 
     ORG $+2 
$SG3851 DB  'c', 00H 
     ORG $+2 
$SG3852 DB  'om', 00H 
     ORG $+1 
$SG3853 DB  'pare', 00H 
     ORG $+3 
$SG3858 DB  '%d', 0aH, 00H 
$SG3859 DB  '%d', 0aH, 00H 
$SG3860 DB  '%d', 0aH, 00H 
CONST ENDS 
PUBLIC _main 
EXTRN _puts:PROC 
EXTRN _printf:PROC 
; Function compile flags: /Odtp 
_TEXT SEGMENT 
_c$ = -16            ; size = 4 
_d$ = -12            ; size = 4 
_b$ = -8            ; size = 4 
_a$ = -4            ; size = 4 
_main PROC 
; File c:\codesnips\comparesrc\debug\comparesrc.cpp 
; Line 3 
     push ebp 
     mov  ebp, esp 
     sub  esp, 16         ; 00000010H 
; Line 4 
     push OFFSET $SG3850 
     call _printf 
     add  esp, 4 
; Line 5 
     push OFFSET $SG3851 
     call _puts 
     add  esp, 4 
; Line 6 
     push OFFSET $SG3852 
     call _puts 
     add  esp, 4 
; Line 7 
     push OFFSET $SG3853 
     call _puts 
     add  esp, 4 
; Line 9 
     mov  DWORD PTR _a$[ebp], 2 
     mov  DWORD PTR _b$[ebp], 3 
     mov  DWORD PTR _c$[ebp], 4 
; Line 10 
     mov  eax, DWORD PTR _a$[ebp] 
     add  eax, DWORD PTR _b$[ebp] 
     sub  eax, DWORD PTR _c$[ebp] 
     mov  DWORD PTR _d$[ebp], eax 
; Line 11 
     mov  ecx, DWORD PTR _d$[ebp] 
     push ecx 
     push OFFSET $SG3858 
     call _printf 
     add  esp, 8 
; Line 12 
     mov  eax, DWORD PTR _a$[ebp] 
     imul eax, DWORD PTR _b$[ebp] 
     cdq 
     idiv DWORD PTR _c$[ebp] 
     mov  DWORD PTR _d$[ebp], eax 
; Line 13 
     mov  edx, DWORD PTR _d$[ebp] 
     push edx 
     push OFFSET $SG3859 
     call _printf 
     add  esp, 8 
; Line 14 
     mov  eax, DWORD PTR _a$[ebp] 
     imul eax, DWORD PTR _b$[ebp] 
     cdq 
     idiv DWORD PTR _c$[ebp] 
     mov  DWORD PTR _d$[ebp], edx 
; Line 15 
     mov  eax, DWORD PTR _d$[ebp] 
     push eax 
     push OFFSET $SG3860 
     call _printf 
     add  esp, 8 
; Line 16 
     xor  eax, eax 
; Line 17 
     mov  esp, ebp 
     pop  ebp 
     ret  0 
_main ENDP 
_TEXT ENDS 
END

並使用CDB完整主要功能的最後拆裝(windbg中的控制檯版本)

CDB -c 「.lines;克主; UF @eip; Q;」 comparesrc.exe

Microsoft (R) Windows Debugger Version 6.12.0002.633 X86  
CommandLine: comparesrc.exe  
0:000> cdb: Reading initial command '.lines;g main;uf @eip;q;'  
Line number information will be loaded 
comparesrc!main [c:\codesnips\comparesrc\debug\comparesrc.cpp @ 3]: 
    3 00401010 55    push ebp 
    3 00401011 8bec   mov  ebp,esp 
    3 00401013 83ec10   sub  esp,10h 
    4 00401016 685c8c4100  push offset comparesrc!__xt_z+0x120 (00418c5c) 

    4 0040101b e81b020000  call comparesrc!printf (0040123b) 
    4 00401020 83c404   add  esp,4 
    5 00401023 687c8c4100  push offset comparesrc!__xt_z+0x140 (00418c7c) 

    5 00401028 e8bf000000  call comparesrc!puts (004010ec) 
    5 0040102d 83c404   add  esp,4 
    6 00401030 68808c4100  push offset comparesrc!__xt_z+0x144 (00418c80) 

    6 00401035 e8b2000000  call comparesrc!puts (004010ec) 
    6 0040103a 83c404   add  esp,4 
    7 0040103d 68848c4100  push offset comparesrc!__xt_z+0x148 (00418c84) 

    7 00401042 e8a5000000  call comparesrc!puts (004010ec) 
    7 00401047 83c404   add  esp,4 
    9 0040104a c745fc02000000 mov  dword ptr [ebp-4],2 
    9 00401051 c745f803000000 mov  dword ptr [ebp-8],3 
    9 00401058 c745f004000000 mov  dword ptr [ebp-10h],4 
    10 0040105f 8b45fc   mov  eax,dword ptr [ebp-4] 
    10 00401062 0345f8   add  eax,dword ptr [ebp-8] 
    10 00401065 2b45f0   sub  eax,dword ptr [ebp-10h] 
    10 00401068 8945f4   mov  dword ptr [ebp-0Ch],eax 
    11 0040106b 8b4df4   mov  ecx,dword ptr [ebp-0Ch] 
    11 0040106e 51    push ecx 
    11 0040106f 688c8c4100  push offset comparesrc!__xt_z+0x150 (00418c8c) 

    11 00401074 e8c2010000  call comparesrc!printf (0040123b) 
    11 00401079 83c408   add  esp,8 
    12 0040107c 8b45fc   mov  eax,dword ptr [ebp-4] 
    12 0040107f 0faf45f8  imul eax,dword ptr [ebp-8] 
    12 00401083 99    cdq 
    12 00401084 f77df0   idiv eax,dword ptr [ebp-10h] 
    12 00401087 8945f4   mov  dword ptr [ebp-0Ch],eax 
    13 0040108a 8b55f4   mov  edx,dword ptr [ebp-0Ch] 
    13 0040108d 52    push edx 
    13 0040108e 68908c4100  push offset comparesrc!__xt_z+0x154 (00418c90) 

    13 00401093 e8a3010000  call comparesrc!printf (0040123b) 
    13 00401098 83c408   add  esp,8 
    14 0040109b 8b45fc   mov  eax,dword ptr [ebp-4] 
    14 0040109e 0faf45f8  imul eax,dword ptr [ebp-8] 
    14 004010a2 99    cdq 
    14 004010a3 f77df0   idiv eax,dword ptr [ebp-10h] 
    14 004010a6 8955f4   mov  dword ptr [ebp-0Ch],edx 
    15 004010a9 8b45f4   mov  eax,dword ptr [ebp-0Ch] 
    15 004010ac 50    push eax 
    15 004010ad 68948c4100  push offset comparesrc!__xt_z+0x158 (00418c94) 

    15 004010b2 e884010000  call comparesrc!printf (0040123b) 
    15 004010b7 83c408   add  esp,8 
    16 004010ba 33c0   xor  eax,eax 
    17 004010bc 8be5   mov  esp,ebp 
    17 004010be 5d    pop  ebp 
    17 004010bf c3    ret

來源

2014-06-19 20:56:37 blabb

3

您可以使用

Windbg -z <any image>

進行拆卸或圖像的任何檢查(國開行\ KD工程,以及)。 您可以看到源代碼行,符號,類型 - 而無需真正運行程序。

這對於查看DLL非常有用,但是當您想要查看爲另一個體繫結構編譯的代碼或無法在機器上運行的設備驅動程序時,這非常有用。

例如

cdb -z ntoskrnl.exe

會讓你檢查Windows內核的代碼。

這是一個比一個故障轉儲功能更強大,因爲你不只是看到在分頁代碼 - 你可以看到所有在.exe文件的代碼

來源

2014-06-28 01:22:36 AndreVa

相關問題

 相關問題