过程

一 新建两个空项目并分别添加cpp与asm文件

1.新建一个c语言空项目

2.运行库设置为MTD:右键项目属性,点击代码生成,将运行库选择位多线程调试(/MTD)

3.禁用Spectre缓解库

4.添加cpp文件,重命名为disassembly_cpp.cpp

disassembly_cpp.cpp

1
2
3
4
5
6
7
8
9
10
//disassembly_cpp.cpp
#include <stdio.h>

int main()
{
    for(size_t i=0; i < 100; i++)
    {
        printf("d%")
    }
}

5.使用vs进行反汇编并复制所需代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
for (size_t i = 0; i < 100; i++)
009C1865 C7 45 F8 00 00 00 00 mov         dword ptr [ebp-8],0  
009C186C EB 09                jmp         009C1877  
009C186E 8B 45 F8             mov         eax,dword ptr [ebp-8]  
009C1871 83 C0 01             add         eax,1  
009C1874 89 45 F8             mov         dword ptr [ebp-8],eax  
009C1877 83 7D F8 64          cmp         dword ptr [ebp-8],64h  
009C187B 73 13                jae         009C1890  
	{
		printf("%d ", i);
009C187D 8B 45 F8             mov         eax,dword ptr [ebp-8]  
009C1880 50                   push        eax  
009C1881 68 30 7B 9C 00       push        9C7B30h  
009C1886 E8 42 F8 FF FF       call        009C10CD  
009C188B 83 C4 08             add         esp,8  
	}
009C188E EB DE                jmp         009C186E

6.修改反汇编的代码

7.新建一个汇编语言空项目,并勾选masm和设置函数入口点为main

8.添加asm文件,重命名为disassembly_cpp.cpp,将改好的反汇编代码粘贴

disassembly_vs.asm

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
;disassembly_vs.asm
.model flat,stdcall
  
includelib ucrt.lib
includelib legacy_stdio_definitions.lib

extern printf:proc
.data
szFormatD db '%d ',0
.code
main proc
      mov   dword ptr [ebp-8],0  
      jmp   jmp1
jmp3:
      mov   eax,dword ptr [ebp-8]  
      add   eax,1  
      mov   dword ptr [ebp-8],eax  
      
jmp1:
      cmp   dword ptr [ebp-8],64h  
      jae   jmp2

      mov   eax,dword ptr [ebp-8]  
      push  eax  
      push  offset szFormatD
      call  printf
      add   esp,8  

      jmp   jmp3
jmp2:
      ret
main endp
end

二.使用IDA反汇编

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
.text:00411865                 mov     [ebp+i], 0
.text:0041186C                 jmp     short loc_411877
.text:0041186E ; ---------------------------------------------------------------------------
.text:0041186E
.text:0041186E loc_41186E:                             ; CODE XREF: _main+4E↓j
.text:0041186E                 mov     eax, [ebp+i]
.text:00411871                 add     eax, 1
.text:00411874                 mov     [ebp+i], eax
.text:00411877
.text:00411877 loc_411877:                             ; CODE XREF: _main+2C↑j
.text:00411877                 cmp     [ebp+i], 64h ; 'd'
.text:0041187B                 jnb     short loc_411890
.text:0041187D                 mov     eax, [ebp+i]
.text:00411880                 push    eax
.text:00411881                 push    offset _Format  ; "%d "
.text:00411886                 call    j__printf
.text:0041188B                 add     esp, 8
.text:0041188E                 jmp     short loc_41186E
.text:00411890 ; ---------------------------------------------------------------------------
.text:00411890
.text:00411890 loc_411890:                             ; CODE XREF: _main+3B↑j

修改反汇编的代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

;disassembly_ida.asm
.model flat,stdcall
  
includelib ucrt.lib
includelib legacy_stdio_definitions.lib

extern printf:proc

.data
Format db '%d ',0
i dd 0
.code
main proc
        
                mov     i, 0
                jmp     short loc_411877
                
loc_41186E:                           
                mov     eax, i
                add     eax, 1
                mov     i, eax

loc_411877:                            
                cmp     i, 64h 
                jnb     short loc_411890
                mov     eax, i
                push    eax
                push    offset Format  
                call    printf
                add     esp, 8
                jmp     short loc_41186E

loc_411890:                            
                ret
       
main endp
end

扩展:试一下x64反汇编

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
for (size_t i = 0; i < 100; i++)
00007FF698BB187B 48 C7 45 08 00 00 00 00 mov         qword ptr [rbp+8],0  
00007FF698BB1883 EB 0B                jmp         main+30h (07FF698BB1890h)  
00007FF698BB1885 48 8B 45 08          mov         rax,qword ptr [rbp+8]  
00007FF698BB1889 48 FF C0             inc         rax  
00007FF698BB188C 48 89 45 08          mov         qword ptr [rbp+8],rax  
00007FF698BB1890 48 83 7D 08 64       cmp         qword ptr [rbp+8],64h  
00007FF698BB1895 73 12                jae         main+49h (07FF698BB18A9h)  
	{
		printf("%d ", i);
00007FF698BB1897 48 8B 55 08          mov         rdx,qword ptr [rbp+8]  
00007FF698BB189B 48 8D 0D 82 83 00 00 lea         rcx,[string "%d " (07FF698BB9C24h)]  
00007FF698BB18A2 E8 E4 F8 FF FF       call        printf (07FF698BB118Bh)  
	}
00007FF698BB18A7 EB DC                jmp         main+25h (07FF698BB1885h)  
	return 0;

disassembly_vs_x64

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
; disassembly_vs_x64.asm
includelib ucrt.lib
includelib legacy_stdio_definitions.lib

extern printf:proc

.data
Format db '%d ',0
i dd 0
.code
main proc
        sub     rsp,28h
        mov     qword ptr i,0  
        jmp     jmp1
jmp3:
        mov     rax,qword ptr i  
        inc     rax  
        mov     qword ptr i,rax  
jmp1:
        cmp     qword ptr i,64h  
        jae     jmp2 


        mov     rdx,qword ptr i  
        lea     rcx,Format
        call    printf 
	
        jmp     jmp3
jmp2:  
        add     rsp,28h
        ret
       
main endp
end