main()的研究方法

类别:编程语言 点击:0 评论:0 推荐:


现假设您能看懂汇编码.如果大家看不懂,我会抽空加上注释的(发表的文章是可以改的吗!).
在TC中写上下面的程序,
void main(void)
{
asm nop;
asm nop;
asm nop;
}
在C盘上保存文件名为a.c
然后用命令行编译连接:
C:\TCC -B a.c
注意用此命令时要求在C盘上有TASM.EXE.把MASM改名为TASM也可以.
然后用反汇编软件(推荐用W32DASM)反汇编a.exe
可得到下面的代码:
//********************** Start of Code in Segment: 1 **************


//******************** Program Entry Point ********
:0001.0000 BA5600                 mov dx, 0056
:0001.0003 2E8916F801             mov cs:[01F8], dx
:0001.0008 B430                   mov ah, 30
:0001.000A CD21                   int 21
:0001.000C 8B2E0200               mov bp, [0002]
:0001.0010 8B1E2C00               mov bx, [002C]
:0001.0014 8EDA                   mov ds, dx
:0001.0016 A39200                 mov word ptr [0092], ax
:0001.0019 8C069000               mov [0090], es
:0001.001D 891E8C00               mov [008C], bx
:0001.0021 892EAC00               mov [00AC], bp
:0001.0025 C7069600FFFF           mov word ptr [0096], FFFF
:0001.002B E83401                 call 0162
:0001.002E C43E8A00               les di, [008A]
:0001.0032 8BC7                   mov ax, di
:0001.0034 8BD8                   mov bx, ax
:0001.0036 B9FF7F                 mov cx, 7FFF

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.0061(C)
|
:0001.0039 26813D3837             cmp word ptr es:[di], 3738
:0001.003E 7519                   jne 0059
:0001.0040 268B5502               mov dx, es:[di+02]
:0001.0044 80FA3D                 cmp dl, 3D
:0001.0047 7510                   jne 0059
:0001.0049 80E6DF                 and dh, DF
:0001.004C FF069600               inc word ptr [0096]
:0001.0050 80FE59                 cmp dh, 59
:0001.0053 7504                   jne 0059
:0001.0055 FF069600               inc word ptr [0096]

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0001.003E(C), :0001.0047(C), :0001.0053(C)
|
:0001.0059 F2                     repnz
:0001.005A AE                     scasb
:0001.005B E361                   jcxz 00BE
:0001.005D 43                     inc bx
:0001.005E 263805                 cmp es:[di], al
:0001.0061 75D6                   jne 0039
:0001.0063 80CD80                 or ch, 80
:0001.0066 F7D9                   neg cx
:0001.0068 890E8A00               mov [008A], cx
:0001.006C B90100                 mov cx, 0001
:0001.006F D3E3                   shl bx, cl
:0001.0071 83C308                 add bx, 0008
:0001.0074 83E3F8                 and bx, FFF8
:0001.0077 891E8E00               mov [008E], bx
:0001.007B 8CDA                   mov dx, ds
:0001.007D 2BEA                   sub bp, dx
:0001.007F 8B3E9C01               mov di, [019C]
:0001.0083 81FF0002               cmp di, 0200
:0001.0087 7307                   jnb 0090
:0001.0089 BF0002                 mov di, 0200
:0001.008C 893E9C01               mov [019C], di

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.0087(C)
|
:0001.0090 81C7EC01               add di, 01EC
:0001.0094 7228                   jb 00BE
:0001.0096 033E9A01               add di, [019A]
:0001.009A 7222                   jb 00BE
:0001.009C B104                   mov cl, 04
:0001.009E D3EF                   shr di, cl
:0001.00A0 47                     inc di
:0001.00A1 3BEF                   cmp bp, di
:0001.00A3 7219                   jb 00BE
:0001.00A5 833E9C0100             cmp word ptr [019C], 0000
:0001.00AA 7407                   je 00B3
:0001.00AC 833E9A0100             cmp word ptr [019A], 0000
:0001.00B1 750E                   jne 00C1

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.00AA(C)
|
:0001.00B3 BF0010                 mov di, 1000
:0001.00B6 3BEF                   cmp bp, di
:0001.00B8 7707                   ja 00C1
:0001.00BA 8BFD                   mov di, bp
:0001.00BC EB03                   jmp 00C1

 

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0001.0094(C), :0001.009A(C), :0001.00A3(C)
|
:0001.00BE E92101                 jmp 01E2

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0001.00B1(C), :0001.00B8(C), :0001.00BC(U)
|
:0001.00C1 8BDF                   mov bx, di
:0001.00C3 03DA                   add bx, dx
:0001.00C5 891EA400               mov [00A4], bx
:0001.00C9 891EA800               mov [00A8], bx
:0001.00CD A19000                 mov ax, word ptr [0090]
:0001.00D0 2BD8                   sub bx, ax
:0001.00D2 8EC0                   mov es, ax
:0001.00D4 B44A                   mov ah, 4A
:0001.00D6 57                     push di
:0001.00D7 CD21                   int 21
:0001.00D9 5F                     pop di
:0001.00DA D3E7                   shl di, cl
:0001.00DC FA                     cli
:0001.00DD 8ED2                   mov ss, dx
:0001.00DF 8BE7                   mov sp, di
:0001.00E1 FB                     sti
:0001.00E2 33C0                   xor ax, ax
:0001.00E4 2E8E06F801             mov es, cs:[01F8]
:0001.00E9 BFA601                 mov di, 01A6
:0001.00EC B9EC01                 mov cx, 01EC
:0001.00EF 2BCF                   sub cx, di
:0001.00F1 F3                     repz
:0001.00F2 AA                     stosb
:0001.00F3 0E                     push cs
:0001.00F4 FF16A001               call word ptr [01A0]
:0001.00F8 E83901                 call 0234
:0001.00FB E82102                 call 031F
:0001.00FE B400                   mov ah, 00
:0001.0100 CD1A                   int 1A
:0001.0102 89169800               mov [0098], dx
:0001.0106 890E9A00               mov [009A], cx
:0001.010A FF16A401               call word ptr [01A4]
:0001.010E FF368800               push word ptr [0088]
:0001.0112 FF368600               push word ptr [0086]
:0001.0116 FF368400               push word ptr [0084]
:0001.011A E8DD00                 call 01FA
:0001.011D 50                     push ax
:0001.011E E8DE00                 call 01FF

* Referenced by a CALL at Addresses:
|:0001.01F5, :0001.0228
|
:0001.0121 2E8E1EF801             mov ds, cs:[01F8]
:0001.0126 E87C00                 call 01A5
:0001.0129 0E                     push cs
:0001.012A FF16A201               call word ptr [01A2]
:0001.012E 33C0                   xor ax, ax
:0001.0130 8BF0                   mov si, ax
:0001.0132 B92F00                 mov cx, 002F
:0001.0135 90                     nop
:0001.0136 FC                     cld
:0001.0137 0204                   add al , [si]
:0001.0139 80D400                 adc ah, 00
:0001.013C 46                     inc si
:0001.013D E2F8                   loop 0137
:0001.013F 2D370D                 sub ax, 0D37
:0001.0142 90                     nop
:0001.0143 740A                   je 014F
:0001.0145 B91900                 mov cx, 0019
:0001.0148 90                     nop
:0001.0149 BA2F00                 mov dx, 002F
:0001.014C E88B00                 call 01DA

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.0143(C)
|
:0001.014F 8BEC                   mov bp, sp
:0001.0151 B44C                   mov ah, 4C
:0001.0153 8A4602                 mov al , [bp+02]
:0001.0156 CD21                   int 21
:0001.0158 B90E00                 mov cx, 000E
:0001.015B 90                     nop
:0001.015C BA4800                 mov dx, 0048
:0001.015F E98700                 jmp 01E9

 

* Referenced by a CALL at Address:
|:0001.002B
|
:0001.0162 1E                     push ds
:0001.0163 B80035                 mov ax, 3500
:0001.0166 CD21                   int 21
:0001.0168 891E7400               mov [0074], bx
:0001.016C 8C067600               mov [0076], es
:0001.0170 B80435                 mov ax, 3504
:0001.0173 CD21                   int 21
:0001.0175 891E7800               mov [0078], bx
:0001.0179 8C067A00               mov [007A], es
:0001.017D B80535                 mov ax, 3505
:0001.0180 CD21                   int 21
:0001.0182 891E7C00               mov [007C], bx
:0001.0186 8C067E00               mov [007E], es
:0001.018A B80635                 mov ax, 3506
:0001.018D CD21                   int 21
:0001.018F 891E8000               mov [0080], bx
:0001.0193 8C068200               mov [0082], es
:0001.0197 B80025                 mov ax, 2500
:0001.019A 8CCA                   mov dx, cs
:0001.019C 8EDA                   mov ds, dx
:0001.019E BA5801                 mov dx, 0158
:0001.01A1 CD21                   int 21
:0001.01A3 1F                     pop ds
:0001.01A4 C3                     ret

 

* Referenced by a CALL at Address:
|:0001.0126
|
:0001.01A5 1E                     push ds
:0001.01A6 B80025                 mov ax, 2500
:0001.01A9 C5167400               lds dx, [0074]
:0001.01AD CD21                   int 21
:0001.01AF 1F                     pop ds
:0001.01B0 1E                     push ds
:0001.01B1 B80425                 mov ax, 2504
:0001.01B4 C5167800               lds dx, [0078]
:0001.01B8 CD21                   int 21
:0001.01BA 1F                     pop ds
:0001.01BB 1E                     push ds
:0001.01BC B80525                 mov ax, 2505
:0001.01BF C5167C00               lds dx, [007C]
:0001.01C3 CD21                   int 21
:0001.01C5 1F                     pop ds
:0001.01C6 1E                     push ds
:0001.01C7 B80625                 mov ax, 2506
:0001.01CA C5168000               lds dx, [0080]
:0001.01CE CD21                   int 21
:0001.01D0 1F                     pop ds
:0001.01D1 C3                     ret


:0001.01D2 C70696000000           mov word ptr [0096], 0000
:0001.01D8 CB                     retf


:0001.01D9 C3                     ret

 

* Referenced by a CALL at Addresses:
|:0001.014C, :0001.01EE
|
:0001.01DA B440                   mov ah, 40
:0001.01DC BB0200                 mov bx, 0002
:0001.01DF CD21                   int 21
:0001.01E1 C3                     ret

 

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0001.00BE(U), :0001.02E5(U), :0001.0352(U)
|
:0001.01E2 B91E00                 mov cx, 001E
:0001.01E5 90                     nop
:0001.01E6 BA5600                 mov dx, 0056

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.015F(U)
|
:0001.01E9 2E8E1EF801             mov ds, cs:[01F8]
:0001.01EE E8E9FF                 call 01DA
:0001.01F1 B80300                 mov ax, 0003
:0001.01F4 50                     push ax
:0001.01F5 E829FF                 call 0121
:0001.01F8 0000                   add [bx+si], al

* Referenced by a CALL at Address:
|:0001.011A
|
:0001.01FA 90                     nop
:0001.01FB 90                     nop
:0001.01FC 90                     nop
:0001.01FD C3                     ret


:0001.01FE C3                     ret

 

* Referenced by a CALL at Address:
|:0001.011E
|
:0001.01FF 55                     push bp
:0001.0200 8BEC                   mov bp, sp
:0001.0202 EB0A                   jmp 020E

 

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.0217(C)
|
:0001.0204 8B1E9E01               mov bx, [019E]
:0001.0208 D1E3                   shl bx, 01
:0001.020A FF97A601               call word ptr [bx+01A6]

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.0202(U)
|
:0001.020E A19E01                 mov ax, word ptr [019E]
:0001.0211 FF0E9E01               dec word ptr [019E]
:0001.0215 0BC0                   or ax, ax
:0001.0217 75EB                   jne 0204
:0001.0219 FF169401               call word ptr [0194]
:0001.021D FF169601               call word ptr [0196]
:0001.0221 FF169801               call word ptr [0198]
:0001.0225 FF7604                 push word ptr [bp+04]
:0001.0228 E8F6FE                 call 0121
:0001.022B 59                     pop cx
:0001.022C 5D                     pop bp
:0001.022D C3                     ret


:0001.022E 000000000000           BYTE  6 DUP(0)

 

* Referenced by a CALL at Address:
|:0001.00F8
|
:0001.0234 2E8F062E02             pop word ptr cs:[022E]
:0001.0239 2E8C1E3002             mov cs:[0230], ds
:0001.023E FC                     cld
:0001.023F 8E069000               mov es, [0090]
:0001.0243 BE8000                 mov si, 0080
:0001.0246 32E4                   xor ah, ah
:0001.0248 26AC                   lodsb
:0001.024A 40                     inc ax
:0001.024B 8CC5                   mov bp, es
:0001.024D 87D6                   xchg si, dx
:0001.024F 93                     xchg ax,bx
:0001.0250 8B368A00               mov si, [008A]
:0001.0254 83C602                 add si, 0002
:0001.0257 B90100                 mov cx, 0001
:0001.025A 803E920003             cmp byte ptr [0092], 03
:0001.025F 7211                   jb 0272
:0001.0261 8E068C00               mov es, [008C]
:0001.0265 8BFE                   mov di, si
:0001.0267 B17F                   mov cl, 7F
:0001.0269 32C0                   xor al , al
:0001.026B F2                     repnz
:0001.026C AE                     scasb
:0001.026D E376                   jcxz 02E5
:0001.026F 80F17F                 xor cl, 7F

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.025F(C)
|
:0001.0272 83EC02                 sub sp, 0002
:0001.0275 B80100                 mov ax, 0001
:0001.0278 03C3                   add ax, bx
:0001.027A 03C1                   add ax, cx
:0001.027C 25FEFF                 and ax, FFFE
:0001.027F 8BFC                   mov di, sp
:0001.0281 2BF8                   sub di, ax
:0001.0283 7260                   jb 02E5
:0001.0285 8BE7                   mov sp, di
:0001.0287 8CC0                   mov ax, es
:0001.0289 8ED8                   mov ds, ax
:0001.028B 8CD0                   mov ax, ss
:0001.028D 8EC0                   mov es, ax
:0001.028F 51                     push cx
:0001.0290 49                     dec cx
:0001.0291 F3                     repz
:0001.0292 A4                     movsb
:0001.0293 32C0                   xor al , al
:0001.0295 AA                     stosb
:0001.0296 8EDD                   mov ds, bp
:0001.0298 87F2                   xchg dx, si
:0001.029A 87D9                   xchg cx, bx
:0001.029C 8BC3                   mov ax, bx
:0001.029E 8BD0                   mov dx, ax
:0001.02A0 43                     inc bx

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0001.02B7(C), :0001.02BB(U)
|
:0001.02A1 E81900                 call 02BD
:0001.02A4 7707                   ja 02AD

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.02AB(C)
|
:0001.02A6 7240                   jb 02E8
:0001.02A8 E81200                 call 02BD
:0001.02AB 77F9                   ja 02A6

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.02A4(C)
|
:0001.02AD 3C20                   cmp al, 20
:0001.02AF 7408                   je 02B9
:0001.02B1 3C0D                   cmp al, 0D
:0001.02B3 7404                   je 02B9
:0001.02B5 3C09                   cmp al, 09
:0001.02B7 75E8                   jne 02A1

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0001.02AF(C), :0001.02B3(C)
|
:0001.02B9 32C0                   xor al , al
:0001.02BB EBE4                   jmp 02A1

 

* Referenced by a CALL at Addresses:
|:0001.02A1, :0001.02A8
|
:0001.02BD 0BC0                   or ax, ax
:0001.02BF 7407                   je 02C8
:0001.02C1 42                     inc dx
:0001.02C2 AA                     stosb
:0001.02C3 0AC0                   or al , al
:0001.02C5 7501                   jne 02C8
:0001.02C7 43                     inc bx

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0001.02BF(C), :0001.02C5(C)
|
:0001.02C8 86E0                   xchg al , ah
:0001.02CA 32C0                   xor al , al
:0001.02CC F9                     stc
:0001.02CD E315                   jcxz 02E4
:0001.02CF AC                     lodsb
:0001.02D0 49                     dec cx
:0001.02D1 2C22                   sub al, 22
:0001.02D3 740F                   je 02E4
:0001.02D5 0422                   add al, 22
:0001.02D7 3C5C                   cmp al, 5C
:0001.02D9 7507                   jne 02E2
:0001.02DB 803C22                 cmp byte ptr [si], 22
:0001.02DE 7502                   jne 02E2
:0001.02E0 AC                     lodsb
:0001.02E1 49                     dec cx

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0001.02D9(C), :0001.02DE(C)
|
:0001.02E2 0BF6                   or si, si

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.02D3(C)
|
:0001.02E4 C3                     ret

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0001.0283(C), :0001.02FD(C)
|
:0001.02E5 E9FAFE                 jmp 01E2

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.02A6(C)
|
:0001.02E8 59                     pop cx
:0001.02E9 03CA                   add cx, dx
:0001.02EB 2E8E1E3002             mov ds, cs:[0230]
:0001.02F0 891E8400               mov [0084], bx
:0001.02F4 43                     inc bx
:0001.02F5 03DB                   add bx, bx
:0001.02F7 8BF4                   mov si, sp
:0001.02F9 8BEC                   mov bp, sp
:0001.02FB 2BEB                   sub bp, bx
:0001.02FD 72E6                   jb 02E5
:0001.02FF 8BE5                   mov sp, bp
:0001.0301 892E8600               mov [0086], bp

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.0313(C)
|
:0001.0305 E30E                   jcxz 0315
:0001.0307 897600                 mov [bp], si
:0001.030A 83C502                 add bp, 0002
:0001.030D 36AC                   lodsb
:0001.030F 0AC0                   or al , al
:0001.0311 E0FA                   loopnz 030D
:0001.0313 74F0                   je 0305
:0001.0315 33C0                   xor ax, ax
:0001.0317 894600                 mov [bp], ax
:0001.031A 2EFF262E02             jmp word ptr cs:[022E]

* Referenced by a CALL at Address:
|:0001.00FB
|
:0001.031F 8B0E8A00               mov cx, [008A]
:0001.0323 51                     push cx
:0001.0324 E84701                 call 046E
:0001.0327 59                     pop cx
:0001.0328 8BF8                   mov di, ax
:0001.032A 0BC0                   or ax, ax
:0001.032C 7424                   je 0352
:0001.032E 1E                     push ds
:0001.032F 1E                     push ds
:0001.0330 07                     pop es
:0001.0331 8E1E8C00               mov ds, [008C]
:0001.0335 33F6                   xor si, si
:0001.0337 FC                     cld
:0001.0338 F3                     repz
:0001.0339 A4                     movsb
:0001.033A 1F                     pop ds
:0001.033B 8BF8                   mov di, ax
:0001.033D 06                     push es
:0001.033E FF368E00               push word ptr [008E]
:0001.0342 E82901                 call 046E
:0001.0345 83C402                 add sp, 0002
:0001.0348 8BD8                   mov bx, ax
:0001.034A 07                     pop es
:0001.034B A38800                 mov word ptr [0088], ax
:0001.034E 0BC0                   or ax, ax
:0001.0350 7503                   jne 0355

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.032C(C)
|
:0001.0352 E98DFE                 jmp 01E2

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.0350(C)
|
:0001.0355 33C0                   xor ax, ax
:0001.0357 B9FFFF                 mov cx, FFFF

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.0364(C)
|
:0001.035A 893F                   mov [bx], di
:0001.035C 83C302                 add bx, 0002
:0001.035F F2                     repnz
:0001.0360 AE                     scasb
:0001.0361 263805                 cmp es:[di], al
:0001.0364 75F4                   jne 035A
:0001.0366 8907                   mov [bx], ax
:0001.0368 C3                     ret


:0001.0369 55                     push bp
:0001.036A 8BEC                   mov bp, sp
:0001.036C 833E9E0120             cmp word ptr [019E], 0020
:0001.0371 7505                   jne 0378
:0001.0373 B80100                 mov ax, 0001
:0001.0376 EB15                   jmp 038D

 

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.0371(C)
|
:0001.0378 8B4604                 mov ax, [bp+04]
:0001.037B 8B1E9E01               mov bx, [019E]
:0001.037F D1E3                   shl bx, 01
:0001.0381 8987A601               mov [bx+01A6], ax
:0001.0385 FF069E01               inc word ptr [019E]
:0001.0389 33C0                   xor ax, ax
:0001.038B EB00                   jmp 038D

 

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0001.0376(U), :0001.038B(U)
|
:0001.038D 5D                     pop bp
:0001.038E C3                     ret

 

* Referenced by a CALL at Address:
|:0001.04BB
|
:0001.038F 55                     push bp
:0001.0390 8BEC                   mov bp, sp
:0001.0392 56                     push si
:0001.0393 57                     push di
:0001.0394 8B7E04                 mov di, [bp+04]
:0001.0397 8B4506                 mov ax, [di+06]
:0001.039A A3E801                 mov word ptr [01E8], ax
:0001.039D 3BC7                   cmp ax, di
:0001.039F 7508                   jne 03A9
:0001.03A1 C706E8010000           mov word ptr [01E8], 0000
:0001.03A7 EB10                   jmp 03B9

 

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.039F(C)
|
:0001.03A9 8B7504                 mov si, [di+04]
:0001.03AC 8B1EE801               mov bx, [01E8]
:0001.03B0 897704                 mov [bx+04], si
:0001.03B3 A1E801                 mov ax, word ptr [01E8]
:0001.03B6 894406                 mov [si+06], ax

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.03A7(U)
|
:0001.03B9 5F                     pop di
:0001.03BA 5E                     pop si
:0001.03BB 5D                     pop bp
:0001.03BC C3                     ret

 

* Referenced by a CALL at Address:
|:0001.04AD
|
:0001.03BD 55                     push bp
:0001.03BE 8BEC                   mov bp, sp
:0001.03C0 56                     push si
:0001.03C1 57                     push di
:0001.03C2 8B7E04                 mov di, [bp+04]
:0001.03C5 8B4606                 mov ax, [bp+06]
:0001.03C8 2905                   sub [di], ax
:0001.03CA 8B35                   mov si, [di]
:0001.03CC 03F7                   add si, di
:0001.03CE 8B4606                 mov ax, [bp+06]
:0001.03D1 40                     inc ax
:0001.03D2 8904                   mov [si], ax
:0001.03D4 897C02                 mov [si+02], di
:0001.03D7 A1E601                 mov ax, word ptr [01E6]
:0001.03DA 3BC7                   cmp ax, di
:0001.03DC 7506                   jne 03E4
:0001.03DE 8936E601               mov [01E6], si
:0001.03E2 EB08                   jmp 03EC

 

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.03DC(C)
|
:0001.03E4 8BFE                   mov di, si
:0001.03E6 037E06                 add di, [bp+06]
:0001.03E9 897502                 mov [di+02], si

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.03E2(U)
|
:0001.03EC 8BC6                   mov ax, si
:0001.03EE 050400                 add ax, 0004
:0001.03F1 EB00                   jmp 03F3

 

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.03F1(U)
|
:0001.03F3 5F                     pop di
:0001.03F4 5E                     pop si
:0001.03F5 5D                     pop bp
:0001.03F6 C3                     ret

 

* Referenced by a CALL at Address:
|:0001.04D2
|
:0001.03F7 55                     push bp
:0001.03F8 8BEC                   mov bp, sp
:0001.03FA 56                     push si
:0001.03FB 8B4604                 mov ax, [bp+04]
:0001.03FE 33D2                   xor dx, dx
:0001.0400 25FFFF                 and ax, FFFF
:0001.0403 81E20000               and dx, 0000
:0001.0407 52                     push dx
:0001.0408 50                     push ax
:0001.0409 E8F400                 call 0500
:0001.040C 59                     pop cx
:0001.040D 59                     pop cx
:0001.040E 8BF0                   mov si, ax
:0001.0410 83FEFF                 cmp si, FFFF
:0001.0413 7504                   jne 0419
:0001.0415 33C0                   xor ax, ax
:0001.0417 EB18                   jmp 0431

 

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.0413(C)
|
:0001.0419 A1E601                 mov ax, word ptr [01E6]
:0001.041C 894402                 mov [si+02], ax
:0001.041F 8B4604                 mov ax, [bp+04]
:0001.0422 40                     inc ax
:0001.0423 8904                   mov [si], ax
:0001.0425 8936E601               mov [01E6], si
:0001.0429 A1E601                 mov ax, word ptr [01E6]
:0001.042C 050400                 add ax, 0004
:0001.042F EB00                   jmp 0431

 

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0001.0417(U), :0001.042F(U)
|
:0001.0431 5E                     pop si
:0001.0432 5D                     pop bp
:0001.0433 C3                     ret

 

* Referenced by a CALL at Address:
|:0001.0490
|
:0001.0434 55                     push bp
:0001.0435 8BEC                   mov bp, sp
:0001.0437 56                     push si
:0001.0438 8B4604                 mov ax, [bp+04]
:0001.043B 33D2                   xor dx, dx
:0001.043D 25FFFF                 and ax, FFFF
:0001.0440 81E20000               and dx, 0000
:0001.0444 52                     push dx
:0001.0445 50                     push ax
:0001.0446 E8B700                 call 0500
:0001.0449 59                     pop cx
:0001.044A 59                     pop cx
:0001.044B 8BF0                   mov si, ax
:0001.044D 83FEFF                 cmp si, FFFF
:0001.0450 7504                   jne 0456
:0001.0452 33C0                   xor ax, ax
:0001.0454 EB15                   jmp 046B

 

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.0450(C)
|
:0001.0456 8936EA01               mov [01EA], si
:0001.045A 8936E601               mov [01E6], si
:0001.045E 8B4604                 mov ax, [bp+04]
:0001.0461 40                     inc ax
:0001.0462 8904                   mov [si], ax
:0001.0464 8BC6                   mov ax, si
:0001.0466 050400                 add ax, 0004
:0001.0469 EB00                   jmp 046B

 

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0001.0454(U), :0001.0469(U)
|
:0001.046B 5E                     pop si
:0001.046C 5D                     pop bp
:0001.046D C3                     ret

 

* Referenced by a CALL at Addresses:
|:0001.0324, :0001.0342
|
:0001.046E 55                     push bp
:0001.046F 8BEC                   mov bp, sp
:0001.0471 56                     push si
:0001.0472 57                     push di
:0001.0473 8B7E04                 mov di, [bp+04]
:0001.0476 0BFF                   or di, di
:0001.0478 7504                   jne 047E
:0001.047A 33C0                   xor ax, ax
:0001.047C EB5A                   jmp 04D8

 

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.0478(C)
|
:0001.047E 8BC7                   mov ax, di
:0001.0480 050B00                 add ax, 000B
:0001.0483 25F8FF                 and ax, FFF8
:0001.0486 8BF8                   mov di, ax
:0001.0488 833EEA0100             cmp word ptr [01EA], 0000
:0001.048D 7507                   jne 0496
:0001.048F 57                     push di
:0001.0490 E8A1FF                 call 0434
:0001.0493 59                     pop cx
:0001.0494 EB42                   jmp 04D8

 

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.048D(C)
|
:0001.0496 8B36E801               mov si, [01E8]
:0001.049A 8BC6                   mov ax, si
:0001.049C 0BC0                   or ax, ax
:0001.049E 7431                   je 04D1

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.04CF(C)
|
:0001.04A0 8B04                   mov ax, [si]
:0001.04A2 8BD7                   mov dx, di
:0001.04A4 83C228                 add dx, 0028
:0001.04A7 3BC2                   cmp ax, dx
:0001.04A9 7209                   jb 04B4
:0001.04AB 57                     push di
:0001.04AC 56                     push si
:0001.04AD E80DFF                 call 03BD
:0001.04B0 59                     pop cx
:0001.04B1 59                     pop cx
:0001.04B2 EB24                   jmp 04D8

 

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.04A9(C)
|
:0001.04B4 8B04                   mov ax, [si]
:0001.04B6 3BC7                   cmp ax, di
:0001.04B8 720E                   jb 04C8
:0001.04BA 56                     push si
:0001.04BB E8D1FE                 call 038F
:0001.04BE 59                     pop cx
:0001.04BF FF04                   inc word ptr [si]
:0001.04C1 8BC6                   mov ax, si
:0001.04C3 050400                 add ax, 0004
:0001.04C6 EB10                   jmp 04D8

 

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.04B8(C)
|
:0001.04C8 8B7406                 mov si, [si+06]
:0001.04CB 3B36E801               cmp si, [01E8]
:0001.04CF 75CF                   jne 04A0

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.049E(C)
|
:0001.04D1 57                     push di
:0001.04D2 E822FF                 call 03F7
:0001.04D5 59                     pop cx
:0001.04D6 EB00                   jmp 04D8

 

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0001.047C(U), :0001.0494(U), :0001.04B2(U), :0001.04C6(U), :0001.04D6(U),
|
:0001.04D8 5F                     pop di
:0001.04D9 5E                     pop si
:0001.04DA 5D                     pop bp
:0001.04DB C3                     ret

 

* Referenced by a CALL at Address:
|:0001.053A
|
:0001.04DC 55                     push bp
:0001.04DD 8BEC                   mov bp, sp
:0001.04DF 8B4604                 mov ax, [bp+04]
:0001.04E2 8BD4                   mov dx, sp
:0001.04E4 81EA0001               sub dx, 0100
:0001.04E8 3BC2                   cmp ax, dx
:0001.04EA 7307                   jnb 04F3
:0001.04EC A39E00                 mov word ptr [009E], ax
:0001.04EF 33C0                   xor ax, ax
:0001.04F1 EB0B                   jmp 04FE

 

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.04EA(C)
|
:0001.04F3 C70694000800           mov word ptr [0094], 0008
:0001.04F9 B8FFFF                 mov ax, FFFF
:0001.04FC EB00                   jmp 04FE

 

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0001.04F1(U), :0001.04FC(U)
|
:0001.04FE 5D                     pop bp
:0001.04FF C3                     ret

 

* Referenced by a CALL at Addresses:
|:0001.0409, :0001.0446, :0001.054B
|
:0001.0500 55                     push bp
:0001.0501 8BEC                   mov bp, sp
:0001.0503 8B4604                 mov ax, [bp+04]
:0001.0506 8B5606                 mov dx, [bp+06]
:0001.0509 03069E00               add ax, [009E]
:0001.050D 83D200                 adc dx, 0000
:0001.0510 8BC8                   mov cx, ax
:0001.0512 81C10001               add cx, 0100
:0001.0516 83D200                 adc dx, 0000
:0001.0519 0BD2                   or dx, dx
:0001.051B 750A                   jne 0527
:0001.051D 3BCC                   cmp cx, sp
:0001.051F 7306                   jnb 0527
:0001.0521 87069E00               xchg [009E], ax
:0001.0525 EB0B                   jmp 0532

 

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0001.051B(C), :0001.051F(C)
|
:0001.0527 C70694000800           mov word ptr [0094], 0008
:0001.052D B8FFFF                 mov ax, FFFF
:0001.0530 EB00                   jmp 0532

 

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0001.0525(U), :0001.0530(U)
|
:0001.0532 5D                     pop bp
:0001.0533 C3                     ret


:0001.0534 55                     push bp
:0001.0535 8BEC                   mov bp, sp
:0001.0537 FF7604                 push word ptr [bp+04]
:0001.053A E89FFF                 call 04DC
:0001.053D 59                     pop cx
:0001.053E EB00                   jmp 0540

 

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.053E(U)
|
:0001.0540 5D                     pop bp
:0001.0541 C3                     ret


:0001.0542 55                     push bp
:0001.0543 8BEC                   mov bp, sp
:0001.0545 8B4604                 mov ax, [bp+04]
:0001.0548 99                     cwd
:0001.0549 52                     push dx
:0001.054A 50                     push ax
:0001.054B E8B2FF                 call 0500
:0001.054E 8BE5                   mov sp, bp
:0001.0550 EB00                   jmp 0552

 

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.0550(U)
|
:0001.0552 5D                     pop bp
:0001.0553 C3                     ret


:0001.0554 00000000000000000000   BYTE 10 DUP(0)
:0001.055E 000000000000           BYTE  6 DUP(0)


:0001.0564 54                     push sp
:0001.0565 7572                   jne 05D9
:0001.0567 626F2D                 bound bp, [bx+2D]
:0001.056A 43                     inc bx
:0001.056B 202D                   and [di], ch
:0001.056D 20436F                 and [bp+di+6F], al
:0001.0570 7079                   jo 05EB
:0001.0572 7269                   jb 05DD
:0001.0574 67687420               push 2074
:0001.0578 286329                 sub [bp+di+29], ah
:0001.057B 2031                   and [bx+di], dh
:0001.057D 3938                   cmp [bx+si], di
:0001.057F 3820                   cmp [bx+si], ah
:0001.0581 42                     inc dx
:0001.0582 6F                     outsw
:0001.0583 726C                   jb 05F1
:0001.0585 61                     popa
:0001.0586 6E                     outsb
:0001.0587 6420496E               and fs:[bx+di+6E], cl
:0001.058B 746C                   je 05F9
:0001.058D 2E004E75               add cs:[bp+75], cl
:0001.0591 6C                     insb
:0001.0592 6C                     insb
:0001.0593 20706F                 and [bx+si+6F], dh
:0001.0596 696E746572             imul bp, [bp+74], 7265
:0001.059B 206173                 and [bx+di+73], ah
:0001.059E 7369                   jnb 0609
:0001.05A0 676E                   outsb
:0001.05A2 6D                     insw
:0001.05A3 65                     BYTE 065h


:0001.05A4 6E                     outsb
:0001.05A5 740D                   je 05B4
:0001.05A7 0A4469                 or al , [si+69]
:0001.05AA 7669                   jbe 0615
:0001.05AC 64                     BYTE 064h


:0001.05AD 65206572               and gs:[di+72], ah
:0001.05B1 726F                   jb 0622
:0001.05B3 720D                   jb 05C2
:0001.05B5 0A4162                 or al , [bx+di+62]
:0001.05B8 6E                     outsb
:0001.05B9 6F                     outsw
:0001.05BA 726D                   jb 0629
:0001.05BC 61                     popa
:0001.05BD 6C                     insb
:0001.05BE 207072                 and [bx+si+72], dh
:0001.05C1 6F                     outsw

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001.05B3(C)
|
:0001.05C2 677261                 jb 0626
:0001.05C5 6D                     insw
:0001.05C6 207465                 and [si+65], dh
:0001.05C9 726D                   jb 0638
:0001.05CB 696E617469             imul bp, [bp+61], 6974
:0001.05D0 6F                     outsw
:0001.05D1 6E                     outsb
:0001.05D2 0D0A00                 or ax, 000A
:0001.05D5 00000000000000000000   BYTE 10 DUP(0)
:0001.05DF 00000000000000000000   BYTE 10 DUP(0)
:0001.05E9 00000000000000000000   BYTE 10 DUP(0)
:0001.05F3 000000000000000000     BYTE  9 DUP(0)


:0001.05FC EC                     in al, dx
:0001.05FD 01EC                   add sp, bp
:0001.05FF 01EC                   add sp, bp
:0001.0601 0100                   add [bx+si], ax
:0001.0603 00000000000000000000   BYTE 10 DUP(0)
:0001.060D 00000000000000000000   BYTE 10 DUP(0)
:0001.0617 00000000000000000000   BYTE 10 DUP(0)
:0001.0621 00000000000000000000   BYTE 10 DUP(0)
:0001.062B 00000000000000000000   BYTE 10 DUP(0)
:0001.0635 00000000000000000000   BYTE 10 DUP(0)
:0001.063F 00000000000000000000   BYTE 10 DUP(0)
:0001.0649 00000000000000000000   BYTE 10 DUP(0)
:0001.0653 00000000000000000000   BYTE 10 DUP(0)
:0001.065D 00000000000000000000   BYTE 10 DUP(0)
:0001.0667 00000000000000000000   BYTE 10 DUP(0)
:0001.0671 00000000000000000000   BYTE 10 DUP(0)
:0001.067B 00000000000000000000   BYTE 10 DUP(0)
:0001.0685 00000000000000000000   BYTE 10 DUP(0)
:0001.068F 00000000000000000000   BYTE 10 DUP(0)
:0001.0699 00000000000000000000   BYTE 10 DUP(0)
:0001.06A3 00000000000000000000   BYTE 10 DUP(0)
:0001.06AD 00000000000000000000   BYTE 10 DUP(0)
:0001.06B7 00000000000000000000   BYTE 10 DUP(0)
:0001.06C1 00000000000000000000   BYTE 10 DUP(0)
:0001.06CB 00000000000000000000   BYTE 10 DUP(0)
:0001.06D5 00000000000000000000   BYTE 10 DUP(0)
:0001.06DF 00000000000000000000   BYTE 10 DUP(0)
:0001.06E9 00000000000000000000   BYTE 10 DUP(0)


:0001.06F3 00                     BYTE 0


:0001.06F4 FE01                   inc byte ptr [bx+di]
:0001.06F6 FE01                   inc byte ptr [bx+di]
:0001.06F8 FE01                   inc byte ptr [bx+di]
:0001.06FA 000000                 BYTE  3 DUP(0)


:0001.06FD 1000                   adc [bx+si], al
:0001.06FF 00D2                   add dl, dl
:0001.0701 01D2                   add dx, dx
:0001.0703 01D9                   add cx, bx
:0001.0705 0100                   add cx, bx
找到连续的三条nop指令,除了这三条nop指令外,其它的就是您的研究对象了.还有很多,如带参数的main(),也可以一一编译连接,然后再反汇编,本文只是给出方法,且以后我如果有时间加上注释后也仅是针对此C源程序.

本文地址:http://com.8s8s.com/it/it29407.htm