由于目前在逆向单片机的程序,所以对于代码中的一些常见的c语言库函数的分析和总结
比如 常见的 strlen 函数 IDA反出来的伪代码如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 | int __fastcall StrLen_sub_803F3D8(unsigned __int8 *a1) { int v1; // r3 int v2; // t1 int i; // r2 int v4; // t1 int j; // r1 int v6; // t1 int v7; // t1 v1 = (int)(a1 + 1); if ( (_DWORD)a1 << 30 ) { while ( 1 ) { v2 = *a1++; if ( !v2 ) break; if ( !((_DWORD)a1 << 30) ) goto LABEL_4; } } else { LABEL_4: for ( i = *(_DWORD *)a1; !((i - 0x1010101) & ~i & 0x80808080); i = v4 ) { v4 = *((_DWORD *)a1 + 1); a1 += 4; } v6 = *a1++; for ( j = v6; j; j = v7 ) v7 = *a1++; } return (int)&a1[-v1]; } |
strcmpIDA解析出的代码如下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | int __fastcall sub_80201C8(int *ramAddr, int *str) { int v2; // r2 int v3; // t1 int v4; // r3 int v5; // t1 int v6; // r2 int i; // r3 int v8; // t1 int v9; // t1 int v10; // t1 int v11; // t1 while ( (_DWORD)ramAddr << 30 ) { v3 = *(unsigned __int8 *)ramAddr; ramAddr = (int *)((char *)ramAddr + 1); v2 = v3; v5 = *(unsigned __int8 *)str; str = (int *)((char *)str + 1); v4 = v5; if ( !v2 || v2 != v4 ) return v2 - v4; } v6 = *ramAddr; for ( i = *str; v6 == i && !((v6 - 0x1010101) & ~v6 & 0x80808080); i = v9 ) { v8 = ramAddr[1]; ++ramAddr; v6 = v8; v9 = str[1]; ++str; } do { v10 = *(unsigned __int8 *)ramAddr; ramAddr = (int *)((char *)ramAddr + 1); v2 = v10; v11 = *(unsigned __int8 *)str; str = (int *)((char *)str + 1); v4 = v11; } while ( v2 && v2 == v4 ); return v2 - v4; } |
strcpyIDA解析的代码如下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 | _BYTE *__fastcall Strcpy_sub_8020184(_BYTE *a1, unsigned __int8 *a2) { _BYTE *v2; // r12 int v3; // t1 int i; // r2 int v5; // t1 unsigned __int8 *v6; // r1 int j; // r3 int v8; // t1 int v9; // t1 v2 = a1; if ( (_DWORD)a1 << 30 ) { while ( 1 ) { v3 = *a2++; *a1++ = v3; if ( !v3 ) break; if ( !((_DWORD)a1 << 30) ) goto LABEL_4; } } else { LABEL_4: for ( i = *(_DWORD *)a2; !((i - 0x1010101) & ~i & 0x80808080); i = v5 ) { *(_DWORD *)a1 = i; a1 += 4; v5 = *((_DWORD *)a2 + 1); a2 += 4; } v8 = *a2; v6 = a2 + 1; for ( j = v8; ; j = v9 ) { *a1++ = j; if ( !j ) break; v9 = *v6++; } } return v2; } |
strcat的解析如下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | _BYTE *__fastcall strcat_sub_802E30C(_BYTE *result, char *a2) { _BYTE *v2; // r2 int v3; // t1 char v4; // t1 int v5; // t1 v2 = result; if ( *result ) { do v3 = (unsigned __int8)(v2++)[1]; while ( v3 ); } do { v4 = *a2++; *v2 = v4; v5 = (unsigned __int8)*v2++; } while ( v5 ); return result; } |
bzero的IDA解析如下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 | _DWORD *__fastcall sub_804A288(_DWORD *result, unsigned int a2, int a3) { bool v3; // cf signed int v4; // r1 do { v3 = a2 >= 0x10; a2 -= 16; if ( v3 ) { *result = a3; result[1] = a3; result[2] = a3; result[3] = a3; result += 4; } } while ( a2 != 0 && v3 ); if ( __CFSHL__(a2, 29) ) { *result = a3; result[1] = a3; result += 2; } if ( ((a2 << 29) & 0x80000000) != 0 ) { *result = a3; ++result; } v3 = __CFSHL__(a2, 31); v4 = a2 << 31; if ( v3 ) { *(_WORD *)result = a3; result = (_DWORD *)((char *)result + 2); } if ( v4 < 0 ) { *(_BYTE *)result = a3; result = (_DWORD *)((char *)result + 1); } return result; } |
未完待续…