#include <stdio.h>
int main(void)
{
00E41870 push ebp
00E41871 mov ebp,esp
00E41873 sub esp,0C0h
00E41879 push ebx
00E4187A push esi
00E4187B push edi
00E4187C mov edi,ebp
00E4187E xor ecx,ecx
00E41880 mov eax,0CCCCCCCCh
00E41885 rep stos dword ptr es:[edi]
00E41887 mov ecx,offset _506D4242_main@cpp (0E4C008h)
00E4188C call @__CheckForDebuggerJustMyCode@4 (0E4132Ah)
00E41891 nop
printf("Hello world! \n");
00E41892 push offset string "Hello world! \n" (0E47B30h)
00E41897 call _printf (0E410D2h)
00E4189C add esp,4
return 0;
00E4189F xor eax,eax
}
00E418A1 pop edi
00E418A2 pop esi
00E418A3 pop ebx
00E418A4 add esp,0C0h
00E418AA cmp ebp,esp
00E418AC call __RTC_CheckEsp (0E4124Eh)
00E418B1 mov esp,ebp
00E418B3 pop ebp
00E418B4 ret
#include <stdio.h>
int main(void)
{
00E21860 push ebp
00E21861 mov ebp,esp
00E21863 sub esp,0C0h
00E21869 push ebx
00E2186A push esi
00E2186B push edi
00E2186C mov edi,ebp
00E2186E xor ecx,ecx
00E21870 mov eax,0CCCCCCCCh
00E21875 rep stos dword ptr es:[edi]
00E21877 mov ecx,offset _506D4242_main@cpp (0E2C008h)
00E2187C call @__CheckForDebuggerJustMyCode@4 (0E2132Ah)
00E21881 nop
printf("Hello Everybody\n");
00E21882 push offset string "Hello Everybody\n" (0E27B30h)
00E21887 call _printf (0E210D2h)
00E2188C add esp,4
printf("%d\n", 1234);
00E2188F push 4D2h
00E21894 push offset string "%d\n" (0E27BE0h)
00E21899 call _printf (0E210D2h)
00E2189E add esp,8
printf("%d %d\n", 10, 20);
00E218A1 push 14h
00E218A3 push 0Ah
00E218A5 push offset string "%d %d\n" (0E27BE4h)
00E218AA call _printf (0E210D2h)
00E218AF add esp,0Ch
return 0;
00E218B2 xor eax,eax
}
00E218B4 pop edi
00E218B5 pop esi
00E218B6 pop ebx
00E218B7 add esp,0C0h
00E218BD cmp ebp,esp
00E218BF call __RTC_CheckEsp (0E2124Eh)
00E218C4 mov esp,ebp
00E218C6 pop ebp
00E218C7 ret
* _506D4242_main@cpp
파일명이나 함수명을 기반으로 생성된 디버깅용 심볼
디버거가 현재 실행 중인 코드가 사용자 코드인지 확인하는 데 사용되며,
특히 __CheckForDebuggerJustMyCode에서 활용된다
* __CheckForDebuggerJustMyCode
디버거가 현재 코드가 사용자 코드인지 외부 라이브러리 코드인지 판단하는 함수
#include <stdio.h>
int main(void)
{
00751870 push ebp
00751871 mov ebp,esp
00751873 sub esp,0E4h
00751879 push ebx
0075187A push esi
0075187B push edi
0075187C lea edi,[ebp-24h]
0075187F mov ecx,9
00751884 mov eax,0CCCCCCCCh
00751889 rep stos dword ptr es:[edi]
0075188B mov ecx,offset _EECDF8A2_main@c (075C008h)
00751890 call @__CheckForDebuggerJustMyCode@4 (075132Ah)
00751895 nop
int num1 = 2, num2 = 4, num3 = 6;
00751896 mov dword ptr [num1],2
0075189D mov dword ptr [num2],4
007518A4 mov dword ptr [num3],6
printf("%d+%d=%d\n", num1, num2, num1 + num2);
007518AB mov eax,dword ptr [num1]
007518AE add eax,dword ptr [num2]
007518B1 push eax
007518B2 mov ecx,dword ptr [num2]
007518B5 push ecx
007518B6 mov edx,dword ptr [num1]
007518B9 push edx
007518BA push offset string "%d+%d=%d\n" (0757B30h)
007518BF call _printf (07510D2h)
007518C4 add esp,10h
printf("%d-%d=%d\n", num1, num2, num1 - num2);
007518C7 mov eax,dword ptr [num1]
007518CA sub eax,dword ptr [num2]
007518CD push eax
007518CE mov ecx,dword ptr [num2]
007518D1 push ecx
007518D2 mov edx,dword ptr [num1]
007518D5 push edx
007518D6 push offset string "%d-%d=%d\n" (0757B3Ch)
007518DB call _printf (07510D2h)
007518E0 add esp,10h
printf("%d*%d=%d\n", num1, num2, num1 * num2);
007518E3 mov eax,dword ptr [num1]
007518E6 imul eax,dword ptr [num2]
007518EA push eax
007518EB mov ecx,dword ptr [num2]
007518EE push ecx
007518EF mov edx,dword ptr [num1]
007518F2 push edx
007518F3 push offset string "%d*%d=%d\n" (0757B48h)
007518F8 call _printf (07510D2h)
007518FD add esp,10h
printf("%d/%d=%d\n", num1, num2, num1 / num2);
00751900 mov eax,dword ptr [num1]
00751903 cdq
00751904 idiv eax,dword ptr [num2]
00751907 push eax
00751908 mov eax,dword ptr [num2]
0075190B push eax
0075190C mov ecx,dword ptr [num1]
0075190F push ecx
00751910 push offset string "%d/%d=%d\n" (0757B54h)
00751915 call _printf (07510D2h)
0075191A add esp,10h
printf("%d%%%d=%d\n", num1, num2, num1 % num2);
0075191D mov eax,dword ptr [num1]
00751920 cdq
00751921 idiv eax,dword ptr [num2]
00751924 push edx
00751925 mov eax,dword ptr [num2]
00751928 push eax
00751929 mov ecx,dword ptr [num1]
0075192C push ecx
0075192D push offset string "%d%%%d=%d\n" (0757B60h)
00751932 call _printf (07510D2h)
00751937 add esp,10h
return 0;
0075193A xor eax,eax
}
0075193C pop edi
0075193D pop esi
0075193E pop ebx
0075193F add esp,0E4h
00751945 cmp ebp,esp
00751947 call __RTC_CheckEsp (075124Eh)
0075194C mov esp,ebp
0075194E pop ebp
0075194F ret
#include <stdio.h>
int main(void)
{
00CF1870 push ebp
00CF1871 mov ebp,esp
00CF1873 sub esp,0E4h
00CF1879 push ebx
00CF187A push esi
00CF187B push edi
00CF187C lea edi,[ebp-24h]
00CF187F mov ecx,9
00CF1884 mov eax,0CCCCCCCCh
00CF1889 rep stos dword ptr es:[edi]
00CF188B mov ecx,offset _EECDF8A2_main@c (0CFC008h)
00CF1890 call @__CheckForDebuggerJustMyCode@4 (0CF132Ah)
00CF1895 nop
int num1 = 2, num2 = 4, num3 = 6;
00CF1896 mov dword ptr [num1],2
00CF189D mov dword ptr [num2],4
00CF18A4 mov dword ptr [num3],6
num1 += 1;
00CF18AB mov eax,dword ptr [num1]
00CF18AE add eax,1
00CF18B1 mov dword ptr [num1],eax
num3 *= 4;
00CF18B4 mov eax,dword ptr [num3]
00CF18B7 shl eax,2
00CF18BA mov dword ptr [num3],eax
num3 %= 5;
00CF18BD mov eax,dword ptr [num3]
00CF18C0 cdq
00CF18C1 mov ecx,5
00CF18C6 idiv eax,ecx
00CF18C8 mov dword ptr [num3],edx
printf("Result : %d, %d, %d\n", num1, num2, num3);
00CF18CB mov eax,dword ptr [num3]
00CF18CE push eax
00CF18CF mov ecx,dword ptr [num2]
00CF18D2 push ecx
00CF18D3 mov edx,dword ptr [num1]
00CF18D6 push edx
00CF18D7 push offset string "Result : %d, %d, %d\n" (0CF7C0Ch)
00CF18DC call _printf (0CF10D2h)
00CF18E1 add esp,10h
return 0;
00CF18E4 xor eax,eax
}
00CF18E6 pop edi
00CF18E7 pop esi
00CF18E8 pop ebx
00CF18E9 add esp,0E4h
00CF18EF cmp ebp,esp
00CF18F1 call __RTC_CheckEsp (0CF124Eh)
00CF18F6 mov esp,ebp
00CF18F8 pop ebp
00CF18F9 ret
#include <stdio.h>
int main(void)
{
006B18E0 push ebp
006B18E1 mov ebp,esp
006B18E3 sub esp,0F4h
006B18E9 push ebx
006B18EA push esi
006B18EB push edi
006B18EC lea edi,[ebp-34h]
006B18EF mov ecx,0Dh
006B18F4 mov eax,0CCCCCCCCh
006B18F9 rep stos dword ptr es:[edi]
006B18FB mov eax,dword ptr [__security_cookie (06BA040h)]
006B1900 xor eax,ebp
006B1902 mov dword ptr [ebp-4],eax
006B1905 mov ecx,offset _EECDF8A2_main@c (06BC008h)
006B190A call @__CheckForDebuggerJustMyCode@4 (06B132Ah)
006B190F nop
int result, num1, num2, num3;
printf("세 개의 정수 : ");
006B1910 push offset string "\xbc\xbc \xb0\xb3\xc0\xc7 \xc1\xa4\xbc\xf6 : " (06B7C0Ch)
006B1915 call _printf (06B10D2h)
006B191A add esp,4
scanf_s("%d %d %d", &num1, &num2, &num3);
006B191D lea eax,[num3]
006B1920 push eax
006B1921 lea ecx,[num2]
006B1924 push ecx
006B1925 lea edx,[num1]
006B1928 push edx
006B1929 push offset string "%d %d %d" (06B7B30h)
006B192E call _scanf_s (06B13CFh)
006B1933 add esp,10h
result = num1 + num2 + num3;
006B1936 mov eax,dword ptr [num1]
006B1939 add eax,dword ptr [num2]
006B193C add eax,dword ptr [num3]
006B193F mov dword ptr [result],eax
printf("%d + %d + %d = %d\n", num1, num2, num3, result);
006B1942 mov eax,dword ptr [result]
006B1945 push eax
006B1946 mov ecx,dword ptr [num3]
006B1949 push ecx
006B194A mov edx,dword ptr [num2]
006B194D push edx
006B194E mov eax,dword ptr [num1]
006B1951 push eax
006B1952 push offset string "%d + %d + %d = %d\n" (06B7B3Ch)
006B1957 call _printf (06B10D2h)
006B195C add esp,14h
return 0;
006B195F xor eax,eax
}
006B1961 push edx
006B1962 mov ecx,ebp
006B1964 push eax
006B1965 lea edx,ds:[6B1990h]
006B196B call @_RTC_CheckStackVars@8 (06B11EAh)
006B1970 pop eax
006B1971 pop edx
006B1972 pop edi
006B1973 pop esi
006B1974 pop ebx
006B1975 mov ecx,dword ptr [ebp-4]
006B1978 xor ecx,ebp
006B197A call @__security_check_cookie@4 (06B114Fh)
006B197F add esp,0F4h
006B1985 cmp ebp,esp
006B1987 call __RTC_CheckEsp (06B124Eh)
006B198C mov esp,ebp
006B198E pop ebp
006B198F ret
* __security_cookie
스택 손상(특히 ebp와 반환 주소 손상)을 감지하기 위해 함수 시작 시 생성되는 전역 보안 토큰
* __security_check_cookie
스택 손상(ebp)을 감지하기 위한 함수
#include <stdio.h>
int main(void)
{
00754720 push ebp
00754721 mov ebp,esp
00754723 sub esp,0DCh
00754729 push ebx
0075472A push esi
0075472B push edi
0075472C lea edi,[ebp-1Ch]
0075472F mov ecx,7
00754734 mov eax,0CCCCCCCCh
00754739 rep stos dword ptr es:[edi]
0075473B mov ecx,offset _EECDF8A2_main@c (075C008h)
00754740 call @__CheckForDebuggerJustMyCode@4 (075132Ah)
00754745 nop
int num1 = 10;
00754746 mov dword ptr [num1],0Ah
int num2 = (num1--) + 2;
0075474D mov eax,dword ptr [num1]
00754750 add eax,2
00754753 mov dword ptr [num2],eax
00754756 mov ecx,dword ptr [num1]
00754759 sub ecx,1
0075475C mov dword ptr [num1],ecx
printf("num1: %d\n", num1);
0075475F mov eax,dword ptr [num1]
00754762 push eax
00754763 push offset string "num1: %d\n" (0757C0Ch)
00754768 call _printf (07510D2h)
0075476D add esp,8
printf("num2: %d\n", num2);
00754770 mov eax,dword ptr [num2]
00754773 push eax
00754774 push offset string "num2: %d\n" (0757B30h)
00754779 call _printf (07510D2h)
0075477E add esp,8
printf("num1: %d\n", num1++);
00754781 mov eax,dword ptr [num1]
00754784 mov dword ptr [ebp-0DCh],eax
0075478A mov ecx,dword ptr [num1]
0075478D add ecx,1
00754790 mov dword ptr [num1],ecx
00754793 mov edx,dword ptr [ebp-0DCh]
00754799 push edx
0075479A push offset string "num1: %d\n" (0757C0Ch)
0075479F call _printf (07510D2h)
007547A4 add esp,8
printf("num1: %d\n", num1);
007547A7 mov eax,dword ptr [num1]
007547AA push eax
007547AB push offset string "num1: %d\n" (0757C0Ch)
007547B0 call _printf (07510D2h)
007547B5 add esp,8
return 0;
007547B8 xor eax,eax
}
007547BA pop edi
007547BB pop esi
007547BC pop ebx
007547BD add esp,0DCh
007547C3 cmp ebp,esp
007547C5 call __RTC_CheckEsp (075124Eh)
007547CA mov esp,ebp
007547CC pop ebp
007547CD ret
* ebp-0DCh
후위 연산자(num1++)의 연산 중간 결과를 임시로 저장하기 위한 임시 저장소
'IT공부 > IT서적' 카테고리의 다른 글
[윤성우 열혈 C프로그래밍] 디버깅 빌드, 어셈블리 코드 - Chapter5 (0) | 2025.01.13 |
---|---|
[윤성우 열혈 C프로그래밍] 디버깅 빌드, 어셈블리 코드 - Chapter4 (0) | 2025.01.12 |
[뇌를 자극하는 윈도우즈 시스템 프로그래밍] 7장. 프로세스간 통신(IPC) - 1 (0) | 2025.01.07 |
[뇌를 자극하는 윈도우즈 시스템 프로그래밍] 6장. 커널 오브젝트와 오브젝트 핸들 (0) | 2024.12.31 |
[뇌를 자극하는 윈도우즈 시스템 프로그래밍] 5장. 프로세스의 생성과 소멸 (0) | 2024.12.24 |