The source file is as follows, named Casimodo.c: main () {INT i = 5, K; K = ( i) ( i) (i ); Printf ("% d / n", i) ; i = 5; Printf ("% D,% D,% D,% D", I, k, ( i) ( i) (i ), i);} with TCC -B compile casimodo.c: ifndef ?? version debug macro endm endif debug S "casimdo1.c" _TEXT segment byte public 'CODE'DGROUP group _DATA, _BSS assume cs:?? _TEXT, ds: DGROUP, ss: DGROUP_TEXT ends_DATA segment word public 'DATA'd @ label byted @ w label word_DATA ends_BSS segment word public' BSS'b @ label byteb @ w label word debug C E98A752C320A636173696D646F312E63_BSS ends_TEXT segment byte public 'CODE';?? debug L 1_main proc near push si push di;? Debug L 4 MOV SI, 5;? Debug L 5 Inc Si; First I = 6 Inc Si; Second I = 7 MOV Di, Si; Perform K = I Add Di, Si; Perform K = ( i) ( i) Add di, Si; execute k = ( i) ( ) at this time i = 7 inc s; is that i i = 8;? Debug L 6 push si; Si Prepare the value of the PRINTF MOV AX, OFFSET DGROUP: S @; get the print format parameter of the Printf function Push AX; parameter Add Call Near PTR _PRINTF POP CX; Restore Stack Pointer Pop Cx;? Debug L 7 MOV Si, 5 ; DEBUG L 8 Push Si; Si in the stack, i = 5, save I value Inc Si; i i = 6 MOV AX, Si; AX = 6, INC SI; i i = 7
MOV DX, Si; DX = 7 Add Ax, DX; Calculation ( i) ( i), existing AX = 13 MOV DX, Si; DX = 7 Inc Si; i i = 8 Add Ax, DX; Calculation ( i) ( i) (i ), AX = 21 push ax; AX and in the stack Push Di; Di, Si into the stack, is K, I value into the stack PUSH Si Mov AX, Offset DGroup: s @ 4; Take a second parameter Push ax; AX in the stack of Call Near PTR _Printf; Print Add SP, 10 @ 1 :;? Debug L 9 Pop Di Pop Si RET _MAIN ENDP_TEXT ENDS? Debug C E9_DATA Segment SEGMENT Word public 'data's @ label byte DB 37; is the first print parameter 37 is actually% DB 100; D db 10; newline character \N DB 0 DB 37; second print parameter DB 100 DB 44; "," DB 37 DB 100 DB 44 DB 37 DB 100 DB 44 DB 37 DB 100 DB 0_DATA ENDS_TEXT Segment Byte Public 'Code' EXTRN _PRINTF: NEAR_TEXT Ends Public _Main End In view, you have to find it in Call _Printf, first put it first, go to find W32DASM
Find W32DASM. In cabbage park, two call _printf calls the same address function, in * Reference by a call at addresses: |: 0001.0210,: 0001.022d |: 0001.0aeb 55 push bp; BP memory returned : 0001.0AEC 8BEC MOV BP, SP: 0001.0AEE B8630C MOV AX, 0C63;: 0001.0AF1 50 Push Ax: 0001.0af2 b81c02 MOV AX, 021C: 0001.0AF5 50 Push AX: 0001.0AF6 FF7604 PUSH WORD PTR [BP 04]: 0001.0af9 8D4606 LEA AX, [BP 06]; AX = FFDC, and FFDC is I value 8: 0001.0AFC 50 Push AX: 0001.0AFD E84C02 Call 0D4C: 0001.0B00 EB00 JMP 0B02 with debug: -g 0aebax = 0194 bx = 07DC CX = 0010 DX = E595 SP = FFD8 BP = ffe2 Si = = 0008 Di = 0015DS = 14f2 ES = 14f2 SS = 14f2 CS = 13b9 IP = 0AEB NV UP EI PL NZ NA PO NC13B9: 0AEB 55 PUSH BP-T
AX = 0194 bx = 07dc cx = 0010 DX = E595 sp = ffd6 bp = ffe2 si = 0008 di = 0015DS = 14f2 ES = 14f2 ss = 14f2 cs = 13b9 IP = 0AEC NV UP EI PL NZ NA PO NC13B9: 0AEC 8BEC MOV BP, SP-D DS: FFD614F2: FFD0 E2 FF-13 02 94 01 08 00 9B 07 .......... 14F2: FFE0 20 03 EE FF 1D 01 01 00-EC FF A4 07 F0 FF 00 00 ............. 14f2: fff0 43 41 53 49 4D 4F 44 4F-2E 45 58 45 00 00 FB 00 Casimodo.exe .... View Stack Know that FFE2 is The value of the saved BP, 0213 This value is the address of the printf. 0194 is the print format parameter address. The value is the value of i, and there is a Call, followed: * Reference by a call at address: |: 0001.0afd |: 0001.0d4c 55 push bp; bp = ffd6: 0001.0d4d 8bec MOV BP, SP; sp = ffca: 0001.0d4f 81ec9600 SUB SP, 0096; do not understand sp = ff34: 0001.0d53 56 push si; si = 8: 0001.0d54 57 PUSH Di; di = 15: 0001.0d55 C746AA0000 MOV Word PTR [BP-56], 0000: 0001.0D5A C646AD50 MOV BYTE PTR [BP-53], 50: 0001.0D5E EB38 JMP 0D98; unconditional transfer to 0D98 continued, good pain *Reference by a (u) Nconditional or (c) ONDITIONAL JUMP AT Address: |: 0001.0d5E (U) |: 0001.0d98 06 Push ES: 0001.0d99 FC CLD; Clear Direction Sign Near: 0001.0d9A 8D7EAE LEA DI, [BP- 52]; Di = FF78: 0001.0d9D 89BE6CFF MOV [BP FF6C], DI; * Reference By A (U) Nconditional OR (C) ONDITIONAL JUMP AT Address: |: 0001.1221 (u) |: 0001.0da1 8bbe6cff Mov Di, [BP FF6C]
* Reference by A (u) Nconditional or (c) ONDITIONAL JUMP AT Addresses: |: 0001.0FB9 (U),: 0001.11f4 (u) |: 0001.0da5 8b7606 MOV Si, [BP 06]; Si = 0194 * Referenced BY A (U) Nconditional OR (C) OR (C) OR 0001.0dB7 (C),: 0001.0dBC (U) |: 0001.0dA8 AC LODSB; put the characters in the source string into Al or AX, AX = ff25: 0001.0da9 0ac0 or Al, Al; s: ff25 = ffca ss: ffca = ffd6 s: ffd6 is our raw data: 0001.0dab 7411 JE 0dbe; because z = 0, do not jump: 0001.0dad 3C25 CMP Al, 25; Z = 1: 0001.0DAF 7410 JE 0DC1 Reference article: http://www.9cbs.com.cn/program/6717.htmhttp://www.cstc.net.cn/docs/docs.php? ID = 275
