x32dbg/x64dbg逆向之反向分析全局变量

其他案例请查看aes解码,密钥123456789密文U2FsdGVkX1/Bd4k8ZAij4D8oMKFwS3bBvmalzk3NT7UEJTw7/qemqhDLwG4nl9H9/nO3Xk0Ebmv0W50P9akHkb0F2ubxR31a6lldXh/T1P5UbUFht0mf2SUJwAKMq1bg其他案例请查看aes解码,密钥123456789密文U2FsdGVkX1/Bd4k8ZAij4D8oMKFwS3bBvmalzk3NT7UEJTw7/qemqhDLwG4nl9H9/nO3Xk0Ebmv0W50P9akHkb0F2ubxR31a6lldXh/T1P5UbUFht0mf2SUJwAKMq1bgx32dbg/x64dbg逆向之反向分析全局变量1) 逆向之反向分析全局变量介绍咱们第一个逆向分析的来点简单的先适应一下顺便带这各位把C语言简单的过一遍后面咱们再深入进去。有之前汇编开发前期基础这些对咱们来说已经是小儿科无非就是mov赋值操作 以及lea获取地址movsd符号扩展等基本的操作。咱们记牢以下关键规则哦因为在后面使用x32/x64dbg进行调试分析时会频繁用到ds:指向数据段全局/静态变量ss:指向栈段局部变量2C语言案例代码咱们在学习逆向分析的同时同步梳理C和C基础知识点一正一反正向开发逆向分析为后续深耕底层技术打好基础哦。#define _CRT_SECURE_NO_WARNINGS #include stdio.h #include string.h #include stdbool.h // All Common C Global Data Types // Basic integer types char g_char 0; unsigned char g_uchar 0; short g_short 0; unsigned short g_ushort 0; int g_int 0; unsigned int g_uint 0; long g_long 0; unsigned long g_ulong 0; long long g_llong 0; unsigned long long g_ullong 0; // Floating-point types float g_float 0.0f; double g_double 0.0; long double g_ldouble 0.0L; // Boolean type bool g_bool false; // String character array // char pointer char* g_pChar NULL; // double char pointer char** g_ppChar NULL; // char array char g_charArr[100] { 0 }; // Void pointer void* g_pVoid NULL; // Custom struct struct Student { // Bit-field type unsigned int age : 8; unsigned int sex : 1; int id; }; struct Student g_stu; // Union type union Data { int num; char ch; float f; }; union Data g_union; // Enum type enum Color { BLACK, WHITE, RED, BLUE }; enum Color g_color; // Array pointer function pointer int g_arr[5] { 0 }; // pointer to array int (*g_pArr)[5] g_arr; // function pointer void (*g_pFunc)(int) NULL; // // Function pointer void testFunc(int x) { printf(Function pointer call, x %d\n, x); } int main(void) { g_char Z; g_uchar 255; g_short 100; g_ushort 200; g_int 999; g_uint 1024; g_long 123456L; g_ulong 654321UL; g_llong 1122334455LL; g_ullong 9988776655ULL; // float g_float 3.14f; g_double 6.28; g_ldouble 9.99L; // bool g_bool true; // string g_pChar (char*)Hello All Types; strcpy(g_charArr, Char Array Content); // void pointer point to int int temp 888; g_pVoid temp; // struct g_stu.age 20; g_stu.sex 1; g_stu.id 2025001; // union g_union.num 520; // enum g_color RED; // call function pointer g_pFunc testFunc; g_pFunc(666); // Print all for verification printf(char : %c\n, g_char); printf(uchar : %u\n, g_uchar); printf(short : %d\n, g_short); printf(int : %d\n, g_int); printf(long long : %lld\n, g_llong); printf(float : %.2f\n, g_float); printf(double : %.2lf\n, g_double); printf(bool : %d\n, g_bool); printf(str pointer : %s\n, g_pChar); printf(char array : %s\n, g_charArr); printf(enum color : %d\n, g_color); printf(struct age : %d\n, g_stu.age); printf(union num : %d\n, g_union.num); return 0; }3汇编反向分析全局变量咱们就用之前讲过的规则来一步步分析这段汇编代码核心就抓一个关键点只要指令里看到 ds:那操作的肯定就是全局 / 静态变量看到 ss:操作的就是局部变量照着这个思路看就行。x64开头准备部分没啥实质业务逻辑这几步是函数的 标准开场保存栈底地址开辟栈空间然后把栈里刚开辟的这块内存全部填成 0xCCCCCCCC调试器里常用这个值标记未初始化的栈内存。这里全是 ss: 栈段操作跟全局变量没关系就是搭个运行的基础环境。00007FF70D7118F0 | 40:55 | push rbp | FileName.cpp:89 00007FF70D7118F2 | 57 | push rdi | 00007FF70D7118F3 | 48:81EC 08010000 | sub rsp,108 | 00007FF70D7118FA | 48:8D6C24 20 | lea rbp,qword ptr ss:[rsp20] | 00007FF70D7118FF | 48:8D7C24 20 | lea rdi,qword ptr ss:[rsp20] | 00007FF70D711904 | B9 0A000000 | mov ecx,A | 0A:\n 00007FF70D711909 | B8 CCCCCCCC | mov eax,CCCCCCCC | 00007FF70D71190E | F3:AB | rep stosd 这里出现了第一个 ds:读了一个全局值__security_cookie然后和栈底地址做异或再存回栈里。这是编译器加的 安全防护后面咱们再说用来检测栈溢出的不用纠结细节知道是读全局值就行。 | 00007FF70D711910 | 48:8B05 29B70000 | mov rax,qword ptr ds:[__security_cookie] | rax:__enc$textbss$end276 00007FF70D711917 | 48:33C5 | xor rax,rbp | rax:__enc$textbss$end276 00007FF70D71191A | 48:8985 D8000000 | mov qword ptr ss:[rbpD8],rax | rax:__enc$textbss$end276 又是ds:取了个文件名相关的全局字符串地址调用了个内部函数还是初始化相关的操作直接跳过就行。 00007FF70D711921 | 48:8D0D E7060100 | lea rcx,qword ptr ds:[__14F49BB1_FileNamecpp] | FileName.cpp:15732480 00007FF70D711928 | E8 48FAFFFF | call project1.7FF70D711375 | 00007FF70D71192D | 90 | nop 咱们的Main赋值正式开始 00007FF70D71192E | C605 DBB80000 5A | mov byte ptr ds:[char g_char],5A | 将全局char变量 g_char 赋值为 Z(0x5A) 00007FF70D711935 | C605 D5B80000 FF | mov byte ptr ds:[unsigned char g_uchar],FF | 将全局unsigned char变量 g_uchar 赋值为255 00007FF70D71193C | B8 64000000 | mov eax,64 | 将100装入EAX 00007FF70D711941 | 66:8905 CCB80000 | mov word ptr ds:[short g_short],ax | 将AX中的100写入short变量 g_short 00007FF70D711948 | B8 C8000000 | mov eax,C8 | 将200装入EAX 00007FF70D71194D | 66:8905 C4B80000 | mov word ptr ds:[unsigned short g_ushort],ax | 将AX中的200写入unsigned short变量 g_ushort 00007FF70D711954 | C705 BEB80000 E7030000 | mov dword ptr ds:[int g_int],3E7 | 将int变量 g_int 赋值为999 00007FF70D71195E | C705 B8B80000 00040000 | mov dword ptr ds:[unsigned int g_uint],400 | 将unsigned int变量 g_uint 赋值为1024 00007FF70D711968 | C705 B2B80000 40E20100 | mov dword ptr ds:[long g_long],1E240 | 将long变量 g_long 赋值为123456 00007FF70D711972 | C705 ACB80000 F1FB0900 | mov dword ptr ds:[unsigned long g_ulong],9FBF1 | 将unsigned long变量 g_ulong 赋值为654321 00007FF70D71197C | 48:C705 A9B80000 F776E54 | mov qword ptr ds:[__int64 g_llong],42E576F7 | 将64位整数1234567895写入g_llong 00007FF70D711987 | 48:B8 CFA2605302000000 | mov rax,25360A2CF | 将64位立即数10000000079装入RAX 00007FF70D711991 | 48:8905 A0B80000 | mov qword ptr ds:[unsigned __int64 g_ullong],rax | 将RAX写入unsigned long long变量 g_ullong 00007FF70D711998 | F3:0F1005 BC940000 | movss xmm0,dword ptr ds:[__real4048f5c3] | 将float常量加载到XMM0 00007FF70D7119A0 | F3:0F1105 84B80000 | movss dword ptr ds:[float g_float],xmm0 | 将float值写入g_float 00007FF70D7119A8 | F2:0F1005 90940000 | movsd xmm0,qword ptr ds:[__real40191eb851eb851f] | 将double常量加载到XMM0 00007FF70D7119B0 | F2:0F1105 88B80000 | movsd qword ptr ds:[double g_double],xmm0 | 将double值写入g_double 00007FF70D7119B8 | F2:0F1005 90940000 | movsd xmm0,qword ptr ds:[__real4023fae147ae147b] | 将long double对应常量加载到XMM0 00007FF70D7119C0 | F2:0F1105 80B80000 | movsd qword ptr ds:[long double g_ldouble],xmm0 | 将值写入g_ldouble 00007FF70D7119C8 | C605 43B80000 01 | mov byte ptr ds:[bool g_bool],1 | 将bool变量 g_bool 赋值为true 00007FF70D7119CF | 48:8D05 FA920000 | lea rax,qword ptr ds:[Hello All Types...] | 获取字符串Hello All Types地址 00007FF70D7119D6 | 48:8905 73B80000 | mov qword ptr ds:[char *g_pChar],rax | 将字符串地址保存到g_pChar 00007FF70D7119DD | 48:8D15 04930000 | lea rdx,qword ptr ds:[Char Array Content...] | 获取字符串Char Array Content地址 00007FF70D7119E4 | 48:8D0D 75B80000 | lea rcx,qword ptr ds:[char *g_charArr] | 获取字符数组g_charArr地址作为目标缓冲区 00007FF70D7119EB | E8 37F7FFFF | call project1.7FF70D711127 | 调用字符串复制函数(类似strcpy) 00007FF70D7119F0 | 90 | nop | 空操作占位 00007FF70D7119F1 | C745 04 78030000 | mov dword ptr ss:[rbp4],378 | 局部变量赋值888 00007FF70D7119F8 | 48:8D45 04 | lea rax,qword ptr ss:[rbp4] | 获取局部变量地址 00007FF70D7119FC | 48:8905 C5B80000 | mov qword ptr ds:[void *g_pVoid],rax | 将局部变量地址保存到void指针g_pVoid 00007FF70D711A03 | 8B05 C7B80000 | mov eax,dword ptr ds:[struct Student g_stu] | 读取结构体Student内容 00007FF70D711A09 | 25 00FFFFFF | and eax,FFFFFF00 | 清除最低8位(age字段) 00007FF70D711A0E | 83C8 14 | or eax,14 | 将age字段设置为20 00007FF70D711A11 | 8905 B9B80000 | mov dword ptr ds:[struct Student g_stu],eax | 写回结构体 00007FF70D711A17 | 8B05 B3B80000 | mov eax,dword ptr ds:[struct Student g_stu] | 再次读取结构体 00007FF70D711A1D | 0FBAE8 08 | bts eax,8 | 设置第8位(bit field成员) 00007FF70D711A21 | 8905 A9B80000 | mov dword ptr ds:[struct Student g_stu],eax | 写回修改后的结构体 00007FF70D711A27 | C705 A3B80000 29E61E00 | mov dword ptr ds:[7FF70D71D2D4],1EE629 | 设置结构体中其他成员值 00007FF70D711A31 | C705 89B80000 08020000 | mov dword ptr ds:[union Data g_union],208 | union变量赋值520 00007FF70D711A3B | C705 93B80000 02000000 | mov dword ptr ds:[enum Color g_color],2 | 枚举变量g_color赋值为2 00007FF70D711A45 | 48:8D05 E8F8FFFF | lea rax,qword ptr ds:[7FF70D711334] | 获取函数地址 00007FF70D711A4C | 48:8905 A5B80000 | mov qword ptr ds:[void (__cdecl *g_pFunc)(int)],rax | 保存到函数指针g_pFunc 00007FF70D711A53 | B9 9A020000 | mov ecx,29A | 准备函数参数666 00007FF70D711A58 | FF15 9AB80000 | call qword ptr ds:[void (__cdecl *g_pFunc)(int)] | 通过函数指针调用目标函数 00007FF70D711A5E | 90 | nop 00007FF70D711A5F | 0FBE05 AAB70000 | movsx eax,byte ptr ds:[char g_char] | FileName.cpp:134 00007FF70D711A66 | 8BD0 | mov edx,eax | 00007FF70D711A68 | 48:8D0D 91920000 | lea rcx,qword ptr ds:[char : %c\n...] | 00007FF70D71AD00:char : %c\n 00007FF70D711A6F | E8 26F7FFFF | call project1.7FF70D71119A | 00007FF70D711A74 | 90 | nop | 00007FF70D711A75 | 0FB605 95B70000 | movzx eax,byte ptr ds:[unsigned char g_uchar] | FileName.cpp:135 00007FF70D711A7C | 8BD0 | mov edx,eax | 00007FF70D711A7E | 48:8D0D 93920000 | lea rcx,qword ptr ds:[uchar : %u\n...] | 00007FF70D71AD18:uchar : %u\n 00007FF70D711A85 | E8 10F7FFFF | call project1.7FF70D71119A | 00007FF70D711A8A | 90 | nop | 00007FF70D711A8B | 0FBF05 82B70000 | movsx eax,word ptr ds:[short g_short] | FileName.cpp:136 00007FF70D711A92 | 8BD0 | mov edx,eax | 00007FF70D711A94 | 48:8D0D 95920000 | lea rcx,qword ptr ds:[short : %d\n...] | 00007FF70D71AD30:short : %d\n 00007FF70D711A9B | E8 FAF6FFFF | call project1.7FF70D71119A | 00007FF70D711AA0 | 90 | nop | 00007FF70D711AA1 | 8B15 75B70000 | mov edx,dword ptr ds:[int g_int] | FileName.cpp:137 00007FF70D711AA7 | 48:8D0D 9A920000 | lea rcx,qword ptr ds:[int : %d\n...] | 00007FF70D71AD48:int : %d\n 00007FF70D711AAE | E8 E7F6FFFF | call project1.7FF70D71119A | 00007FF70D711AB3 | 90 | nop | 00007FF70D711AB4 | 48:8B15 75B70000 | mov rdx,qword ptr ds:[__int64 g_llong] | FileName.cpp:138, rdx:__enc$textbss$end276 00007FF70D711ABB | 48:8D0D 9E920000 | lea rcx,qword ptr ds:[long long : %lld\n...] | 00007FF70D71AD60:long long : %lld\n 00007FF70D711AC2 | E8 D3F6FFFF | call project1.7FF70D71119A | 00007FF70D711AC7 | 90 | nop | 00007FF70D711AC8 | F3:0F5A05 5CB70000 | cvtss2sd xmm0,dword ptr ds:[float g_float] | FileName.cpp:139 00007FF70D711AD0 | 0F28C8 | movaps xmm1,xmm0 | 00007FF70D711AD3 | 6648:0F7ECA | movq rdx,xmm1 | rdx:__enc$textbss$end276 00007FF70D711AD8 | 48:8D0D 99920000 | lea rcx,qword ptr ds:[float : %.2f\n...] | 00007FF70D71AD78:float : %.2f\n 00007FF70D711ADF | E8 B6F6FFFF | call project1.7FF70D71119A | 00007FF70D711AE4 | 90 | nop | 00007FF70D711AE5 | F2:0F100D 53B70000 | movsd xmm1,qword ptr ds:[double g_double] | FileName.cpp:140 00007FF70D711AED | 6648:0F7ECA | movq rdx,xmm1 | rdx:__enc$textbss$end276 00007FF70D711AF2 | 48:8D0D 97920000 | lea rcx,qword ptr ds:[double : %.2lf\n...] | 00007FF70D71AD90:double : %.2lf\n 00007FF70D711AF9 | E8 9CF6FFFF | call project1.7FF70D71119A | 00007FF70D711AFE | 90 | nop | 00007FF70D711AFF | 0FB605 0CB70000 | movzx eax,byte ptr ds:[bool g_bool] | FileName.cpp:141 00007FF70D711B06 | 8BD0 | mov edx,eax | 00007FF70D711B08 | 48:8D0D A1920000 | lea rcx,qword ptr ds:[bool : %d\n...] | 00007FF70D71ADB0:bool : %d\n 00007FF70D711B0F | E8 86F6FFFF | call project1.7FF70D71119A | 00007FF70D711B14 | 90 | nop | 00007FF70D711B15 | 48:8B15 34B70000 | mov rdx,qword ptr ds:[char *g_pChar] | FileName.cpp:142, rdx:__enc$textbss$end276 00007FF70D711B1C | 48:8D0D A5920000 | lea rcx,qword ptr ds:[str pointer : %s\n...] | 00007FF70D71ADC8:str pointer : %s\n 00007FF70D711B23 | E8 72F6FFFF | call project1.7FF70D71119A | 00007FF70D711B28 | 90 | nop | 00007FF70D711B29 | 48:8D15 30B70000 | lea rdx,qword ptr ds:[char *g_charArr] | FileName.cpp:143, rdx:__enc$textbss$end276 00007FF70D711B30 | 48:8D0D A9920000 | lea rcx,qword ptr ds:[char array : %s\n...] | 00007FF70D71ADE0:char array : %s\n 00007FF70D711B37 | E8 5EF6FFFF | call project1.7FF70D71119A | 00007FF70D711B3C | 90 | nop | 00007FF70D711B3D | 8B15 95B70000 | mov edx,dword ptr ds:[enum Color g_color] | FileName.cpp:144 00007FF70D711B43 | 48:8D0D AE920000 | lea rcx,qword ptr ds:[enum color : %d\n...] | 00007FF70D71ADF8:enum color : %d\n 00007FF70D711B4A | E8 4BF6FFFF | call project1.7FF70D71119A | 00007FF70D711B4F | 90 | nop | 00007FF70D711B50 | 8B05 7AB70000 | mov eax,dword ptr ds:[struct Student g_stu] | FileName.cpp:145 00007FF70D711B56 | 25 FF000000 | and eax,FF | 00007FF70D711B5B | 8BD0 | mov edx,eax | 00007FF70D711B5D | 48:8D0D AC920000 | lea rcx,qword ptr ds:[struct age : %d\n...] | 00007FF70D71AE10:struct age : %d\n 00007FF70D711B64 | E8 31F6FFFF | call project1.7FF70D71119A | 00007FF70D711B69 | 90 | nop | 00007FF70D711B6A | 8B15 54B70000 | mov edx,dword ptr ds:[union Data g_union] | FileName.cpp:146 00007FF70D711B70 | 48:8D0D B1920000 | lea rcx,qword ptr ds:[union num : %d\n...] | 00007FF70D71AE28:union num : %d\n 00007FF70D711B77 | E8 1EF6FFFF | call project1.7FF70D71119A | 00007FF70D711B7C | 90 | nop | 00007FF70D711B7D | 33C0 | xor eax,eax | FileName.cpp:148 00007FF70D711B7F | 8BF8 | mov edi,eax | FileName.cpp:151 main函数结束 00007FF70D711B81 | 48:8D4D E0 | lea rcx,qword ptr ss:[rbp-20] | 00007FF70D711B85 | 48:8D15 F4900000 | lea rdx,qword ptr ds:[7FF70D71AC80] | rdx:__enc$textbss$end276 00007FF70D711B8C | E8 7BF7FFFF | call project1.7FF70D71130C | 00007FF70D711B91 | 8BC7 | mov eax,edi | 00007FF70D711B93 | 48:8B8D D8000000 | mov rcx,qword ptr ss:[rbpD8] | 00007FF70D711B9A | 48:33CD | xor rcx,rbp | 00007FF70D711B9D | E8 11F6FFFF | call project1.7FF70D7111B3 | 00007FF70D711BA2 | 48:8DA5 E8000000 | lea rsp,qword ptr ss:[rbpE8] | 00007FF70D711BA9 | 5F | pop rdi | 00007FF70D711BAA | 5D | pop rbp | 00007FF70D711BAB | C3 | ret | x32 00007FF7B17E18F0 | 40:55 | push rbp | FileName.cpp:89 00007FF7B17E18F2 | 57 | push rdi | 00007FF7B17E18F3 | 48:81EC 08010000 | sub rsp,108 | 00007FF7B17E18FA | 48:8D6C24 20 | lea rbp,qword ptr ss:[rsp20] | 00007FF7B17E18FF | 48:8D7C24 20 | lea rdi,qword ptr ss:[rsp20] | 00007FF7B17E1904 | B9 0A000000 | mov ecx,A | 0A:\n 00007FF7B17E1909 | B8 CCCCCCCC | mov eax,CCCCCCCC | 00007FF7B17E190E | F3:AB | rep stosd | 00007FF7B17E1910 | 48:8B05 29B70000 | mov rax,qword ptr ds:[__security_cooki | rax:__enc$textbss$end276 00007FF7B17E1917 | 48:33C5 | xor rax,rbp | rax:__enc$textbss$end276 00007FF7B17E191A | 48:8985 D8000000 | mov qword ptr ss:[rbpD8],rax | rax:__enc$textbss$end276 00007FF7B17E1921 | 48:8D0D E7060100 | lea rcx,qword ptr ds:[__14F49BB1_FileN | FileName.cpp:15732480 00007FF7B17E1928 | E8 48FAFFFF | call project1.7FF7B17E1375 | 00007FF7B17E192D | 90 | nop | 00007FF7B17E192E | C605 DBB80000 5A | mov byte ptr ds:[char g_char],5A | FileName.cpp:90, 5A:Z 00007FF7B17E1935 | C605 D5B80000 FF | mov byte ptr ds:[unsigned char g_uchar | FileName.cpp:91 00007FF7B17E193C | B8 64000000 | mov eax,64 | FileName.cpp:92, 64:d 00007FF7B17E1941 | 66:8905 CCB80000 | mov word ptr ds:[short g_short],ax | 00007FF7B17E1948 | B8 C8000000 | mov eax,C8 | FileName.cpp:93 00007FF7B17E194D | 66:8905 C4B80000 | mov word ptr ds:[unsigned short g_usho | 00007FF7B17E1954 | C705 BEB80000 E7030000 | mov dword ptr ds:[int g_int],3E7 | FileName.cpp:94 00007FF7B17E195E | C705 B8B80000 00040000 | mov dword ptr ds:[unsigned int g_uint | FileName.cpp:95 00007FF7B17E1968 | C705 B2B80000 40E20100 | mov dword ptr ds:[long g_long],1E240 | FileName.cpp:96 00007FF7B17E1972 | C705 ACB80000 F1FB0900 | mov dword ptr ds:[unsigned long g_ulon | FileName.cpp:97 00007FF7B17E197C | 48:C705 A9B80000 F776E54 | mov qword ptr ds:[__int64 g_llong],42 | FileName.cpp:98 00007FF7B17E1987 | 48:B8 CFA2605302000000 | mov rax,25360A2CF | FileName.cpp:99, rax:__enc$textbss$end276 00007FF7B17E1991 | 48:8905 A0B80000 | mov qword ptr ds:[unsigned __int64 g_u | rax:__enc$textbss$end276 00007FF7B17E1998 | F3:0F1005 BC940000 | movss xmm0,dword ptr ds:[__real4048f5 | FileName.cpp:102 00007FF7B17E19A0 | F3:0F1105 84B80000 | movss dword ptr ds:[float g_float],xm | 00007FF7B17E19A8 | F2:0F1005 90940000 | movsd xmm0,qword ptr ds:[__real40191e | FileName.cpp:103 00007FF7B17E19B0 | F2:0F1105 88B80000 | movsd qword ptr ds:[double g_double], | 00007FF7B17E19B8 | F2:0F1005 90940000 | movsd xmm0,qword ptr ds:[__real4023fa | FileName.cpp:104 00007FF7B17E19C0 | F2:0F1105 80B80000 | movsd qword ptr ds:[long double g_ldou | 00007FF7B17E19C8 | C605 43B80000 01 | mov byte ptr ds:[bool g_bool],1 | FileName.cpp:107 00007FF7B17E19CF | 48:8D05 FA920000 | lea rax,qword ptr ds:[Hello All Types | FileName.cpp:110, rax:__enc$textbss$end276, 00007FF7B17EACD0:Hello All Types 00007FF7B17E19D6 | 48:8905 73B80000 | mov qword ptr ds:[char *g_pChar],rax | rax:__enc$textbss$end276 00007FF7B17E19DD | 48:8D15 04930000 | lea rdx,qword ptr ds:[Char Array Cont | FileName.cpp:111, rdx:__enc$textbss$end276, 00007FF7B17EACE8:Char Array Content 00007FF7B17E19E4 | 48:8D0D 75B80000 | lea rcx,qword ptr ds:[char *g_charArr | 00007FF7B17E19EB | E8 37F7FFFF | call project1.7FF7B17E1127 | 00007FF7B17E19F0 | 90 | nop | 00007FF7B17E19F1 | C745 04 78030000 | mov dword ptr ss:[rbp4],378 | FileName.cpp:114 00007FF7B17E19F8 | 48:8D45 04 | lea rax,qword ptr ss:[rbp4] | FileName.cpp:115, rax:__enc$textbss$end276 00007FF7B17E19FC | 48:8905 C5B80000 | mov qword ptr ds:[void *g_pVoid],rax | rax:__enc$textbss$end276 00007FF7B17E1A03 | 8B05 C7B80000 | mov eax,dword ptr ds:[struct Student g | FileName.cpp:118 00007FF7B17E1A09 | 25 00FFFFFF | and eax,FFFFFF00 | 00007FF7B17E1A0E | 83C8 14 | or eax,14 | 00007FF7B17E1A11 | 8905 B9B80000 | mov dword ptr ds:[struct Student g_stu | 00007FF7B17E1A17 | 8B05 B3B80000 | mov eax,dword ptr ds:[struct Student g | FileName.cpp:119 00007FF7B17E1A1D | 0FBAE8 08 | bts eax,8 | 00007FF7B17E1A21 | 8905 A9B80000 | mov dword ptr ds:[struct Student g_stu | 00007FF7B17E1A27 | C705 A3B80000 29E61E00 | mov dword ptr ds:[7FF7B17ED2D4],1EE629 | FileName.cpp:120 00007FF7B17E1A31 | C705 89B80000 08020000 | mov dword ptr ds:[union Data g_union] | FileName.cpp:123 00007FF7B17E1A3B | C705 93B80000 02000000 | mov dword ptr ds:[enum Color g_color] | FileName.cpp:126 00007FF7B17E1A45 | 48:8D05 E8F8FFFF | lea rax,qword ptr ds:[7FF7B17E1334] | FileName.cpp:129, rax:__enc$textbss$end276 00007FF7B17E1A4C | 48:8905 A5B80000 | mov qword ptr ds:[void (__cdecl *g_pFu | rax:__enc$textbss$end276 00007FF7B17E1A53 | B9 9A020000 | mov ecx,29A | FileName.cpp:130 00007FF7B17E1A58 | FF15 9AB80000 | call qword ptr ds:[void (__cdecl *g_pF | 00007FF7B17E1A5E | 90 | nop | 00007FF7B17E1A5F | 0FBE05 AAB70000 | movsx eax,byte ptr ds:[char g_char] | FileName.cpp:134 00007FF7B17E1A66 | 8BD0 | mov edx,eax | 00007FF7B17E1A68 | 48:8D0D 91920000 | lea rcx,qword ptr ds:[char : % | 00007FF7B17EAD00:char : %c\n 00007FF7B17E1A6F | E8 26F7FFFF | call project1.7FF7B17E119A | 00007FF7B17E1A74 | 90 | nop | 00007FF7B17E1A75 | 0FB605 95B70000 | movzx eax,byte ptr ds:[unsigned char g | FileName.cpp:135 00007FF7B17E1A7C | 8BD0 | mov edx,eax | 00007FF7B17E1A7E | 48:8D0D 93920000 | lea rcx,qword ptr ds:[uchar : % | 00007FF7B17EAD18:uchar : %u\n 00007FF7B17E1A85 | E8 10F7FFFF | call project1.7FF7B17E119A | 00007FF7B17E1A8A | 90 | nop | 00007FF7B17E1A8B | 0FBF05 82B70000 | movsx eax,word ptr ds:[short g_short] | FileName.cpp:136 00007FF7B17E1A92 | 8BD0 | mov edx,eax | 00007FF7B17E1A94 | 48:8D0D 95920000 | lea rcx,qword ptr ds:[short : % | 00007FF7B17EAD30:short : %d\n 00007FF7B17E1A9B | E8 FAF6FFFF | call project1.7FF7B17E119A | 00007FF7B17E1AA0 | 90 | nop | 00007FF7B17E1AA1 | 8B15 75B70000 | mov edx,dword ptr ds:[int g_int] | FileName.cpp:137 00007FF7B17E1AA7 | 48:8D0D 9A920000 | lea rcx,qword ptr ds:[int : % | 00007FF7B17EAD48:int : %d\n 00007FF7B17E1AAE | E8 E7F6FFFF | call project1.7FF7B17E119A | 00007FF7B17E1AB3 | 90 | nop | 00007FF7B17E1AB4 | 48:8B15 75B70000 | mov rdx,qword ptr ds:[__int64 g_llong | FileName.cpp:138, rdx:__enc$textbss$end276 00007FF7B17E1ABB | 48:8D0D 9E920000 | lea rcx,qword ptr ds:[long long : % | 00007FF7B17EAD60:long long : %lld\n 00007FF7B17E1AC2 | E8 D3F6FFFF | call project1.7FF7B17E119A | 00007FF7B17E1AC7 | 90 | nop | 00007FF7B17E1AC8 | F3:0F5A05 5CB70000 | cvtss2sd xmm0,dword ptr ds:[float g_fl | FileName.cpp:139 00007FF7B17E1AD0 | 0F28C8 | movaps xmm1,xmm0 | 00007FF7B17E1AD3 | 6648:0F7ECA | movq rdx,xmm1 | rdx:__enc$textbss$end276 00007FF7B17E1AD8 | 48:8D0D 99920000 | lea rcx,qword ptr ds:[float : % | 00007FF7B17EAD78:float : %.2f\n 00007FF7B17E1ADF | E8 B6F6FFFF | call project1.7FF7B17E119A | 00007FF7B17E1AE4 | 90 | nop | 00007FF7B17E1AE5 | F2:0F100D 53B70000 | movsd xmm1,qword ptr ds:[double g_doub | FileName.cpp:140 00007FF7B17E1AED | 6648:0F7ECA | movq rdx,xmm1 | rdx:__enc$textbss$end276 00007FF7B17E1AF2 | 48:8D0D 97920000 | lea rcx,qword ptr ds:[double : % | 00007FF7B17EAD90:double : %.2lf\n 00007FF7B17E1AF9 | E8 9CF6FFFF | call project1.7FF7B17E119A | 00007FF7B17E1AFE | 90 | nop | 00007FF7B17E1AFF | 0FB605 0CB70000 | movzx eax,byte ptr ds:[bool g_bool] | FileName.cpp:141 00007FF7B17E1B06 | 8BD0 | mov edx,eax | 00007FF7B17E1B08 | 48:8D0D A1920000 | lea rcx,qword ptr ds:[bool : % | 00007FF7B17EADB0:bool : %d\n 00007FF7B17E1B0F | E8 86F6FFFF | call project1.7FF7B17E119A | 00007FF7B17E1B14 | 90 | nop | 00007FF7B17E1B15 | 48:8B15 34B70000 | mov rdx,qword ptr ds:[char *g_pChar] | FileName.cpp:142, rdx:__enc$textbss$end276 00007FF7B17E1B1C | 48:8D0D A5920000 | lea rcx,qword ptr ds:[str pointer : % | 00007FF7B17EADC8:str pointer : %s\n 00007FF7B17E1B23 | E8 72F6FFFF | call project1.7FF7B17E119A | 00007FF7B17E1B28 | 90 | nop | 00007FF7B17E1B29 | 48:8D15 30B70000 | lea rdx,qword ptr ds:[char *g_charArr | FileName.cpp:143, rdx:__enc$textbss$end276 00007FF7B17E1B30 | 48:8D0D A9920000 | lea rcx,qword ptr ds:[char array : % | 00007FF7B17EADE0:char array : %s\n 00007FF7B17E1B37 | E8 5EF6FFFF | call project1.7FF7B17E119A | 00007FF7B17E1B3C | 90 | nop | 00007FF7B17E1B3D | 8B15 95B70000 | mov edx,dword ptr ds:[enum Color g_col | FileName.cpp:144 00007FF7B17E1B43 | 48:8D0D AE920000 | lea rcx,qword ptr ds:[enum color : % | 00007FF7B17EADF8:enum color : %d\n 00007FF7B17E1B4A | E8 4BF6FFFF | call project1.7FF7B17E119A | 00007FF7B17E1B4F | 90 | nop | 00007FF7B17E1B50 | 8B05 7AB70000 | mov eax,dword ptr ds:[struct Student g | FileName.cpp:145 00007FF7B17E1B56 | 25 FF000000 | and eax,FF | 00007FF7B17E1B5B | 8BD0 | mov edx,eax | 00007FF7B17E1B5D | 48:8D0D AC920000 | lea rcx,qword ptr ds:[struct age : % | 00007FF7B17EAE10:struct age : %d\n 00007FF7B17E1B64 | E8 31F6FFFF | call project1.7FF7B17E119A | 00007FF7B17E1B69 | 90 | nop | 00007FF7B17E1B6A | 8B15 54B70000 | mov edx,dword ptr ds:[union Data g_uni | FileName.cpp:146 00007FF7B17E1B70 | 48:8D0D B1920000 | lea rcx,qword ptr ds:[union num : % | 00007FF7B17EAE28:union num : %d\n 00007FF7B17E1B77 | E8 1EF6FFFF | call project1.7FF7B17E119A | 00007FF7B17E1B7C | 90 | nop | 00007FF7B17E1B7D | 33C0 | xor eax,eax | FileName.cpp:148 00007FF7B17E1B7F | 8BF8 | mov edi,eax | FileName.cpp:151 00007FF7B17E1B81 | 48:8D4D E0 | lea rcx,qword ptr ss:[rbp-20] | 00007FF7B17E1B85 | 48:8D15 F4900000 | lea rdx,qword ptr ds:[7FF7B17EAC80] | rdx:__enc$textbss$end276 00007FF7B17E1B8C | E8 7BF7FFFF | call project1.7FF7B17E130C | 00007FF7B17E1B91 | 8BC7 | mov eax,edi | 00007FF7B17E1B93 | 48:8B8D D8000000 | mov rcx,qword ptr ss:[rbpD8] | 00007FF7B17E1B9A | 48:33CD | xor rcx,rbp | 00007FF7B17E1B9D | E8 11F6FFFF | call project1.7FF7B17E11B3 | 00007FF7B17E1BA2 | 48:8DA5 E8000000 | lea rsp,qword ptr ss:[rbpE8] | 00007FF7B17E1BA9 | 5F | pop rdi | 00007FF7B17E1BAA | 5D | pop rbp | 00007FF7B17E1BAB | C3 | ret |其他案例请查看aes解码,密钥123456789密文U2FsdGVkX1/Bd4k8ZAij4D8oMKFwS3bBvmalzk3NT7UEJTw7/qemqhDLwG4nl9H9/nO3Xk0Ebmv0W50P9akHkb0F2ubxR31a6lldXh/T1P5UbUFht0mf2SUJwAKMq1bg