亚洲午夜无码AV毛片久久,亚洲性久久久影院,日韩久久无码免费毛片软件

Lenuns — Sun, 03 Aug 2008 09:42:00 GMT

当按Ctrl+D或者Ctrl+N的时候，虚拟��Z��能弹出界面，感觉如同��L��一般，只好重新启动虚拟机。其实这个时候虚拟机是响应的�Q�只不过你看不到界面�Q�只能盲打操作，�q�实际上�Ҏ(gu��)��们也没有意义

TO:用UE修改Windows 2000 Professional.vmx文�g,增加
vmmouse.present = FALSE
svga.maxFullscreenRefreshTick = 5

Lenuns 2008-08-03 17:42 发表评论

C++�E�序逆向(3)多重�l�承和虚�l�承

Lenuns — Sun, 23 Mar 2008 16:04:00 GMT

1.多重�l�承

#include "iostream"
using namespace std;

class A
{
    int a;
public:
    virtual void Fun(int n)
    {
        a = n;
        cout<<"This is in A : "<<a<<endl;
    }
};

class B : public A
{
    int b;
public:
    virtual void Fun(int n)
    {
        b = n;
        cout<<"This is in B : "<<b<<endl;
    }
};

class C : public A
{
    int c;
public:
    virtual void Fun(int n)
    {
        c = n;
        cout<<"This is in C : "<<c<<endl;
    }
};

class D : public B, public C
{
    int d;
public:
    virtual void Fun(int n)
    {
        d = n;
        cout<<"This is in D : "<<d<<endl;
    }
};

int main()
{
    D d;
    d.Fun(3);
    return 0;
}

先来看看多重�l�承的对象组�l�的�l�构

实际上，多重�l�承vc都将它解释�ؓ�q�个�l�构。但是多重集成中实际在内存中的组�l�是很不一��L��

00B606D8 0046F020 offset test3.D::`vftable'
00B606DC CDCDCDCD    A::a
00B606E0 CDCDCDCD    B::b
00B606E4 0046F01C offset test3.D::`vftable'
00B606E8 CDCDCDCD   A::a
00B606EC CDCDCDCD C::c
00B606F0 CDCDCDCD D::d

note:
按照道理来说两个offset test3.D::`vftable'应该指向同一个地�Ҏ(gu��)��对，可这里是�Q?br>
�W�二个offset test3.D::`vftable'指向的位�|�是�W�二��讲�q�的跌��{函数�Q?br>
2.虚��?br>

#include "iostream"
using namespace std;

class A
{
    int a;
public:
    virtual void Fun(int n)
    {
        a = n;
        cout<<"This is in A : "<<a<<endl;
    }
};

class B : virtual  public  A
{
    int b;
public:
    virtual void Fun(int n)
    {
        b = n;
        cout<<"This is in B : "<<b<<endl;
    }
};

class C :virtual  public  A
{
    int c;
public:
    virtual void Fun(int n)
    {
        c = n;
        cout<<"This is in C : "<<c<<endl;
    }
};

class D : public  B, public  C
{
    int d;
public:
    virtual void Fun(int n)
    {
        d = n;
        cout<<"This is in D : "<<d<<endl;
    }
};

int main()
{
    D *pd = new D;
    pd->Fun(sizeof(D));
    return 0;
}

00A806D8 0046F02C offset test3.D::`vbtable'
00A806DC CDCDCDCD   B::b
00A806E0 0046F020 offset test3.D::`vbtable'
00A806E4 CDCDCDCD   C::c
00A806E8 CDCDCDCD   A::a
00A806EC 0046F01C offset test3.D::`vftable'
00A806F0 CDCDCDCD D::d

�W�一和第二个offset test3.D::`vbtable' 指向一个偏�U�蟩转表�Q�它的表中用偏移指向了真正的offset test3.D::`vbtable'�Q�第三个是真正的offset test3.D::`vbtable'地址

0046F01C >004011A9 test3.004011A9 �W�三个offset test3.D::`vbtable'
0046F020 >00000000                               �W�二个offset test3.D::`vbtable'
0046F024 0000000C                               偏移C
0046F028 00000000
0046F02C >00000000                               �W�一个offset test3.D::`vbtable'
0046F030 00000014                                便宜14

Lenuns 2008-03-24 00:04 发表评论

C++�E�序逆向(3)

Lenuns — Sat, 08 Mar 2008 10:12:00 GMT

1.代码

#include<iostream>

using namespace std;

class A{
public:
    virtual void fun1(){ cout<<"A::fun1"<<endl;}
    virtual void fun2(){cout<<"A::fun2"<<endl;}
};

class B : public A
{
public:
    virtual void fun1(){ cout<<"B::fun1"<<endl;}
    virtual void fun2(){cout<<"B::fun2"<<endl;}
};

void main(){

    void (A::*f1)();
    void (A::*f2)();

    A *p=new B;

    f1 = &A::fun1;
    f2 = &A::fun2;
    (p->*f1)();
    (p->*f2)();

    printf("f1 = %p f2 = %p\n", f1, f2);
    printf("B::fun1 = %p, B::fun2 = %p\n", &A::fun1, &A::fun2);
    delete p;
    system("pause");

}

2.�l�果
B::fun1
B::fun2
f1 = 004010AA f2 = 004010B4
B::fun1 = 004010AA, B::fun2 = 004010B4

3.解惑
i. 如果对于��Z��么f = A::funx 却输出的是B::funx�Q?br> ii. ��Z��么A::funx = B::funx

以上两个问题可以当作是一个，看看汇编��q��道了�Q�他们将生成一个虚函数的选择函数�Q�短��的函数负责选对应虚函数中的位置�Q�根据对象的虚函数表而定�Q�所�?...

4.汇编
debug

0040121E   .  C745 F0 AA104>mov     dword ptr [ebp-10], 004010AA
00401225   .  C745 EC B4104>mov     dword ptr [ebp-14], 004010B4
0040122C   .  8BF4          mov     esi, esp
0040122E   .  8B4D E8       mov     ecx, [ebp-18]
00401231   .  FF55 F0       call    [ebp-10]
00401234   .  3BF4          cmp     esi, esp
00401236   .  E8 A5870000   call    _chkesp
0040123B   .  8BF4          mov     esi, esp
0040123D   .  8B4D E8       mov     ecx, [ebp-18]
00401240   .  FF55 EC       call    [ebp-14]
00401243   .  3BF4          cmp     esi, esp
00401245   .  E8 96870000   call    _chkesp
0040124A   .  8B55 EC       mov     edx, [ebp-14]

0040124D   . 52            push    edx                              ; /<%p>
0040124E   . 8B45 F0       mov     eax, [ebp-10]                    ; |
00401251   . 50            push    eax                              ; |<%p>
00401252   . 68 48404300   push    00434048                         ; |format = "f1 = %p f2 = %p",LF,""
00401257   . E8 14820000   call    printf                           ; \printf
0040125C   . 83C4 0C       add     esp, 0C
0040125F   . 68 B4104000   push    004010B4                         ; /<%p> = Cplusplu.004010B4
00401264   . 68 AA104000   push    004010AA                         ; |<%p> = Cplusplu.004010AA
00401269   . 68 24404300   push    00434024                         ; |format = "B::fun1 = %p, B::fun2 = %p",LF,""
0040126E   . E8 FD810000   call    printf                           ; \printf

00402300 > > \8B01          mov     eax, [ecx]                     // �W�一个虚函数
00402302   . FF20          jmp     [eax]
00402304      CC            int3
00402305      CC            int3
00402306      CC            int3
00402307      CC            int3
00402308      CC            int3
00402309      CC            int3
0040230A      CC            int3
0040230B      CC            int3
0040230C      CC            int3
0040230D      CC            int3
0040230E      CC            int3
0040230F      CC            int3
00402310 > > 8B01          mov     eax, [ecx]          // �W�二个虚汗数
00402312   . FF60 04       jmp     [eax+4]

release

00401019  |> \33F6          xor     esi, esi
0040101B  |>  8BCE          mov     ecx, esi
0040101D  |.  E8 5E060000   call    00401680
00401022  |.  8BCE          mov     ecx, esi
00401024  |.  E8 67060000   call    00401690
00401029  |.  68 90164000   push    00401690                         ;  Entry address
0040102E  |.  68 80164000   push    00401680                         ;  Entry address
00401033  |.  68 C4F04000   push    0040F0C4                         ;  ASCII "f1 = %p f2 = %p",LF
00401038  |.  E8 2D310000   call    0040416A
0040103D  |.  83C4 0C       add     esp, 0C
00401040  |.  68 90164000   push    00401690                         ;  Entry address
00401045  |.  68 80164000   push    00401680                         ;  Entry address
0040104A  |.  68 A8F04000   push    0040F0A8                         ;  ASCII "B::fun1 = %p, B::fun2 = %p",LF
0040104F  |.  E8 16310000   call    0040416A

00401680   $ 8B01          mov     eax, [ecx]
00401682   . FF20          jmp     [eax]
00401684      CC            int3
00401685      CC            int3
00401686      CC            int3
00401687      CC            int3
00401688      CC            int3
00401689      CC            int3
0040168A      CC            int3
0040168B      CC            int3
0040168C      CC            int3
0040168D      CC            int3
0040168E      CC            int3
0040168F      CC            int3
00401690   $ 8B01          mov     eax, [ecx]
00401692   . FF60 04       jmp     [eax+4]

Lenuns 2008-03-08 18:12 发表评论

C++逆向�E�序(2)

Lenuns — Sun, 02 Mar 2008 14:12:00 GMT

在来看看C++的虚函数和��?br>
1.C++代码

#include "iostream"
using namespace std;

class C
{
public:
    int c;
    virtual void display(int s);
};

void C::display(int s)
{
    c = 3;
    cout<<"this is in C:"<<s<<" "<<c<<endl;
}
class D : public C
{
public:
    int d;
    void display(int s);
};

void D::display(int s)
{
    d = 4;
    cout<<"this is in d:"<<s<<" "<<d<<endl;
}

void main()
{
    C c;
    c.display(sizeof(c));

    C *d = (C *)new D;
    d->display(sizeof(d));
}

2.汇编代码
1.debug�~�译

.text:00401830 main            proc near               ; CODE XREF: _mainj
.text:00401830
.text:00401830 var_54          = dword ptr -54h
.text:00401830 var_14          = dword ptr -14h
.text:00401830 var_8           = dword ptr -8
.text:00401830
.text:00401830                 push    ebp
.text:00401831                 mov     ebp, esp
.text:00401833                 sub     esp, 54h
.text:00401836                 push    ebx
.text:00401837                 push    esi
.text:00401838                 push    edi
.text:00401839                 lea     edi, [ebp+var_54]
.text:0040183C                 mov     ecx, 15h
.text:00401841                 mov     eax, 0CCCCCCCCh
.text:00401846                 rep stosd
.text:00401848                 lea     ecx, [ebp+var_8]
.text:0040184B                 call    j_C__C
.text:00401850                 push    8
.text:00401852                 lea     ecx, [ebp+var_8]
.text:00401855                 call    j_C__display
.text:0040185A                 lea     ecx, [ebp+var_14]
.text:0040185D                 call    j_D__D
.text:00401862                 push    0Ch
.text:00401864                 lea     ecx, [ebp+var_14]
.text:00401867                 call    j_D__display
.text:0040186C                 pop     edi
.text:0040186D                 pop     esi
.text:0040186E                 pop     ebx
.text:0040186F                 add     esp, 54h
.text:00401872                 cmp     ebp, esp
.text:00401874                 call    __chkesp
.text:00401879                 mov     esp, ebp
.text:0040187B                 pop     ebp
.text:0040187C                 retn
.text:0040187C main            endp

在call真正的函��C��前有一个call j_C__C�Q�看看它的代�?br>

.text:00401890 ; Attributes: bp-based frame
.text:00401890
.text:00401890 C__C            proc near               ; CODE XREF: j_C__Cj
.text:00401890
.text:00401890 var_44          = dword ptr -44h
.text:00401890 var_4           = dword ptr -4
.text:00401890
.text:00401890                 push    ebp
.text:00401891                 mov     ebp, esp
.text:00401893                 sub     esp, 44h
.text:00401896                 push    ebx
.text:00401897                 push    esi
.text:00401898                 push    edi
.text:00401899                 push    ecx
.text:0040189A                 lea     edi, [ebp+var_44]
.text:0040189D                 mov     ecx, 11h
.text:004018A2                 mov     eax, 0CCCCCCCCh
.text:004018A7                 rep stosd
.text:004018A9                 pop     ecx
.text:004018AA                 mov     [ebp+var_4], ecx
.text:004018AD                 mov     eax, [ebp+var_4]
.text:004018B0                 mov     dword ptr [eax], offset ??_7C@@6B@ ; const C::`vftable'
.text:004018B6                 mov     eax, [ebp+var_4]
.text:004018B9                 pop     edi
.text:004018BA                 pop     esi
.text:004018BB                 pop     ebx
.text:004018BC                 mov     esp, ebp
.text:004018BE                 pop     ebp
.text:004018BF                 retn
.text:004018BF C__C            endp

原来是获取，虚函数表�?*^__^*)...��d��

2.release�~�译

.text:00401140 ; int __cdecl main(int argc,const char **argv,const char *envp)
.text:00401140 _main           proc near               ; CODE XREF: start+AFp
.text:00401140
.text:00401140 var_14          = dword ptr -14h
.text:00401140 var_C           = dword ptr -0Ch
.text:00401140 argc            = dword ptr 4
.text:00401140 argv            = dword ptr 8
.text:00401140 envp            = dword ptr 0Ch
.text:00401140
.text:00401140                 sub     esp, 14h
.text:00401143                 push    8
.text:00401145                 lea     ecx, [esp+18h+var_14]
.text:00401149                 mov     [esp+18h+var_14], offset off_4120EC
.text:00401151                 call    sub_401000
.text:00401156                 push    0Ch
.text:00401158                 lea     ecx, [esp+18h+var_C]
.text:0040115C                 mov     [esp+18h+var_C], offset off_4120E8
.text:00401164                 call    sub_4010A0
.text:00401169                 add     esp, 14h
.text:0040116C                 retn
.text:0040116C _main           endp

release��q��接把虚函数表�l�解释出来了

3.输出�l�果

this is in C:8 3
this is in d:12 4

4.�l�论
1.虚基�c�除了变量还�?字节的vftable(在变量前�?
2.debug要用函数解释vftable�Q�release直接�l�出
3.�l�常说的所谓虚函数被覆盖过�E�，可以看看class D解释vftable代码

.text:004018E9                 pop     ecx
.text:004018EA                 mov     [ebp+var_4], ecx
.text:004018ED                 mov     ecx, [ebp+var_4]
.text:004018F0                 call    j_C__C                                                          //初始化父�c?br>.text:004018F5                 mov     eax, [ebp+var_4]
.text:004018F8                 mov     dword ptr [eax], offset ??_7D@@6B@ ; const D::`vftable'
.text:004018FE                 mov     eax, [ebp+var_4]                                      // ��写自己的表

从而可见，VC的编译器在编译的时候，没有覆盖的概念，只是�~�译的时候根据有需要的��虚函数表生成不同的几个而已。是哪个��q��哪个表�?br>
note:
虽然new出来的是一个子�c�d��象，但是�׃��它付�l�了一个父�cȝ��c�d��Q�所以只能引用父�cȝ��成员。这��出��C��一个奇怪的现象�Q�在�l�承的时候已�l�将父类的成员��承到了子�cȝ��对象里面�Q�而用vc查看的时候会发现�q�一点，奇怪的是由于上面的原因他将把子�cȝ��成员忽略掉。即在本来应该是子类成员的地方，�q�是父类成员的名�U�。虽然查看内存，已经发现子类的成员确实存在。而我们可以把�q�个看作是类型被没有warning的羃?y��u)��了�Q?br>

Lenuns 2008-03-02 22:12 发表评论

C++�E�序逆向(1)

Lenuns — Sun, 02 Mar 2008 13:16:00 GMT

C++的class由C的srtuct变化而来�Q�先来看看两个地�Ҏ(gu��)��什么区�?

1.C++代码

1#include "iostream"
2using namespace std;
3
4struct A
5{
6    int a;
7    void display(int s);
8};
9
10void A::display(int s)
11{
12    a = 1;
13    cout<<"this is in A:"<<s<<" "<<a<<endl;
14}
15
16class B
17{
18public:
19    int b;
20    void display(int s);
21};
22
23void B::display(int s)
24{
25    b = 2;
26    cout<<"this is in B:"<<s<<" "<<b<<endl;
27}
28
29void main()
30{
31    A a;
32    a.display(sizeof(a));
33
34    B b;
35    b.display(sizeof(b));
36}
37

2.汇编代码�Q?br> 1.debug�~�译

1.text:00401820 main            proc near               ; CODE XREF: _mainj
2.text:00401820
3.text:00401820 var_48          = dword ptr -48h
4.text:00401820 var_8           = dword ptr -8
5.text:00401820 var_4           = dword ptr -4
6.text:00401820
7.text:00401820                 push    ebp
8.text:00401821                 mov     ebp, esp
9.text:00401823                 sub     esp, 48h
10.text:00401826                 push    ebx
11.text:00401827                 push    esi
12.text:00401828                 push    edi
13.text:00401829                 lea     edi, [ebp+var_48]
14.text:0040182C                 mov     ecx, 12h
15.text:00401831                 mov     eax, 0CCCCCCCCh
16.text:00401836                 rep stosd
17.text:00401838                 push    4
18.text:0040183A                 lea     ecx, [ebp+var_4]
19.text:0040183D                 call    j_A__display
20.text:00401842                 push    4
21.text:00401844                 lea     ecx, [ebp+var_8]
22.text:00401847                 call    j_B__display
23.text:0040184C                 pop     edi
24.text:0040184D                 pop     esi
25.text:0040184E                 pop     ebx
26.text:0040184F                 add     esp, 48h
27.text:00401852                 cmp     ebp, esp
28.text:00401854                 call    __chkesp
29.text:00401859                 mov     esp, ebp
30.text:0040185B                 pop     ebp
31.text:0040185C                 retn
32.text:0040185C main            endp
33

2.release�~�译

.text:00401140 ; int __cdecl main(int argc,const char **argv,const char *envp)
.text:00401140 _main           proc near               ; CODE XREF: start+AFp
.text:00401140
.text:00401140 var_8           = dword ptr -8
.text:00401140 var_4           = dword ptr -4
.text:00401140 argc            = dword ptr  4
.text:00401140 argv            = dword ptr  8
.text:00401140 envp            = dword ptr  0Ch
.text:00401140
.text:00401140                 sub     esp, 8
.text:00401143                 lea     ecx, [esp+8+var_8]
.text:00401147                 push    4
.text:00401149                 call    sub_401000
.text:0040114E                 push    4
.text:00401150                 lea     ecx, [esp+0Ch+var_4]
.text:00401154                 call    sub_4010A0
.text:00401159                 add     esp, 8
.text:0040115C                 retn
.text:0040115C _main           endp

3.输出�l�果

this is in A:4 1
this is in B:4 2

4.�l�论

1.struct和class没有��M��区别�Q�他们在代码�D�|��一�?模板"
2.对象占用�?个字节是int的大��?br> 3.函数在代码中定义�Q�由�~�译器决定调用谁

Lenuns 2008-03-02 21:16 发表评论