[Assembly] strutture dati

**maluz1** · 08-07-2014, 11:25

salve a tutti

recentemente ho scaricato dal sito crackmes.de una guida sull'assembly( in particolare reversing ).
non riesco però a capire come le strutture dati( dovrebbero essere le struct in C ) sono tradotte in assembly. il codice è questo:

codice:

.text:00B61000                 .686p
.text:00B61000                 .mmx
.text:00B61000                 .model flat
.text:00B61000
.text:00B61000 ; ===========================================================================
.text:00B61000
.text:00B61000 ; Segment type: Pure code
.text:00B61000 ; Segment permissions: Read/Execute
.text:00B61000 _text           segment para public 'CODE' use32
.text:00B61000                 assume cs:_text
.text:00B61000                 ;org 0B61000h
.text:00B61000                 assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
.text:00B61000
.text:00B61000 ; =============== S U B R O U T I N E =======================================
.text:00B61000
.text:00B61000 ; Attributes: bp-based frame
.text:00B61000
.text:00B61000 ; int __cdecl main(int argc, const char **argv, const char **envp)
.text:00B61000 _main           proc near               ; CODE XREF: ___tmainCRTStartup+10Ap
.text:00B61000
.text:00B61000 var_E4          = byte ptr -0E4h
.text:00B61000 var_D8          = byte ptr -0D8h
.text:00B61000 var_5C          = byte ptr -5Ch
.text:00B61000 var_58          = byte ptr -58h
.text:00B61000 var_50          = byte ptr -50h
.text:00B61000 var_40          = dword ptr -40h
.text:00B61000 var_38          = byte ptr -38h
.text:00B61000 var_30          = byte ptr -30h
.text:00B61000 var_1C          = dword ptr -1Ch
.text:00B61000 var_14          = dword ptr -14h
.text:00B61000 var_10          = byte ptr -10h
.text:00B61000 var_C           = byte ptr -0Ch
.text:00B61000 var_4           = dword ptr -4
.text:00B61000 argc            = dword ptr  8
.text:00B61000 argv            = dword ptr  0Ch
.text:00B61000 envp            = dword ptr  10h
.text:00B61000
.text:00B61000                 push    ebp
.text:00B61001                 mov     ebp, esp
.text:00B61003                 and     esp, 0FFFFFFF8h
.text:00B61006                 push    0FFFFFFFFh
.text:00B61008                 push    offset sub_B61D3D
.text:00B6100D                 mov     eax, large fs:0
.text:00B61013                 push    eax
.text:00B61014                 sub     esp, 0D0h
.text:00B6101A                 mov     eax, ___security_cookie
.text:00B6101F                 xor     eax, esp
.text:00B61021                 mov     [esp+0DCh+var_14], eax
.text:00B61028                 push    esi
.text:00B61029                 mov     eax, ___security_cookie
.text:00B6102E                 xor     eax, esp
.text:00B61030                 push    eax
.text:00B61031                 lea     eax, [esp+0E4h+var_C]
.text:00B61038                 mov     large fs:0, eax
.text:00B6103E                 lea     ecx, [esp+0E4h+var_30]
.text:00B61045                 call    ds:??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(void)
.text:00B6104B                 lea     ecx, [esp+0E4h+var_50]
.text:00B61052                 mov     [esp+0E4h+var_4], 0
.text:00B6105D                 call    ds:??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(void)
.text:00B61063                 mov     byte ptr [esp+0E4h+var_4], 1
.text:00B6106B                 mov     eax, ds:?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A ; std::basic_ostream<char,std::char_traits<char>> std::cout
.text:00B61070                 push    offset aEnterTitle ; "Enter title: "
.text:00B61075                 push    eax
.text:00B61076                 call    sub_B612F0
.text:00B6107B                 mov     edx, ds:?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A ; std::basic_istream<char,std::char_traits<char>> std::cin
.text:00B61081                 mov     esi, ds:??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z ; std::getline<char,std::char_traits<char>,std::allocator<char>>(std::basic_istream<char,std::char_traits<char>> &,std::basic_string<char,std::char_traits<char>,std::allocator<char>> &)
.text:00B61087                 lea     ecx, [esp+0ECh+var_50]
.text:00B6108E                 push    ecx
.text:00B6108F                 push    edx
.text:00B61090                 call    esi ; std::getline<char,std::char_traits<char>,std::allocator<char>>(std::basic_istream<char,std::char_traits<char>> &,std::basic_string<char,std::char_traits<char>,std::allocator<char>> &) ; std::getline<char,std::char_traits<char>,std::allocator<char>>(std::basic_istream<char,std::char_traits<char>> &,std::basic_string<char,std::char_traits<char>,std::allocator<char>> &)
.text:00B61092                 mov     eax, ds:?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A ; std::basic_ostream<char,std::char_traits<char>> std::cout
.text:00B61097                 push    offset aEnterYear ; "Enter year: "
.text:00B6109C                 push    eax
.text:00B6109D                 call    sub_B612F0
.text:00B610A2                 mov     edx, ds:?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A ; std::basic_istream<char,std::char_traits<char>> std::cin
.text:00B610A8                 lea     ecx, [esp+0FCh+var_30]
.text:00B610AF                 push    ecx
.text:00B610B0                 push    edx
.text:00B610B1                 call    esi ; std::getline<char,std::char_traits<char>,std::allocator<char>>(std::basic_istream<char,std::char_traits<char>> &,std::basic_string<char,std::char_traits<char>,std::allocator<char>> &) ; std::getline<char,std::char_traits<char>,std::allocator<char>>(std::basic_istream<char,std::char_traits<char>> &,std::basic_string<char,std::char_traits<char>,std::allocator<char>> &)
.text:00B610B3                 add     esp, 20h
.text:00B610B6                 push    1
.text:00B610B8                 push    3
.text:00B610BA                 lea     eax, [esp+0ECh+var_30]
.text:00B610C1                 push    eax
.text:00B610C2                 lea     ecx, [esp+0F0h+var_D8]
.text:00B610C6                 call    ds:??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z ; std::basic_stringstream<char,std::char_traits<char>,std::allocator<char>>::basic_stringstream<char,std::char_traits<char>,std::allocator<char>>(basic_stringstream<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>> const &,int)
.text:00B610CC                 lea     ecx, [esp+0F0h+var_40]
.text:00B610D3                 push    ecx
.text:00B610D4                 mov     ecx, eax
.text:00B610D6                 mov     [esp+0F4h+var_10], 2
.text:00B610DE                 call    ds:??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z ; std::basic_istream<char,std::char_traits<char>>::operator>>(int &)
.text:00B610E4                 lea     ecx, [esp+0F0h+var_E4]
.text:00B610E8                 mov     [esp+0F0h+var_10], 1
.text:00B610F0                 call    ds:??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ ; std::basic_stringstream<char,std::char_traits<char>,std::allocator<char>>::`vbase destructor(void)
.text:00B610F6                 mov     edx, ds:?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A ; std::basic_ostream<char,std::char_traits<char>> std::cout
.text:00B610FC                 push    offset aYouHaveEntered ; "\nYou have entered:\n"
.text:00B61101                 push    edx
.text:00B61102                 call    sub_B612F0
.text:00B61107                 mov     ecx, ds:?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A ; std::basic_ostream<char,std::char_traits<char>> std::cout
.text:00B6110D                 lea     eax, [esp+0F8h+var_5C]
.text:00B61114                 push    eax
.text:00B61115                 push    ecx
.text:00B61116                 call    ds:??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z ; std::operator<<<char,std::char_traits<char>,std::allocator<char>>(std::basic_ostream<char,std::char_traits<char>> &,std::basic_string<char,std::char_traits<char>,std::allocator<char>> const &)
.text:00B6111C                 mov     edx, [esp+100h+var_40]
.text:00B61123                 mov     eax, ds:?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A ; std::basic_ostream<char,std::char_traits<char>> std::cout
.text:00B61128                 add     esp, 10h
.text:00B6112B                 push    offset asc_B62178 ; ")\n"
.text:00B61130                 push    edx
.text:00B61131                 push    offset asc_B6217C ; " ("
.text:00B61136                 push    eax
.text:00B61137                 call    sub_B612F0
.text:00B6113C                 add     esp, 8
.text:00B6113F                 mov     ecx, eax
.text:00B61141                 call    ds:??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z ; std::basic_ostream<char,std::char_traits<char>>::operator<<(int)
.text:00B61147                 push    eax
.text:00B61148                 call    sub_B612F0
.text:00B6114D                 add     esp, 8
.text:00B61150                 lea     ecx, [esp+0ECh+var_58]
.text:00B61157                 mov     [esp+0ECh+var_C], 0
.text:00B6115F                 call    ds:??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string<char,std::char_traits<char>,std::allocator<char>>(void)
.text:00B61165                 lea     ecx, [esp+0ECh+var_38]
.text:00B6116C                 mov     dword ptr [esp+0ECh+var_C], 0FFFFFFFFh
.text:00B61177                 call    ds:??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string<char,std::char_traits<char>,std::allocator<char>>(void)
.text:00B6117D                 xor     eax, eax
.text:00B6117F                 mov     ecx, [esp+0ECh+var_14]
.text:00B61186                 mov     large fs:0, ecx
.text:00B6118D                 pop     ecx
.text:00B6118E                 pop     esi
.text:00B6118F                 mov     ecx, [esp+0E4h+var_1C]
.text:00B61196                 xor     ecx, esp
.text:00B61198                 call    @__security_check_cookie@4 ; __security_check_cookie(x)
.text:00B6119D                 mov     esp, ebp
.text:00B6119F                 pop     ebp
.text:00B611A0                 retn
.text:00B611A1                 _main endp

vi ho comunque allegato l'eseguibile.

i miei dubbi sono sull'istruzione: mov eax, large fs:0
ho cercato qualcosa su internet ma ho trovato che è legata al SEH, ma non ho capito cosa centra nelle strutture dati.

non ho capito neanche dove le strutture dati vengono salvate: stack o datasegment? dovrebbe essere la seconda, eppure perchè viene dedicato così tanto spazio alle variabili locali?

grazie in anticipo

ps: per aprire l'eseguibile io uso ida

Discussione: [Assembly] strutture dati

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

[Assembly] strutture dati

Permessi di invio