|
1.需求
逆向工程师必须先是一个正向开发工程师,如果没有C++/MFC的开发经验,就不会懂得如何逆向分析C++/MFC的程序,本文完成一个helloworld的C++正逆向过程。
2.C++程序源码
编译环境:visual studio 2022
#include
#include
using namespace std;
int main()
{
int a;
a = 100;
for (int i = 0; i < a; i++)
{
cout a;
return 0;
}
编译完毕后生成exe程序,导入Ghidra,分析完毕后,在symbol tree窗口,输入main查找到主函数位置:
3.反编译结果
3.1 Ghidra反汇编
int __cdecl main(int _Argc,char **_Argv,char **_Env)
{
basic_ostream *this;
int iVar1;
_RTC_framedesc *extraout_EDX;
int *piVar2;
code *pcVar3;
int local_20 [4];
int local_10 [2];
uint local_8;
piVar2 = local_20;
for (iVar1 = 7; iVar1 != 0; iVar1 = iVar1 + -1) {
*piVar2 = -0x33333334;
piVar2 = piVar2 + 1;
}
local_8 = __security_cookie ^ (uint)&stack0xfffffffc;
local_10[0] = 100;
/* static local (stored at 004124a0)
static local (stored at 00412494)
static local (stored at 0041248c)
static local (stored at 004124a0)
static local (stored at 00412494)
static local (stored at 0041248c) */
for (local_20[1] = 0; local_20[1] < local_10[0]; local_20[1] = local_20[1] + 1) {
pcVar3 = std::endl;
this = std::operator |