验证一个关于borland c++的疑问

元始天尊 发表于 2014-12-24 17:44:39

忘记是在哪本NB书里看到的，说Borland喜欢把字符串插到代码段中，是一种非常不良的方式。
从没验证过，因为自己不用bcb，刚才vmware里用bcb测了一下ollydbg1帮助文档的一段代码，如下：
0044054055 8B EC 83 C4 F8 DB 45 0C DC 0D B4 05 44 00 83U......E.....D..
00440550C4 F8 DD 1C 24 E8 7A 29 01 00 83 C4 08 E8 8A 28....$.z).......(
0044056001 00 89 45 FC 89 45 F8 8B 45 08 83 F8 04 77 28...E..E..E....w(
004405708A 80 7D 05 44 00 FF 24 85 82 05 44 00 01 02 01..}.D..$...D....
0044058002 01 98 05 44 00 8E 05 44 00 93 05 44 00 8B 45....D...D...D..E
00440590F8 EB 1C 8B 45 FC EB 17 6A 10 68 1A 6D 46 00 68....E...j.h.mF.h
004405A008 6D 46 00 A1 18 FB 46 00 50 E8 50 4F 01 00 59.mF....F.P.PO..Y
004405B059 5D C3 00 4A D8 12 4D FB 21 09 40 45 72 72 6FY]..J..M.!.@Erro
004405C072 21 00 49 6E 76 61 6C 69 64 20 70 61 72 61 6Dr!.Invalid param
004405D065 74 65 72 00                               eter.

0044054055             PUSH EBP
004405418BEC          MOV EBP,ESP
0044054383C4 F8       ADD ESP,-8
00440546DB45 0C       FILD DWORD PTR
00440549DC0D B4054400 FMUL QWORD PTR
0044054F83C4 F8       ADD ESP,-8
00440552DD1C24          FSTP QWORD PTR
00440555E8 7A290100    CALL 00452ED4
0044055A83C4 08       ADD ESP,8
0044055DE8 8A280100    CALL 00452DEC
004405628945 FC       MOV DWORD PTR ,EAX
004405658945 F8       MOV DWORD PTR ,EAX
004405688B45 08       MOV EAX,DWORD PTR
0044056B83F8 04       CMP EAX,4
0044056E77 28          JA SHORT 00440598
004405708A80 7D054400 MOV AL,BYTE PTR
00440576FF2485 82054400 JMP DWORD PTR
0044057D0102          ADD DWORD PTR ,EAX
0044057F0102          ADD DWORD PTR ,EAX
004405810198 0544008E ADD DWORD PTR ,EBX
0044058705 44009305    ADD EAX,5930044
0044058C44             INC ESP
0044058D008B 45F8EB1C ADD BYTE PTR ,CL
004405938B45 FC       MOV EAX,DWORD PTR
00440596EB 17          JMP SHORT 004405AF
004405986A 10          PUSH 10
0044059A68 1A6D4600    PUSH 4405BC
0044059F68 086D4600    PUSH 4405C3
004405A4A1 18FB4600    MOV EAX,DWORD PTR
004405A950             PUSH EAX
004405AAE8 504F0100    CALL 004554FF
004405AF59             POP ECX
004405B059             POP ECX
004405B15D             POP EBP
004405B2C3             RETN
004405B3004A D8       ADD BYTE PTR ,CL
004405B6124D FB       ADC CL,BYTE PTR
004405B92109          AND DWORD PTR ,ECX
004405BB40             INC EAX
004405BC45             INC EBP
004405BD72 72          JB SHORT OT.004600F1
004405BF6F             OUTS DX,DWORD PTR
004405C072 21          JB SHORT OT.004600A3
004405C20049 6E       ADD BYTE PTR ,CL
004405C576 61          JBE SHORT OT.004600E8
004405C76C             INS BYTE PTR ,DX
004405C8696420 70 6172616>IMUL ESP,DWORD PTR ,6D617261
004405D065:74 65       JE SHORT OT.004600F8
004405D372 00          JB SHORT OT.00460095

源码：

int Dummy(int i,int j) {
int a;
a=a=sqrt(j*3.1415926);
switch (i) {
case 0:
case 2:
case 4:
   return a;
case 1:
case 3:
   return a;
default:
   MessageBox(hwmain,"Invalid parameter","Error!",
   MB_OK|MB_ICONSTOP|MB_APPLMODAL);
break;
}
}

一眼望去，add esp,-8这句已经暴漏了bcb的特征，然而书上说0044057D处可疑：
“嗯……，这看上去像是一个函数……至少创建了标准的栈框架（PUSH EBP; MOV EBP,ESP），并有返回。但在地址0044057D处发生了什么？这些命令非常可疑。在返回命令后面的那些是什么？一些ASCII文本，以及某些其他的……。让我们运行代码分析，并使用Objcect扫描。分析之后，代码看上去变得非常棒了。。。”
确实，明显是数据，因此怀疑为bcb所写代码，特此用msvc6和bcb6测试得到：
bcb6结果：
.text:00401168                      ; int __cdecl Dummy(int i, int j)
.text:00401168                                     public Dummy
.text:00401168                      Dummy       proc near             ; CODE XREF: _main+7p
.text:00401168
.text:00401168                      var_10       = qword ptr -10h
.text:00401168                      var_8       = dword ptr -8
.text:00401168                      var_4       = dword ptr -4
.text:00401168                      i             = dword ptr8
.text:00401168                      j             = dword ptr0Ch
.text:00401168
.text:00401168 55                                  push ebp
.text:00401168                      ;EBP-8h=>a
.text:00401169 8B EC                               mov ebp, esp
.text:0040116B 83 C4 F8                            add esp, 0FFFFFFF8h
.text:0040116E                      ; #line "C:\Program Files\Borland\CBuilder6\Projects\Unit1.c" 11
.text:0040116E DB 45 0C                            fild
.text:00401171 DC 0D D8 11 40 00                   fmul ds:dbl_4011D8
.text:00401177 83 C4 F8                            add esp, 0FFFFFFF8h
.text:0040117A DD 1C 24                            fstp
.text:0040117D E8 F4 01 00 00                      call _sqrt
.text:00401182 83 C4 08                            add esp, 8
.text:00401185 E8 AA 01 00 00                      call __ftol
.text:0040118A 89 45 FC                            mov , eax
.text:0040118D 89 45 F8                            mov , eax
.text:00401190                      ; #line "C:\Program Files\Borland\CBuilder6\Projects\Unit1.c" 12
.text:00401190 8B 55 08                            mov edx,
.text:00401193 83 FA 04                            cmp edx, 4       ; switch 5 cases
.text:00401196 77 25                               ja    short loc_4011BD ; jumptable 00401198 default case
.text:00401198 FF 24 95 9F 11 40 00                jmp ds:off_40119F ; switch jump
.text:00401198                      ; ---------------------------------------------------------------------------
.text:0040119F B3 11 40 00 B8 11 40 00+off_40119F    dd offset loc_4011B3 ; DATA XREF: Dummy+30r
.text:0040119F B3 11 40 00 B8 11 40 00+             dd offset loc_4011B8 ; jump table for switch statement
.text:0040119F B3 11 40 00                         dd offset loc_4011B3
.text:0040119F                                     dd offset loc_4011B8
.text:0040119F                                     dd offset loc_4011B3
.text:004011B3                      ; ---------------------------------------------------------------------------
.text:004011B3                      ; #line "C:\Program Files\Borland\CBuilder6\Projects\Unit1.c" 17
.text:004011B3
.text:004011B3                      loc_4011B3:                         ; CODE XREF: Dummy+30j
.text:004011B3                                                             ; DATA XREF: Dummy:off_40119Fo
.text:004011B3 8B 45 F8                            mov eax, ; jumptable 00401198 cases 0,2,4
.text:004011B6 EB 1A                               jmp short loc_4011D2
.text:004011B8                      ; ---------------------------------------------------------------------------
.text:004011B8                      ; #line "C:\Program Files\Borland\CBuilder6\Projects\Unit1.c" 20
.text:004011B8
.text:004011B8                      loc_4011B8:                         ; CODE XREF: Dummy+30j
.text:004011B8                                                             ; DATA XREF: Dummy:off_40119Fo
.text:004011B8 8B 45 FC                            mov eax, ; jumptable 00401198 cases 1,3
.text:004011BB EB 15                               jmp short loc_4011D2
.text:004011BD                      ; ---------------------------------------------------------------------------
.text:004011BD                      ; #line "C:\Program Files\Borland\CBuilder6\Projects\Unit1.c" 22
.text:004011BD
.text:004011BD                      loc_4011BD:                         ; CODE XREF: Dummy+2Ej
.text:004011BD 6A 10                               push 10h          ; jumptable 00401198 default case
.text:004011BF 68 B6 20 40 00                      push offset Caption; "Error!"
.text:004011C4 68 A4 20 40 00                      push offset Text ; "Invalid parameter"
.text:004011C9 6A 00                               push 0             ; hWnd
.text:004011CB E8 14 01 00 00                      call MessageBoxA
.text:004011D0                      ; #line "C:\Program Files\Borland\CBuilder6\Projects\Unit1.c" 26
.text:004011D0 33 C0                               xor eax, eax
.text:004011D2                      ; #line "C:\Program Files\Borland\CBuilder6\Projects\Unit1.c" 27
.text:004011D2
.text:004011D2                      loc_4011D2:                         ; CODE XREF: Dummy+4Ej
.text:004011D2                                                             ; Dummy+53j
.text:004011D2 59                                  pop ecx
.text:004011D3 59                                  pop ecx
.text:004011D4 5D                                  pop ebp
.text:004011D5 C3                                  retn
.text:004011D5                      ; ---------------------------------------------------------------------------
.text:004011D6 00 00                               align 4
.text:004011D8 4A D8 12 4D FB 21 09 40 dbl_4011D8    dq 3.1415926          ; DATA XREF: Dummy+9r
.text:004011D8                      Dummy       endp

msvc6为：
.text:00401020                      sub_401020    proc near             ; CODE XREF: sub_401005j
.text:00401020
.text:00401020                      var_60       = qword ptr -60h
.text:00401020                      var_4C       = byte ptr -4Ch
.text:00401020                      var_C       = dword ptr -0Ch
.text:00401020                      var_8       = dword ptr -8
.text:00401020                      var_4       = dword ptr -4
.text:00401020                      arg_0       = dword ptr8
.text:00401020                      arg_4       = dword ptr0Ch
.text:00401020
.text:00401020 55                                  push ebp
.text:00401021 8B EC                               mov ebp, esp
.text:00401023 83 EC 4C                            sub esp, 4Ch
.text:00401026 53                                  push ebx
.text:00401027 56                                  push esi
.text:00401028 57                                  push edi
.text:00401029 8D 7D B4                            lea edi,
.text:0040102C B9 13 00 00 00                      mov ecx, 13h
.text:00401031 B8 CC CC CC CC                      mov eax, 0CCCCCCCCh
.text:00401036 F3 AB                               rep stosd
.text:00401038 DB 45 0C                            fild
.text:0040103B DC 0D 40 80 42 00                   fmul ds:dbl_428040
.text:00401041 83 EC 08                            sub esp, 8
.text:00401044 DD 1C 24                            fstp
.text:00401047 E8 08 01 00 00                      call _sqrt
.text:0040104C 83 C4 08                            add esp, 8
.text:0040104F E8 94 02 00 00                      call __ftol
.text:00401054 89 45 FC                            mov , eax
.text:00401057 8B 45 FC                            mov eax,
.text:0040105A 89 45 F8                            mov , eax
.text:0040105D 8B 4D 08                            mov ecx,
.text:00401060 89 4D F4                            mov , ecx
.text:00401063 83 7D F4 04                         cmp , 4; switch 5 cases
.text:00401067 77 14                               ja    short loc_40107D ; jumptable 0040106C default case
.text:00401069 8B 55 F4                            mov edx,
.text:0040106C FF 24 95 AD 10 40 00                jmp ds:off_4010AD ; switch jump
.text:00401073                      ; ---------------------------------------------------------------------------
.text:00401073
.text:00401073                      loc_401073:                         ; CODE XREF: sub_401020+4Cj
.text:00401073                                                             ; DATA XREF: .text:off_4010ADo
.text:00401073 8B 45 F8                            mov eax, ; jumptable 0040106C cases 0,2,4
.text:00401076 EB 24                               jmp short loc_40109C
.text:00401078                      ; ---------------------------------------------------------------------------
.text:00401078
.text:00401078                      loc_401078:                         ; CODE XREF: sub_401020+4Cj
.text:00401078                                                             ; DATA XREF: .text:off_4010ADo
.text:00401078 8B 45 FC                            mov eax, ; jumptable 0040106C cases 1,3
.text:0040107B EB 1F                               jmp short loc_40109C
.text:0040107D                      ; ---------------------------------------------------------------------------
.text:0040107D
.text:0040107D                      loc_40107D:                         ; CODE XREF: sub_401020+47j
.text:0040107D 8B F4                               mov esi, esp    ; jumptable 0040106C default case
.text:0040107F 6A 10                               push 10h          ; uType
.text:00401081 68 34 80 42 00                      push offset Caption; "Error!"
.text:00401086 68 1C 80 42 00                      push offset Text ; "Invalid parameter"
.text:0040108B 6A 00                               push 0             ; hWnd
.text:0040108D FF 15 B4 02 43 00                   call ds:MessageBoxA
.text:00401093 3B F4                               cmp esi, esp
.text:00401095 E8 16 02 00 00                      call __chkesp
.text:0040109A 33 C0                               xor eax, eax
.text:0040109C
.text:0040109C                      loc_40109C:                         ; CODE XREF: sub_401020+56j
.text:0040109C                                                             ; sub_401020+5Bj
.text:0040109C 5F                                  pop edi
.text:0040109D 5E                                  pop esi
.text:0040109E 5B                                  pop ebx
.text:0040109F 83 C4 4C                            add esp, 4Ch
.text:004010A2 3B EC                               cmp ebp, esp
.text:004010A4 E8 07 02 00 00                      call __chkesp
.text:004010A9 8B E5                               mov esp, ebp
.text:004010AB 5D                                  pop ebp
.text:004010AC C3                                  retn
.text:004010AC                      sub_401020    endp
.text:004010AC
.text:004010AC                      ; ---------------------------------------------------------------------------
.text:004010AD 73 10 40 00 78 10 40 00+off_4010AD    dd offset loc_401073 ; DATA XREF: sub_401020+4Cr
.text:004010AD 73 10 40 00 78 10 40 00+             dd offset loc_401078 ; jump table for switch statement
.text:004010AD 73 10 40 00                         dd offset loc_401073
.text:004010AD                                     dd offset loc_401078
.text:004010AD                                     dd offset loc_401073
.text:004010C1 CC CC CC CC CC CC CC CC+             db 2Fh dup(0CCh)
.text:004010F0

看PE段，发现都有rdata段,vc用之存放常量，如本例中的3.1415和字符串"Invalid parameter","Error!"，而bcb直接放到代码段中，除此之外，switch语句的跳转表存放也不尽相同。一般来说，现代程序都是代码数据分离的，这样可以减少bug，便于代码维护。我觉得如果粘到一起就可能无法实现增量编译了。可以设想代码突然增加或减少常量的情况，势必造成生成的二进制数据混乱。

誓不回头 发表于 2018-5-3 21:07:57

粘到一起会导致DEP问题不好判断。莫非Delphi WebService在WIN SERVER上运行，必须设置DEP程序例外。。。的原因来自你说的这个问题？？

页: [1]

技术宅的结界's Archiver

验证一个关于borland c++的疑问