验证一个关于borland c++的疑问

元始天尊 · 发表于 2014-12-24 17:44:39

欢迎访问技术宅的结界，请注册或者登录吧。

您需要登录才可以下载或查看，没有账号？立即注册→加入我们

×

忘记是在哪本NB书里看到的，说Borland喜欢把字符串插到代码段中，是一种非常不良的方式。
从没验证过，因为自己不用bcb，刚才vmware里用bcb测了一下ollydbg1帮助文档的一段代码，如下：
00440540  55 8B EC 83 C4 F8 DB 45 0C DC 0D B4 05 44 00 83  U......E.....D..
00440550  C4 F8 DD 1C 24 E8 7A 29 01 00 83 C4 08 E8 8A 28  ....$.z).......(
00440560  01 00 89 45 FC 89 45 F8 8B 45 08 83 F8 04 77 28  ...E..E..E....w(
00440570  8A 80 7D 05 44 00 FF 24 85 82 05 44 00 01 02 01  ..}.D..$...D....
00440580  02 01 98 05 44 00 8E 05 44 00 93 05 44 00 8B 45  ....D...D...D..E
00440590  F8 EB 1C 8B 45 FC EB 17 6A 10 68 1A 6D 46 00 68  ....E...j.h.mF.h
004405A0  08 6D 46 00 A1 18 FB 46 00 50 E8 50 4F 01 00 59  .mF....F.P.PO..Y
004405B0  59 5D C3 00 4A D8 12 4D FB 21 09 40 45 72 72 6F  Y]..J..M.!.@Erro
004405C0  72 21 00 49 6E 76 61 6C 69 64 20 70 61 72 61 6D  r!.Invalid param
004405D0  65 74 65 72 00                                  eter.

00440540  55             PUSH EBP
00440541  8BEC             MOV EBP,ESP
00440543  83C4 F8          ADD ESP,-8
00440546  DB45 0C          FILD DWORD PTR [EBP+C]
00440549  DC0D B4054400    FMUL QWORD PTR [4405B4]
0044054F  83C4 F8          ADD ESP,-8
00440552  DD1C24          FSTP QWORD PTR [ESP]
00440555  E8 7A290100    CALL 00452ED4
0044055A  83C4 08          ADD ESP,8
0044055D  E8 8A280100    CALL 00452DEC
00440562  8945 FC          MOV DWORD PTR [EBP-4],EAX
00440565  8945 F8          MOV DWORD PTR [EBP-8],EAX
00440568  8B45 08          MOV EAX,DWORD PTR [EBP+8]
0044056B  83F8 04          CMP EAX,4
0044056E  77 28          JA SHORT 00440598
00440570  8A80 7D054400    MOV AL,BYTE PTR [EAX+44057D]
00440576  FF2485 82054400 JMP DWORD PTR [EAX*4+440582]
0044057D  0102             ADD DWORD PTR [EDX],EAX
0044057F  0102             ADD DWORD PTR [EDX],EAX
00440581  0198 0544008E    ADD DWORD PTR [EAX+8E004405],EBX
00440587  05 44009305    ADD EAX,5930044
0044058C  44             INC ESP
0044058D  008B 45F8EB1C    ADD BYTE PTR [EBX+1CEBF845],CL
00440593  8B45 FC          MOV EAX,DWORD PTR [EBP-4]
00440596  EB 17          JMP SHORT 004405AF
00440598  6A 10          PUSH 10
0044059A  68 1A6D4600    PUSH 4405BC
0044059F  68 086D4600    PUSH 4405C3
004405A4  A1 18FB4600    MOV EAX,DWORD PTR [46FB18]
004405A9  50             PUSH EAX
004405AA  E8 504F0100    CALL 004554FF
004405AF  59             POP ECX
004405B0  59             POP ECX
004405B1  5D             POP EBP
004405B2  C3             RETN
004405B3  004A D8          ADD BYTE PTR [EDX-28],CL
004405B6  124D FB          ADC CL,BYTE PTR [EBP-5]
004405B9  2109             AND DWORD PTR [ECX],ECX
004405BB  40             INC EAX
004405BC  45             INC EBP
004405BD  72 72          JB SHORT OT.004600F1
004405BF  6F             OUTS DX,DWORD PTR [EDI]
004405C0  72 21          JB SHORT OT.004600A3
004405C2  0049 6E          ADD BYTE PTR [ECX+6E],CL
004405C5  76 61          JBE SHORT OT.004600E8
004405C7  6C             INS BYTE PTR [EDI],DX
004405C8  696420 70 6172616>IMUL ESP,DWORD PTR [EAX+70],6D617261
004405D0  65:74 65       JE SHORT OT.004600F8
004405D3  72 00          JB SHORT OT.00460095

源码：

int Dummy(int i,int j) {
int a[2];
a[0]=a[1]=sqrt(j*3.1415926);
switch (i) {
case 0:
case 2:
case 4:
return a[0];
case 1:
case 3:
return a[1];
default:
MessageBox(hwmain,"Invalid parameter","Error!",
MB_OK|MB_ICONSTOP|MB_APPLMODAL);
break;
}
}

复制代码

一眼望去，add esp,-8这句已经暴漏了bcb的特征，然而书上说0044057D处可疑：
“嗯……，这看上去像是一个函数……至少创建了标准的栈框架（PUSH EBP; MOV EBP,ESP），并有返回。但在地址0044057D处发生了什么？这些命令非常可疑。在返回命令后面的那些是什么？一些ASCII文本，以及某些其他的……。让我们运行代码分析，并使用Objcect扫描。分析之后，代码看上去变得非常棒了。。。”
确实，明显是数据，因此怀疑为bcb所写代码，特此用msvc6和bcb6测试得到：
bcb6结果：
.text:00401168                      ; int __cdecl Dummy(int i, int j)
.text:00401168                                        public Dummy
.text:00401168                      Dummy          proc near             ; CODE XREF: _main+7p
.text:00401168
.text:00401168                      var_10       = qword ptr -10h
.text:00401168                      var_8          = dword ptr -8
.text:00401168                      var_4          = dword ptr -4
.text:00401168                      i             = dword ptr  8
.text:00401168                      j             = dword ptr  0Ch
.text:00401168
.text:00401168 55                                     push ebp
.text:00401168                      ;EBP-8h=>a
.text:00401169 8B EC                                  mov    ebp, esp
.text:0040116B 83 C4 F8                               add    esp, 0FFFFFFF8h
.text:0040116E                      ; #line "C:\Program Files\Borland\CBuilder6\Projects\Unit1.c" 11
.text:0040116E DB 45 0C                               fild [ebp+j]
.text:00401171 DC 0D D8 11 40 00                      fmul ds:dbl_4011D8
.text:00401177 83 C4 F8                               add    esp, 0FFFFFFF8h
.text:0040117A DD 1C 24                               fstp [esp+10h+var_10]
.text:0040117D E8 F4 01 00 00                         call _sqrt
.text:00401182 83 C4 08                               add    esp, 8
.text:00401185 E8 AA 01 00 00                         call __ftol
.text:0040118A 89 45 FC                               mov    [ebp+var_4], eax
.text:0040118D 89 45 F8                               mov    [ebp+var_8], eax
.text:00401190                      ; #line "C:\Program Files\Borland\CBuilder6\Projects\Unit1.c" 12
.text:00401190 8B 55 08                               mov    edx, [ebp+i]
.text:00401193 83 FA 04                               cmp    edx, 4       ; switch 5 cases
.text:00401196 77 25                                  ja    short loc_4011BD ; jumptable 00401198 default case
.text:00401198 FF 24 95 9F 11 40 00                   jmp    ds

ff_40119F[edx*4] ; switch jump
.text:00401198                      ; ---------------------------------------------------------------------------
.text:0040119F B3 11 40 00 B8 11 40 00+off_40119F    dd offset loc_4011B3 ; DATA XREF: Dummy+30r
.text:0040119F B3 11 40 00 B8 11 40 00+             dd offset loc_4011B8 ; jump table for switch statement
.text:0040119F B3 11 40 00                            dd offset loc_4011B3
.text:0040119F                                        dd offset loc_4011B8
.text:0040119F                                        dd offset loc_4011B3
.text:004011B3                      ; ---------------------------------------------------------------------------
.text:004011B3                      ; #line "C:\Program Files\Borland\CBuilder6\Projects\Unit1.c" 17
.text:004011B3
.text:004011B3                      loc_4011B3:                            ; CODE XREF: Dummy+30j
.text:004011B3                                                                ; DATA XREF: Dummy

ff_40119Fo
.text:004011B3 8B 45 F8                               mov    eax, [ebp+var_8] ; jumptable 00401198 cases 0,2,4
.text:004011B6 EB 1A                                  jmp    short loc_4011D2
.text:004011B8                      ; ---------------------------------------------------------------------------
.text:004011B8                      ; #line "C:\Program Files\Borland\CBuilder6\Projects\Unit1.c" 20
.text:004011B8
.text:004011B8                      loc_4011B8:                            ; CODE XREF: Dummy+30j
.text:004011B8                                                                ; DATA XREF: Dummy

ff_40119Fo
.text:004011B8 8B 45 FC                               mov    eax, [ebp+var_4] ; jumptable 00401198 cases 1,3
.text:004011BB EB 15                                  jmp    short loc_4011D2
.text:004011BD                      ; ---------------------------------------------------------------------------
.text:004011BD                      ; #line "C:\Program Files\Borland\CBuilder6\Projects\Unit1.c" 22
.text:004011BD
.text:004011BD                      loc_4011BD:                            ; CODE XREF: Dummy+2Ej
.text:004011BD 6A 10                                  push 10h          ; jumptable 00401198 default case
.text:004011BF 68 B6 20 40 00                         push offset Caption  ; "Error!"
.text:004011C4 68 A4 20 40 00                         push offset Text    ; "Invalid parameter"
.text:004011C9 6A 00                                  push 0             ; hWnd
.text:004011CB E8 14 01 00 00                         call MessageBoxA
.text:004011D0                      ; #line "C:\Program Files\Borland\CBuilder6\Projects\Unit1.c" 26
.text:004011D0 33 C0                                  xor    eax, eax
.text:004011D2                      ; #line "C:\Program Files\Borland\CBuilder6\Projects\Unit1.c" 27
.text:004011D2
.text:004011D2                      loc_4011D2:                            ; CODE XREF: Dummy+4Ej
.text:004011D2                                                                ; Dummy+53j
.text:004011D2 59                                     pop    ecx
.text:004011D3 59                                     pop    ecx
.text:004011D4 5D                                     pop    ebp
.text:004011D5 C3                                     retn
.text:004011D5                      ; ---------------------------------------------------------------------------
.text:004011D6 00 00                                  align 4
.text:004011D8 4A D8 12 4D FB 21 09 40 dbl_4011D8    dq 3.1415926          ; DATA XREF: Dummy+9r
.text:004011D8                      Dummy          endp

msvc6为：
.text:00401020                      sub_401020    proc near             ; CODE XREF: sub_401005j
.text:00401020
.text:00401020                      var_60       = qword ptr -60h
.text:00401020                      var_4C       = byte ptr -4Ch
.text:00401020                      var_C          = dword ptr -0Ch
.text:00401020                      var_8          = dword ptr -8
.text:00401020                      var_4          = dword ptr -4
.text:00401020                      arg_0          = dword ptr  8
.text:00401020                      arg_4          = dword ptr  0Ch
.text:00401020
.text:00401020 55                                     push ebp
.text:00401021 8B EC                                  mov    ebp, esp
.text:00401023 83 EC 4C                               sub    esp, 4Ch
.text:00401026 53                                     push ebx
.text:00401027 56                                     push esi
.text:00401028 57                                     push edi
.text:00401029 8D 7D B4                               lea    edi, [ebp+var_4C]
.text:0040102C B9 13 00 00 00                         mov    ecx, 13h
.text:00401031 B8 CC CC CC CC                         mov    eax, 0CCCCCCCCh
.text:00401036 F3 AB                                  rep stosd
.text:00401038 DB 45 0C                               fild [ebp+arg_4]
.text:0040103B DC 0D 40 80 42 00                      fmul ds:dbl_428040
.text:00401041 83 EC 08                               sub    esp, 8
.text:00401044 DD 1C 24                               fstp [esp+60h+var_60]
.text:00401047 E8 08 01 00 00                         call _sqrt
.text:0040104C 83 C4 08                               add    esp, 8
.text:0040104F E8 94 02 00 00                         call __ftol
.text:00401054 89 45 FC                               mov    [ebp+var_4], eax
.text:00401057 8B 45 FC                               mov    eax, [ebp+var_4]
.text:0040105A 89 45 F8                               mov    [ebp+var_8], eax
.text:0040105D 8B 4D 08                               mov    ecx, [ebp+arg_0]
.text:00401060 89 4D F4                               mov    [ebp+var_C], ecx
.text:00401063 83 7D F4 04                            cmp    [ebp+var_C], 4  ; switch 5 cases
.text:00401067 77 14                                  ja    short loc_40107D ; jumptable 0040106C default case
.text:00401069 8B 55 F4                               mov    edx, [ebp+var_C]
.text:0040106C FF 24 95 AD 10 40 00                   jmp    ds

ff_4010AD[edx*4] ; switch jump
.text:00401073                      ; ---------------------------------------------------------------------------
.text:00401073
.text:00401073                      loc_401073:                            ; CODE XREF: sub_401020+4Cj
.text:00401073                                                                ; DATA XREF: .text

ff_4010ADo
.text:00401073 8B 45 F8                               mov    eax, [ebp+var_8] ; jumptable 0040106C cases 0,2,4
.text:00401076 EB 24                                  jmp    short loc_40109C
.text:00401078                      ; ---------------------------------------------------------------------------
.text:00401078
.text:00401078                      loc_401078:                            ; CODE XREF: sub_401020+4Cj
.text:00401078                                                                ; DATA XREF: .text

ff_4010ADo
.text:00401078 8B 45 FC                               mov    eax, [ebp+var_4] ; jumptable 0040106C cases 1,3
.text:0040107B EB 1F                                  jmp    short loc_40109C
.text:0040107D                      ; ---------------------------------------------------------------------------
.text:0040107D
.text:0040107D                      loc_40107D:                            ; CODE XREF: sub_401020+47j
.text:0040107D 8B F4                                  mov    esi, esp       ; jumptable 0040106C default case
.text:0040107F 6A 10                                  push 10h          ; uType
.text:00401081 68 34 80 42 00                         push offset Caption  ; "Error!"
.text:00401086 68 1C 80 42 00                         push offset Text    ; "Invalid parameter"
.text:0040108B 6A 00                                  push 0             ; hWnd
.text:0040108D FF 15 B4 02 43 00                      call ds:MessageBoxA
.text:00401093 3B F4                                  cmp    esi, esp
.text:00401095 E8 16 02 00 00                         call __chkesp
.text:0040109A 33 C0                                  xor    eax, eax
.text:0040109C
.text:0040109C                      loc_40109C:                            ; CODE XREF: sub_401020+56j
.text:0040109C                                                                ; sub_401020+5Bj
.text:0040109C 5F                                     pop    edi
.text:0040109D 5E                                     pop    esi
.text:0040109E 5B                                     pop    ebx
.text:0040109F 83 C4 4C                               add    esp, 4Ch
.text:004010A2 3B EC                                  cmp    ebp, esp
.text:004010A4 E8 07 02 00 00                         call __chkesp
.text:004010A9 8B E5                                  mov    esp, ebp
.text:004010AB 5D                                     pop    ebp
.text:004010AC C3                                     retn
.text:004010AC                      sub_401020    endp
.text:004010AC
.text:004010AC                      ; ---------------------------------------------------------------------------
.text:004010AD 73 10 40 00 78 10 40 00+off_4010AD    dd offset loc_401073 ; DATA XREF: sub_401020+4Cr
.text:004010AD 73 10 40 00 78 10 40 00+             dd offset loc_401078 ; jump table for switch statement
.text:004010AD 73 10 40 00                            dd offset loc_401073
.text:004010AD                                        dd offset loc_401078
.text:004010AD                                        dd offset loc_401073
.text:004010C1 CC CC CC CC CC CC CC CC+             db 2Fh dup(0CCh)
.text:004010F0

看PE段，发现都有rdata段,vc用之存放常量，如本例中的3.1415和字符串"Invalid parameter","Error!"，而bcb直接放到代码段中，除此之外，switch语句的跳转表存放也不尽相同。一般来说，现代程序都是代码数据分离的，这样可以减少bug，便于代码维护。我觉得如果粘到一起就可能无法实现增量编译了。可以设想代码突然增加或减少常量的情况，势必造成生成的二进制数据混乱。

誓不回头 · 发表于 2018-5-3 21:07:57

粘到一起会导致DEP问题不好判断。莫非Delphi WebService在WIN SERVER上运行，必须设置DEP程序例外。。。的原因来自你说的这个问题？？

账号		自动登录	找回密码
密码			立即注册→加入我们