Some time ago, a friend asked me to help reverse engineer something, extract its code, save it as an assembly file, and compile and run it in VC (Visual C++).
asm file :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 .686p .model flat,c option casemap : none extern sprintf:proc extern strcat:proc .data ___security_cookie dd 0BB40E64Eh a02x_0 db "%02X" .code public sub_40B444 sub_40B444 proc near ; CODE XREF: sub_40CCEA+A4p ;Source = byte ptr -14h ;var_4 = dword ptr -4 ;arg_0 = dword ptr 8 ;arg_4 = dword ptr 0Ch ;arg_8 = dword ptr 10h push ebp mov ebp, esp sub esp, 14h mov eax, dword ptr ___security_cookie ; "N鍬? xor eax, ebp mov [ebp-4], eax push ebx mov ebx, [ebp+8] push esi mov esi, [ebp+10h] push edi xor edi, edi cmp [ebp+0Ch], edi mov byte ptr [esi], 0 jbe short loc_40B48E loc_40B467: ; CODE XREF: sub_40B444+48j movzx eax, byte ptr [ebx+edi] push eax lea eax, [ebp-14h] push offset a02x_0 ; "%02X" push eax ; Dest call sprintf lea eax, [ebp-14h] push eax ; Source push esi ; Dest call strcat add esp, 14h inc edi cmp edi, [ebp+0Ch] jb short loc_40B467 loc_40B48E: ; CODE XREF: sub_40B444+21j mov ecx, [ebp-4] pop edi pop esi xor ecx, ebp leave retn sub_40B444 endp end
The sample code is as follows:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 #include "stdafx.h" #include <Windows.h> extern "C" { char* sub_40B444(char*,int,char*); } int _tmain(int argc, _TCHAR* argv[]) { char* pszBuf = new char[1024]; memset( pszBuf , 0 , 1024 ); strcpy_s( pszBuf , 1024 , "des:" ); sub_40B444( "你总是说我在,这样孤单时候,才能想起与你联络" , strlen("你总是说我在,这样孤单时候,才能想起与你联络") , pszBuf ); printf_s( "format string : %s\n" , "你总是说我在,这样孤单时候,才能想起与你联络" ); printf_s( "format string : %s\n" , pszBuf ); if( pszBuf != NULL ) { delete[]pszBuf; pszBuf = NULL; } return 0; }