对C++程序进行逆向时,IDA Strings Window总是无法正确显示中文
编写简单程序编译
#include <windows.h>
#include <cstdio>
int main()
{
int a = 1;
int b = 2;
wchar_t buf[32];
wsprintfW(buf, L"%d", a + b);
MessageBoxW(NULL, buf, L"提示1", 0);
MessageBoxW(NULL, L"这是第二个消息框", L"提示2", 0);
return 0;
}
跳转到.data段,小端字节序
default rel
extern MessageBoxW
extern ExitProcess
extern wsprintfW
global main
section .data
title1 dw 0x63D0,0x793A,0x0031,0
text1 dw 0x8FD9,0x662F,0x7B2C,0x4E00,0x4E2A,0x6D88,0x606F,0x6846,0
title2 dw 0x63D0,0x793A,0x0032,0
text2 dw 0x8FD9,0x662F,0x7B2C,0x4E8C,0x4E2A,0x6D88,0x606F,0x6846,0
label1 dd 5
label2 dd 2
xixi dd 1
fmt dw '%','d',0
buf times 32 dw 0
section .text
main:
sub rsp, 40
xor rcx, rcx
mov eax ,[label1]
add eax ,[label2]
mov [label1],eax
; wsprintfW(buf, L"%d", label1)
lea rcx, [buf]
lea rdx, [fmt]
mov r8d, eax
call wsprintfW
; MessageBoxW(NULL, buf, title1, 0)
xor rcx, rcx
lea rdx, [buf]
lea r8, [title1]
mov r9d, [xixi]
call MessageBoxW
xor rcx, rcx
lea rdx, [text2]
lea r8, [title2]
xor r9d, r9d
call MessageBoxW
add rsp, 40
xor ecx, ecx
call ExitProcess
汇编代码测试
研究了一下PE结构
.net
