飘云阁TC中memcpy函数在不同模式下的区别

Nisy 发表于 2009-4-2 12:54:25

TC中memcpy函数在不同模式下的区别

紧凑模式：

seg000:01BC ; int __cdecl main(int argc, const char **argv, const char *envp)
seg000:01BC _main       proc near             ; CODE XREF: start+FDp
seg000:01BC             mov ax, 17h
seg000:01BF             push ax          ; n
seg000:01C0             push ds
seg000:01C1             mov ax, 94h ; '?
seg000:01C4             push ax          ; src
seg000:01C5             mov dx, 0B000h
seg000:01C8             mov ax, 8544h
seg000:01CB             push dx
seg000:01CC             push ax          ; dest
seg000:01CD             call _memcpy
seg000:01D0             add sp, 0Ah
seg000:01D3             retn
seg000:01D3 _main       endp

seg000:0892 ; void *__cdecl memcpy(void *dest, const void *src, size_t n)
seg000:0892 _memcpy       proc near             ; CODE XREF: _main+11p
seg000:0892
seg000:0892 dest          = dword ptr4
seg000:0892 src          = dword ptr8
seg000:0892 n             = word ptr0Ch
seg000:0892
seg000:0892             push bp
seg000:0893             mov bp, sp
seg000:0895             push si
seg000:0896             push di
seg000:0897             mov dx, ds
seg000:0899             les di, // 将前两位（偏移地址）装入DI 后俩字节（段地址）装入ES
seg000:089C             lds si, // 将前两位（偏移地址）装入SI 后俩字节（段地址）装入DS
seg000:089F             mov cx,
seg000:08A2             shr cx, 1
seg000:08A4             cld
seg000:08A5             rep movsw
seg000:08A7             jnb short loc_108AA
seg000:08A9             movsb
seg000:08AA
seg000:08AA loc_108AA:                            ; CODE XREF: _memcpy+15j
seg000:08AA             mov ds, dx
seg000:08AC             mov dx, word ptr
seg000:08AF             mov ax, word ptr
seg000:08B2             jmp short $+2
seg000:08B4             pop di
seg000:08B5             pop si
seg000:08B6             pop bp
seg000:08B7             retn
seg000:08B7 _memcpy       endp

在Debug中看到的执行情况：

AX=8544BX=0088CX=000DDX=0C5CSP=0FE0BP=0FE4SI=100CDI=05AA
DS=0C5CES=0B63SS=0C73CS=0BD0IP=0899 NV UP EI PL ZR NA PE NC
0BD0:0899 C47E04    LES DI,                      SS:0FE8=8544
-t

AX=8544BX=0088CX=000DDX=0C5CSP=0FE0BP=0FE4SI=100CDI=8544
DS=0C5CES=B000SS=0C73CS=0BD0IP=089C NV UP EI PL ZR NA PE NC
0BD0:089C C57608    LDS SI,                      SS:0FEC=0094
-t

AX=8544BX=0088CX=000DDX=0C5CSP=0FE0BP=0FE4SI=0094DI=8544
DS=0C5CES=B000SS=0C73CS=0BD0IP=089F NV UP EI PL ZR NA PE NC
0BD0:089F 8B4E0C    MOV CX,                      SS:0FF0=0017

-d ss:0fe0
0C73:0FE0AA 05 0C 10 02 10 D0 01-44 85 00 B0 94 00 5C 0C ........D.....\.
0C73:0FF017 00 00 01 01 00 FE 0F-73 0C 08 00 74 0D 06 10 ........s...t...

==================================================================

Small 模式：

seg000:01FA ; int __cdecl main(int argc, const char **argv, const char *envp)
seg000:01FA _main       proc near             ; CODE XREF: start+11Ap
seg000:01FA             mov ax, 17h
seg000:01FD             push ax
seg000:01FE             mov ax, 194h
seg000:0201             push ax          ; src
seg000:0202             mov dx, 0B000h
seg000:0205             mov ax, 8544h
seg000:0208             push dx
seg000:0209             push ax          ; dest
seg000:020A             call _memcpy
seg000:020D             add sp, 8
seg000:0210             retn
seg000:0210 _main       endp

seg000:0567 ; void *__cdecl memcpy(void *dest, const void *src, size_t n)
seg000:0567 _memcpy       proc near             ; CODE XREF: _main+10p
seg000:0567
seg000:0567 dest          = word ptr4
seg000:0567 arg_2       = word ptr6
seg000:0567 src          = word ptr8
seg000:0567 n             = word ptr0Ch
seg000:0567
seg000:0567             push bp
seg000:0568             mov bp, sp
seg000:056A             push si
seg000:056B             push di
seg000:056C             push ds
seg000:056D             pop es
seg000:056E             assume es:dseg
seg000:056E             mov di,
seg000:0571             mov si, // 这里把段地址给放到SI中去了
seg000:0574             mov cx, // 这里把本应该放SI中的源数据地址给整CX中去了晕死 ~~
seg000:0577             shr cx, 1
seg000:0579             cld
seg000:057A             rep movsw
seg000:057C             jnb short loc_1057F
seg000:057E             movsb
seg000:057F
seg000:057F loc_1057F:                            ; CODE XREF: _memcpy+15j
seg000:057F             mov ax,
seg000:0582             jmp short $+2
seg000:0584             pop di
seg000:0585             pop si
seg000:0586             pop bp
seg000:0587             retn
seg000:0587 _memcpy       endp
seg000:0587

在Debug中跟踪到的数据：

AX=8544BX=07F8CX=000DDX=B000SP=FFDABP=FFDESI=05ABDI=07B2
DS=0C29ES=0C29SS=0C29CS=0BD0IP=056C NV UP EI PL ZR NA PE NC
0BD0:056C 1E          PUSH DS
-t

AX=8544BX=07F8CX=000DDX=B000SP=FFD8BP=FFDESI=05ABDI=07B2
DS=0C29ES=0C29SS=0C29CS=0BD0IP=056D NV UP EI PL ZR NA PE NC
0BD0:056D 07          POP ES
-t

AX=8544BX=07F8CX=000DDX=B000SP=FFDABP=FFDESI=05ABDI=07B2
DS=0C29ES=0C29SS=0C29CS=0BD0IP=056E NV UP EI PL ZR NA PE NC
0BD0:056E 8B7E04    MOV DI,                      SS:FFE2=8544
-t

AX=8544BX=07F8CX=000DDX=B000SP=FFDABP=FFDESI=05ABDI=8544
DS=0C29ES=0C29SS=0C29CS=0BD0IP=0571 NV UP EI PL ZR NA PE NC
0BD0:0571 8B7606    MOV SI,                      SS:FFE4=B000
-t

AX=8544BX=07F8CX=000DDX=B000SP=FFDABP=FFDESI=B000DI=8544
DS=0C29ES=0C29SS=0C29CS=0BD0IP=0574 NV UP EI PL ZR NA PE NC
0BD0:0574 8B4E08    MOV CX,                      SS:FFE6=0194

冷血书生 发表于 2009-4-2 14:12:18

ida用得很熟。。。。。。。。。。。
鉴定完毕。

千江月 发表于 2009-4-11 19:37:21

IDA还没有用过呢，只能看看

kelvar 发表于 2009-5-13 23:29:16

学C学到现在终于看到为啥俩模式有区别了。/:L

pygcnm 发表于 2011-2-18 13:36:38

要得用很多时间来做各种各样的测试！

页: [1]

飘云阁's Archiver

TC中memcpy函数在不同模式下的区别