ThatManK Mobile Article
&的使用
1. & 就是给前面加一个 \*, 并且类型要对应
#include <stdio.h>
int main()
{
int p = 1;
int *p1 = &p;
int **p2 = &p1;
int ***p4 = &p2;
return 0;
}
5: int p = 1;
00401028 mov dword ptr [ebp-4],1
6: int *p1 = &p;
0040102F lea eax,[ebp-4]
00401032 mov dword ptr [ebp-8],eax
7: int **p2 = &p1;
00401035 lea ecx,[ebp-8]
00401038 mov dword ptr [ebp-0Ch],ecx
8: int ***p4 = &p2;
0040103B lea edx,[ebp-0Ch]
0040103E mov dword ptr [ebp-10h],edx2. 取值运算符
#include <stdio.h>
int main()
{
int *a = (int *)1;
printf("%x \n", *(a + 1));
return 0;
}
5: int *a = (int *)1;
00401028 mov dword ptr [ebp-4],1
6: printf("%x \n", *(a + 1));
0040102F mov eax,dword ptr [ebp-4]
00401032 mov ecx,dword ptr [eax+4] // 因为a 是指针类型,所以加4, 获取内存编号里面的值
00401035 push ecx
00401036 push offset string "%x \n" (00426ee8)
0040103B call printf (004108c0)
00401040 add esp,8
7: return 0;3. \*指针类型的类型
#include <stdio.h>
int main()
{
int ****p4 = (int ****)1;
int ***p3 = *(p4);
int **p2 = *(p3);
int *p1 = *(p2);
int p = *(p1);
return 0;
}
5: int ****p4 = (int ****)1;
00401028 mov dword ptr [ebp-4],1
6: int ***p3 = *(p4);
0040102F mov eax,dword ptr [ebp-4]
00401032 mov ecx,dword ptr [eax] // [1] 中的值给ebp-8
00401034 mov dword ptr [ebp-8],ecx
7: int **p2 = *(p3);
00401037 mov edx,dword ptr [ebp-8]
0040103A mov eax,dword ptr [edx] // [[1]] 的值给ebp-c
0040103C mov dword ptr [ebp-0Ch],eax
8: int *p1 = *(p2);
0040103F mov ecx,dword ptr [ebp-0Ch]
00401042 mov edx,dword ptr [ecx] // [[[1]]] 的值给ebp-10
00401044 mov dword ptr [ebp-10h],edx
9: int p = *(p1);
00401047 mov eax,dword ptr [ebp-10h]
0040104A mov ecx,dword ptr [eax] // [[[[1]]]] 的值给 ebp-14
0040104C mov dword ptr [ebp-14h],ecx
总结:*(指针类型) 是给指针类型减去一个*4. 通过\*修改变量的值
#include <stdio.h>
int main()
{
int x = 1;
int *p = &x;
*(p) = 2;
printf("%d\n", x);
return 0;
}
5: int x = 1;
0040D428 mov dword ptr [ebp-4],1
6: int *p = &x;
0040D42F lea eax,[ebp-4] // eax = 19FF30
0040D432 mov dword ptr [ebp-8],eax
7: *(p) = 2;
0040D435 mov ecx,dword ptr [ebp-8] // ecx = 19FF30
0040D438 mov dword ptr [ecx],2
8: printf("%d\n", x);
0040D43E mov edx,dword ptr [ebp-4] // 2
0040D441 push edx
0040D442 push offset string "%d\n" (0042201c)
0040D447 call printf (0040d6d0)
0040D44C add esp,85. 指针取值的两种方式: 8() 和 [] 可以互相转换
- 一层 \*
#include <stdio.h>
int main()
{
int *p = (int *)1;
printf("%d %d\n", p[0], *p);
return 0;
}
5: int *p = (int *)1; // p[0] = *(p + 0) = *p
0040D448 mov dword ptr [ebp-4],1
6: printf("%d %d\n", p[0], *p);
0040D44F mov eax,dword ptr [ebp-4] // eax = 1
0040D452 mov ecx,dword ptr [eax] // ecx = [1] 两个参数一摸一样
0040D454 push ecx
0040D455 mov edx,dword ptr [ebp-4] // edx = 1
0040D458 mov eax,dword ptr [edx] // eax = [1] 两个参数一摸一样
0040D45A push eax
0040D45B push offset string "ABCDE" (0042201c)
0040D460 call printf (0040d750)
0040D465 add esp,0Ch- 二层\*
#include <stdio.h>
int main()
{
int **p = (int **)1;
printf("%d %d\n", p[0][0], **p);
return 0;
}
5: int **p = (int **)1; // p[0][0] = *(*(p+0)+0) = **p
0040D448 mov dword ptr [ebp-4],1
6: printf("%d %d\n", p[0][0], **p);
0040D44F mov eax,dword ptr [ebp-4] // eax = 1
0040D452 mov ecx,dword ptr [eax] // ecx = [1]
0040D454 mov edx,dword ptr [ecx] // edx = [[1]] 两个参数一摸一样
0040D456 push edx
0040D457 mov eax,dword ptr [ebp-4] // eax = 1
0040D45A mov ecx,dword ptr [eax] // ecx = [1]
0040D45C mov edx,dword ptr [ecx] // edx = [[1]] 两个参数一摸一样
0040D45E push edx
0040D45F push offset string "ABCDE" (0042201c)
0040D464 call printf (0040d750)
0040D469 add esp,0Ch- 两层有偏移
#include <stdio.h>
int main()
{
int **p = (int **)1;
printf("%d %d\n", p[1][2], *(*(p + 1) + 2));
return 0;
}
5: int **p = (int **)1;
0040D448 mov dword ptr [ebp-4],1
6: printf("%d %d\n", p[1][2], *(*(p + 1) + 2));
0040D44F mov eax,dword ptr [ebp-4] // eax = 1
0040D452 mov ecx,dword ptr [eax+4] // ecx = [5], 对应 + 1
0040D455 mov edx,dword ptr [ecx+8] // edx = [D],对应 + 2
0040D458 push edx
0040D459 mov eax,dword ptr [ebp-4] // eax = 1
0040D45C mov ecx,dword ptr [eax+4] // ecx = [5], 对应 + 1
0040D45F mov edx,dword ptr [ecx+8] // edx = [D],对应 + 2
0040D462 push edx
0040D463 push offset string "ABCDE" (0042201c)
0040D468 call printf (0040d750)
0040D46D add esp,0Ch- 一层有偏移
#include <stdio.h>
int main()
{
int *p = (int *)1;
printf("%d %d\n", p[1], *(p + 1));
return 0;
}
5: int *p = (int *)1;
0040D448 mov dword ptr [ebp-4],1
6: printf("%d %d\n", p[1], *(p + 1));
0040D44F mov eax,dword ptr [ebp-4]
0040D452 mov ecx,dword ptr [eax+4]
0040D455 push ecx
0040D456 mov edx,dword ptr [ebp-4]
0040D459 mov eax,dword ptr [edx+4]
0040D45C push eax
0040D45D push offset string "ABCDE" (0042201c)
0040D462 call printf (0040d750)
0040D467 add esp,0Ch- 总结
#include <stdio.h>
int main()
{
int i = 100;
int *p1 = &i;
int **p2 = &p1;
int ***p3 = &p2;
int ****p4 = &p3;
int *****p5 = &p4;
int y = *****p5;
int z = p5[0][0][0][0][0];
return 0;
}
5: int i = 100;
0040D448 mov dword ptr [ebp-4],64h
6: int *p1 = &i;
0040D44F lea eax,[ebp-4]
0040D452 mov dword ptr [ebp-8],eax
7: int **p2 = &p1;
0040D455 lea ecx,[ebp-8]
0040D458 mov dword ptr [ebp-0Ch],ecx
8: int ***p3 = &p2;
0040D45B lea edx,[ebp-0Ch]
0040D45E mov dword ptr [ebp-10h],edx
9: int ****p4 = &p3;
0040D461 lea eax,[ebp-10h]
0040D464 mov dword ptr [ebp-14h],eax
10: int *****p5 = &p4;
0040D467 lea ecx,[ebp-14h]
0040D46A mov dword ptr [ebp-18h],ecx
11:
12: int y = *****p5; // = 100
0040D46D mov edx,dword ptr [ebp-18h]
0040D470 mov eax,dword ptr [edx]
0040D472 mov ecx,dword ptr [eax]
0040D474 mov edx,dword ptr [ecx]
0040D476 mov eax,dword ptr [edx]
0040D478 mov ecx,dword ptr [eax]
0040D47A mov dword ptr [ebp-1Ch],ecx
13: int z = p5[0][0][0][0][0]; // = 100
0040D47D mov edx,dword ptr [ebp-18h]
0040D480 mov eax,dword ptr [edx]
0040D482 mov ecx,dword ptr [eax]
0040D484 mov edx,dword ptr [ecx]
0040D486 mov eax,dword ptr [edx]
0040D488 mov ecx,dword ptr [eax]
0040D48A mov dword ptr [ebp-20h],ecx