从内核反汇编hook中截取的反汇编代码,非常小巧:
#include
#include
#include
//#include
#include "libdasm.h"
typedef unsigned char byte;
byte bin[] = {0x55,0x89,0xE5,0x83,0xEC,0x08,0xC7,0x04,\
0x24,0x01,0x00,0x00,0x00,0xFF,0x15,0xDC,\
0x40,0x40,0x00,0xE8,0x88,0xFF,0xFF,0xFF};
#define SZINST_MAX 128
int main(void)
{
INSTRUCTION inst;
char szinst[SZINST_MAX];
byte *pbin = bin;
byte *offset = (byte*)0x401220;
do
{
int ret0 = get_instruction(&inst,pbin,MODE_32);
pbin += ret0;
if(!get_instruction_string(&inst,FORMAT_INTEL,\
(DWORD)offset,szinst,sizeof(szinst)))
{
puts("err : can't to string???");
}
offset += ret0;
printf("code is :: %s\n",szinst);
}while(pbin < bin+sizeof(bin));
getchar();
return 0;
}
输出: code is :: push ebp code is :: mov ebp,esp code is :: sub esp,0x8 code is :: mov dword [esp],0x1 code is :: call [0x4040dc] code is :: call 0x4011c0
