Does anybody know what this C++ inline assembly does?

2018-06-25 21:23:07

I've seen the following code in an open source windows tool called DM2.

#define OEP_ASM __asm jmp OEP 
__asm _emit 0x5B __asm _emit 0x66 __asm _emit 0x6C 
__asm _emit 0x79 __asm _emit 0x66 __asm _emit 0x61 
__asm _emit 0x6E __asm _emit 0x63 __asm _emit 0x79 
__asm _emit 0x26 __asm _emit 0x57 __asm _emit 0x65 
__asm _emit 0x69 __asm _emit 0x72 __asm _emit 0x64 
__asm _emit 0x5D __asm _emit 0x00 __asm OEP:

There are no comments and searching the internet I sill haven't understood what this does?! MSDN just tells me that this inserts bytes into the code. This much I understand but I don't understand what these bytes do, it doesn't look like instructions.

Can anybody explain, or at least point me in the right direction what inserting bytes actually does?

Indeed this is not code, it's just a string. Probably emitted like this for obfuscation purposes.

$ echo $'x5Bx66x6Cx79x66x61x6Ex63x79x26x57x65x69x72x64x5D'
[flyfancy&Weird]

Or maybe it has to be embedded into the code section and inline asm doesn't provide a way to do that otherwise. Also notice that the first instruction jumps over the entire string.

It's just a null-terminated ASCII string [flyfancy&Weird] embedded into the code (as the comment suggests). The jmp OEP instruction jumps over that string.

链接地址: http://www.djcxy.com/p/72440.html

上一篇: 从MCInsts（x86）获取“实际”寄存器

下一篇: 有人知道这个C ++内联程序集是干什么的吗？