最近学逆向 看到一段代码 苦于对结构体不是很熟悉 求分析
signed int __cdecl sub_4011E0()
{
int v0; // edi@4
signed int v1; // ecx@4
bool v2; // zf@6
signed int v3; // ecx@7
const void *v4; // esi@7
CHAR *v5; // edi@7
unsigned int v6; // edx@7
signed int v7; // ecx@7
HANDLE v8; // eax@10
HANDLE v9; // eax@10
signed int result; // eax@11
struct _PROCESS_INFORMATION ProcessInformation; // [sp+8h] [bp-360h]@10
struct _STARTUPINFOA StartupInfo; // [sp+18h] [bp-350h]@10
CHAR szLongPath; // [sp+5Ch] [bp-30Ch]@2
CHAR String2; // [sp+160h] [bp-208h]@4
CHAR CommandLine; // [sp+264h] [bp-104h]@1
if ( !GetEnvironmentVariableA("COMSPEC", &CommandLine, 0x104u)
|| !GetModuleFileNameA(0, &szLongPath, 0x104u)
|| !GetShortPathNameA(&szLongPath, &szLongPath, 0x104u) )
goto LABEL_15;
Sleep(1u);
strcpy(&String2, " /C del ");
lstrcatA(&String2, &szLongPath);
v0 = (int)" > nul";
v1 = -1;
do
{
if ( !v1 )
break;
v2 = *(_BYTE *)v0++ == 0;
--v1;
}
while ( !v2 );
v3 = ~v1;
v4 = (const void *)(v0 - v3);
v5 = &String2;
v6 = v3;
v7 = -1;
do
{
if ( !v7 )
break;
v2 = *v5++ == 0;
--v7;
}
while ( !v2 );
memcpy(v5 - 1, v4, v6);
lstrcatA(&CommandLine, &String2);
ProcessInformation.hThread = 0;
ProcessInformation.dwProcessId = 0;
memset(&StartupInfo.lpReserved, 0, 0x40u);
ProcessInformation.hProcess = 0;
ProcessInformation.dwThreadId = 0;
StartupInfo.cb = 68;
StartupInfo.dwFlags = 1;
StartupInfo.wShowWindow = 0;
v8 = GetCurrentProcess();
SetPriorityClass(v8, 0x100u);
v9 = GetCurrentThread();
SetThreadPriority(v9, 15);
if ( CreateProcessA(0, &CommandLine, 0, 0, 0, 0xCu, 0, 0, &StartupInfo, &ProcessInformation) )
{
SetPriorityClass(ProcessInformation.hProcess, 0x40u);
SetThreadPriority(ProcessInformation.hThread, -15);
ResumeThread(ProcessInformation.hThread);
result = 1;
}
else
{
LABEL_15:
result = 0;
}
return result;
}
把他翻译成正规可运行的代码 其中LABEL_15不了解什么意思
struct _PROCESS_INFORMATION 这句话C++原型里面应该是PROCESS_INFORMATION 吧
原先我就PROCESS_INFORMATION 用的 为什么他还要用struct呢?
[解决办法]
LABEL_15就是个位置标记,前面有个goto LABEL_15,表示出错了代码跳到这里执行.
相当于汇编里面的
jmp LABEL_15
...
LABEL_15:
...
nop