以下是一段汇编代码:
mov edx, [ebp+var_10]add edx, 74hlea eax, [ebx+74h]sub esp, 4push 0CCh ; Sizepush eax ; Srcpush edx ; Dstcall _memcpymov al, [ebx+140h]mov edx, [ebp+var_10]mov [edx+140h], almov al, [ebx+141h]mov [edx+141h], almov al, [ebx+142h]mov [edx+142h], almov al, [ebx+143h]mov [edx+143h], almov al, [ebx+144h]mov [edx+144h], almov al, [ebx+145h]mov [edx+145h], almov al, [ebx+146h]mov [edx+146h], almov al, [ebx+147h]mov [edx+147h], almov al, [ebx+148h]mov [edx+148h], almov al, [ebx+149h]mov [edx+149h], almov al, [ebx+14Ah]mov [edx+14Ah], almov al, [ebx+14Bh]mov [edx+14Bh], almov al, [ebx+14Ch]mov [edx+14Ch], almov al, [ebx+14Dh]mov [edx+14Dh], almov al, [ebx+14Eh]mov [edx+14Eh], almov al, [ebx+14Fh]mov [edx+14Fh], almov al, [ebx+150h]mov [edx+150h], almov al, [ebx+151h]mov [edx+151h], almov al, [ebx+152h]mov [edx+152h], almov al, [ebx+153h]mov [edx+153h], almov al, [ebx+154h]mov [edx+154h], al
IDA75与IDA77都把以上代码翻译为:
memcpy((void *)(a3 + 116), (const void *)(v7 + 116), 0xE1u);实际上,原始代码要做的操作是:
memcpy(arg_8->_116, arg_0->_24._116, 204);arg_8->_320 = arg_0->_24._320;arg_8->_321 = arg_0->_24._321;arg_8->_322 = arg_0->_24._322;arg_8->_323 = arg_0->_24._323;arg_8->_324 = arg_0->_24._324;arg_8->_325 = arg_0->_24._325;arg_8->_326 = arg_0->_24._326;arg_8->_327 = arg_0->_24._327;arg_8->_328 = arg_0->_24._328;arg_8->_329 = arg_0->_24._329;arg_8->_330 = arg_0->_24._330;arg_8->_331 = arg_0->_24._331;arg_8->_332 = arg_0->_24._332;arg_8->_333 = arg_0->_24._333;arg_8->_334 = arg_0->_24._334;arg_8->_335 = arg_0->_24._335;arg_8->_336 = arg_0->_24._336;arg_8->_337 = arg_0->_24._337;arg_8->_338 = arg_0->_24._338;arg_8->_339 = arg_0->_24._339;arg_8->_340 = arg_0->_24._340;
即是把一个结构变量的部分分量赋给另一个结构变量。
