首页 > VMP > VMP-switch汇编的变化
2016四月14

VMP-switch汇编的变化

[隐藏]

1.少量的switch跳转被转换成if..else

示例代码:

int IDA_Gl1(int i)
{
	int n = 0;
	switch(i)
	{
	case 1:
		n = 10;
		break;
	case 2:
		n = 30;
		break;
	case 3:
		n = 50;
		break;
	default:
		break;
	}
	return n;
}

IDA看到的流程图如下:

1.png

可以看到这的确就是if else条件跳转,先比较1,再比较2,再比较3,使用IDA的F5也可以看出:

1.png

可以相像一下,如果switch有10000个呢,那是不是要比较1W次,这明显就效率太低了!

  

2.多个连续的switch跳转

示例代码:

int IDA_Gl1(int i)
{
	int n = 0;
	switch(i)
	{
	case 1:
		n = 10;
		break;
	case 2:
		n = 30;
		break;
	case 3:
		n = 50;
		break;
	case 4:
		n = 90;
		break;
	case 5:
		n = 550;
		break;
	case 6:
		n = 660;
		break;
	default:
		break;
	}
	return n;
}

IDA看到的流程图如下:

1460699563454158.png

查看构造表10001068:

.text:10001068 off_10001068    dd offset $LN7          ; DATA XREF: IDA_Gl1(int)+25r
.text:10001068                 dd offset $LN6          ; jump table for switch statement
.text:10001068                 dd offset $LN5
.text:10001068                 dd offset $LN4
.text:10001068                 dd offset $LN3
.text:10001068                 dd offset $LN2

可以看出

当case语句较多的时候,C编译器会出成一个跳转表,而直接通过跳转表进行跳转,这让 switch 具有非常高的效律,而且效律几乎不会因为case语句的增长而减小

  

3.多个不太连续的switch跳转

示例代码:

int IDA_Gl1(int i)
{
	int n = 0;
	switch(i)
	{
	case 1:
		n = 10;
		break;
	case 5:
		n = 30;
		break;
	case 7:
		n = 50;
		break;
	case 23:
		n = 90;
		break;
	case 3:
		n = 550;
		break;
	case 6:
		n = 660;
		break;
	default:
		break;
	}
	return n;
}

IDA看到的流程图如下:

1.png

因为最大值是22,所以先做判断如果小于23

查看构造表10001070:

.text:10001070 off_10001070    dd offset $LN7          ; DATA XREF: IDA_Gl1(int)+2Cr
.text:10001070                 dd offset $LN3          ; jump table for switch statement
.text:10001070                 dd offset $LN6
.text:10001070                 dd offset $LN2
.text:10001070                 dd offset $LN5
.text:10001070                 dd offset $LN4
.text:10001070                 dd offset loc_10001067

   

4.多个不连续的switch跳转

示例代码:

int IDA_Gl1(int i)
{
	int n = 0;
	switch(i)
	{
	case 1:
		n = 10;
		break;
	case 50:
		n = 30;
		break;
	case 70:
		n = 50;
		break;
	case 23:
		n = 90;
		break;
	case 130:
		n = 550;
		break;
	case 600:
		n = 660;
		break;
	default:
		break;
	}
	return n;
}

IDA看到的流程图如下:

1.png

可以看到,这里switch又进行了二分法查找的优化,由此可以推测,switch在编译时会先获得case中的各值,然后进行排序,最后生成使用二分法优化的查找比较模式,但还是if..else方式

  

5.结论

1.用造表法和二分查表法是依据case中最大值与最小值之差与case语句个数来取舍的

2.我们注意到switch jump的跳转,以及jmp ds:[edx*4]这样的汇编,可以看出什么是造表法,其余我们可以归为if else

				if (pDecode[0] == 0xFF
					&& pDecode[1] == 0x24
					&& (pDecode[2] & (BYTE)0xC7) == (BYTE)0x85)
				{
					bIsSwitch = TRUE;// 造表法
					DWORD dwCaseTable = *(int *)(&pDecode[3]);// 取得跳转表所在地址

3.如果使用了造表法,如果存在重定位,那么这个表的调用VA和表中每一项的VA都会出现在重定位项中的

文章作者:hgy413
本文地址:http://hgy413.com/3178.html
版权所有 © 转载时必须以链接形式注明作者和原始出处!

13 Responses to “VMP-switch汇编的变化”

  1. #1 minecraft 回复 | 引用 Post:2018-10-06 04:00

    Greetings from Florida! I’m bored to tears at work so I decided to check out your site on my iphone
    during lunch break. I enjoy the knowledge you present here and can’t wait to take a look when I
    get home. I’m surprised at how quick your blog loaded on my mobile ..

    I’m not even using WIFI, just 3G .. Anyhow, wonderful blog!

  2. #2 minecraft 回复 | 引用 Post:2018-10-07 08:48

    I blog often and I truly appreciate your content.
    The article has really peaked my interest. I am going to
    book mark your site and keep checking for new details about once per week.
    I opted in for your RSS feed as well.

  3. It is the best time to make some plans for the future and it is
    time to be happy. I’ve read this post and if I could I
    want to suggest you few interesting things or advice. Maybe you could write next articles referring to this article.
    I desire to read more things about it!

  4. When some one searches for his required thing,
    thus he/she desires to be available that in detail, thus that thing is maintained over here.

  5. hello!,I love your writing very so much! percentage we communicate extra approximately your article on AOL?
    I need an expert on this house to unravel my problem. Maybe that is you!
    Having a look ahead to see you.

  6. #6 Coconut Oil Benefits 回复 | 引用 Post:2018-10-19 12:34

    Heya! I just wanted to ask if you ever have any trouble with hackers?
    My last blog (wordpress) was hacked and I ended up losing several weeks of hard
    work due to no back up. Do you have any methods to prevent
    hackers?

  7. #7 Coconut Oil 回复 | 引用 Post:2018-10-25 07:12

    I really love your website.. Excellent colors & theme. Did you
    create this website yourself? Please reply back as I’m
    hoping to create my very own website and want to know where you
    got this from or just what the theme is named. Cheers!

  8. #8 quest bars cheap 回复 | 引用 Post:2018-11-03 08:58

    Sweet blog! I found it while searching on Yahoo News.
    Do you have any tips on how to get listed in Yahoo News?
    I’ve been trying for a while but I never seem to get there!
    Thank you

  9. #9 quest bars 回复 | 引用 Post:2018-11-06 04:54

    Thank you a lot for sharing this with all of us you really recognize what you’re speaking approximately!
    Bookmarked. Please additionally consult with my site =).
    We will have a link exchange agreement between us

  10. #10 Quest Bars Cheap 回复 | 引用 Post:2018-11-08 20:41

    I am curious to find out what blog system you are working with?
    I’m experiencing some minor security problems with my latest site and I would like to find something more secure.
    Do you have any recommendations?

  11. #11 Quest Bars 回复 | 引用 Post:2018-11-09 04:37

    Do you have any video of that? I’d like to find out more details.

  12. Hi friends, fastidious paragraph and good arguments commented at this place, I am truly enjoying by
    these.

  13. If some one desires expert view about blogging and site-building after that
    i recommend him/her to go to see this webpage, Keep up
    the fastidious work.

发表评论