switch ,,,case逻辑的逆向

下面是一段典型的switch...case 语句：

042C969F 83FD 03 cmp ebp, 3
2

042C96A2 0F87 02010000 ja 042C97AA
3

042C96A8 FF24AD F8972C04 jmp dword ptr [ebp * 4 + 42C97F8] ; js.042C96CB
4

042C96AF 8BCF mov ecx, edi
5

042C96B1 2BCE sub ecx, esi
6

042C96B3 51 push ecx
7

042C96B4 8B4C24 24 mov ecx, dword ptr [esp + 24 ]
8

042C96B8 56 push esi
9

042C96B9 8D9424 94000000 lea edx, dword ptr [esp + 94 ]
10

042C96C0 52 push edx
11

042C96C1 E8 0A86F8FF call 04251CD0
12

042C96C6 E9 E7000000 jmp 042C97B2
13

042C96CB 8BC7 mov eax, edi
14

042C96CD 2BC6 sub eax, esi
15

042C96CF 50 push eax
16

042C96D0 56 push esi
17

042C96D1 8D4C24 30 lea ecx, dword ptr [esp + 30 ]
18

042C96D5 51 push ecx
19

042C96D6 8D8C24 98000000 lea ecx, dword ptr [esp + 98 ]
20

042C96DD E8 2EE6F8FF call 04257D10
21

042C96E2 3958 18 cmp dword ptr [eax + 18 ], ebx
22

042C96E5 72 05 jb short 042C96EC
23

042C96E7 8B40 04 mov eax, dword ptr [eax + 4 ]
24

042C96EA EB 03 jmp short 042C96EF
25

042C96EC 83C0 04 add eax, 4
26

042C96EF 50 push eax
27

042C96F0 E8 06450400 call 0430DBFB
28

042C96F5 8B5424 28 mov edx, dword ptr [esp + 28 ]
29

042C96F9 83C4 04 add esp, 4
30

042C96FC 395C24 40 cmp dword ptr [esp + 40 ], ebx
31

042C9700 8902 mov dword ptr [edx], eax
32

042C9702 0F82 AA000000 jb 042C97B2
33

042C9708 8B4424 2C mov eax, dword ptr [esp + 2C]
34

042C970C 50 push eax
35

042C970D E8 F8330400 call 0430CB0A
36

042C9712 83C4 04 add esp, 4
37

042C9715 E9 98000000 jmp 042C97B2
38

042C971A 8BCF mov ecx, edi
39

042C971C 2BCE sub ecx, esi
40

042C971E 51 push ecx
41

042C971F 56 push esi
42

042C9720 8D5424 4C lea edx, dword ptr [esp + 4C]
43

042C9724 52 push edx
44

042C9725 8D8C24 98000000 lea ecx, dword ptr [esp + 98 ]
45

042C972C E8 DFE5F8FF call 04257D10
46

042C9731 3958 18 cmp dword ptr [eax + 18 ], ebx
47

042C9734 72 05 jb short 042C973B
48

042C9736 8B40 04 mov eax, dword ptr [eax + 4 ]
49

042C9739 EB 03 jmp short 042C973E
50

042C973B 83C0 04 add eax, 4
51

042C973E 50 push eax
52

042C973F E8 B7440400 call 0430DBFB
53

042C9744 8B4C24 1C mov ecx, dword ptr [esp + 1C]
54

042C9748 83C4 04 add esp, 4
55

042C974B 395C24 5C cmp dword ptr [esp + 5C], ebx
56

042C974F 8901 mov dword ptr [ecx], eax
57

042C9751 72 5F jb short 042C97B2
58

042C9753 8B5424 48 mov edx, dword ptr [esp + 48 ]
59

042C9757 52 push edx
60

042C9758 E8 AD330400 call 0430CB0A
61

042C975D 83C4 04 add esp, 4
62

042C9760 EB 50 jmp short 042C97B2
63

042C9762 8BC7 mov eax, edi
64

042C9764 2BC6 sub eax, esi
65

042C9766 50 push eax
66

042C9767 56 push esi
67

042C9768 8D4C24 68 lea ecx, dword ptr [esp + 68 ]
68

042C976C 51 push ecx
69

042C976D 8D8C24 98000000 lea ecx, dword ptr [esp + 98 ]
70

042C9774 E8 97E5F8FF call 04257D10
71

042C9779 3958 18 cmp dword ptr [eax + 18 ], ebx
72

042C977C 72 05 jb short 042C9783
73

042C977E 8B40 04 mov eax, dword ptr [eax + 4 ]
74

042C9781 EB 03 jmp short 042C9786
75

042C9783 83C0 04 add eax, 4
76

042C9786 50 push eax
77

042C9787 E8 6F440400 call 0430DBFB
78

042C978C 8B5424 20 mov edx, dword ptr [esp + 20 ]
79

042C9790 83C4 04 add esp, 4
80

042C9793 395C24 78 cmp dword ptr [esp + 78 ], ebx
81

042C9797 8902 mov dword ptr [edx], eax
82

042C9799 72 17 jb short 042C97B2
83

042C979B 8B4424 64 mov eax, dword ptr [esp + 64 ]
84

042C979F 50 push eax
85

042C97A0 E8 65330400 call 0430CB0A
86

042C97A5 83C4 04 add esp, 4
87

042C97A8 EB 08 jmp short 042C97B2
88

042C97AA C74424 14 000000 > mov dword ptr [esp + 14 ], 0
89

042C97B2 83C5 01 add ebp, 1
90

switch ,,,case逻辑的逆向

你可能感兴趣的:(switch ,,,case逻辑的逆向)