Consider that i have a program that prints the value of a variable. Lets term that variable as 'i'. The binary file is 开发者_JS百科of '.exe' format. How to determine the value of 'i' and also understand that the particular value is of the variable 'i' from the '.exe' format ?
It depends if the variable is a local or a global. If it's a global, then it's pretty easy with the right tools (I can't recommend any particular ones since I use Linux). You would just find the location of the symbol "i" in the symbol table, and that would show you where 'i' is located. If you want to know what value it contains, well, you can only see its initial value, not its value at runtime (obviously, because you are looking at the exe file, not a running image of the program). If it's uninitialised, then you can't see it's initial value; otherwise its initial value will hopefully be visible in the tool next to the value's location (probably in hexadecimal, so you will have to decode it).
Now if it is a local variable, then it's a different story. The variable won't have a name at all, as local variables names are lost when programs are compiled. It will merely (possibly) occupy a position on the stack, during that function's execution. For example, the first variable is often located in -8(%ebp)
, the second in -12(%ebp)
, etc. (-4(%ebp)
and 0(%ebp)
are special). So if you are looking in the assembly code for the exe, chances are that -8(%ebp)
will refer to the first local variable in a function. Again, you can't know what value it has because you're statically looking at the exe. And all of this depends upon which compiler was used, and what optimisation level it was set to.
Sorry to not give any specific tools. I am assuming you have accessing to some decompilation tools, which will show you the assembly code and symbol tables.
精彩评论