通达信软件指令修改技巧之浅谈

通达信软件指令修改技巧之浅谈

在软件分析过程中，为了优化原程序或在一定空间里增添代码，需要一定的指令修改技巧，如下：
 
---------------------------------------------------------------------------------------------
 功能                       指令                         机器码             指令长度（bytes）
 ---------------------------------------------------------------------------------------------
 替换1个字节                 nop                          90                               1
 ---------------------------------------------------------------------------------------------
                           nop                          90                               1
                            nop                          90                               1
                           ------------------------------------------------------------------
                           mov edi,edi                  8B FF                            2
                           ------------------------------------------------------------------
替换2个字节                 push eax                      50                              1
                            pop eax                       58                              1
                            ------------------------------------------------------------------
                            inc eax                       40                              1
                            dec eax                       48                              1
                            ------------------------------------------------------------------
                            jmp xx                        eb00                            2
 ---------------------------------------------------------------------------------------------
                            mov eax,00000000h             B8 00 00 00 00                  5
                            ------------------------------------------------------------------
 寄存器清零                  push 0                         6A 00                          2
                            pop eax                        58                             1
                            ------------------------------------------------------------------
                            sub eax,eax/xor eax,eax        2B C0/33 C0                    2
 ---------------------------------------------------------------------------------------------
                           cmp eax,00000000h               83 F8 00                      3
                            je _label_                      74xx/0F84xxxxxxxx             2/6
 测试寄存器是否为零           ------------------------------------------------------------------
                            or eax,eax/test eax,eax         0B C0/85 C0                   2
                            je _label_                      74xx/0F84xxxxxxxx             2/6
 ---------------------------------------------------------------------------------------------
                           mov eax,0ffffffffh              B8 FF FF FF FF                5                        
                           ------------------------------------------------------------------                      
                            xor eax,eax/sub eax,eax         33 C0/2B C0                   2       
                            dec eax                         48                            1
 置寄存器为0FFFFFFFFh        -------------------------------------------------------------------
                            Stc                              F9                           1
                            sbb eax,eax                     2B C0                         2
 ---------------------------------------------------------------------------------------------
                           jmp _label_                     EBxx/E9xxxxxxxx               2/5
 转移指令                    ------------------------------------------------------------------
                            push _label_                    68 xx xx xx xx                5
                            ret                             C3                            1
 ---------------------------------------------------------------------------------------------
很多指令针对eax被做了优化，要尽可能多地使用eax。例如，“xchg eax,eax”只需要1个字节，而用其他寄存器则需要2个字节。