&的使用

1. & 就是给前面加一个 *, 并且类型要对应

#include <stdio.h>

int main()
{
    int p = 1;
    int *p1 = &p;
    int **p2 = &p1;
    int ***p4 = &p2;

    return 0;
}

5:        int p = 1;
00401028   mov         dword ptr [ebp-4],1
6:        int *p1 = &p;
0040102F   lea         eax,[ebp-4]
00401032   mov         dword ptr [ebp-8],eax
7:        int **p2 = &p1;
00401035   lea         ecx,[ebp-8]
00401038   mov         dword ptr [ebp-0Ch],ecx
8:        int ***p4 = &p2;
0040103B   lea         edx,[ebp-0Ch]
0040103E   mov         dword ptr [ebp-10h],edx

2. 取值运算符

#include <stdio.h>

int main()
{
    int *a = (int *)1;
    printf("%x \n", *(a + 1));
    return 0;
}

5:        int *a = (int *)1;
00401028   mov         dword ptr [ebp-4],1
6:        printf("%x \n", *(a + 1));
0040102F   mov         eax,dword ptr [ebp-4]
00401032   mov         ecx,dword ptr [eax+4] // 因为a 是指针类型，所以加4, 获取内存编号里面的值
00401035   push        ecx
00401036   push        offset string "%x \n" (00426ee8)
0040103B   call        printf (004108c0)
00401040   add         esp,8
7:        return 0;

3. *指针类型的类型

#include <stdio.h>

int main()
{
    int ****p4 = (int ****)1;
    int ***p3 = *(p4);
    int **p2 = *(p3);
    int *p1 = *(p2);
    int p = *(p1);
    return 0;
}

5:        int ****p4 = (int ****)1;
00401028   mov         dword ptr [ebp-4],1
6:        int ***p3 = *(p4);
0040102F   mov         eax,dword ptr [ebp-4]
00401032   mov         ecx,dword ptr [eax]      // [1] 中的值给ebp-8
00401034   mov         dword ptr [ebp-8],ecx
7:        int **p2 = *(p3);
00401037   mov         edx,dword ptr [ebp-8]
0040103A   mov         eax,dword ptr [edx]     // [[1]] 的值给ebp-c
0040103C   mov         dword ptr [ebp-0Ch],eax
8:        int *p1 = *(p2);
0040103F   mov         ecx,dword ptr [ebp-0Ch]
00401042   mov         edx,dword ptr [ecx]      // [[[1]]] 的值给ebp-10
00401044   mov         dword ptr [ebp-10h],edx
9:        int p = *(p1);
00401047   mov         eax,dword ptr [ebp-10h]
0040104A   mov         ecx,dword ptr [eax]      // [[[[1]]]] 的值给 ebp-14
0040104C   mov         dword ptr [ebp-14h],ecx

总结：*(指针类型) 是给指针类型减去一个*

4. 通过*修改变量的值

#include <stdio.h>

int main()
{
    int x = 1;
    int *p = &x;
    *(p) = 2;
    printf("%d\n", x);
    return 0;
}

5:        int x = 1;
0040D428   mov         dword ptr [ebp-4],1
6:        int *p = &x;
0040D42F   lea         eax,[ebp-4]             // eax = 19FF30
0040D432   mov         dword ptr [ebp-8],eax
7:        *(p) = 2;
0040D435   mov         ecx,dword ptr [ebp-8]   // ecx = 19FF30
0040D438   mov         dword ptr [ecx],2
8:        printf("%d\n", x);
0040D43E   mov         edx,dword ptr [ebp-4]   // 2
0040D441   push        edx
0040D442   push        offset string "%d\n" (0042201c)
0040D447   call        printf (0040d6d0)
0040D44C   add         esp,8

5. 指针取值的两种方式： 8() 和 [] 可以互相转换

• 一层 *

#include <stdio.h>

int main()
{
    int *p = (int *)1;
    printf("%d %d\n", p[0], *p);

    return 0;
}


5:        int *p = (int *)1; // p[0] = *(p + 0) = *p
0040D448   mov         dword ptr [ebp-4],1
6:        printf("%d %d\n", p[0], *p);
0040D44F   mov         eax,dword ptr [ebp-4] // eax = 1
0040D452   mov         ecx,dword ptr [eax]   // ecx = [1] 两个参数一摸一样
0040D454   push        ecx
0040D455   mov         edx,dword ptr [ebp-4] // edx = 1
0040D458   mov         eax,dword ptr [edx]   // eax = [1] 两个参数一摸一样
0040D45A   push        eax
0040D45B   push        offset string "ABCDE" (0042201c)
0040D460   call        printf (0040d750)
0040D465   add         esp,0Ch

• 二层*

#include <stdio.h>

int main()
{
    int **p = (int **)1;
    printf("%d %d\n", p[0][0], **p);

    return 0;
}

5:        int **p = (int **)1;   // p[0][0] = *(*(p+0)+0) = **p
0040D448   mov         dword ptr [ebp-4],1
6:        printf("%d %d\n", p[0][0], **p);
0040D44F   mov         eax,dword ptr [ebp-4] // eax = 1
0040D452   mov         ecx,dword ptr [eax]   // ecx = [1]
0040D454   mov         edx,dword ptr [ecx]   // edx = [[1]]  两个参数一摸一样
0040D456   push        edx
0040D457   mov         eax,dword ptr [ebp-4] // eax = 1
0040D45A   mov         ecx,dword ptr [eax]   // ecx = [1]
0040D45C   mov         edx,dword ptr [ecx]   // edx = [[1]]  两个参数一摸一样
0040D45E   push        edx
0040D45F   push        offset string "ABCDE" (0042201c)
0040D464   call        printf (0040d750)
0040D469   add         esp,0Ch

• 两层有偏移

#include <stdio.h>

int main()
{
    int **p = (int **)1;
    printf("%d %d\n", p[1][2], *(*(p + 1) + 2));

    return 0;
}

5:        int **p = (int **)1;
0040D448   mov         dword ptr [ebp-4],1
6:        printf("%d %d\n", p[1][2], *(*(p + 1) + 2));
0040D44F   mov         eax,dword ptr [ebp-4]     // eax = 1
0040D452   mov         ecx,dword ptr [eax+4]     // ecx = [5], 对应 + 1
0040D455   mov         edx,dword ptr [ecx+8]     // edx = [D]，对应 + 2
0040D458   push        edx
0040D459   mov         eax,dword ptr [ebp-4]     // eax = 1
0040D45C   mov         ecx,dword ptr [eax+4]     // ecx = [5], 对应 + 1
0040D45F   mov         edx,dword ptr [ecx+8]     // edx = [D]，对应 + 2
0040D462   push        edx
0040D463   push        offset string "ABCDE" (0042201c)
0040D468   call        printf (0040d750)
0040D46D   add         esp,0Ch

• 一层有偏移

#include <stdio.h>

int main()
{
    int *p = (int *)1;
    printf("%d %d\n", p[1], *(p + 1));

    return 0;
}

5:        int *p = (int *)1;
0040D448   mov         dword ptr [ebp-4],1
6:        printf("%d %d\n", p[1], *(p + 1));
0040D44F   mov         eax,dword ptr [ebp-4]
0040D452   mov         ecx,dword ptr [eax+4]
0040D455   push        ecx
0040D456   mov         edx,dword ptr [ebp-4]
0040D459   mov         eax,dword ptr [edx+4]
0040D45C   push        eax
0040D45D   push        offset string "ABCDE" (0042201c)
0040D462   call        printf (0040d750)
0040D467   add         esp,0Ch

• 总结

#include <stdio.h>

int main()
{
    int i = 100;
    int *p1 = &i;
    int **p2 = &p1;
    int ***p3 = &p2;
    int ****p4 = &p3;
    int *****p5 = &p4;

    int y = *****p5;
    int z = p5[0][0][0][0][0];

    return 0;
}

5:        int i = 100;
0040D448   mov         dword ptr [ebp-4],64h
6:        int *p1 = &i;
0040D44F   lea         eax,[ebp-4]
0040D452   mov         dword ptr [ebp-8],eax
7:        int **p2 = &p1;
0040D455   lea         ecx,[ebp-8]
0040D458   mov         dword ptr [ebp-0Ch],ecx
8:        int ***p3 = &p2;
0040D45B   lea         edx,[ebp-0Ch]
0040D45E   mov         dword ptr [ebp-10h],edx
9:        int ****p4 = &p3;
0040D461   lea         eax,[ebp-10h]
0040D464   mov         dword ptr [ebp-14h],eax
10:       int *****p5 = &p4;
0040D467   lea         ecx,[ebp-14h]
0040D46A   mov         dword ptr [ebp-18h],ecx
11:
12:       int y = *****p5;                // = 100
0040D46D   mov         edx,dword ptr [ebp-18h]
0040D470   mov         eax,dword ptr [edx]
0040D472   mov         ecx,dword ptr [eax]
0040D474   mov         edx,dword ptr [ecx]
0040D476   mov         eax,dword ptr [edx]
0040D478   mov         ecx,dword ptr [eax]
0040D47A   mov         dword ptr [ebp-1Ch],ecx
13:       int z = p5[0][0][0][0][0];      // = 100
0040D47D   mov         edx,dword ptr [ebp-18h]
0040D480   mov         eax,dword ptr [edx]
0040D482   mov         ecx,dword ptr [eax]
0040D484   mov         edx,dword ptr [ecx]
0040D486   mov         eax,dword ptr [edx]
0040D488   mov         ecx,dword ptr [eax]
0040D48A   mov         dword ptr [ebp-20h],ecx