堆栈内存溢出
  简体   繁体   English

GDB为一个简单的程序进行反汇编

[英]GDB disassemble for a simple program

 原文  2013-02-28 13:29:06       c/ gcc/ assembly/ x86/ gdb

问题描述

Here is a simple program in C for which I used gdb to disassemble it to understand what is happening. 这是C中的一个简单程序,我使用gdb对其进行反汇编以了解发生了什么。 

#include <stdio.h>
#include <string.h>
int main(){
    printf("%d", sizeof(foo("HELLOWORLD")));
}

int foo(char* c)
{
   printf("%s\n",c);
}

And below is the corresponding assembly code for disassemble main 以下是反汇编主要的相应汇编代码 

0x08048414 <+0>:    push   %ebp
   0x08048415 <+1>: mov    %esp,%ebp
   0x08048417 <+3>: and    $0xfffffff0,%esp
   0x0804841a <+6>: sub    $0x10,%esp
   0x0804841d <+9>: mov    $0x8048520,%eax
   0x08048422 <+14>:    movl   $0x4,0x4(%esp)
   0x0804842a <+22>:    mov    %eax,(%esp)
   0x0804842d <+25>:    call   0x8048320 <printf@plt>
   0x08048432 <+30>:    leave  
   0x08048433 <+31>:    ret

And below is disassemble foo 以下是拆解foo 

0x08048434 <+0>:    push   %ebp
   0x08048435 <+1>: mov    %esp,%ebp
   0x08048437 <+3>: sub    $0x18,%esp
   0x0804843a <+6>: mov    0x8(%ebp),%eax
   0x0804843d <+9>: mov    %eax,(%esp)
   0x08048440 <+12>:    call   0x8048330 <puts@plt>
   0x08048445 <+17>:    leave  
   0x08048446 <+18>:    ret

I m confused about these instructions: 我对这些说明感到困惑:

  1. 0x08048417 <+3> and $0xfffffff0,%esp Why stack pointer needs to be aligned when it is not modified before? 0x08048417 <+3> and $0xfffffff0,%esp为什么堆栈指针在未被修改之前需要对齐?

  2. 0x0804841a <+6>:sub $0x10,%esp what exactly is this instruction doing particular to the program? 0x0804841a <+6>:sub $0x10,%esp这条指令究竟对程序有什么影响?

  3. 0x0804841d <+9>:mov $0x8048520,%eax what is this instruction doing particular to the program? 0x0804841d <+9>:mov $0x8048520,%eax这个指令对程序有什么影响?

  4. mov %eax,(%esp) What does parenthesis around %esp mean? mov %eax,(%esp) %esp周围的括号是什么意思?

Would be helpful if someone explained this. 如果有人解释了这个会很有帮助。

1 个解决方案

解决方案1
 2 已采纳  2013-02-28 13:37:20

  1. belongs to the (function-)prologue, it is aligning the SP to a 16-byte boundary, by bitmasking the SP. 属于(function-)序言,它通过对SP进行位掩码将SP与16字节边界对齐。

  2. memory for the stack-frame is created, as your pointer needs to be passed to the function. 创建堆栈帧的内存,因为您的指针需要传递给函数。 The address will be passed from the stack to the function. 地址将从堆栈传递给函数。 Yet it seems that the expression is evluated at compile-time, so no need for the actual call. 然而,似乎表达式在编译时被清除,因此不需要实际的调用。

  3. 0x8048520 is probably the adress of your string "%d". 0x8048520可能是字符串“%d”的地址。 It is being put into eax, from there on it is put on the stack using the stackpointer. 它被放入eax,从那里它使用stackpointer放在堆栈上。

There is plenty of material around, like this . 周围有很多材料,像这样

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 (GDB)断点和反汇编 - (GDB) Breakpoints and Disassemble gdb按行号反汇编 - gdb disassemble by line number gdb反汇编一行 - gdb disassemble one line 用gdb反汇编时指针在哪里 - Where are pointers when we disassemble with gdb 为什么这个简单的多线程程序在 eclipse - mingw32/gdb 中冻结? - Why is this simple multithreaded program freezing in eclipse - mingw32/gdb? 在特定地址的程序中反汇编x86代码 - Disassemble x86 code in a program at a specific address 程序接收信号-gdb - Program receives signal - gdb GDB不会立即中断程序 - GDB not interrupting program immediately 用gdb调试C程序 - debugging C program with gdb 如何反汇编C语言上的目标程序? - How do I disassemble an object program made on C?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM