为什么我的汇编程序会出现段错误?
[英]Why does my assembly program give segfault?
问题描述
I have the following piece of code that I have to debug: 
我有以下代码需要调试:
global _start
_start:
pop esp
js 0x36
xor [eax+edi*2+0x43],ebx
xor [eax+edi*2+0x35],bl
xor [eax+edi*2+0x36],bl
cmp [eax+edi*2+0x37],bl
ss pop esp
js 0x49
aaa
pop esp
js 0x52
xor al,0x5c
js 0x56
xor al,0x5c
js 0x59
cmp [eax+edi*2+0x37],bl
xor ebx,[eax+edi*2+0x32]
xor al,0x5c
js 0x61
xor eax,0x3532785c
pop esp
js 0x6d
cmp [eax+edi*2+0x32],bl
xor [eax+edi*2+0x32],bl
xor ebx,[eax+edi*2+0x32]
xor eax,0x3332785c
pop esp
js 0x81
cmp [eax+edi*2+0x37],bl
cmp [eax+edi*2+0x32],bl
xor al,0x5c
js 0x8e
xor eax,0x3532785c
pop esp
js 0x95
cmp [eax+edi*2+0x37],bl
cmp [eax+edi*2+0x32],bl
xor [eax+edi*2+0x37],bl
xor bl,[eax+edi*2+0x32]
xor [eax+edi*2+0x36],bl
cmp [eax+edi*2+0x37],bl
xor [eax+edi*2+0x37],bl
xor [eax+edi*2+0x37],bl
xor eax,0x3637785c
pop esp
js 0xbd
cmp [eax+edi*2+0x32],bl
aaa
pop esp
js 0xc6
xor al,0x5c
js 0xca
cmp [eax+edi*2+0x32],bl
aaa
pop esp
js 0xd1
cmp [eax+edi*2+0x37],bl
cmp [eax+edi*2+0x32],ebx
aaa
pop esp
js 0xd9
xor al,0x5c
js 0xe2
xor bl,[eax+edi*2+0x36]
cmp [eax+edi*2+0x37],bl
xor bl,[eax+edi*2+0x37]
cmp [eax+edi*2+0x37],bl
cmp [eax+edi*2+0x37],ebx
cmp [eax+edi*2+0x36],bl
cmp [eax+edi*2+0x37],bl
ss pop esp
js 0xfd
aaa
pop esp
js 0x106
xor [eax+edi*2+0x32],bl
xor eax,0x3836785c
pop esp
js 0x112
cmp [eax+edi*2+0x37],bl
xor ebx,[eax+edi*2+0x32]
xor ebx,[eax+edi*2+0x32]
aaa
pop esp
js 0x121
cmp [eax+edi*2+0x32],bl
xor [eax+edi*2+0x37],bl
cmp [eax+edi*2+0x32],ebx
xor bl,[eax+edi*2+0x37]
xor eax,0x3836785c
pop esp
js 0x13a
xor [eax+edi*2+0x37],bl
xor [eax+edi*2+0x32],ebx
xor al,0x5c
js 0x141
xor ebx,[eax+edi*2+0x36]
cmp [eax+edi*2+0x37],bl
xor [eax+edi*2+0x37],ebx
xor ebx,[eax+edi*2+0x37]
cmp [eax+edi*2+0x37],ebx
xor [eax+edi*2+0x36],bl
cmp [eax+edi*2+0x32],bl
xor eax,0x3937785c
pop esp
js 0x16a
xor bl,[eax+edi*2+0x37]
xor bl,[eax+edi*2+0x36]
cmp [eax+edi*2+0x32],bl
aaa
pop esp
js 0x17a
cmp [eax+edi*2+0x32],bl
aaa
pop esp
js 0x182
xor eax,0x3836785c
pop esp
js 0x18a
cmp [eax+edi*2+0x37],bl
xor [eax+edi*2+0x37],bl
xor ebx,[eax+edi*2+0x37]
xor eax,0x3836785c
pop esp
js 0x19e
xor bl,[eax+edi*2+0x37]
cmp [eax+edi*2+0x32],bl
xor ebx,[eax+edi*2+0x37]
xor eax,0x3836785c
pop esp
js 0x1ad
xor eax,0x3032785c
pop esp
js 0x1ba
xor [eax+edi*2+0x32],bl
xor al,0x5c
js 0x1c1
cmp [eax+edi*2+0x37],bl
xor bl,[eax+edi*2+0x32]
xor eax,0x3637785c
pop esp
js 0x1d2
xor ebx,[eax+edi*2+0x36]
cmp [eax+edi*2+0x37],bl
xor bl,[eax+edi*2+0x32]
xor [eax+edi*2+0x37],bl
xor ebx,[eax+edi*2+0x37]
xor bl,[eax+edi*2+0x36]
cmp [eax+edi*2+0x37],bl
xor [eax+edi*2+0x32],ebx
xor [eax+edi*2+0x37],bl
xor [eax+edi*2+0x32],ebx
xor bl,[eax+edi*2+0x36]
cmp [eax+edi*2+0x32],bl
xor ebx,[eax+edi*2+0x37]
xor eax,0x3037785c
pop esp
js 0x20e
xor bl,[eax+edi*2+0x36]
cmp [eax+edi*2+0x32],bl
xor bl,[eax+edi*2+0x37]
xor al,0x5c
js 0x219
xor eax,0x3837785c
pop esp
js 0x225
cmp [eax+edi*2+0x37],bl
xor [eax+edi*2+0x37],ebx
aaa
pop esp
js 0x232
xor eax,0x3137785c
pop esp
js 0x239
cmp [eax+edi*2+0x32],bl
aaa
pop esp
js 0x242
xor bl,[eax+edi*2+0x37]
aaa
pop esp
js 0x245
xor bl,[eax+edi*2+0x36]
cmp [eax+edi*2+0x37],bl
xor [eax+edi*2+0x37],bl
xor [eax+edi*2+0x32],bl
aaa
pop esp
js 0x259
xor eax,0x3836785c
pop esp
js 0x266
aaa
pop esp
js 0x26a
xor ebx,[eax+edi*2+0x37]
cmp [eax+edi*2+0x32],bl
xor al,0x5c
js 0x275
cmp [eax+edi*2+0x37],bl
xor bl,[eax+edi*2+0x37]
cmp [eax+edi*2+0x37],bl
aaa
pop esp
js 0x286
xor al,0x5c
js 0x289
cmp [eax+edi*2+0x32],bl
aaa
pop esp
js 0x292
aaa
pop esp
js 0x291
aaa
pop esp
js 0x295
xor bl,[eax+edi*2+0x36]
cmp [eax+edi*2+0x32],bl
xor bl,[eax+edi*2+0x37]
xor al,0x5c
js 0x2a5
xor bl,[eax+edi*2+0x37]
xor eax,0x3836785c
pop esp
js 0x2b6
xor ebx,[eax+edi*2+0x37]
aaa
pop esp
js 0x2be
xor [eax+edi*2+0x37],bl
xor [eax+edi*2+0x35],bl
xor al,0x5c
js 0x2c8
inc ebp
pop esp
js 0x2cf
inc edx
pop esp
js 0x2e1
inc ebp
pop esp
js 0x2d7
inc edx
pop esp
js 0x2e7
aaa
pop esp
js 0x2ed
inc ebx
pop esp
js 0x2ed
cmp [eax+edi*2+0x38],ebx
xor [eax+edi*2+0x30],bl
xor [eax+edi*2+0x30],bl
xor [eax+edi*2+0x30],bl
xor [eax+edi*2+0x42],bl
inc edx
pop esp
js 0x2f7
xor [eax+edi*2+0x30],ebx
xor [eax+edi*2+0x30],bl
xor [eax+edi*2+0x30],bl
xor [eax+edi*2+0x33],bl
xor [eax+edi*2+0x43],ebx
xor [eax+edi*2+0x35],bl
xor [eax+edi*2+0x41],bl
inc ebx
pop esp
js 0x316
xor ebx,[eax+edi*2+0x43]
xor ebx,[eax+edi*2+0x41]
inc ecx
pop esp
js 0x334
xor bl,[eax+edi*2+0x46]
inc ecx
pop esp
js 0x32c
xor al,0x5c
js 0x330
inc ebp
pop esp
js 0x342
inc ebx
db 0x0a
After compiling and running that code I obtain a segmentation fault error, it seems that something goes wrong after the 5th line. 编译并运行该代码后,我得到了分段错误错误,似乎在第5行之后出了点问题。 My linux asm knowledge is very basic, any hints or ideas about what is exactly going wrong and how to fix it? 我的Linux asm知识非常基础,关于到底出了什么问题以及如何解决它的任何提示或想法?
This piece of code is a part of a debugging exercise, I'm doing that for auto-learning only, this is not a part of any homework or something. 这段代码是调试练习的一部分,我这样做仅是为了自动学习,而不是任何家庭作业或任何内容的一部分。
1 个解决方案
解决方案1
4 已采纳 2015-06-28 16:57:42
I have compiled your example and then looked at it using hexdump : 我已经编译了您的示例,然后使用hexdump :
(I had to add BITS 32 to it to compile in 32-bit mode, because I'm using Linux-64): (由于我使用的是Linux-64,因此我必须在其中添加BITS 32才能以32位模式进行编译):
$ vi test.asm
$ nasm test.asm
$ hexdump -C test
00000000 5c 0f 88 2f 00 00 00 31 5c 78 43 30 5c 78 35 30 |\../...1\xC0\x50|
00000010 5c 78 36 38 5c 78 37 36 5c 0f 88 2a 00 00 00 37 |\x68\x76\..*...7|
00000020 5c 0f 88 2b 00 00 00 34 5c 0f 88 27 00 00 00 34 |\..+...4\..'...4|
00000030 5c 0f 88 22 00 00 00 38 5c 78 37 33 5c 78 32 34 |\.."...8\x73\x24|
00000040 5c 0f 88 1a 00 00 00 35 5c 78 32 35 5c 0f 88 1a |\......5\x25\...|
00000050 00 00 00 38 5c 78 32 30 5c 78 32 33 5c 78 32 35 |...8\x20\x23\x25|
00000060 5c 78 32 33 5c 0f 88 16 00 00 00 38 5c 78 37 38 |\x23\......8\x78|
00000070 5c 78 32 34 5c 0f 88 13 00 00 00 35 5c 78 32 35 |\x24\......5\x25|
00000080 5c 0f 88 0e 00 00 00 38 5c 78 37 38 5c 78 32 30 |\......8\x78\x20|
........
Do you see the pattern? 你看到图案了吗? At the right column (ASCII mode) you can see a lot of literal \\xNN , that is not the byte NN but the characters '\\' 'x' and two numbers! 在右列(ASCII模式),您会看到很多文字\\xNN ,不是字节NN而是字符'\\' 'x'和两个数字!
My guess is that you are debugging a dump of some binary code, but that code has not been properly dumped. 我的猜测是您正在调试一些二进制代码的转储,但是该代码尚未正确转储。 Thus the assembly you are looking at is nonsense. 因此,您正在查看的程序集是胡说八道。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
为什么我的线程Perl脚本会出现段错误? - Why does my threaded Perl script segfault?
为什么Linux程序derefrences(char *)0并不总是段错误? - Why does Linux program that derefrences (char*)0 not always segfault?
为什么会出现段错误? - Why does fread segfault?
更改cuda内核时,为什么cudaGraphicsGLRegisterBuffer出现段错误? - Why does cudaGraphicsGLRegisterBuffer segfault when I change my cuda kernel?
为什么我的程序在linux-gcc而不是mingw-gcc上出现段错误? - Why my program gets a segfault in linux-gcc but not on mingw-gcc?
为什么此代码在我的笔记本电脑(OSX 10.9)上运行正常,但在服务器(Linux)上却出现段错误? - Why does this code run fine on my Laptop (OSX 10.9), but segfault on server (Linux)?
为什么从C执行而不是作为独立的可执行文件执行shellcode segfault? - Why does my shellcode segfault when executed from C, but not as a stand-alone executable?
为什么我的流程计数脚本会出现误报? - Why does my process counting script give false positives?
我的汇编程序中的分段错误 - Segmentation fault in my assembly program
为什么这个简单的汇编程序可以使用 AT&T 语法而不是 Intel 语法? - Why does this simple assembly program work in AT&T syntax but not Intel syntax?
相关标签