具有偏移量的MOV指令
[英]MOV instruction with an offset
问题描述
Here is a line of assembly code from a core file. 
这是核心文件中的汇编代码行。
0x00002ac8c957012d <+45>: mov 0x8(%rsp), %rsi
I noticed that registry rsp is at the following location so I use the Examine command to view the content plus 16 more objects/bytes. 我注意到注册表rsp位于以下位置,因此我使用Examine命令查看内容以及16个其他对象/字节。
> x/16x 0x2acd5752a610
0x2acd5752a610: 0x70 0xa6 0x11 0xff 0x29 0xcd 0x22 0x00
0x2acd5752a618: 0x33 0xee 0xf1 0xa9 0xb2 0xcc 0x34 0x76
When figuring out the offset of 0x8 is this going to be 0 based resulting in the value being 0x33 or just count starting with 1 to 8 from the start which results in the value being 0x00? 当计算出0x8的偏移量时,它是基于0导致值0x33还是只是从开始以1到8进行计数而导致值是0x00?
1 个解决方案
解决方案1
3 2017-06-22 22:04:27
You are confused by the braindead abomination that is AT&T syntax. AT&T语法令人讨厌,这让您感到困惑。
In Intel's intended syntax mov 0x8(%rsp), %rsi translates to: 在Intel预期的语法mov 0x8(%rsp), %rsi转换为:
mov rsi,[rsp+8]
Which means fill the 8 bytes of register rsi with the 8 bytes at address [rsp+8] . 这意味着用地址[rsp+8]的8个字节填充寄存器rsi的8个字节。
Note that rsp is a 64-bit (8 byte) register which handles 8 bytes at a time. 请注意, rsp是一个64位(8字节)寄存器,一次可处理8个字节。
We don't know what the value of rsp is, but we do know that rsp is the stack pointer and +8 means we take the address 8 bytes above the stack pointer, or the second most recently pushed value on the stack (because the stack grows downward). 我们不知道rsp的值是什么,但是我们确实知道rsp是堆栈指针,而+8表示我们将地址移到堆栈指针上方8个字节,或者是堆栈上第二个最近压入的值(因为堆栈向下生长)。
This instruction is sneaking a peak inside the stack :-) 该指令正在栈内潜入一个高峰:-)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.