为什么我的汇编程序转储中的地址与寄存器的地址不同?
[英]Why do the addresses in my assembler dump differ from the addresses of registers?
问题描述
I have a very basic program that I compiled with
我有一个非常基本的程序,我用它编译
gcc -m32 -g -o hello32.out hello.c
When I run disassemble main in gdb I get the following output:当我在 gdb 中运行 disassemble main 时,我得到以下输出:
0x0000051d <+0>: lea ecx,[esp+0x4]
0x00000521 <+4>: and esp,0xfffffff0
0x00000524 <+7>: push DWORD PTR [ecx-0x4]
0x00000527 <+10>: push ebp
0x00000528 <+11>: mov ebp,esp
0x0000052a <+13>: push ebx
0x0000052b <+14>: push ecx
0x0000052c <+15>: sub esp,0x10
0x0000052f <+18>: call 0x420 <__x86.get_pc_thunk.bx>
0x00000534 <+23>: add ebx,0x1aa4
0x0000053a <+29>: mov DWORD PTR [ebp-0xc],0x0
... [truncated for brevity]
However, when I run然而,当我跑
(gdb) break main
(gdb) run
(gdb) info register eip
I get我得到
eip 0x5655553a 0x5655553a <main+29>
Why is main+29 shown as 0x0000053a in the assembler dump but 0x5655553a when the address of eip is given?为什么 main+29 在汇编程序转储中显示为 0x0000053a 而在给出 eip 地址时显示为 0x5655553a?
1 个解决方案
解决方案1
3 已采纳 2018-11-15 01:15:53
Your GCC makes PIE executables by default, so there is no fixed base address in the file (and disassembly shows it relative to 0, ie offsets rather than absolute addresses).默认情况下,您的 GCC 使 PIE 可执行文件,因此文件中没有固定的基地址(反汇编显示它相对于 0,即偏移量而不是绝对地址)。
Once the kernel's ELF program loader has created a running process from the executable (and chosen a virtual address as the base), GDB can show you the actual runtime virtual addresses.一旦内核的 ELF 程序加载器从可执行文件创建了一个正在运行的进程(并选择了一个虚拟地址作为基址),GDB 就可以向您显示实际的运行时虚拟地址。 (eg starti to start it running, then disas my_func to get a valid address within that process; GDB disables ASLR so it will be the same every time only if running under GDB, or with other ways of disabling ASLR for a specific run of a process or system-wide.) (例如starti开始运行它,然后disas my_func获得该进程中的一个有效的地址; GDB禁用ASLR所以这将是相同的只有GDB下运行,或禁用ASLR的的具体运行的其他方式每次过程或系统范围。)
Build with -fno-pie -no-pie to get position- dependent executables where the runtime address is known from the executable metadata.使用-fno-pie -no-pie构建以获取位置相关的可执行文件,其中运行时地址可从可执行文件元数据中获知。 (You should definitely prefer -fno-pie for i386 code: without RIP-relative addressing the extra performance / code-size cost of position-independent code is significantly worse than for x86-64.) (对于 i386 代码,您绝对应该更喜欢-fno-pie :如果没有 RIP 相对寻址,位置无关代码的额外性能/代码大小成本明显低于 x86-64。)
Related: 32-bit absolute addresses no longer allowed in x86-64 Linux?相关: x86-64 Linux 中不再允许 32 位绝对地址? for more about PIE (both 32-bit and 64-bit x86, and in general.)有关 PIE 的更多信息(32 位和 64 位 x86,以及一般情况。)
GDB - Address of breakpoint is similar to this but not exactly a duplicate. GDB - 断点地址与此类似,但不完全重复。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.