本文将简单介绍如何使用objdump工具进行反汇编。
本文的前提是你的Linux编程环境有gcc工具和objdump工具,没有请自行安装。
先给出一段C代码作为源文件,很简单的功能,就是实现c=a+b的功能,代码如下:
#include
static int add_a_and_b(int a, int b)
{
return a + b;
}
int main(int argc, const char *argv[])
{
int a = 1;
int b = 2;
int c;
c = add_a_and_b(a, b);
printf(" %d + %d = %d\n", a, b, c);
return c;
}
接下来,我们要使用gcc编译这段C代码,编程可执行程序,执行命令如下:
gcc -o gcc_objdump gcc_objdump.c
它将会生成一个名字叫gcc_objdump的elf可执行文件,通过运行该文件可以得到执行结果,如下图所示:
通过file命令,我们可以知道gcc_objdump这个可执行文件是一个elf文件,而我们要进行反汇编操作,就是要以这个elf文件为输入,得到汇编代码,这个过程,我们就称之为【反汇编】。
要进行反汇编操作,我们需要用到一个叫objdump的命令行工具,它的介绍可以自行到网上搜索,简单来说,就是一个可以将elf文件还原成汇编代码的工具,非常的使用。它的使用方法如下,在命令输入:
objdump -l -x -d gcc_objdump > gcc_objdump.dmp
我们就可以得到汇编文件gcc_objdump.dmp,我们用文本查看工具,如notepad++打开它,并阅读它。
gcc_objdump: file format elf64-x86-64 gcc_objdump architecture: i386:x86-64, flags 0x00000112: EXEC_P, HAS_SYMS, D_PAGED start address 0x0000000000400430 Program Header: PHDR off 0x0000000000000040 vaddr 0x0000000000400040 paddr 0x0000000000400040 align 2**3 filesz 0x00000000000001f8 memsz 0x00000000000001f8 flags r-x INTERP off 0x0000000000000238 vaddr 0x0000000000400238 paddr 0x0000000000400238 align 2**0 filesz 0x000000000000001c memsz 0x000000000000001c flags r-- LOAD off 0x0000000000000000 vaddr 0x0000000000400000 paddr 0x0000000000400000 align 2**21 filesz 0x0000000000000774 memsz 0x0000000000000774 flags r-x LOAD off 0x0000000000000e10 vaddr 0x0000000000600e10 paddr 0x0000000000600e10 align 2**21 filesz 0x0000000000000228 memsz 0x0000000000000230 flags rw- DYNAMIC off 0x0000000000000e28 vaddr 0x0000000000600e28 paddr 0x0000000000600e28 align 2**3 filesz 0x00000000000001d0 memsz 0x00000000000001d0 flags rw- NOTE off 0x0000000000000254 vaddr 0x0000000000400254 paddr 0x0000000000400254 align 2**2 filesz 0x0000000000000044 memsz 0x0000000000000044 flags r-- EH_FRAME off 0x0000000000000624 vaddr 0x0000000000400624 paddr 0x0000000000400624 align 2**2 filesz 0x000000000000003c memsz 0x000000000000003c flags r-- STACK off 0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**4 filesz 0x0000000000000000 memsz 0x0000000000000000 flags rw- RELRO off 0x0000000000000e10 vaddr 0x0000000000600e10 paddr 0x0000000000600e10 align 2**0 filesz 0x00000000000001f0 memsz 0x00000000000001f0 flags r-- Dynamic Section: NEEDED libc.so.6 INIT 0x00000000004003c8 FINI 0x0000000000400604 INIT_ARRAY 0x0000000000600e10 INIT_ARRAYSZ 0x0000000000000008 FINI_ARRAY 0x0000000000600e18 FINI_ARRAYSZ 0x0000000000000008 GNU_HASH 0x0000000000400298 STRTAB 0x0000000000400318 SYMTAB 0x00000000004002b8 STRSZ 0x000000000000003f SYMENT 0x0000000000000018 DEBUG 0x0000000000000000 PLTGOT 0x0000000000601000 PLTRELSZ 0x0000000000000030 PLTREL 0x0000000000000007 JMPREL 0x0000000000400398 RELA 0x0000000000400380 RELASZ 0x0000000000000018 RELAENT 0x0000000000000018 VERNEED 0x0000000000400360 VERNEEDNUM 0x0000000000000001 VERSYM 0x0000000000400358 Version References: required from libc.so.6: 0x09691a75 0x00 02 GLIBC_2.2.5 Sections: Idx Name Size VMA LMA File off Algn 0 .interp 0000001c 0000000000400238 0000000000400238 00000238 2**0 CONTENTS, ALLOC, LOAD, READONLY, DATA 1 .note.ABI-tag 00000020 0000000000400254 0000000000400254 00000254 2**2 CONTENTS, ALLOC, LOAD, READONLY, DATA 2 .note.gnu.build-id 00000024 0000000000400274 0000000000400274 00000274 2**2 CONTENTS, ALLOC, LOAD, READONLY, DATA 3 .gnu.hash 0000001c 0000000000400298 0000000000400298 00000298 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 4 .dynsym 00000060 00000000004002b8 00000000004002b8 000002b8 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 5 .dynstr 0000003f 0000000000400318 0000000000400318 00000318 2**0 CONTENTS, ALLOC, LOAD, READONLY, DATA 6 .gnu.version 00000008 0000000000400358 0000000000400358 00000358 2**1 CONTENTS, ALLOC, LOAD, READONLY, DATA 7 .gnu.version_r 00000020 0000000000400360 0000000000400360 00000360 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 8 .rela.dyn 00000018 0000000000400380 0000000000400380 00000380 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 9 .rela.plt 00000030 0000000000400398 0000000000400398 00000398 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 10 .init 0000001a 00000000004003c8 00000000004003c8 000003c8 2**2 CONTENTS, ALLOC, LOAD, READONLY, CODE 11 .plt 00000030 00000000004003f0 00000000004003f0 000003f0 2**4 CONTENTS, ALLOC, LOAD, READONLY, CODE 12 .plt.got 00000008 0000000000400420 0000000000400420 00000420 2**3 CONTENTS, ALLOC, LOAD, READONLY, CODE 13 .text 000001d2 0000000000400430 0000000000400430 00000430 2**4 CONTENTS, ALLOC, LOAD, READONLY, CODE 14 .fini 00000009 0000000000400604 0000000000400604 00000604 2**2 CONTENTS, ALLOC, LOAD, READONLY, CODE 15 .rodata 00000013 0000000000400610 0000000000400610 00000610 2**2 CONTENTS, ALLOC, LOAD, READONLY, DATA 16 .eh_frame_hdr 0000003c 0000000000400624 0000000000400624 00000624 2**2 CONTENTS, ALLOC, LOAD, READONLY, DATA 17 .eh_frame 00000114 0000000000400660 0000000000400660 00000660 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 18 .init_array 00000008 0000000000600e10 0000000000600e10 00000e10 2**3 CONTENTS, ALLOC, LOAD, DATA 19 .fini_array 00000008 0000000000600e18 0000000000600e18 00000e18 2**3 CONTENTS, ALLOC, LOAD, DATA 20 .jcr 00000008 0000000000600e20 0000000000600e20 00000e20 2**3 CONTENTS, ALLOC, LOAD, DATA 21 .dynamic 000001d0 0000000000600e28 0000000000600e28 00000e28 2**3 CONTENTS, ALLOC, LOAD, DATA 22 .got 00000008 0000000000600ff8 0000000000600ff8 00000ff8 2**3 CONTENTS, ALLOC, LOAD, DATA 23 .got.plt 00000028 0000000000601000 0000000000601000 00001000 2**3 CONTENTS, ALLOC, LOAD, DATA 24 .data 00000010 0000000000601028 0000000000601028 00001028 2**3 CONTENTS, ALLOC, LOAD, DATA 25 .bss 00000008 0000000000601038 0000000000601038 00001038 2**0 ALLOC 26 .comment 00000035 0000000000000000 0000000000000000 00001038 2**0 CONTENTS, READONLY SYMBOL TABLE: 0000000000400238 l d .interp 0000000000000000 .interp 0000000000400254 l d .note.ABI-tag 0000000000000000 .note.ABI-tag 0000000000400274 l d .note.gnu.build-id 0000000000000000 .note.gnu.build-id 0000000000400298 l d .gnu.hash 0000000000000000 .gnu.hash 00000000004002b8 l d .dynsym 0000000000000000 .dynsym 0000000000400318 l d .dynstr 0000000000000000 .dynstr 0000000000400358 l d .gnu.version 0000000000000000 .gnu.version 0000000000400360 l d .gnu.version_r 0000000000000000 .gnu.version_r 0000000000400380 l d .rela.dyn 0000000000000000 .rela.dyn 0000000000400398 l d .rela.plt 0000000000000000 .rela.plt 00000000004003c8 l d .init 0000000000000000 .init 00000000004003f0 l d .plt 0000000000000000 .plt 0000000000400420 l d .plt.got 0000000000000000 .plt.got 0000000000400430 l d .text 0000000000000000 .text 0000000000400604 l d .fini 0000000000000000 .fini 0000000000400610 l d .rodata 0000000000000000 .rodata 0000000000400624 l d .eh_frame_hdr 0000000000000000 .eh_frame_hdr 0000000000400660 l d .eh_frame 0000000000000000 .eh_frame 0000000000600e10 l d .init_array 0000000000000000 .init_array 0000000000600e18 l d .fini_array 0000000000000000 .fini_array 0000000000600e20 l d .jcr 0000000000000000 .jcr 0000000000600e28 l d .dynamic 0000000000000000 .dynamic 0000000000600ff8 l d .got 0000000000000000 .got 0000000000601000 l d .got.plt 0000000000000000 .got.plt 0000000000601028 l d .data 0000000000000000 .data 0000000000601038 l d .bss 0000000000000000 .bss 0000000000000000 l d .comment 0000000000000000 .comment 0000000000000000 l df *ABS* 0000000000000000 crtstuff.c 0000000000600e20 l O .jcr 0000000000000000 __JCR_LIST__ 0000000000400460 l F .text 0000000000000000 deregister_tm_clones 00000000004004a0 l F .text 0000000000000000 register_tm_clones 00000000004004e0 l F .text 0000000000000000 __do_global_dtors_aux 0000000000601038 l O .bss 0000000000000001 completed.7594 0000000000600e18 l O .fini_array 0000000000000000 __do_global_dtors_aux_fini_array_entry 0000000000400500 l F .text 0000000000000000 frame_dummy 0000000000600e10 l O .init_array 0000000000000000 __frame_dummy_init_array_entry 0000000000000000 l df *ABS* 0000000000000000 gcc_objdump.c 0000000000400526 l F .text 0000000000000014 add_a_and_b 0000000000000000 l df *ABS* 0000000000000000 crtstuff.c 0000000000400770 l O .eh_frame 0000000000000000 __FRAME_END__ 0000000000600e20 l O .jcr 0000000000000000 __JCR_END__ 0000000000000000 l df *ABS* 0000000000000000 0000000000600e18 l .init_array 0000000000000000 __init_array_end 0000000000600e28 l O .dynamic 0000000000000000 _DYNAMIC 0000000000600e10 l .init_array 0000000000000000 __init_array_start 0000000000400624 l .eh_frame_hdr 0000000000000000 __GNU_EH_FRAME_HDR 0000000000601000 l O .got.plt 0000000000000000 _GLOBAL_OFFSET_TABLE_ 0000000000400600 g F .text 0000000000000002 __libc_csu_fini 0000000000000000 w *UND* 0000000000000000 _ITM_deregisterTMCloneTable 0000000000601028 w .data 0000000000000000 data_start 0000000000601038 g .data 0000000000000000 _edata 0000000000400604 g F .fini 0000000000000000 _fini 0000000000000000 F *UND* 0000000000000000 printf@@GLIBC_2.2.5 0000000000000000 F *UND* 0000000000000000 __libc_start_main@@GLIBC_2.2.5 0000000000601028 g .data 0000000000000000 __data_start 0000000000000000 w *UND* 0000000000000000 __gmon_start__ 0000000000601030 g O .data 0000000000000000 .hidden __dso_handle 0000000000400610 g O .rodata 0000000000000004 _IO_stdin_used 0000000000400590 g F .text 0000000000000065 __libc_csu_init 0000000000601040 g .bss 0000000000000000 _end 0000000000400430 g F .text 000000000000002a _start 0000000000601038 g .bss 0000000000000000 __bss_start 000000000040053a g F .text 000000000000004e main 0000000000000000 w *UND* 0000000000000000 _Jv_RegisterClasses 0000000000601038 g O .data 0000000000000000 .hidden __TMC_END__ 0000000000000000 w *UND* 0000000000000000 _ITM_registerTMCloneTable 00000000004003c8 g F .init 0000000000000000 _init Disassembly of section .init: 00000000004003c8 <_init>: _init(): 4003c8: 48 83 ec 08 sub $0x8,%rsp 4003cc: 48 8b 05 25 0c 20 00 mov 0x200c25(%rip),%rax # 600ff8 <_DYNAMIC+0x1d0> 4003d3: 48 85 c0 test %rax,%rax 4003d6: 74 05 je 4003dd <_init+0x15> 4003d8: e8 43 00 00 00 callq 400420 <__libc_start_main@plt+0x10> 4003dd: 48 83 c4 08 add $0x8,%rsp 4003e1: c3 retq Disassembly of section .plt: 00000000004003f0 : 4003f0: ff 35 12 0c 20 00 pushq 0x200c12(%rip) # 601008 <_GLOBAL_OFFSET_TABLE_+0x8> 4003f6: ff 25 14 0c 20 00 jmpq *0x200c14(%rip) # 601010 <_GLOBAL_OFFSET_TABLE_+0x10> 4003fc: 0f 1f 40 00 nopl 0x0(%rax) 0000000000400400 : 400400: ff 25 12 0c 20 00 jmpq *0x200c12(%rip) # 601018 <_GLOBAL_OFFSET_TABLE_+0x18> 400406: 68 00 00 00 00 pushq $0x0 40040b: e9 e0 ff ff ff jmpq 4003f0 <_init+0x28> 0000000000400410 <__libc_start_main@plt>: 400410: ff 25 0a 0c 20 00 jmpq *0x200c0a(%rip) # 601020 <_GLOBAL_OFFSET_TABLE_+0x20> 400416: 68 01 00 00 00 pushq $0x1 40041b: e9 d0 ff ff ff jmpq 4003f0 <_init+0x28> Disassembly of section .plt.got: 0000000000400420 <.plt.got>: 400420: ff 25 d2 0b 20 00 jmpq *0x200bd2(%rip) # 600ff8 <_DYNAMIC+0x1d0> 400426: 66 90 xchg %ax,%ax Disassembly of section .text: 0000000000400430 <_start>: _start(): 400430: 31 ed xor %ebp,%ebp 400432: 49 89 d1 mov %rdx,%r9 400435: 5e pop %rsi 400436: 48 89 e2 mov %rsp,%rdx 400439: 48 83 e4 f0 and $0xfffffffffffffff0,%rsp 40043d: 50 push %rax 40043e: 54 push %rsp 40043f: 49 c7 c0 00 06 40 00 mov $0x400600,%r8 400446: 48 c7 c1 90 05 40 00 mov $0x400590,%rcx 40044d: 48 c7 c7 3a 05 40 00 mov $0x40053a,%rdi 400454: e8 b7 ff ff ff callq 400410 <__libc_start_main@plt> 400459: f4 hlt 40045a: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1) 0000000000400460 : deregister_tm_clones(): 400460: b8 3f 10 60 00 mov $0x60103f,%eax 400465: 55 push %rbp 400466: 48 2d 38 10 60 00 sub $0x601038,%rax 40046c: 48 83 f8 0e cmp $0xe,%rax 400470: 48 89 e5 mov %rsp,%rbp 400473: 76 1b jbe 400490 400475: b8 00 00 00 00 mov $0x0,%eax 40047a: 48 85 c0 test %rax,%rax 40047d: 74 11 je 400490 40047f: 5d pop %rbp 400480: bf 38 10 60 00 mov $0x601038,%edi 400485: ff e0 jmpq *%rax 400487: 66 0f 1f 84 00 00 00 nopw 0x0(%rax,%rax,1) 40048e: 00 00 400490: 5d pop %rbp 400491: c3 retq 400492: 0f 1f 40 00 nopl 0x0(%rax) 400496: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1) 40049d: 00 00 00 00000000004004a0 : register_tm_clones(): 4004a0: be 38 10 60 00 mov $0x601038,%esi 4004a5: 55 push %rbp 4004a6: 48 81 ee 38 10 60 00 sub $0x601038,%rsi 4004ad: 48 c1 fe 03 sar $0x3,%rsi 4004b1: 48 89 e5 mov %rsp,%rbp 4004b4: 48 89 f0 mov %rsi,%rax 4004b7: 48 c1 e8 3f shr $0x3f,%rax 4004bb: 48 01 c6 add %rax,%rsi 4004be: 48 d1 fe sar %rsi 4004c1: 74 15 je 4004d8 4004c3: b8 00 00 00 00 mov $0x0,%eax 4004c8: 48 85 c0 test %rax,%rax 4004cb: 74 0b je 4004d8 4004cd: 5d pop %rbp 4004ce: bf 38 10 60 00 mov $0x601038,%edi 4004d3: ff e0 jmpq *%rax 4004d5: 0f 1f 00 nopl (%rax) 4004d8: 5d pop %rbp 4004d9: c3 retq 4004da: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1) 00000000004004e0 <__do_global_dtors_aux>: __do_global_dtors_aux(): 4004e0: 80 3d 51 0b 20 00 00 cmpb $0x0,0x200b51(%rip) # 601038 <__TMC_END__> 4004e7: 75 11 jne 4004fa <__do_global_dtors_aux+0x1a> 4004e9: 55 push %rbp 4004ea: 48 89 e5 mov %rsp,%rbp 4004ed: e8 6e ff ff ff callq 400460 4004f2: 5d pop %rbp 4004f3: c6 05 3e 0b 20 00 01 movb $0x1,0x200b3e(%rip) # 601038 <__TMC_END__> 4004fa: f3 c3 repz retq 4004fc: 0f 1f 40 00 nopl 0x0(%rax) 0000000000400500 : frame_dummy(): 400500: bf 20 0e 60 00 mov $0x600e20,%edi 400505: 48 83 3f 00 cmpq $0x0,(%rdi) 400509: 75 05 jne 400510 40050b: eb 93 jmp 4004a0 40050d: 0f 1f 00 nopl (%rax) 400510: b8 00 00 00 00 mov $0x0,%eax 400515: 48 85 c0 test %rax,%rax 400518: 74 f1 je 40050b 40051a: 55 push %rbp 40051b: 48 89 e5 mov %rsp,%rbp 40051e: ff d0 callq *%rax 400520: 5d pop %rbp 400521: e9 7a ff ff ff jmpq 4004a0 0000000000400526 : add_a_and_b(): 400526: 55 push %rbp 400527: 48 89 e5 mov %rsp,%rbp 40052a: 89 7d fc mov %edi,-0x4(%rbp) 40052d: 89 75 f8 mov %esi,-0x8(%rbp) 400530: 8b 55 fc mov -0x4(%rbp),%edx 400533: 8b 45 f8 mov -0x8(%rbp),%eax 400536: 01 d0 add %edx,%eax 400538: 5d pop %rbp 400539: c3 retq 000000000040053a +0xb>+0x10>+0x38>+0x38>+0x30>+0x30>@plt>@plt-0x10>
: main(): 40053a: 55 push %rbp 40053b: 48 89 e5 mov %rsp,%rbp 40053e: 48 83 ec 20 sub $0x20,%rsp 400542: 89 7d ec mov %edi,-0x14(%rbp) 400545: 48 89 75 e0 mov %rsi,-0x20(%rbp) 400549: c7 45 f4 01 00 00 00 movl $0x1,-0xc(%rbp) 400550: c7 45 f8 02 00 00 00 movl $0x2,-0x8(%rbp) 400557: 8b 55 f8 mov -0x8(%rbp),%edx 40055a: 8b 45 f4 mov -0xc(%rbp),%eax 40055d: 89 d6 mov %edx,%esi 40055f: 89 c7 mov %eax,%edi 400561: e8 c0 ff ff ff callq 400526 400566: 89 45 fc mov %eax,-0x4(%rbp) 400569: 8b 4d fc mov -0x4(%rbp),%ecx 40056c: 8b 55 f8 mov -0x8(%rbp),%edx 40056f: 8b 45 f4 mov -0xc(%rbp),%eax 400572: 89 c6 mov %eax,%esi 400574: bf 14 06 40 00 mov $0x400614,%edi 400579: b8 00 00 00 00 mov $0x0,%eax 40057e: e8 7d fe ff ff callq 400400 400583: 8b 45 fc mov -0x4(%rbp),%eax 400586: c9 leaveq 400587: c3 retq 400588: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1) 40058f: 00 0000000000400590 <__libc_csu_init>: __libc_csu_init(): 400590: 41 57 push %r15 400592: 41 56 push %r14 400594: 41 89 ff mov %edi,%r15d 400597: 41 55 push %r13 400599: 41 54 push %r12 40059b: 4c 8d 25 6e 08 20 00 lea 0x20086e(%rip),%r12 # 600e10 <__frame_dummy_init_array_entry> 4005a2: 55 push %rbp 4005a3: 48 8d 2d 6e 08 20 00 lea 0x20086e(%rip),%rbp # 600e18 <__init_array_end> 4005aa: 53 push %rbx 4005ab: 49 89 f6 mov %rsi,%r14 4005ae: 49 89 d5 mov %rdx,%r13 4005b1: 4c 29 e5 sub %r12,%rbp 4005b4: 48 83 ec 08 sub $0x8,%rsp 4005b8: 48 c1 fd 03 sar $0x3,%rbp 4005bc: e8 07 fe ff ff callq 4003c8 <_init> 4005c1: 48 85 ed test %rbp,%rbp 4005c4: 74 20 je 4005e6 <__libc_csu_init+0x56> 4005c6: 31 db xor %ebx,%ebx 4005c8: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1) 4005cf: 00 4005d0: 4c 89 ea mov %r13,%rdx 4005d3: 4c 89 f6 mov %r14,%rsi 4005d6: 44 89 ff mov %r15d,%edi 4005d9: 41 ff 14 dc callq *(%r12,%rbx,8) 4005dd: 48 83 c3 01 add $0x1,%rbx 4005e1: 48 39 eb cmp %rbp,%rbx 4005e4: 75 ea jne 4005d0 <__libc_csu_init+0x40> 4005e6: 48 83 c4 08 add $0x8,%rsp 4005ea: 5b pop %rbx 4005eb: 5d pop %rbp 4005ec: 41 5c pop %r12 4005ee: 41 5d pop %r13 4005f0: 41 5e pop %r14 4005f2: 41 5f pop %r15 4005f4: c3 retq 4005f5: 90 nop 4005f6: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1) 4005fd: 00 00 00 0000000000400600 <__libc_csu_fini>: __libc_csu_fini(): 400600: f3 c3 repz retq Disassembly of section .fini: 0000000000400604 <_fini>: _fini(): 400604: 48 83 ec 08 sub $0x8,%rsp 400608: 48 83 c4 08 add $0x8,%rsp 40060c: c3 retq @plt>
我们可以发现,它很清晰地指出每个C函数对应的汇编代码,当然也有些函数看似不是我们写的,但是是编译链接时,链接到的系统函数代码。
我们截取出add_a_and_b函数和main函数的汇编代码来分析下:
main函数对应的汇编代码分析如下:
000000000040053a
: main(): 40053a: 55 push %rbp //入参压栈 40053b: 48 89 e5 mov %rsp,%rbp 40053e: 48 83 ec 20 sub $0x20,%rsp 400542: 89 7d ec mov %edi,-0x14(%rbp) 400545: 48 89 75 e0 mov %rsi,-0x20(%rbp) 400549: c7 45 f4 01 00 00 00 movl $0x1,-0xc(%rbp) //a变量赋值为1 400550: c7 45 f8 02 00 00 00 movl $0x2,-0x8(%rbp) //b变量赋值为2 400557: 8b 55 f8 mov -0x8(%rbp),%edx 40055a: 8b 45 f4 mov -0xc(%rbp),%eax 40055d: 89 d6 mov %edx,%esi 40055f: 89 c7 mov %eax,%edi 400561: e8 c0 ff ff ff callq 400526 //调用add_a_and_b函数 400566: 89 45 fc mov %eax,-0x4(%rbp) //将add_a_and_b的返回值赋值给c 400569: 8b 4d fc mov -0x4(%rbp),%ecx 40056c: 8b 55 f8 mov -0x8(%rbp),%edx 40056f: 8b 45 f4 mov -0xc(%rbp),%eax 400572: 89 c6 mov %eax,%esi 400574: bf 14 06 40 00 mov $0x400614,%edi 400579: b8 00 00 00 00 mov $0x0,%eax 40057e: e8 7d fe ff ff callq 400400 //调用printf输出运行结果 400583: 8b 45 fc mov -0x4(%rbp),%eax 400586: c9 leaveq 400587: c3 retq //main函数退出 400588: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1) 40058f: 00 @plt>
add_a_and_b函数对应的汇编代码分析如下:
0000000000400526 :
add_a_and_b():
400526: 55 push %rbp //入参压栈
400527: 48 89 e5 mov %rsp,%rbp
40052a: 89 7d fc mov %edi,-0x4(%rbp)
40052d: 89 75 f8 mov %esi,-0x8(%rbp)
400530: 8b 55 fc mov -0x4(%rbp),%edx
400533: 8b 45 f8 mov -0x8(%rbp),%eax
400536: 01 d0 add %edx,%eax //将参数a和参数b相加
400538: 5d pop %rbp //入参出栈
400539: c3 retq //返回a+b的值
以上就是对C文件的反汇编的简单过程。虽然给出的例程比较简单,但是这已经涵盖反汇编操作的主要内容。我们应该清晰地认识到,任何复杂的代码功能都是由小段小段的代码片段组成,而再简单的C代码最终也是一条条汇编指令执行才能得到正确的结果,这是因为CPU压根就不懂什么【代码】,在它的眼里,只有【指令】,你叫它执行什么指令,它就执行什么指令。
反汇编的教程就介绍到这里,如果你还有疑问,欢迎在评论席提出你的问题。 @_@
审核编辑:汤梓红
全部0条评论
快来发表一下你的评论吧 !