本文將簡單介紹如何使用objdump工具進行反彙編。
本文的前提是你的Linux編程環境有gcc工具和objdump工具,沒有請自行安裝。
先給出一段C代碼作爲源文件,很簡單的功能,就是實現c=a+b的功能,代碼如下:
#include <stdio.h>
static int add_a_and_b(int a, int b)
{
return a + b;
}
int main(int argc, const char *argv[])
{
int a = 1;
int b = 2;
int c;
c = add_a_and_b(a, b);
printf(" %d + %d = %d\n", a, b, c);
return c;
}
接下來,我們要使用gcc編譯這段C代碼,編程可執行程序,執行命令如下:
gcc -o gcc_objdump gcc_objdump.c
它將會生成一個名字叫gcc_objdump的elf可執行文件,通過運行該文件可以得到執行結果,如下圖所示:
通過file命令,我們可以知道gcc_objdump這個可執行文件是一個elf文件,而我們要進行反彙編操作,就是要以這個elf文件爲輸入,得到彙編代碼,這個過程,我們就稱之爲【反彙編】。
要進行反彙編操作,我們需要用到一個叫objdump的命令行工具,它的介紹可以自行到網上搜索,簡單來說,就是一個可以將elf文件還原成彙編代碼的工具,非常的使用。它的使用方法如下,在命令輸入:
objdump -l -x -d gcc_objdump > gcc_objdump.dmp
我們就可以得到彙編文件gcc_objdump.dmp,我們用文本查看工具,如notepad++打開它,並閱讀它。
gcc_objdump: file format elf64-x86-64
gcc_objdump
architecture: i386:x86-64, flags 0x00000112:
EXEC_P, HAS_SYMS, D_PAGED
start address 0x0000000000400430
Program Header:
PHDR off 0x0000000000000040 vaddr 0x0000000000400040 paddr 0x0000000000400040 align 2**3
filesz 0x00000000000001f8 memsz 0x00000000000001f8 flags r-x
INTERP off 0x0000000000000238 vaddr 0x0000000000400238 paddr 0x0000000000400238 align 2**0
filesz 0x000000000000001c memsz 0x000000000000001c flags r--
LOAD off 0x0000000000000000 vaddr 0x0000000000400000 paddr 0x0000000000400000 align 2**21
filesz 0x0000000000000774 memsz 0x0000000000000774 flags r-x
LOAD off 0x0000000000000e10 vaddr 0x0000000000600e10 paddr 0x0000000000600e10 align 2**21
filesz 0x0000000000000228 memsz 0x0000000000000230 flags rw-
DYNAMIC off 0x0000000000000e28 vaddr 0x0000000000600e28 paddr 0x0000000000600e28 align 2**3
filesz 0x00000000000001d0 memsz 0x00000000000001d0 flags rw-
NOTE off 0x0000000000000254 vaddr 0x0000000000400254 paddr 0x0000000000400254 align 2**2
filesz 0x0000000000000044 memsz 0x0000000000000044 flags r--
EH_FRAME off 0x0000000000000624 vaddr 0x0000000000400624 paddr 0x0000000000400624 align 2**2
filesz 0x000000000000003c memsz 0x000000000000003c flags r--
STACK off 0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**4
filesz 0x0000000000000000 memsz 0x0000000000000000 flags rw-
RELRO off 0x0000000000000e10 vaddr 0x0000000000600e10 paddr 0x0000000000600e10 align 2**0
filesz 0x00000000000001f0 memsz 0x00000000000001f0 flags r--
Dynamic Section:
NEEDED libc.so.6
INIT 0x00000000004003c8
FINI 0x0000000000400604
INIT_ARRAY 0x0000000000600e10
INIT_ARRAYSZ 0x0000000000000008
FINI_ARRAY 0x0000000000600e18
FINI_ARRAYSZ 0x0000000000000008
GNU_HASH 0x0000000000400298
STRTAB 0x0000000000400318
SYMTAB 0x00000000004002b8
STRSZ 0x000000000000003f
SYMENT 0x0000000000000018
DEBUG 0x0000000000000000
PLTGOT 0x0000000000601000
PLTRELSZ 0x0000000000000030
PLTREL 0x0000000000000007
JMPREL 0x0000000000400398
RELA 0x0000000000400380
RELASZ 0x0000000000000018
RELAENT 0x0000000000000018
VERNEED 0x0000000000400360
VERNEEDNUM 0x0000000000000001
VERSYM 0x0000000000400358
Version References:
required from libc.so.6:
0x09691a75 0x00 02 GLIBC_2.2.5
Sections:
Idx Name Size VMA LMA File off Algn
0 .interp 0000001c 0000000000400238 0000000000400238 00000238 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
1 .note.ABI-tag 00000020 0000000000400254 0000000000400254 00000254 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
2 .note.gnu.build-id 00000024 0000000000400274 0000000000400274 00000274 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
3 .gnu.hash 0000001c 0000000000400298 0000000000400298 00000298 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
4 .dynsym 00000060 00000000004002b8 00000000004002b8 000002b8 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
5 .dynstr 0000003f 0000000000400318 0000000000400318 00000318 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .gnu.version 00000008 0000000000400358 0000000000400358 00000358 2**1
CONTENTS, ALLOC, LOAD, READONLY, DATA
7 .gnu.version_r 00000020 0000000000400360 0000000000400360 00000360 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
8 .rela.dyn 00000018 0000000000400380 0000000000400380 00000380 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
9 .rela.plt 00000030 0000000000400398 0000000000400398 00000398 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
10 .init 0000001a 00000000004003c8 00000000004003c8 000003c8 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
11 .plt 00000030 00000000004003f0 00000000004003f0 000003f0 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
12 .plt.got 00000008 0000000000400420 0000000000400420 00000420 2**3
CONTENTS, ALLOC, LOAD, READONLY, CODE
13 .text 000001d2 0000000000400430 0000000000400430 00000430 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
14 .fini 00000009 0000000000400604 0000000000400604 00000604 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
15 .rodata 00000013 0000000000400610 0000000000400610 00000610 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
16 .eh_frame_hdr 0000003c 0000000000400624 0000000000400624 00000624 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
17 .eh_frame 00000114 0000000000400660 0000000000400660 00000660 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
18 .init_array 00000008 0000000000600e10 0000000000600e10 00000e10 2**3
CONTENTS, ALLOC, LOAD, DATA
19 .fini_array 00000008 0000000000600e18 0000000000600e18 00000e18 2**3
CONTENTS, ALLOC, LOAD, DATA
20 .jcr 00000008 0000000000600e20 0000000000600e20 00000e20 2**3
CONTENTS, ALLOC, LOAD, DATA
21 .dynamic 000001d0 0000000000600e28 0000000000600e28 00000e28 2**3
CONTENTS, ALLOC, LOAD, DATA
22 .got 00000008 0000000000600ff8 0000000000600ff8 00000ff8 2**3
CONTENTS, ALLOC, LOAD, DATA
23 .got.plt 00000028 0000000000601000 0000000000601000 00001000 2**3
CONTENTS, ALLOC, LOAD, DATA
24 .data 00000010 0000000000601028 0000000000601028 00001028 2**3
CONTENTS, ALLOC, LOAD, DATA
25 .bss 00000008 0000000000601038 0000000000601038 00001038 2**0
ALLOC
26 .comment 00000035 0000000000000000 0000000000000000 00001038 2**0
CONTENTS, READONLY
SYMBOL TABLE:
0000000000400238 l d .interp 0000000000000000 .interp
0000000000400254 l d .note.ABI-tag 0000000000000000 .note.ABI-tag
0000000000400274 l d .note.gnu.build-id 0000000000000000 .note.gnu.build-id
0000000000400298 l d .gnu.hash 0000000000000000 .gnu.hash
00000000004002b8 l d .dynsym 0000000000000000 .dynsym
0000000000400318 l d .dynstr 0000000000000000 .dynstr
0000000000400358 l d .gnu.version 0000000000000000 .gnu.version
0000000000400360 l d .gnu.version_r 0000000000000000 .gnu.version_r
0000000000400380 l d .rela.dyn 0000000000000000 .rela.dyn
0000000000400398 l d .rela.plt 0000000000000000 .rela.plt
00000000004003c8 l d .init 0000000000000000 .init
00000000004003f0 l d .plt 0000000000000000 .plt
0000000000400420 l d .plt.got 0000000000000000 .plt.got
0000000000400430 l d .text 0000000000000000 .text
0000000000400604 l d .fini 0000000000000000 .fini
0000000000400610 l d .rodata 0000000000000000 .rodata
0000000000400624 l d .eh_frame_hdr 0000000000000000 .eh_frame_hdr
0000000000400660 l d .eh_frame 0000000000000000 .eh_frame
0000000000600e10 l d .init_array 0000000000000000 .init_array
0000000000600e18 l d .fini_array 0000000000000000 .fini_array
0000000000600e20 l d .jcr 0000000000000000 .jcr
0000000000600e28 l d .dynamic 0000000000000000 .dynamic
0000000000600ff8 l d .got 0000000000000000 .got
0000000000601000 l d .got.plt 0000000000000000 .got.plt
0000000000601028 l d .data 0000000000000000 .data
0000000000601038 l d .bss 0000000000000000 .bss
0000000000000000 l d .comment 0000000000000000 .comment
0000000000000000 l df *ABS* 0000000000000000 crtstuff.c
0000000000600e20 l O .jcr 0000000000000000 __JCR_LIST__
0000000000400460 l F .text 0000000000000000 deregister_tm_clones
00000000004004a0 l F .text 0000000000000000 register_tm_clones
00000000004004e0 l F .text 0000000000000000 __do_global_dtors_aux
0000000000601038 l O .bss 0000000000000001 completed.7594
0000000000600e18 l O .fini_array 0000000000000000 __do_global_dtors_aux_fini_array_entry
0000000000400500 l F .text 0000000000000000 frame_dummy
0000000000600e10 l O .init_array 0000000000000000 __frame_dummy_init_array_entry
0000000000000000 l df *ABS* 0000000000000000 gcc_objdump.c
0000000000400526 l F .text 0000000000000014 add_a_and_b
0000000000000000 l df *ABS* 0000000000000000 crtstuff.c
0000000000400770 l O .eh_frame 0000000000000000 __FRAME_END__
0000000000600e20 l O .jcr 0000000000000000 __JCR_END__
0000000000000000 l df *ABS* 0000000000000000
0000000000600e18 l .init_array 0000000000000000 __init_array_end
0000000000600e28 l O .dynamic 0000000000000000 _DYNAMIC
0000000000600e10 l .init_array 0000000000000000 __init_array_start
0000000000400624 l .eh_frame_hdr 0000000000000000 __GNU_EH_FRAME_HDR
0000000000601000 l O .got.plt 0000000000000000 _GLOBAL_OFFSET_TABLE_
0000000000400600 g F .text 0000000000000002 __libc_csu_fini
0000000000000000 w *UND* 0000000000000000 _ITM_deregisterTMCloneTable
0000000000601028 w .data 0000000000000000 data_start
0000000000601038 g .data 0000000000000000 _edata
0000000000400604 g F .fini 0000000000000000 _fini
0000000000000000 F *UND* 0000000000000000 printf@@GLIBC_2.2.5
0000000000000000 F *UND* 0000000000000000 __libc_start_main@@GLIBC_2.2.5
0000000000601028 g .data 0000000000000000 __data_start
0000000000000000 w *UND* 0000000000000000 __gmon_start__
0000000000601030 g O .data 0000000000000000 .hidden __dso_handle
0000000000400610 g O .rodata 0000000000000004 _IO_stdin_used
0000000000400590 g F .text 0000000000000065 __libc_csu_init
0000000000601040 g .bss 0000000000000000 _end
0000000000400430 g F .text 000000000000002a _start
0000000000601038 g .bss 0000000000000000 __bss_start
000000000040053a g F .text 000000000000004e main
0000000000000000 w *UND* 0000000000000000 _Jv_RegisterClasses
0000000000601038 g O .data 0000000000000000 .hidden __TMC_END__
0000000000000000 w *UND* 0000000000000000 _ITM_registerTMCloneTable
00000000004003c8 g F .init 0000000000000000 _init
Disassembly of section .init:
00000000004003c8 <_init>:
_init():
4003c8: 48 83 ec 08 sub $0x8,%rsp
4003cc: 48 8b 05 25 0c 20 00 mov 0x200c25(%rip),%rax # 600ff8 <_DYNAMIC+0x1d0>
4003d3: 48 85 c0 test %rax,%rax
4003d6: 74 05 je 4003dd <_init+0x15>
4003d8: e8 43 00 00 00 callq 400420 <__libc_start_main@plt+0x10>
4003dd: 48 83 c4 08 add $0x8,%rsp
4003e1: c3 retq
Disassembly of section .plt:
00000000004003f0 <printf@plt-0x10>:
4003f0: ff 35 12 0c 20 00 pushq 0x200c12(%rip) # 601008 <_GLOBAL_OFFSET_TABLE_+0x8>
4003f6: ff 25 14 0c 20 00 jmpq *0x200c14(%rip) # 601010 <_GLOBAL_OFFSET_TABLE_+0x10>
4003fc: 0f 1f 40 00 nopl 0x0(%rax)
0000000000400400 <printf@plt>:
400400: ff 25 12 0c 20 00 jmpq *0x200c12(%rip) # 601018 <_GLOBAL_OFFSET_TABLE_+0x18>
400406: 68 00 00 00 00 pushq $0x0
40040b: e9 e0 ff ff ff jmpq 4003f0 <_init+0x28>
0000000000400410 <__libc_start_main@plt>:
400410: ff 25 0a 0c 20 00 jmpq *0x200c0a(%rip) # 601020 <_GLOBAL_OFFSET_TABLE_+0x20>
400416: 68 01 00 00 00 pushq $0x1
40041b: e9 d0 ff ff ff jmpq 4003f0 <_init+0x28>
Disassembly of section .plt.got:
0000000000400420 <.plt.got>:
400420: ff 25 d2 0b 20 00 jmpq *0x200bd2(%rip) # 600ff8 <_DYNAMIC+0x1d0>
400426: 66 90 xchg %ax,%ax
Disassembly of section .text:
0000000000400430 <_start>:
_start():
400430: 31 ed xor %ebp,%ebp
400432: 49 89 d1 mov %rdx,%r9
400435: 5e pop %rsi
400436: 48 89 e2 mov %rsp,%rdx
400439: 48 83 e4 f0 and $0xfffffffffffffff0,%rsp
40043d: 50 push %rax
40043e: 54 push %rsp
40043f: 49 c7 c0 00 06 40 00 mov $0x400600,%r8
400446: 48 c7 c1 90 05 40 00 mov $0x400590,%rcx
40044d: 48 c7 c7 3a 05 40 00 mov $0x40053a,%rdi
400454: e8 b7 ff ff ff callq 400410 <__libc_start_main@plt>
400459: f4 hlt
40045a: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
0000000000400460 <deregister_tm_clones>:
deregister_tm_clones():
400460: b8 3f 10 60 00 mov $0x60103f,%eax
400465: 55 push %rbp
400466: 48 2d 38 10 60 00 sub $0x601038,%rax
40046c: 48 83 f8 0e cmp $0xe,%rax
400470: 48 89 e5 mov %rsp,%rbp
400473: 76 1b jbe 400490 <deregister_tm_clones+0x30>
400475: b8 00 00 00 00 mov $0x0,%eax
40047a: 48 85 c0 test %rax,%rax
40047d: 74 11 je 400490 <deregister_tm_clones+0x30>
40047f: 5d pop %rbp
400480: bf 38 10 60 00 mov $0x601038,%edi
400485: ff e0 jmpq *%rax
400487: 66 0f 1f 84 00 00 00 nopw 0x0(%rax,%rax,1)
40048e: 00 00
400490: 5d pop %rbp
400491: c3 retq
400492: 0f 1f 40 00 nopl 0x0(%rax)
400496: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
40049d: 00 00 00
00000000004004a0 <register_tm_clones>:
register_tm_clones():
4004a0: be 38 10 60 00 mov $0x601038,%esi
4004a5: 55 push %rbp
4004a6: 48 81 ee 38 10 60 00 sub $0x601038,%rsi
4004ad: 48 c1 fe 03 sar $0x3,%rsi
4004b1: 48 89 e5 mov %rsp,%rbp
4004b4: 48 89 f0 mov %rsi,%rax
4004b7: 48 c1 e8 3f shr $0x3f,%rax
4004bb: 48 01 c6 add %rax,%rsi
4004be: 48 d1 fe sar %rsi
4004c1: 74 15 je 4004d8 <register_tm_clones+0x38>
4004c3: b8 00 00 00 00 mov $0x0,%eax
4004c8: 48 85 c0 test %rax,%rax
4004cb: 74 0b je 4004d8 <register_tm_clones+0x38>
4004cd: 5d pop %rbp
4004ce: bf 38 10 60 00 mov $0x601038,%edi
4004d3: ff e0 jmpq *%rax
4004d5: 0f 1f 00 nopl (%rax)
4004d8: 5d pop %rbp
4004d9: c3 retq
4004da: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
00000000004004e0 <__do_global_dtors_aux>:
__do_global_dtors_aux():
4004e0: 80 3d 51 0b 20 00 00 cmpb $0x0,0x200b51(%rip) # 601038 <__TMC_END__>
4004e7: 75 11 jne 4004fa <__do_global_dtors_aux+0x1a>
4004e9: 55 push %rbp
4004ea: 48 89 e5 mov %rsp,%rbp
4004ed: e8 6e ff ff ff callq 400460 <deregister_tm_clones>
4004f2: 5d pop %rbp
4004f3: c6 05 3e 0b 20 00 01 movb $0x1,0x200b3e(%rip) # 601038 <__TMC_END__>
4004fa: f3 c3 repz retq
4004fc: 0f 1f 40 00 nopl 0x0(%rax)
0000000000400500 <frame_dummy>:
frame_dummy():
400500: bf 20 0e 60 00 mov $0x600e20,%edi
400505: 48 83 3f 00 cmpq $0x0,(%rdi)
400509: 75 05 jne 400510 <frame_dummy+0x10>
40050b: eb 93 jmp 4004a0 <register_tm_clones>
40050d: 0f 1f 00 nopl (%rax)
400510: b8 00 00 00 00 mov $0x0,%eax
400515: 48 85 c0 test %rax,%rax
400518: 74 f1 je 40050b <frame_dummy+0xb>
40051a: 55 push %rbp
40051b: 48 89 e5 mov %rsp,%rbp
40051e: ff d0 callq *%rax
400520: 5d pop %rbp
400521: e9 7a ff ff ff jmpq 4004a0 <register_tm_clones>
0000000000400526 <add_a_and_b>:
add_a_and_b():
400526: 55 push %rbp
400527: 48 89 e5 mov %rsp,%rbp
40052a: 89 7d fc mov %edi,-0x4(%rbp)
40052d: 89 75 f8 mov %esi,-0x8(%rbp)
400530: 8b 55 fc mov -0x4(%rbp),%edx
400533: 8b 45 f8 mov -0x8(%rbp),%eax
400536: 01 d0 add %edx,%eax
400538: 5d pop %rbp
400539: c3 retq
000000000040053a <main>:
main():
40053a: 55 push %rbp
40053b: 48 89 e5 mov %rsp,%rbp
40053e: 48 83 ec 20 sub $0x20,%rsp
400542: 89 7d ec mov %edi,-0x14(%rbp)
400545: 48 89 75 e0 mov %rsi,-0x20(%rbp)
400549: c7 45 f4 01 00 00 00 movl $0x1,-0xc(%rbp)
400550: c7 45 f8 02 00 00 00 movl $0x2,-0x8(%rbp)
400557: 8b 55 f8 mov -0x8(%rbp),%edx
40055a: 8b 45 f4 mov -0xc(%rbp),%eax
40055d: 89 d6 mov %edx,%esi
40055f: 89 c7 mov %eax,%edi
400561: e8 c0 ff ff ff callq 400526 <add_a_and_b>
400566: 89 45 fc mov %eax,-0x4(%rbp)
400569: 8b 4d fc mov -0x4(%rbp),%ecx
40056c: 8b 55 f8 mov -0x8(%rbp),%edx
40056f: 8b 45 f4 mov -0xc(%rbp),%eax
400572: 89 c6 mov %eax,%esi
400574: bf 14 06 40 00 mov $0x400614,%edi
400579: b8 00 00 00 00 mov $0x0,%eax
40057e: e8 7d fe ff ff callq 400400 <printf@plt>
400583: 8b 45 fc mov -0x4(%rbp),%eax
400586: c9 leaveq
400587: c3 retq
400588: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
40058f: 00
0000000000400590 <__libc_csu_init>:
__libc_csu_init():
400590: 41 57 push %r15
400592: 41 56 push %r14
400594: 41 89 ff mov %edi,%r15d
400597: 41 55 push %r13
400599: 41 54 push %r12
40059b: 4c 8d 25 6e 08 20 00 lea 0x20086e(%rip),%r12 # 600e10 <__frame_dummy_init_array_entry>
4005a2: 55 push %rbp
4005a3: 48 8d 2d 6e 08 20 00 lea 0x20086e(%rip),%rbp # 600e18 <__init_array_end>
4005aa: 53 push %rbx
4005ab: 49 89 f6 mov %rsi,%r14
4005ae: 49 89 d5 mov %rdx,%r13
4005b1: 4c 29 e5 sub %r12,%rbp
4005b4: 48 83 ec 08 sub $0x8,%rsp
4005b8: 48 c1 fd 03 sar $0x3,%rbp
4005bc: e8 07 fe ff ff callq 4003c8 <_init>
4005c1: 48 85 ed test %rbp,%rbp
4005c4: 74 20 je 4005e6 <__libc_csu_init+0x56>
4005c6: 31 db xor %ebx,%ebx
4005c8: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
4005cf: 00
4005d0: 4c 89 ea mov %r13,%rdx
4005d3: 4c 89 f6 mov %r14,%rsi
4005d6: 44 89 ff mov %r15d,%edi
4005d9: 41 ff 14 dc callq *(%r12,%rbx,8)
4005dd: 48 83 c3 01 add $0x1,%rbx
4005e1: 48 39 eb cmp %rbp,%rbx
4005e4: 75 ea jne 4005d0 <__libc_csu_init+0x40>
4005e6: 48 83 c4 08 add $0x8,%rsp
4005ea: 5b pop %rbx
4005eb: 5d pop %rbp
4005ec: 41 5c pop %r12
4005ee: 41 5d pop %r13
4005f0: 41 5e pop %r14
4005f2: 41 5f pop %r15
4005f4: c3 retq
4005f5: 90 nop
4005f6: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
4005fd: 00 00 00
0000000000400600 <__libc_csu_fini>:
__libc_csu_fini():
400600: f3 c3 repz retq
Disassembly of section .fini:
0000000000400604 <_fini>:
_fini():
400604: 48 83 ec 08 sub $0x8,%rsp
400608: 48 83 c4 08 add $0x8,%rsp
40060c: c3 retq
我們可以發現,它很清晰地指出每個C函數對應的彙編代碼,當然也有些函數看似不是我們寫的,但是是編譯鏈接時,鏈接到的系統函數代碼。
我們截取出add_a_and_b函數和main函數的彙編代碼來分析下:
main函數對應的彙編代碼分析如下:
000000000040053a <main>:
main():
40053a: 55 push %rbp //入參壓棧
40053b: 48 89 e5 mov %rsp,%rbp
40053e: 48 83 ec 20 sub $0x20,%rsp
400542: 89 7d ec mov %edi,-0x14(%rbp)
400545: 48 89 75 e0 mov %rsi,-0x20(%rbp)
400549: c7 45 f4 01 00 00 00 movl $0x1,-0xc(%rbp) //a變量賦值爲1
400550: c7 45 f8 02 00 00 00 movl $0x2,-0x8(%rbp) //b變量賦值爲2
400557: 8b 55 f8 mov -0x8(%rbp),%edx
40055a: 8b 45 f4 mov -0xc(%rbp),%eax
40055d: 89 d6 mov %edx,%esi
40055f: 89 c7 mov %eax,%edi
400561: e8 c0 ff ff ff callq 400526 <add_a_and_b> //調用add_a_and_b函數
400566: 89 45 fc mov %eax,-0x4(%rbp) //將add_a_and_b的返回值賦值給c
400569: 8b 4d fc mov -0x4(%rbp),%ecx
40056c: 8b 55 f8 mov -0x8(%rbp),%edx
40056f: 8b 45 f4 mov -0xc(%rbp),%eax
400572: 89 c6 mov %eax,%esi
400574: bf 14 06 40 00 mov $0x400614,%edi
400579: b8 00 00 00 00 mov $0x0,%eax
40057e: e8 7d fe ff ff callq 400400 <printf@plt> //調用printf輸出運行結果
400583: 8b 45 fc mov -0x4(%rbp),%eax
400586: c9 leaveq
400587: c3 retq //main函數退出
400588: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
40058f: 00
add_a_and_b函數對應的彙編代碼分析如下:
0000000000400526 <add_a_and_b>:
add_a_and_b():
400526: 55 push %rbp //入參壓棧
400527: 48 89 e5 mov %rsp,%rbp
40052a: 89 7d fc mov %edi,-0x4(%rbp)
40052d: 89 75 f8 mov %esi,-0x8(%rbp)
400530: 8b 55 fc mov -0x4(%rbp),%edx
400533: 8b 45 f8 mov -0x8(%rbp),%eax
400536: 01 d0 add %edx,%eax //將參數a和參數b相加
400538: 5d pop %rbp //入參出棧
400539: c3 retq //返回a+b的值
以上就是對C文件的反彙編的簡單過程。雖然給出的例程比較簡單,但是這已經涵蓋反彙編操作的主要內容。我們應該清晰地認識到,任何複雜的代碼功能都是由小段小段的代碼片段組成,而再簡單的C代碼最終也是一條條彙編指令執行才能得到正確的結果,這是因爲CPU壓根就不懂什麼【代碼】,在它的眼裏,只有【指令】,你叫它執行什麼指令,它就執行什麼指令。
反彙編的教程就介紹到這裏,如果你還有疑問,歡迎在評論席提出你的問題。 @_@