【Linux反汇编】如何使用objdump进行反汇编?
本文将简单介绍如何使用objdump工具进行反汇编。
本文的前提是你的Linux编程环境有gcc工具和objdump工具,没有请自行安装。
先给出一段C代码作为源文件,很简单的功能,就是实现c=a+b的功能,代码如下:
#include <stdio.h>
static int add_a_and_b(int a, int b)
{
return a + b;
}
int main(int argc, const char *argv[])
{
int a = 1;
int b = 2;
int c;
c = add_a_and_b(a, b);
printf(" %d + %d = %d\n", a, b, c);
return c;
}接下来,我们要使用gcc编译这段C代码,编程可执行程序,执行命令如下:
gcc -o gcc_objdump gcc_objdump.c它将会生成一个名字叫gcc_objdump的elf可执行文件,通过运行该文件可以得到执行结果,如下图所示:
通过file命令,我们可以知道gcc_objdump这个可执行文件是一个elf文件,而我们要进行反汇编操作,就是要以这个elf文件为输入,得到汇编代码,这个过程,我们就称之为【反汇编】。
要进行反汇编操作,我们需要用到一个叫objdump的命令行工具,它的介绍可以自行到网上搜索,简单来说,就是一个可以将elf文件还原成汇编代码的工具,非常的使用。它的使用方法如下,在命令输入:
objdump -l -x -d gcc_objdump > gcc_objdump.dmp我们就可以得到汇编文件gcc_objdump.dmp,我们用文本查看工具,如notepad++打开它,并阅读它。
gcc_objdump: file format elf64-x86-64
gcc_objdump
architecture: i386:x86-64, flags 0x00000112:
EXEC_P, HAS_SYMS, D_PAGED
start address 0x0000000000400430
Program Header:
PHDR off 0x0000000000000040 vaddr 0x0000000000400040 paddr 0x0000000000400040 align 2**3
filesz 0x00000000000001f8 memsz 0x00000000000001f8 flags r-x
INTERP off 0x0000000000000238 vaddr 0x0000000000400238 paddr 0x0000000000400238 align 2**0
filesz 0x000000000000001c memsz 0x000000000000001c flags r--
LOAD off 0x0000000000000000 vaddr 0x0000000000400000 paddr 0x0000000000400000 align 2**21
filesz 0x0000000000000774 memsz 0x0000000000000774 flags r-x
LOAD off 0x0000000000000e10 vaddr 0x0000000000600e10 paddr 0x0000000000600e10 align 2**21
filesz 0x0000000000000228 memsz 0x0000000000000230 flags rw-
DYNAMIC off 0x0000000000000e28 vaddr 0x0000000000600e28 paddr 0x0000000000600e28 align 2**3
filesz 0x00000000000001d0 memsz 0x00000000000001d0 flags rw-
NOTE off 0x0000000000000254 vaddr 0x0000000000400254 paddr 0x0000000000400254 align 2**2
filesz 0x0000000000000044 memsz 0x0000000000000044 flags r--
EH_FRAME off 0x0000000000000624 vaddr 0x0000000000400624 paddr 0x0000000000400624 align 2**2
filesz 0x000000000000003c memsz 0x000000000000003c flags r--
STACK off 0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**4
filesz 0x0000000000000000 memsz 0x0000000000000000 flags rw-
RELRO off 0x0000000000000e10 vaddr 0x0000000000600e10 paddr 0x0000000000600e10 align 2**0
filesz 0x00000000000001f0 memsz 0x00000000000001f0 flags r--
Dynamic Section:
NEEDED libc.so.6
INIT 0x00000000004003c8
FINI 0x0000000000400604
INIT_ARRAY 0x0000000000600e10
INIT_ARRAYSZ 0x0000000000000008
FINI_ARRAY 0x0000000000600e18
FINI_ARRAYSZ 0x0000000000000008
GNU_HASH 0x0000000000400298
STRTAB 0x0000000000400318
SYMTAB 0x00000000004002b8
STRSZ 0x000000000000003f
SYMENT 0x0000000000000018
DEBUG 0x0000000000000000
PLTGOT 0x0000000000601000
PLTRELSZ 0x0000000000000030
PLTREL 0x0000000000000007
JMPREL 0x0000000000400398
RELA 0x0000000000400380
RELASZ 0x0000000000000018
RELAENT 0x0000000000000018
VERNEED 0x0000000000400360
VERNEEDNUM 0x0000000000000001
VERSYM 0x0000000000400358
Version References:
required from libc.so.6:
0x09691a75 0x00 02 GLIBC_2.2.5
Sections:
Idx Name Size VMA LMA File off Algn
0 .interp 0000001c 0000000000400238 0000000000400238 00000238 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
1 .note.ABI-tag 00000020 0000000000400254 0000000000400254 00000254 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
2 .note.gnu.build-id 00000024 0000000000400274 0000000000400274 00000274 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
3 .gnu.hash 0000001c 0000000000400298 0000000000400298 00000298 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
4 .dynsym 00000060 00000000004002b8 00000000004002b8 000002b8 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
5 .dynstr 0000003f 0000000000400318 0000000000400318 00000318 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .gnu.version 00000008 0000000000400358 0000000000400358 00000358 2**1
CONTENTS, ALLOC, LOAD, READONLY, DATA
7 .gnu.version_r 00000020 0000000000400360 0000000000400360 00000360 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
8 .rela.dyn 00000018 0000000000400380 0000000000400380 00000380 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
9 .rela.plt 00000030 0000000000400398 0000000000400398 00000398 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
10 .init 0000001a 00000000004003c8 00000000004003c8 000003c8 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
11 .plt 00000030 00000000004003f0 00000000004003f0 000003f0 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
12 .plt.got 00000008 0000000000400420 0000000000400420 00000420 2**3
CONTENTS, ALLOC, LOAD, READONLY, CODE
13 .text 000001d2 0000000000400430 0000000000400430 00000430 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
14 .fini 00000009 0000000000400604 0000000000400604 00000604 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
15 .rodata 00000013 0000000000400610 0000000000400610 00000610 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
16 .eh_frame_hdr 0000003c 0000000000400624 0000000000400624 00000624 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
17 .eh_frame 00000114 0000000000400660 0000000000400660 00000660 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
18 .init_array 00000008 0000000000600e10 0000000000600e10 00000e10 2**3
CONTENTS, ALLOC, LOAD, DATA
19 .fini_array 00000008 0000000000600e18 0000000000600e18 00000e18 2**3
CONTENTS, ALLOC, LOAD, DATA
20 .jcr 00000008 0000000000600e20 0000000000600e20 00000e20 2**3
CONTENTS, ALLOC, LOAD, DATA
21 .dynamic 000001d0 0000000000600e28 0000000000600e28 00000e28 2**3
CONTENTS, ALLOC, LOAD, DATA
22 .got 00000008 0000000000600ff8 0000000000600ff8 00000ff8 2**3
CONTENTS, ALLOC, LOAD, DATA
23 .got.plt 00000028 0000000000601000 0000000000601000 00001000 2**3
CONTENTS, ALLOC, LOAD, DATA
24 .data 00000010 0000000000601028 0000000000601028 00001028 2**3
CONTENTS, ALLOC, LOAD, DATA
25 .bss 00000008 0000000000601038 0000000000601038 00001038 2**0
ALLOC
26 .comment 00000035 0000000000000000 0000000000000000 00001038 2**0
CONTENTS, READONLY
SYMBOL TABLE:
0000000000400238 l d .interp 0000000000000000 .interp
0000000000400254 l d .note.ABI-tag 0000000000000000 .note.ABI-tag
0000000000400274 l d .note.gnu.build-id 0000000000000000 .note.gnu.build-id
0000000000400298 l d .gnu.hash 0000000000000000 .gnu.hash
00000000004002b8 l d .dynsym 0000000000000000 .dynsym
0000000000400318 l d .dynstr 0000000000000000 .dynstr
0000000000400358 l d .gnu.version 0000000000000000 .gnu.version
0000000000400360 l d .gnu.version_r 0000000000000000 .gnu.version_r
0000000000400380 l d .rela.dyn 0000000000000000 .rela.dyn
0000000000400398 l d .rela.plt 0000000000000000 .rela.plt
00000000004003c8 l d .init 0000000000000000 .init
00000000004003f0 l d .plt 0000000000000000 .plt
0000000000400420 l d .plt.got 0000000000000000 .plt.got
0000000000400430 l d .text 0000000000000000 .text
0000000000400604 l d .fini 0000000000000000 .fini
0000000000400610 l d .rodata 0000000000000000 .rodata
0000000000400624 l d .eh_frame_hdr 0000000000000000 .eh_frame_hdr
0000000000400660 l d .eh_frame 0000000000000000 .eh_frame
0000000000600e10 l d .init_array 0000000000000000 .init_array
0000000000600e18 l d .fini_array 0000000000000000 .fini_array
0000000000600e20 l d .jcr 0000000000000000 .jcr
0000000000600e28 l d .dynamic 0000000000000000 .dynamic
0000000000600ff8 l d .got 0000000000000000 .got
0000000000601000 l d .got.plt 0000000000000000 .got.plt
0000000000601028 l d .data 0000000000000000 .data
0000000000601038 l d .bss 0000000000000000 .bss
0000000000000000 l d .comment 0000000000000000 .comment
0000000000000000 l df *ABS* 0000000000000000 crtstuff.c
0000000000600e20 l O .jcr 0000000000000000 __JCR_LIST__
0000000000400460 l F .text 0000000000000000 deregister_tm_clones
00000000004004a0 l F .text 0000000000000000 register_tm_clones
00000000004004e0 l F .text 0000000000000000 __do_global_dtors_aux
0000000000601038 l O .bss 0000000000000001 completed.7594
0000000000600e18 l O .fini_array 0000000000000000 __do_global_dtors_aux_fini_array_entry
0000000000400500 l F .text 0000000000000000 frame_dummy
0000000000600e10 l O .init_array 0000000000000000 __frame_dummy_init_array_entry
0000000000000000 l df *ABS* 0000000000000000 gcc_objdump.c
0000000000400526 l F .text 0000000000000014 add_a_and_b
0000000000000000 l df *ABS* 0000000000000000 crtstuff.c
0000000000400770 l O .eh_frame 0000000000000000 __FRAME_END__
0000000000600e20 l O .jcr 0000000000000000 __JCR_END__
0000000000000000 l df *ABS* 0000000000000000
0000000000600e18 l .init_array 0000000000000000 __init_array_end
0000000000600e28 l O .dynamic 0000000000000000 _DYNAMIC
0000000000600e10 l .init_array 0000000000000000 __init_array_start
0000000000400624 l .eh_frame_hdr 0000000000000000 __GNU_EH_FRAME_HDR
0000000000601000 l O .got.plt 0000000000000000 _GLOBAL_OFFSET_TABLE_
0000000000400600 g F .text 0000000000000002 __libc_csu_fini
0000000000000000 w *UND* 0000000000000000 _ITM_deregisterTMCloneTable
0000000000601028 w .data 0000000000000000 data_start
0000000000601038 g .data 0000000000000000 _edata
0000000000400604 g F .fini 0000000000000000 _fini
0000000000000000 F *UND* 0000000000000000 [email protected]@GLIBC_2.2.5
0000000000000000 F *UND* 0000000000000000 [email protected]@GLIBC_2.2.5
0000000000601028 g .data 0000000000000000 __data_start
0000000000000000 w *UND* 0000000000000000 __gmon_start__
0000000000601030 g O .data 0000000000000000 .hidden __dso_handle
0000000000400610 g O .rodata 0000000000000004 _IO_stdin_used
0000000000400590 g F .text 0000000000000065 __libc_csu_init
0000000000601040 g .bss 0000000000000000 _end
0000000000400430 g F .text 000000000000002a _start
0000000000601038 g .bss 0000000000000000 __bss_start
000000000040053a g F .text 000000000000004e main
0000000000000000 w *UND* 0000000000000000 _Jv_RegisterClasses
0000000000601038 g O .data 0000000000000000 .hidden __TMC_END__
0000000000000000 w *UND* 0000000000000000 _ITM_registerTMCloneTable
00000000004003c8 g F .init 0000000000000000 _init
Disassembly of section .init:
00000000004003c8 <_init>:
_init():
4003c8: 48 83 ec 08 sub $0x8,%rsp
4003cc: 48 8b 05 25 0c 20 00 mov 0x200c25(%rip),%rax # 600ff8 <_DYNAMIC+0x1d0>
4003d3: 48 85 c0 test %rax,%rax
4003d6: 74 05 je 4003dd <_init+0x15>
4003d8: e8 43 00 00 00 callq 400420 <[email protected]+0x10>
4003dd: 48 83 c4 08 add $0x8,%rsp
4003e1: c3 retq
Disassembly of section .plt:
00000000004003f0 <[email protected]>:
4003f0: ff 35 12 0c 20 00 pushq 0x200c12(%rip) # 601008 <_GLOBAL_OFFSET_TABLE_+0x8>
4003f6: ff 25 14 0c 20 00 jmpq *0x200c14(%rip) # 601010 <_GLOBAL_OFFSET_TABLE_+0x10>
4003fc: 0f 1f 40 00 nopl 0x0(%rax)
0000000000400400 <[email protected]>:
400400: ff 25 12 0c 20 00 jmpq *0x200c12(%rip) # 601018 <_GLOBAL_OFFSET_TABLE_+0x18>
400406: 68 00 00 00 00 pushq $0x0
40040b: e9 e0 ff ff ff jmpq 4003f0 <_init+0x28>
0000000000400410 <[email protected]>:
400410: ff 25 0a 0c 20 00 jmpq *0x200c0a(%rip) # 601020 <_GLOBAL_OFFSET_TABLE_+0x20>
400416: 68 01 00 00 00 pushq $0x1
40041b: e9 d0 ff ff ff jmpq 4003f0 <_init+0x28>
Disassembly of section .plt.got:
0000000000400420 <.plt.got>:
400420: ff 25 d2 0b 20 00 jmpq *0x200bd2(%rip) # 600ff8 <_DYNAMIC+0x1d0>
400426: 66 90 xchg %ax,%ax
Disassembly of section .text:
0000000000400430 <_start>:
_start():
400430: 31 ed xor %ebp,%ebp
400432: 49 89 d1 mov %rdx,%r9
400435: 5e pop %rsi
400436: 48 89 e2 mov %rsp,%rdx
400439: 48 83 e4 f0 and $0xfffffffffffffff0,%rsp
40043d: 50 push %rax
40043e: 54 push %rsp
40043f: 49 c7 c0 00 06 40 00 mov $0x400600,%r8
400446: 48 c7 c1 90 05 40 00 mov $0x400590,%rcx
40044d: 48 c7 c7 3a 05 40 00 mov $0x40053a,%rdi
400454: e8 b7 ff ff ff callq 400410 <[email protected]>
400459: f4 hlt
40045a: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
0000000000400460 <deregister_tm_clones>:
deregister_tm_clones():
400460: b8 3f 10 60 00 mov $0x60103f,%eax
400465: 55 push %rbp
400466: 48 2d 38 10 60 00 sub $0x601038,%rax
40046c: 48 83 f8 0e cmp $0xe,%rax
400470: 48 89 e5 mov %rsp,%rbp
400473: 76 1b jbe 400490 <deregister_tm_clones+0x30>
400475: b8 00 00 00 00 mov $0x0,%eax
40047a: 48 85 c0 test %rax,%rax
40047d: 74 11 je 400490 <deregister_tm_clones+0x30>
40047f: 5d pop %rbp
400480: bf 38 10 60 00 mov $0x601038,%edi
400485: ff e0 jmpq *%rax
400487: 66 0f 1f 84 00 00 00 nopw 0x0(%rax,%rax,1)
40048e: 00 00
400490: 5d pop %rbp
400491: c3 retq
400492: 0f 1f 40 00 nopl 0x0(%rax)
400496: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
40049d: 00 00 00
00000000004004a0 <register_tm_clones>:
register_tm_clones():
4004a0: be 38 10 60 00 mov $0x601038,%esi
4004a5: 55 push %rbp
4004a6: 48 81 ee 38 10 60 00 sub $0x601038,%rsi
4004ad: 48 c1 fe 03 sar $0x3,%rsi
4004b1: 48 89 e5 mov %rsp,%rbp
4004b4: 48 89 f0 mov %rsi,%rax
4004b7: 48 c1 e8 3f shr $0x3f,%rax
4004bb: 48 01 c6 add %rax,%rsi
4004be: 48 d1 fe sar %rsi
4004c1: 74 15 je 4004d8 <register_tm_clones+0x38>
4004c3: b8 00 00 00 00 mov $0x0,%eax
4004c8: 48 85 c0 test %rax,%rax
4004cb: 74 0b je 4004d8 <register_tm_clones+0x38>
4004cd: 5d pop %rbp
4004ce: bf 38 10 60 00 mov $0x601038,%edi
4004d3: ff e0 jmpq *%rax
4004d5: 0f 1f 00 nopl (%rax)
4004d8: 5d pop %rbp
4004d9: c3 retq
4004da: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
00000000004004e0 <__do_global_dtors_aux>:
__do_global_dtors_aux():
4004e0: 80 3d 51 0b 20 00 00 cmpb $0x0,0x200b51(%rip) # 601038 <__TMC_END__>
4004e7: 75 11 jne 4004fa <__do_global_dtors_aux+0x1a>
4004e9: 55 push %rbp
4004ea: 48 89 e5 mov %rsp,%rbp
4004ed: e8 6e ff ff ff callq 400460 <deregister_tm_clones>
4004f2: 5d pop %rbp
4004f3: c6 05 3e 0b 20 00 01 movb $0x1,0x200b3e(%rip) # 601038 <__TMC_END__>
4004fa: f3 c3 repz retq
4004fc: 0f 1f 40 00 nopl 0x0(%rax)
0000000000400500 <frame_dummy>:
frame_dummy():
400500: bf 20 0e 60 00 mov $0x600e20,%edi
400505: 48 83 3f 00 cmpq $0x0,(%rdi)
400509: 75 05 jne 400510 <frame_dummy+0x10>
40050b: eb 93 jmp 4004a0 <register_tm_clones>
40050d: 0f 1f 00 nopl (%rax)
400510: b8 00 00 00 00 mov $0x0,%eax
400515: 48 85 c0 test %rax,%rax
400518: 74 f1 je 40050b <frame_dummy+0xb>
40051a: 55 push %rbp
40051b: 48 89 e5 mov %rsp,%rbp
40051e: ff d0 callq *%rax
400520: 5d pop %rbp
400521: e9 7a ff ff ff jmpq 4004a0 <register_tm_clones>
0000000000400526 <add_a_and_b>:
add_a_and_b():
400526: 55 push %rbp
400527: 48 89 e5 mov %rsp,%rbp
40052a: 89 7d fc mov %edi,-0x4(%rbp)
40052d: 89 75 f8 mov %esi,-0x8(%rbp)
400530: 8b 55 fc mov -0x4(%rbp),%edx
400533: 8b 45 f8 mov -0x8(%rbp),%eax
400536: 01 d0 add %edx,%eax
400538: 5d pop %rbp
400539: c3 retq
000000000040053a <main>:
main():
40053a: 55 push %rbp
40053b: 48 89 e5 mov %rsp,%rbp
40053e: 48 83 ec 20 sub $0x20,%rsp
400542: 89 7d ec mov %edi,-0x14(%rbp)
400545: 48 89 75 e0 mov %rsi,-0x20(%rbp)
400549: c7 45 f4 01 00 00 00 movl $0x1,-0xc(%rbp)
400550: c7 45 f8 02 00 00 00 movl $0x2,-0x8(%rbp)
400557: 8b 55 f8 mov -0x8(%rbp),%edx
40055a: 8b 45 f4 mov -0xc(%rbp),%eax
40055d: 89 d6 mov %edx,%esi
40055f: 89 c7 mov %eax,%edi
400561: e8 c0 ff ff ff callq 400526 <add_a_and_b>
400566: 89 45 fc mov %eax,-0x4(%rbp)
400569: 8b 4d fc mov -0x4(%rbp),%ecx
40056c: 8b 55 f8 mov -0x8(%rbp),%edx
40056f: 8b 45 f4 mov -0xc(%rbp),%eax
400572: 89 c6 mov %eax,%esi
400574: bf 14 06 40 00 mov $0x400614,%edi
400579: b8 00 00 00 00 mov $0x0,%eax
40057e: e8 7d fe ff ff callq 400400 <[email protected]>
400583: 8b 45 fc mov -0x4(%rbp),%eax
400586: c9 leaveq
400587: c3 retq
400588: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
40058f: 00
0000000000400590 <__libc_csu_init>:
__libc_csu_init():
400590: 41 57 push %r15
400592: 41 56 push %r14
400594: 41 89 ff mov %edi,%r15d
400597: 41 55 push %r13
400599: 41 54 push %r12
40059b: 4c 8d 25 6e 08 20 00 lea 0x20086e(%rip),%r12 # 600e10 <__frame_dummy_init_array_entry>
4005a2: 55 push %rbp
4005a3: 48 8d 2d 6e 08 20 00 lea 0x20086e(%rip),%rbp # 600e18 <__init_array_end>
4005aa: 53 push %rbx
4005ab: 49 89 f6 mov %rsi,%r14
4005ae: 49 89 d5 mov %rdx,%r13
4005b1: 4c 29 e5 sub %r12,%rbp
4005b4: 48 83 ec 08 sub $0x8,%rsp
4005b8: 48 c1 fd 03 sar $0x3,%rbp
4005bc: e8 07 fe ff ff callq 4003c8 <_init>
4005c1: 48 85 ed test %rbp,%rbp
4005c4: 74 20 je 4005e6 <__libc_csu_init+0x56>
4005c6: 31 db xor %ebx,%ebx
4005c8: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
4005cf: 00
4005d0: 4c 89 ea mov %r13,%rdx
4005d3: 4c 89 f6 mov %r14,%rsi
4005d6: 44 89 ff mov %r15d,%edi
4005d9: 41 ff 14 dc callq *(%r12,%rbx,8)
4005dd: 48 83 c3 01 add $0x1,%rbx
4005e1: 48 39 eb cmp %rbp,%rbx
4005e4: 75 ea jne 4005d0 <__libc_csu_init+0x40>
4005e6: 48 83 c4 08 add $0x8,%rsp
4005ea: 5b pop %rbx
4005eb: 5d pop %rbp
4005ec: 41 5c pop %r12
4005ee: 41 5d pop %r13
4005f0: 41 5e pop %r14
4005f2: 41 5f pop %r15
4005f4: c3 retq
4005f5: 90 nop
4005f6: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
4005fd: 00 00 00
0000000000400600 <__libc_csu_fini>:
__libc_csu_fini():
400600: f3 c3 repz retq
Disassembly of section .fini:
0000000000400604 <_fini>:
_fini():
400604: 48 83 ec 08 sub $0x8,%rsp
400608: 48 83 c4 08 add $0x8,%rsp
40060c: c3 retq
我们可以发现,它很清晰地指出每个C函数对应的汇编代码,当然也有些函数看似不是我们写的,但是是编译链接时,链接到的系统函数代码。
我们截取出add_a_and_b函数和main函数的汇编代码来分析下:
main函数对应的汇编代码分析如下:
000000000040053a <main>:
main():
40053a: 55 push %rbp //入参压栈
40053b: 48 89 e5 mov %rsp,%rbp
40053e: 48 83 ec 20 sub $0x20,%rsp
400542: 89 7d ec mov %edi,-0x14(%rbp)
400545: 48 89 75 e0 mov %rsi,-0x20(%rbp)
400549: c7 45 f4 01 00 00 00 movl $0x1,-0xc(%rbp) //a变量赋值为1
400550: c7 45 f8 02 00 00 00 movl $0x2,-0x8(%rbp) //b变量赋值为2
400557: 8b 55 f8 mov -0x8(%rbp),%edx
40055a: 8b 45 f4 mov -0xc(%rbp),%eax
40055d: 89 d6 mov %edx,%esi
40055f: 89 c7 mov %eax,%edi
400561: e8 c0 ff ff ff callq 400526 <add_a_and_b> //调用add_a_and_b函数
400566: 89 45 fc mov %eax,-0x4(%rbp) //将add_a_and_b的返回值赋值给c
400569: 8b 4d fc mov -0x4(%rbp),%ecx
40056c: 8b 55 f8 mov -0x8(%rbp),%edx
40056f: 8b 45 f4 mov -0xc(%rbp),%eax
400572: 89 c6 mov %eax,%esi
400574: bf 14 06 40 00 mov $0x400614,%edi
400579: b8 00 00 00 00 mov $0x0,%eax
40057e: e8 7d fe ff ff callq 400400 <[email protected]> //调用printf输出运行结果
400583: 8b 45 fc mov -0x4(%rbp),%eax
400586: c9 leaveq
400587: c3 retq //main函数退出
400588: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
40058f: 00 add_a_and_b函数对应的汇编代码分析如下:
0000000000400526 <add_a_and_b>:
add_a_and_b():
400526: 55 push %rbp //入参压栈
400527: 48 89 e5 mov %rsp,%rbp
40052a: 89 7d fc mov %edi,-0x4(%rbp)
40052d: 89 75 f8 mov %esi,-0x8(%rbp)
400530: 8b 55 fc mov -0x4(%rbp),%edx
400533: 8b 45 f8 mov -0x8(%rbp),%eax
400536: 01 d0 add %edx,%eax //将参数a和参数b相加
400538: 5d pop %rbp //入参出栈
400539: c3 retq //返回a+b的值以上就是对C文件的反汇编的简单过程。虽然给出的例程比较简单,但是这已经涵盖反汇编操作的主要内容。我们应该清晰地认识到,任何复杂的代码功能都是由小段小段的代码片段组成,而再简单的C代码最终也是一条条汇编指令执行才能得到正确的结果,这是因为CPU压根就不懂什么【代码】,在它的眼里,只有【指令】,你叫它执行什么指令,它就执行什么指令。
反汇编的教程就介绍到这里,如果你还有疑问,欢迎在评论席提出你的问题。 @[email protected]