【RT-Thread学习笔记】使用objdump反汇编

描述

​本文将简单介绍如何使用objdump工具进行反汇编。

 

本文的前提是你的Linux编程环境有gcc工具和objdump工具,没有请自行安装。

先给出一段C代码作为源文件,很简单的功能,就是实现c=a+b的功能,代码如下:


#include 

static int add_a_and_b(int a, int b)
{
    return a + b;
}

int main(int argc, const char *argv[])
{
    int a = 1;
    int b = 2;
    int c;
	
    c = add_a_and_b(a, b);
    printf(" %d + %d = %d\n", a, b, c);
	
    return c;
}
汇编

接下来,我们要使用gcc编译这段C代码,编程可执行程序,执行命令如下:

gcc -o gcc_objdump gcc_objdump.c
汇编

它将会生成一个名字叫gcc_objdump的elf可执行文件,通过运行该文件可以得到执行结果,如下图所示:

汇编

 

通过file命令,我们可以知道gcc_objdump这个可执行文件是一个elf文件,而我们要进行反汇编操作,就是要以这个elf文件为输入,得到汇编代码,这个过程,我们就称之为【反汇编】。


要进行反汇编操作,我们需要用到一个叫objdump的命令行工具,它的介绍可以自行到网上搜索,简单来说,就是一个可以将elf文件还原成汇编代码的工具,非常的使用。它的使用方法如下,在命令输入:

objdump -l -x -d gcc_objdump > gcc_objdump.dmp
汇编

我们就可以得到汇编文件gcc_objdump.dmp,我们用文本查看工具,如notepad++打开它,并阅读它。


gcc_objdump:     file format elf64-x86-64
gcc_objdump
architecture: i386:x86-64, flags 0x00000112:
EXEC_P, HAS_SYMS, D_PAGED
start address 0x0000000000400430

Program Header:
    PHDR off    0x0000000000000040 vaddr 0x0000000000400040 paddr 0x0000000000400040 align 2**3
         filesz 0x00000000000001f8 memsz 0x00000000000001f8 flags r-x
  INTERP off    0x0000000000000238 vaddr 0x0000000000400238 paddr 0x0000000000400238 align 2**0
         filesz 0x000000000000001c memsz 0x000000000000001c flags r--
    LOAD off    0x0000000000000000 vaddr 0x0000000000400000 paddr 0x0000000000400000 align 2**21
         filesz 0x0000000000000774 memsz 0x0000000000000774 flags r-x
    LOAD off    0x0000000000000e10 vaddr 0x0000000000600e10 paddr 0x0000000000600e10 align 2**21
         filesz 0x0000000000000228 memsz 0x0000000000000230 flags rw-
 DYNAMIC off    0x0000000000000e28 vaddr 0x0000000000600e28 paddr 0x0000000000600e28 align 2**3
         filesz 0x00000000000001d0 memsz 0x00000000000001d0 flags rw-
    NOTE off    0x0000000000000254 vaddr 0x0000000000400254 paddr 0x0000000000400254 align 2**2
         filesz 0x0000000000000044 memsz 0x0000000000000044 flags r--
EH_FRAME off    0x0000000000000624 vaddr 0x0000000000400624 paddr 0x0000000000400624 align 2**2
         filesz 0x000000000000003c memsz 0x000000000000003c flags r--
   STACK off    0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**4
         filesz 0x0000000000000000 memsz 0x0000000000000000 flags rw-
   RELRO off    0x0000000000000e10 vaddr 0x0000000000600e10 paddr 0x0000000000600e10 align 2**0
         filesz 0x00000000000001f0 memsz 0x00000000000001f0 flags r--

Dynamic Section:
  NEEDED               libc.so.6
  INIT                 0x00000000004003c8
  FINI                 0x0000000000400604
  INIT_ARRAY           0x0000000000600e10
  INIT_ARRAYSZ         0x0000000000000008
  FINI_ARRAY           0x0000000000600e18
  FINI_ARRAYSZ         0x0000000000000008
  GNU_HASH             0x0000000000400298
  STRTAB               0x0000000000400318
  SYMTAB               0x00000000004002b8
  STRSZ                0x000000000000003f
  SYMENT               0x0000000000000018
  DEBUG                0x0000000000000000
  PLTGOT               0x0000000000601000
  PLTRELSZ             0x0000000000000030
  PLTREL               0x0000000000000007
  JMPREL               0x0000000000400398
  RELA                 0x0000000000400380
  RELASZ               0x0000000000000018
  RELAENT              0x0000000000000018
  VERNEED              0x0000000000400360
  VERNEEDNUM           0x0000000000000001
  VERSYM               0x0000000000400358

Version References:
  required from libc.so.6:
    0x09691a75 0x00 02 GLIBC_2.2.5

Sections:
Idx Name          Size      VMA               LMA               File off  Algn
  0 .interp       0000001c  0000000000400238  0000000000400238  00000238  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  1 .note.ABI-tag 00000020  0000000000400254  0000000000400254  00000254  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  2 .note.gnu.build-id 00000024  0000000000400274  0000000000400274  00000274  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  3 .gnu.hash     0000001c  0000000000400298  0000000000400298  00000298  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  4 .dynsym       00000060  00000000004002b8  00000000004002b8  000002b8  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  5 .dynstr       0000003f  0000000000400318  0000000000400318  00000318  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  6 .gnu.version  00000008  0000000000400358  0000000000400358  00000358  2**1
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  7 .gnu.version_r 00000020  0000000000400360  0000000000400360  00000360  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  8 .rela.dyn     00000018  0000000000400380  0000000000400380  00000380  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  9 .rela.plt     00000030  0000000000400398  0000000000400398  00000398  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 10 .init         0000001a  00000000004003c8  00000000004003c8  000003c8  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 11 .plt          00000030  00000000004003f0  00000000004003f0  000003f0  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 12 .plt.got      00000008  0000000000400420  0000000000400420  00000420  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 13 .text         000001d2  0000000000400430  0000000000400430  00000430  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 14 .fini         00000009  0000000000400604  0000000000400604  00000604  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 15 .rodata       00000013  0000000000400610  0000000000400610  00000610  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 16 .eh_frame_hdr 0000003c  0000000000400624  0000000000400624  00000624  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 17 .eh_frame     00000114  0000000000400660  0000000000400660  00000660  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 18 .init_array   00000008  0000000000600e10  0000000000600e10  00000e10  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 19 .fini_array   00000008  0000000000600e18  0000000000600e18  00000e18  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 20 .jcr          00000008  0000000000600e20  0000000000600e20  00000e20  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 21 .dynamic      000001d0  0000000000600e28  0000000000600e28  00000e28  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 22 .got          00000008  0000000000600ff8  0000000000600ff8  00000ff8  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 23 .got.plt      00000028  0000000000601000  0000000000601000  00001000  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 24 .data         00000010  0000000000601028  0000000000601028  00001028  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 25 .bss          00000008  0000000000601038  0000000000601038  00001038  2**0
                  ALLOC
 26 .comment      00000035  0000000000000000  0000000000000000  00001038  2**0
                  CONTENTS, READONLY
SYMBOL TABLE:
0000000000400238 l    d  .interp	0000000000000000              .interp
0000000000400254 l    d  .note.ABI-tag	0000000000000000              .note.ABI-tag
0000000000400274 l    d  .note.gnu.build-id	0000000000000000              .note.gnu.build-id
0000000000400298 l    d  .gnu.hash	0000000000000000              .gnu.hash
00000000004002b8 l    d  .dynsym	0000000000000000              .dynsym
0000000000400318 l    d  .dynstr	0000000000000000              .dynstr
0000000000400358 l    d  .gnu.version	0000000000000000              .gnu.version
0000000000400360 l    d  .gnu.version_r	0000000000000000              .gnu.version_r
0000000000400380 l    d  .rela.dyn	0000000000000000              .rela.dyn
0000000000400398 l    d  .rela.plt	0000000000000000              .rela.plt
00000000004003c8 l    d  .init	0000000000000000              .init
00000000004003f0 l    d  .plt	0000000000000000              .plt
0000000000400420 l    d  .plt.got	0000000000000000              .plt.got
0000000000400430 l    d  .text	0000000000000000              .text
0000000000400604 l    d  .fini	0000000000000000              .fini
0000000000400610 l    d  .rodata	0000000000000000              .rodata
0000000000400624 l    d  .eh_frame_hdr	0000000000000000              .eh_frame_hdr
0000000000400660 l    d  .eh_frame	0000000000000000              .eh_frame
0000000000600e10 l    d  .init_array	0000000000000000              .init_array
0000000000600e18 l    d  .fini_array	0000000000000000              .fini_array
0000000000600e20 l    d  .jcr	0000000000000000              .jcr
0000000000600e28 l    d  .dynamic	0000000000000000              .dynamic
0000000000600ff8 l    d  .got	0000000000000000              .got
0000000000601000 l    d  .got.plt	0000000000000000              .got.plt
0000000000601028 l    d  .data	0000000000000000              .data
0000000000601038 l    d  .bss	0000000000000000              .bss
0000000000000000 l    d  .comment	0000000000000000              .comment
0000000000000000 l    df *ABS*	0000000000000000              crtstuff.c
0000000000600e20 l     O .jcr	0000000000000000              __JCR_LIST__
0000000000400460 l     F .text	0000000000000000              deregister_tm_clones
00000000004004a0 l     F .text	0000000000000000              register_tm_clones
00000000004004e0 l     F .text	0000000000000000              __do_global_dtors_aux
0000000000601038 l     O .bss	0000000000000001              completed.7594
0000000000600e18 l     O .fini_array	0000000000000000              __do_global_dtors_aux_fini_array_entry
0000000000400500 l     F .text	0000000000000000              frame_dummy
0000000000600e10 l     O .init_array	0000000000000000              __frame_dummy_init_array_entry
0000000000000000 l    df *ABS*	0000000000000000              gcc_objdump.c
0000000000400526 l     F .text	0000000000000014              add_a_and_b
0000000000000000 l    df *ABS*	0000000000000000              crtstuff.c
0000000000400770 l     O .eh_frame	0000000000000000              __FRAME_END__
0000000000600e20 l     O .jcr	0000000000000000              __JCR_END__
0000000000000000 l    df *ABS*	0000000000000000              
0000000000600e18 l       .init_array	0000000000000000              __init_array_end
0000000000600e28 l     O .dynamic	0000000000000000              _DYNAMIC
0000000000600e10 l       .init_array	0000000000000000              __init_array_start
0000000000400624 l       .eh_frame_hdr	0000000000000000              __GNU_EH_FRAME_HDR
0000000000601000 l     O .got.plt	0000000000000000              _GLOBAL_OFFSET_TABLE_
0000000000400600 g     F .text	0000000000000002              __libc_csu_fini
0000000000000000  w      *UND*	0000000000000000              _ITM_deregisterTMCloneTable
0000000000601028  w      .data	0000000000000000              data_start
0000000000601038 g       .data	0000000000000000              _edata
0000000000400604 g     F .fini	0000000000000000              _fini
0000000000000000       F *UND*	0000000000000000              printf@@GLIBC_2.2.5
0000000000000000       F *UND*	0000000000000000              __libc_start_main@@GLIBC_2.2.5
0000000000601028 g       .data	0000000000000000              __data_start
0000000000000000  w      *UND*	0000000000000000              __gmon_start__
0000000000601030 g     O .data	0000000000000000              .hidden __dso_handle
0000000000400610 g     O .rodata	0000000000000004              _IO_stdin_used
0000000000400590 g     F .text	0000000000000065              __libc_csu_init
0000000000601040 g       .bss	0000000000000000              _end
0000000000400430 g     F .text	000000000000002a              _start
0000000000601038 g       .bss	0000000000000000              __bss_start
000000000040053a g     F .text	000000000000004e              main
0000000000000000  w      *UND*	0000000000000000              _Jv_RegisterClasses
0000000000601038 g     O .data	0000000000000000              .hidden __TMC_END__
0000000000000000  w      *UND*	0000000000000000              _ITM_registerTMCloneTable
00000000004003c8 g     F .init	0000000000000000              _init



Disassembly of section .init:

00000000004003c8 <_init>:
_init():
  4003c8:	48 83 ec 08          	sub    $0x8,%rsp
  4003cc:	48 8b 05 25 0c 20 00 	mov    0x200c25(%rip),%rax        # 600ff8 <_DYNAMIC+0x1d0>
  4003d3:	48 85 c0             	test   %rax,%rax
  4003d6:	74 05                	je     4003dd <_init+0x15>
  4003d8:	e8 43 00 00 00       	callq  400420 <__libc_start_main@plt+0x10>
  4003dd:	48 83 c4 08          	add    $0x8,%rsp
  4003e1:	c3                   	retq   

Disassembly of section .plt:

00000000004003f0 :
  4003f0:	ff 35 12 0c 20 00    	pushq  0x200c12(%rip)        # 601008 <_GLOBAL_OFFSET_TABLE_+0x8>
  4003f6:	ff 25 14 0c 20 00    	jmpq   *0x200c14(%rip)        # 601010 <_GLOBAL_OFFSET_TABLE_+0x10>
  4003fc:	0f 1f 40 00          	nopl   0x0(%rax)

0000000000400400 :
  400400:	ff 25 12 0c 20 00    	jmpq   *0x200c12(%rip)        # 601018 <_GLOBAL_OFFSET_TABLE_+0x18>
  400406:	68 00 00 00 00       	pushq  $0x0
  40040b:	e9 e0 ff ff ff       	jmpq   4003f0 <_init+0x28>

0000000000400410 <__libc_start_main@plt>:
  400410:	ff 25 0a 0c 20 00    	jmpq   *0x200c0a(%rip)        # 601020 <_GLOBAL_OFFSET_TABLE_+0x20>
  400416:	68 01 00 00 00       	pushq  $0x1
  40041b:	e9 d0 ff ff ff       	jmpq   4003f0 <_init+0x28>

Disassembly of section .plt.got:

0000000000400420 <.plt.got>:
  400420:	ff 25 d2 0b 20 00    	jmpq   *0x200bd2(%rip)        # 600ff8 <_DYNAMIC+0x1d0>
  400426:	66 90                	xchg   %ax,%ax

Disassembly of section .text:

0000000000400430 <_start>:
_start():
  400430:	31 ed                	xor    %ebp,%ebp
  400432:	49 89 d1             	mov    %rdx,%r9
  400435:	5e                   	pop    %rsi
  400436:	48 89 e2             	mov    %rsp,%rdx
  400439:	48 83 e4 f0          	and    $0xfffffffffffffff0,%rsp
  40043d:	50                   	push   %rax
  40043e:	54                   	push   %rsp
  40043f:	49 c7 c0 00 06 40 00 	mov    $0x400600,%r8
  400446:	48 c7 c1 90 05 40 00 	mov    $0x400590,%rcx
  40044d:	48 c7 c7 3a 05 40 00 	mov    $0x40053a,%rdi
  400454:	e8 b7 ff ff ff       	callq  400410 <__libc_start_main@plt>
  400459:	f4                   	hlt    
  40045a:	66 0f 1f 44 00 00    	nopw   0x0(%rax,%rax,1)

0000000000400460 :
deregister_tm_clones():
  400460:	b8 3f 10 60 00       	mov    $0x60103f,%eax
  400465:	55                   	push   %rbp
  400466:	48 2d 38 10 60 00    	sub    $0x601038,%rax
  40046c:	48 83 f8 0e          	cmp    $0xe,%rax
  400470:	48 89 e5             	mov    %rsp,%rbp
  400473:	76 1b                	jbe    400490 
  400475:	b8 00 00 00 00       	mov    $0x0,%eax
  40047a:	48 85 c0             	test   %rax,%rax
  40047d:	74 11                	je     400490 
  40047f:	5d                   	pop    %rbp
  400480:	bf 38 10 60 00       	mov    $0x601038,%edi
  400485:	ff e0                	jmpq   *%rax
  400487:	66 0f 1f 84 00 00 00 	nopw   0x0(%rax,%rax,1)
  40048e:	00 00 
  400490:	5d                   	pop    %rbp
  400491:	c3                   	retq   
  400492:	0f 1f 40 00          	nopl   0x0(%rax)
  400496:	66 2e 0f 1f 84 00 00 	nopw   %cs:0x0(%rax,%rax,1)
  40049d:	00 00 00 

00000000004004a0 :
register_tm_clones():
  4004a0:	be 38 10 60 00       	mov    $0x601038,%esi
  4004a5:	55                   	push   %rbp
  4004a6:	48 81 ee 38 10 60 00 	sub    $0x601038,%rsi
  4004ad:	48 c1 fe 03          	sar    $0x3,%rsi
  4004b1:	48 89 e5             	mov    %rsp,%rbp
  4004b4:	48 89 f0             	mov    %rsi,%rax
  4004b7:	48 c1 e8 3f          	shr    $0x3f,%rax
  4004bb:	48 01 c6             	add    %rax,%rsi
  4004be:	48 d1 fe             	sar    %rsi
  4004c1:	74 15                	je     4004d8 
  4004c3:	b8 00 00 00 00       	mov    $0x0,%eax
  4004c8:	48 85 c0             	test   %rax,%rax
  4004cb:	74 0b                	je     4004d8 
  4004cd:	5d                   	pop    %rbp
  4004ce:	bf 38 10 60 00       	mov    $0x601038,%edi
  4004d3:	ff e0                	jmpq   *%rax
  4004d5:	0f 1f 00             	nopl   (%rax)
  4004d8:	5d                   	pop    %rbp
  4004d9:	c3                   	retq   
  4004da:	66 0f 1f 44 00 00    	nopw   0x0(%rax,%rax,1)

00000000004004e0 <__do_global_dtors_aux>:
__do_global_dtors_aux():
  4004e0:	80 3d 51 0b 20 00 00 	cmpb   $0x0,0x200b51(%rip)        # 601038 <__TMC_END__>
  4004e7:	75 11                	jne    4004fa <__do_global_dtors_aux+0x1a>
  4004e9:	55                   	push   %rbp
  4004ea:	48 89 e5             	mov    %rsp,%rbp
  4004ed:	e8 6e ff ff ff       	callq  400460 
  4004f2:	5d                   	pop    %rbp
  4004f3:	c6 05 3e 0b 20 00 01 	movb   $0x1,0x200b3e(%rip)        # 601038 <__TMC_END__>
  4004fa:	f3 c3                	repz retq 
  4004fc:	0f 1f 40 00          	nopl   0x0(%rax)

0000000000400500 :
frame_dummy():
  400500:	bf 20 0e 60 00       	mov    $0x600e20,%edi
  400505:	48 83 3f 00          	cmpq   $0x0,(%rdi)
  400509:	75 05                	jne    400510 
  40050b:	eb 93                	jmp    4004a0 
  40050d:	0f 1f 00             	nopl   (%rax)
  400510:	b8 00 00 00 00       	mov    $0x0,%eax
  400515:	48 85 c0             	test   %rax,%rax
  400518:	74 f1                	je     40050b 
  40051a:	55                   	push   %rbp
  40051b:	48 89 e5             	mov    %rsp,%rbp
  40051e:	ff d0                	callq  *%rax
  400520:	5d                   	pop    %rbp
  400521:	e9 7a ff ff ff       	jmpq   4004a0 

0000000000400526 :
add_a_and_b():
  400526:	55                   	push   %rbp
  400527:	48 89 e5             	mov    %rsp,%rbp
  40052a:	89 7d fc             	mov    %edi,-0x4(%rbp)
  40052d:	89 75 f8             	mov    %esi,-0x8(%rbp)
  400530:	8b 55 fc             	mov    -0x4(%rbp),%edx
  400533:	8b 45 f8             	mov    -0x8(%rbp),%eax
  400536:	01 d0                	add    %edx,%eax
  400538:	5d                   	pop    %rbp
  400539:	c3                   	retq   

000000000040053a +0xb>+0x10>+0x38>+0x38>+0x30>+0x30>@plt>@plt-0x10>:
main():
  40053a:	55                   	push   %rbp
  40053b:	48 89 e5             	mov    %rsp,%rbp
  40053e:	48 83 ec 20          	sub    $0x20,%rsp
  400542:	89 7d ec             	mov    %edi,-0x14(%rbp)
  400545:	48 89 75 e0          	mov    %rsi,-0x20(%rbp)
  400549:	c7 45 f4 01 00 00 00 	movl   $0x1,-0xc(%rbp)
  400550:	c7 45 f8 02 00 00 00 	movl   $0x2,-0x8(%rbp)
  400557:	8b 55 f8             	mov    -0x8(%rbp),%edx
  40055a:	8b 45 f4             	mov    -0xc(%rbp),%eax
  40055d:	89 d6                	mov    %edx,%esi
  40055f:	89 c7                	mov    %eax,%edi
  400561:	e8 c0 ff ff ff       	callq  400526 
  400566:	89 45 fc             	mov    %eax,-0x4(%rbp)
  400569:	8b 4d fc             	mov    -0x4(%rbp),%ecx
  40056c:	8b 55 f8             	mov    -0x8(%rbp),%edx
  40056f:	8b 45 f4             	mov    -0xc(%rbp),%eax
  400572:	89 c6                	mov    %eax,%esi
  400574:	bf 14 06 40 00       	mov    $0x400614,%edi
  400579:	b8 00 00 00 00       	mov    $0x0,%eax
  40057e:	e8 7d fe ff ff       	callq  400400 
  400583:	8b 45 fc             	mov    -0x4(%rbp),%eax
  400586:	c9                   	leaveq 
  400587:	c3                   	retq   
  400588:	0f 1f 84 00 00 00 00 	nopl   0x0(%rax,%rax,1)
  40058f:	00 

0000000000400590 <__libc_csu_init>:
__libc_csu_init():
  400590:	41 57                	push   %r15
  400592:	41 56                	push   %r14
  400594:	41 89 ff             	mov    %edi,%r15d
  400597:	41 55                	push   %r13
  400599:	41 54                	push   %r12
  40059b:	4c 8d 25 6e 08 20 00 	lea    0x20086e(%rip),%r12        # 600e10 <__frame_dummy_init_array_entry>
  4005a2:	55                   	push   %rbp
  4005a3:	48 8d 2d 6e 08 20 00 	lea    0x20086e(%rip),%rbp        # 600e18 <__init_array_end>
  4005aa:	53                   	push   %rbx
  4005ab:	49 89 f6             	mov    %rsi,%r14
  4005ae:	49 89 d5             	mov    %rdx,%r13
  4005b1:	4c 29 e5             	sub    %r12,%rbp
  4005b4:	48 83 ec 08          	sub    $0x8,%rsp
  4005b8:	48 c1 fd 03          	sar    $0x3,%rbp
  4005bc:	e8 07 fe ff ff       	callq  4003c8 <_init>
  4005c1:	48 85 ed             	test   %rbp,%rbp
  4005c4:	74 20                	je     4005e6 <__libc_csu_init+0x56>
  4005c6:	31 db                	xor    %ebx,%ebx
  4005c8:	0f 1f 84 00 00 00 00 	nopl   0x0(%rax,%rax,1)
  4005cf:	00 
  4005d0:	4c 89 ea             	mov    %r13,%rdx
  4005d3:	4c 89 f6             	mov    %r14,%rsi
  4005d6:	44 89 ff             	mov    %r15d,%edi
  4005d9:	41 ff 14 dc          	callq  *(%r12,%rbx,8)
  4005dd:	48 83 c3 01          	add    $0x1,%rbx
  4005e1:	48 39 eb             	cmp    %rbp,%rbx
  4005e4:	75 ea                	jne    4005d0 <__libc_csu_init+0x40>
  4005e6:	48 83 c4 08          	add    $0x8,%rsp
  4005ea:	5b                   	pop    %rbx
  4005eb:	5d                   	pop    %rbp
  4005ec:	41 5c                	pop    %r12
  4005ee:	41 5d                	pop    %r13
  4005f0:	41 5e                	pop    %r14
  4005f2:	41 5f                	pop    %r15
  4005f4:	c3                   	retq   
  4005f5:	90                   	nop
  4005f6:	66 2e 0f 1f 84 00 00 	nopw   %cs:0x0(%rax,%rax,1)
  4005fd:	00 00 00 

0000000000400600 <__libc_csu_fini>:
__libc_csu_fini():
  400600:	f3 c3                	repz retq 

Disassembly of section .fini:

0000000000400604 <_fini>:
_fini():
  400604:	48 83 ec 08          	sub    $0x8,%rsp
  400608:	48 83 c4 08          	add    $0x8,%rsp
  40060c:	c3                   	retq   
@plt>
汇编

我们可以发现,它很清晰地指出每个C函数对应的汇编代码,当然也有些函数看似不是我们写的,但是是编译链接时,链接到的系统函数代码。

我们截取出add_a_and_b函数和main函数的汇编代码来分析下:

main函数对应的汇编代码分析如下:

000000000040053a :
main():
  40053a:	55                   	push   %rbp         //入参压栈
  40053b:	48 89 e5             	mov    %rsp,%rbp
  40053e:	48 83 ec 20          	sub    $0x20,%rsp
  400542:	89 7d ec             	mov    %edi,-0x14(%rbp)
  400545:	48 89 75 e0          	mov    %rsi,-0x20(%rbp)
  400549:	c7 45 f4 01 00 00 00 	movl   $0x1,-0xc(%rbp)  //a变量赋值为1
  400550:	c7 45 f8 02 00 00 00 	movl   $0x2,-0x8(%rbp)  //b变量赋值为2
  400557:	8b 55 f8             	mov    -0x8(%rbp),%edx
  40055a:	8b 45 f4             	mov    -0xc(%rbp),%eax
  40055d:	89 d6                	mov    %edx,%esi
  40055f:	89 c7                	mov    %eax,%edi
  400561:	e8 c0 ff ff ff       	callq  400526  //调用add_a_and_b函数
  400566:	89 45 fc             	mov    %eax,-0x4(%rbp) //将add_a_and_b的返回值赋值给c
  400569:	8b 4d fc             	mov    -0x4(%rbp),%ecx
  40056c:	8b 55 f8             	mov    -0x8(%rbp),%edx
  40056f:	8b 45 f4             	mov    -0xc(%rbp),%eax
  400572:	89 c6                	mov    %eax,%esi
  400574:	bf 14 06 40 00       	mov    $0x400614,%edi
  400579:	b8 00 00 00 00       	mov    $0x0,%eax
  40057e:	e8 7d fe ff ff       	callq  400400  //调用printf输出运行结果
  400583:	8b 45 fc             	mov    -0x4(%rbp),%eax
  400586:	c9                   	leaveq 
  400587:	c3                   	retq   //main函数退出
  400588:	0f 1f 84 00 00 00 00 	nopl   0x0(%rax,%rax,1) 
  40058f:	00 @plt>
汇编

add_a_and_b函数对应的汇编代码分析如下:

0000000000400526 :
add_a_and_b():
  400526:	55                   	push   %rbp  //入参压栈
  400527:	48 89 e5             	mov    %rsp,%rbp
  40052a:	89 7d fc             	mov    %edi,-0x4(%rbp)
  40052d:	89 75 f8             	mov    %esi,-0x8(%rbp)
  400530:	8b 55 fc             	mov    -0x4(%rbp),%edx
  400533:	8b 45 f8             	mov    -0x8(%rbp),%eax
  400536:	01 d0                	add    %edx,%eax  //将参数a和参数b相加
  400538:	5d                   	pop    %rbp //入参出栈
  400539:	c3                   	retq  //返回a+b的值
汇编

以上就是对C文件的反汇编的简单过程。虽然给出的例程比较简单,但是这已经涵盖反汇编操作的主要内容。我们应该清晰地认识到,任何复杂的代码功能都是由小段小段的代码片段组成,而再简单的C代码最终也是一条条汇编指令执行才能得到正确的结果,这是因为CPU压根就不懂什么【代码】,在它的眼里,只有【指令】,你叫它执行什么指令,它就执行什么指令。

反汇编的教程就介绍到这里,如果你还有疑问,欢迎在评论席提出你的问题。 @_@ 

​  审核编辑:汤梓红

打开APP阅读更多精彩内容
声明:本文内容及配图由入驻作者撰写或者入驻合作网站授权转载。文章观点仅代表作者本人,不代表电子发烧友网立场。文章及其配图仅供工程师学习之用,如有内容侵权或者其他违规问题,请联系本站处理。 举报投诉

全部0条评论

快来发表一下你的评论吧 !

×
20
完善资料,
赚取积分