我试图理解由以下C代码生成的汇编指令:
#include<stdio.h>
#include<unistd.h>
int main()
{
char *happy[2];
happy[0] = "/bin/sh";
happy[1] = NULL;
execve(happy[0],happy,NULL);
}
不幸的是我无法理解这个汇编代码
任何人都可以向我解释这段代码吗?我可以确定rax包含/bin/sh的地址,但我不知道在这里使用rsi寄存器。
Dump of assembler code for function main:
0x0000000000400a0d <+0>: push %rbp
0x0000000000400a0e <+1>: mov %rsp,%rbp
0x0000000000400a11 <+4>: sub $0x20,%rsp
0x0000000000400a15 <+8>: mov %fs:0x28,%rax
0x0000000000400a1e <+17>: mov %rax,-0x8(%rbp)
0x0000000000400a22 <+21>: xor %eax,%eax
0x0000000000400a24 <+23>: lea 0x8c4d9(%rip),%rax # 0x48cf04
0x0000000000400a2b <+30>: mov %rax,-0x20(%rbp)
0x0000000000400a2f <+34>: movq $0x0,-0x18(%rbp)
0x0000000000400a37 <+42>: mov -0x20(%rbp),%rax
0x0000000000400a3b <+46>: lea -0x20(%rbp),%rcx
0x0000000000400a3f <+50>: mov $0x0,%edx
0x0000000000400a44 <+55>: mov %rcx,%rsi
0x0000000000400a47 <+58>: mov %rax,%rdi
0x0000000000400a4a <+61>: callq 0x432b10 <execve>
0x0000000000400a4f <+66>: mov $0x0,%eax
0x0000000000400a54 <+71>: mov -0x8(%rbp),%rdx
0x0000000000400a58 <+75>: xor %fs:0x28,%rdx
0x0000000000400a61 <+84>: je 0x400a68 <main+91>
0x0000000000400a63 <+86>: callq 0x435730 <__stack_chk_fail_local>
0x0000000000400a68 <+91>: leaveq
0x0000000000400a69 <+92>: retq
End of assembler dump.
`