我正在试图理解我从gdb反汇编中得到的c程序的汇编代码,能不能帮帮我。
我的代码:
#include <unistd.h>
int main(int argc, char *argv[])
{
char buff[100];
/*if no argument…*/
if(argc <2)
{
printf("Syntax: %s <input string>\n", argv[0]);
exit (0);
}
strcpy(buff, argv[1]);
return 0;
}
我的main函数的汇编代码是:
转储函数main的汇编代码:
0x08048424 <+0>: push %ebp
0x08048425 <+1>: mov %esp,%ebp
0x08048427 <+3>: and $0xfffffff0,%esp
0x0804842a <+6>: add $0xffffff80,%esp
0x0804842d <+9>: cmpl $0x1,0x8(%ebp)
0x08048431 <+13>: jg 0x8048454 <main+48>
0x08048433 <+15>: mov 0xc(%ebp),%eax
0x08048436 <+18>: mov (%eax),%eax
0x08048438 <+20>: mov %eax,0x4(%esp)
0x0804843c <+24>: movl $0x8048544,(%esp)
0x08048443 <+31>: call 0x8048344 <printf@plt>
0x08048448 <+36>: movl $0x0,(%esp)
0x0804844f <+43>: call 0x8048354 <exit@plt>
0x08048454 <+48>: mov 0xc(%ebp),%eax
0x08048457 <+51>: add $0x4,%eax
0x0804845a <+54>: mov (%eax),%eax
0x0804845c <+56>: mov %eax,0x4(%esp)
0x08048460 <+60>: lea 0x1c(%esp),%eax
分配buff [100]大小的部分在哪里?
答案 0 :(得分:4)
下面:
add $0xffffff80,%esp
这样可以将128个字节(添加-128)减去ESP(堆栈指针寄存器)。
答案 1 :(得分:4)
以下代码
int main(int argc, char *argv[])
{
char buff[100];
请求在堆栈上创建char [100]缓冲区。以下是实际发生的事情:
;// 1. pushing the base pointer register on the stack
0x08048424 <+0>: push %ebp
;// 2. Creating the stack frame. Copying the stack pointer register to the base pointer
;// register creates a stack frame: an area on the stack where a subroutine
;// can store local data.
0x08048425 <+1>: mov %esp,%ebp
;// 3. Making sure that the stack is aligned to 16 bytes.
0x08048427 <+3>: and $0xfffffff0,%esp
;// 4. Making room for 128 bytes (100 as requested would throw off the alignment).
;// 128 is compatible with your requests and is optimized.
0x0804842a <+6>: add $0xffffff80,%esp
因此,这是在16字节对齐的堆栈上创建缓冲区。你要求100,编译器给你至少100,同时优化速度。
答案 2 :(得分:3)
我猜这是add $0xffffff80,%esp。移动堆栈指针以在函数内部提供空间。