jmp on x64 assembly

时间:2014-07-10 14:23:51

标签: assembly gdb x86-64

下面的asm代码是使用x64 osx上的gcc -O4 ..生成的,对其进行了优化(有关-O4的更多信息,请查看gcc手册。)

(gdb) disas main
Dump of assembler code for function main:
   0x0000000100000f50 <+0>: push   rbp
   0x0000000100000f51 <+1>: mov    rbp,rsp
   0x0000000100000f54 <+4>: lea    rdi,[rip+0x2f]    # 0x100000f8a
   0x0000000100000f5b <+11>:    lea    rsi,[rip+0x2b]    # 0x100000f8d
   0x0000000100000f62 <+18>:    xor    eax,eax
   0x0000000100000f64 <+20>:    pop    rbp
   0x0000000100000f65 <+21>:    jmp    0x100000f6a

我试图了解主要版本+ 21及以后的代码流程。我尝试了以下操作,但无法找到如何在0x100000f6a(及以后)查看代码:

(gdb) disas 0x100000f6a
No function contains specified address.
(gdb) x/8 0x100000f6a
0x100000f6a:    0x00a025ff  0x8d4c0000  0x0000911d  0xff534100
0x100000f7a:    0x00008125  0x00689000  0xe9000000  0xffffffe6

因此,据我所知,main + 21的代码跳转到地址0x100000f6a。但是,我怎样才能看到0x100000f6a及以后的内容?我知道,对于此练习,它是JMPprintf的功能。我想看看整个功能(如果可能的话)。

x86 linux上的相同代码(是gcc -O4 ..)也被重新定位了?正确地:

(gdb) disas main
Dump of assembler code for function main:
  0x08048350 <+0>:  push   ebp
  0x08048351 <+1>:  mov    ebp,esp
  0x08048353 <+3>:  and    esp,0xfffffff0
  0x08048356 <+6>:  sub    esp,0x10
  0x08048359 <+9>:  mov    DWORD PTR [esp+0x8],0x8048500
  0x08048361 <+17>: mov    DWORD PTR [esp+0x4],0x8048506
  0x08048369 <+25>: mov    DWORD PTR [esp],0x1
  0x08048370 <+32>: call   0x8048340 <__printf_chk@plt>
  0x08048375 <+37>: leave
  0x08048376 <+38>: ret
End of assembler dump.
(gdb) x/32 0x8048340
0x8048340 <__printf_chk@plt>:   -1610078721 275253252   -385875968  -64
0x8048350 <main>:   -2082109099 -326897436  608487184   75825160
0x8048360 <main+16>:    608487176   75826692    604292872   1
0x8048370 <main+32>:    -13336  -1866216961 -1990267599 -253459487
0x8048380 <_start+8>:   1750226000  134513824   75772008    1750487304
0x8048390 <_start+24>:  134513488   -26648  -1869548289 -1869574000
0x80483a0 <__do_global_dtors_aux>:  1407551829  -2147160957 77599805    1064632328
0x80483b0 <__do_global_dtors_aux+16>:   77600929    -1625244920 -343865340  134520604

1 个答案:

答案 0 :(得分:0)

请尝试静态链接,看看是否再次发生这种情况。你的跳跃落在另一个跳跃上的事实看起来像PLT:

http://en.wikipedia.org/wiki/Position-independent_code#Technical_details