我有一些闭源库。我需要在函数draw_something周围创建一个钩子(LD_PRELOAD),并在此库中调用。我想禁用它(不做任何动作而不是动作)。 objdump很好地为我分解了一个功能,但我在asm中完全是一个菜鸟。库是为MIPS架构而构建的。
我不知道如何从程序集中提取C函数原型。可能吗?你能说一个函数有多少参数和它返回的内容?如果你有一个关于这个主题的文档/博客,请给我链接。
UPD:编译器为mips-linux-gnu-gcc (Sourcery G++ Lite 4.3-51) 4.3.2
反汇编功能:
00004fe0 <draw_something>:
4fe0: 3c1c0002 lui gp,0x2
4fe4: 279c9cc0 addiu gp,gp,-25408
4fe8: 0399e021 addu gp,gp,t9
4fec: 27bdff90 addiu sp,sp,-112
4ff0: afbf006c sw ra,108(sp)
4ff4: afbe0068 sw s8,104(sp)
4ff8: afb70064 sw s7,100(sp)
4ffc: afb60060 sw s6,96(sp)
5000: afb5005c sw s5,92(sp)
5004: afb40058 sw s4,88(sp)
5008: afb30054 sw s3,84(sp)
500c: afb20050 sw s2,80(sp)
5010: afb1004c sw s1,76(sp)
5014: afb00048 sw s0,72(sp)
5018: afbc0020 sw gp,32(sp)
501c: 8c99001c lw t9,28(a0)
5020: 00809821 move s3,a0
5024: 8c84000c lw a0,12(a0)
5028: 30a500ff andi a1,a1,0xff
502c: 0320f809 jalr t9
5030: 00003021 move a2,zero
5034: afa20038 sw v0,56(sp)
5038: 8fa30038 lw v1,56(sp)
503c: 24020006 li v0,6
5040: 10620010 beq v1,v0,5084 <draw_something+0xa4>
5044: 8fbc0020 lw gp,32(sp)
5048: 24020009 li v0,9
504c: afa20038 sw v0,56(sp)
5050: 8fbf006c lw ra,108(sp)
5054: 8fa20038 lw v0,56(sp)
5058: 8fbe0068 lw s8,104(sp)
505c: 8fb70064 lw s7,100(sp)
5060: 8fb60060 lw s6,96(sp)
5064: 8fb5005c lw s5,92(sp)
5068: 8fb40058 lw s4,88(sp)
506c: 8fb30054 lw s3,84(sp)
5070: 8fb20050 lw s2,80(sp)
5074: 8fb1004c lw s1,76(sp)
5078: 8fb00048 lw s0,72(sp)
507c: 03e00008 jr ra
5080: 27bd0070 addiu sp,sp,112
5084: 3c0200da lui v0,0xda
5088: 02622021 addu a0,s3,v0
508c: 2405000b li a1,11
5090: 8c8377a0 lw v1,30624(a0)
5094: 10650006 beq v1,a1,50b0 <draw_something+0xd0>
5098: 2402000d li v0,13
509c: 10620075 beq v1,v0,5274 <draw_something+0x294>
50a0: 2402000a li v0,10
50a4: 1462ffeb bne v1,v0,5054 <draw_something+0x74>
50a8: 8fbf006c lw ra,108(sp)
50ac: ac8577a0 sw a1,30624(a0)
50b0: 8f858024 lw a1,-32732(gp)
50b4: 27a3002c addiu v1,sp,44
50b8: 8f998040 lw t9,-32704(gp)
50bc: afa30040 sw v1,64(sp)
50c0: 00602021 move a0,v1
50c4: 0320f809 jalr t9
50c8: 24a56b00 addiu a1,a1,27392
50cc: 3c020013 lui v0,0x13
50d0: 02621021 addu v0,s3,v0
50d4: 24030008 li v1,8
50d8: 8c5785f4 lw s7,-31244(v0)
50dc: 8c5585f8 lw s5,-31240(v0)
50e0: 3c02cccc lui v0,0xcccc
50e4: 3442cccd ori v0,v0,0xcccd
50e8: 02e20019 multu s7,v0
50ec: 00001010 mfhi v0
50f0: 0075a80a movz s5,v1,s5
50f4: 8fb20040 lw s2,64(sp)
50f8: 241100c8 li s1,200
50fc: 02408021 move s0,s2
5100: 0002a0c2 srl s4,v0,0x3
5104: 001418c0 sll v1,s4,0x3
5108: 00141040 sll v0,s4,0x1
510c: 00431021 addu v0,v0,v1
5110: 02e2a023 subu s4,s7,v0
5114: 27a20028 addiu v0,sp,40
5118: afa2003c sw v0,60(sp)
511c: 27be0033 addiu s8,sp,51
5120: 24160028 li s6,40
5124: 92020000 lbu v0,0(s0)
5128: 3c03c000 lui v1,0xc000
512c: 8e64000c lw a0,12(s3)
5130: 8e790014 lw t9,20(s3)
5134: 346340c0 ori v1,v1,0x40c0
5138: 8fa7003c lw a3,60(sp)
513c: 02202821 move a1,s1
5140: a3a20028 sb v0,40(sp)
5144: a3a00029 sb zero,41(sp)
5148: afa30010 sw v1,16(sp)
514c: afb60014 sw s6,20(sp)
5150: afa00018 sw zero,24(sp)
5154: afa0001c sw zero,28(sp)
5158: 240600c8 li a2,200
515c: 0320f809 jalr t9
5160: 26100001 addiu s0,s0,1
5164: 8fbc0020 lw gp,32(sp)
5168: 17d0ffee bne s8,s0,5124 <draw_something+0x144>
516c: 26310028 addiu s1,s1,40
5170: 3c02cccc lui v0,0xcccc
5174: 02f43823 subu a3,s7,s4
5178: 3442cccd ori v0,v0,0xcccd
517c: 00e20019 multu a3,v0
5180: 00003810 mfhi a3
5184: 8f858024 lw a1,-32732(gp)
5188: 8f998040 lw t9,-32704(gp)
518c: 02a03021 move a2,s5
5190: 8fa40040 lw a0,64(sp)
5194: 3c15c000 lui s5,0xc000
5198: afb40010 sw s4,16(sp)
519c: 24a56b08 addiu a1,a1,27400
51a0: 000738c2 srl a3,a3,0x3
51a4: 36b540c0 ori s5,s5,0x40c0
51a8: 241000c8 li s0,200
51ac: 27b40034 addiu s4,sp,52
51b0: 0320f809 jalr t9
51b4: 24110028 li s1,40
51b8: 92420000 lbu v0,0(s2)
51bc: 8e64000c lw a0,12(s3)
51c0: 8e790014 lw t9,20(s3)
51c4: 8fa7003c lw a3,60(sp)
51c8: 02002821 move a1,s0
51cc: a3a20028 sb v0,40(sp)
51d0: a3a00029 sb zero,41(sp)
51d4: afb50010 sw s5,16(sp)
51d8: afb10014 sw s1,20(sp)
51dc: afa00018 sw zero,24(sp)
51e0: afa0001c sw zero,28(sp)
51e4: 240600fa li a2,250
51e8: 0320f809 jalr t9
51ec: 26520001 addiu s2,s2,1
51f0: 8fbc0020 lw gp,32(sp)
51f4: 1692fff0 bne s4,s2,51b8 <draw_something+0x1d8>
51f8: 26100028 addiu s0,s0,40
51fc: 3c0200da lui v0,0xda
5200: 02628021 addu s0,s3,v0
5204: 2411000b li s1,11
5208: 8e0377a4 lw v1,30628(s0)
520c: 10710037 beq v1,s1,52ec <draw_something+0x30c>
5210: 2c62000c sltiu v0,v1,12
5214: 10400029 beqz v0,52bc <draw_something+0x2dc>
5218: 2402000c li v0,12
521c: 2402000a li v0,10
5220: 14620008 bne v1,v0,5244 <draw_something+0x264>
5224: 3c02c000 lui v0,0xc000
5228: 8f858024 lw a1,-32732(gp)
522c: 8f998040 lw t9,-32704(gp)
5230: 8fa40040 lw a0,64(sp)
5234: 0320f809 jalr t9
5238: 24a56b14 addiu a1,a1,27412
523c: ae1177a4 sw s1,30628(s0)
5240: 3c02c000 lui v0,0xc000
5244: 8e64000c lw a0,12(s3)
5248: 8e790014 lw t9,20(s3)
524c: 344240c0 ori v0,v0,0x40c0
5250: 24030028 li v1,40
5254: 8fa70040 lw a3,64(sp)
5258: afa20010 sw v0,16(sp)
525c: afa30014 sw v1,20(sp)
5260: afa00018 sw zero,24(sp)
5264: afa0001c sw zero,28(sp)
5268: 240501e0 li a1,480
526c: 0320f809 jalr t9
5270: 240600c8 li a2,200
5274: 8e64000c lw a0,12(s3)
5278: 8e790020 lw t9,32(s3)
527c: 0320f809 jalr t9
5280: 00002821 move a1,zero
5284: 8fbf006c lw ra,108(sp)
5288: 8fa20038 lw v0,56(sp)
528c: 8fbc0020 lw gp,32(sp)
5290: 8fbe0068 lw s8,104(sp)
5294: 8fb70064 lw s7,100(sp)
5298: 8fb60060 lw s6,96(sp)
529c: 8fb5005c lw s5,92(sp)
52a0: 8fb40058 lw s4,88(sp)
52a4: 8fb30054 lw s3,84(sp)
52a8: 8fb20050 lw s2,80(sp)
52ac: 8fb1004c lw s1,76(sp)
52b0: 8fb00048 lw s0,72(sp)
52b4: 03e00008 jr ra
52b8: 27bd0070 addiu sp,sp,112
52bc: 10620013 beq v1,v0,530c <draw_something+0x32c>
52c0: 2402000d li v0,13
52c4: 1462ffdf bne v1,v0,5244 <draw_something+0x264>
52c8: 3c02c000 lui v0,0xc000
52cc: 8f858024 lw a1,-32732(gp)
52d0: 8f998040 lw t9,-32704(gp)
52d4: 8fa40040 lw a0,64(sp)
52d8: 0320f809 jalr t9
52dc: 24a56b20 addiu a1,a1,27424
52e0: 2402000a li v0,10
52e4: 1000ffd6 b 5240 <draw_something+0x260>
52e8: ae0277a4 sw v0,30628(s0)
52ec: 8f858024 lw a1,-32732(gp)
52f0: 8f998040 lw t9,-32704(gp)
52f4: 8fa40040 lw a0,64(sp)
52f8: 0320f809 jalr t9
52fc: 24a56b18 addiu a1,a1,27416
5300: 2402000c li v0,12
5304: 1000ffce b 5240 <draw_something+0x260>
5308: ae0277a4 sw v0,30628(s0)
530c: 8f858024 lw a1,-32732(gp)
5310: 8f998040 lw t9,-32704(gp)
5314: 8fa40040 lw a0,64(sp)
5318: 0320f809 jalr t9
531c: 24a56b1c addiu a1,a1,27420
5320: 2402000d li v0,13
5324: 1000ffc6 b 5240 <draw_something+0x260>
5328: ae0277a4 sw v0,30628(s0)
答案 0 :(得分:3)
您不需要原型,您只需要知道:
据我所知,在Linux / MIPS的情况下,答案就像经典的C:
详情请见此处:http://math-atlas.sourceforge.net/devel/assembly/mipsabi32.pdf
这意味着你对函数的原型并不重要,因为恢复堆栈和参数寄存器是调用者的责任,编译器会自动发出代码来保存/恢复它使用的寄存器。所以你可以做到void draw_something(){}。
或者它可能需要特定的返回值,在这种情况下int draw_something(){return 0;}可能会有效。
如果函数导致后来依赖的副作用(例如更新光标位置),这将无法工作,因为当然你不会生成代码来执行此操作。