如何在汇编程序函数中找出给定参数的类型和返回值?
lea 0x1(%ecx),%ebx究竟做了什么? 0x1(%ecx)的地址是否存储在%ebx?
我有一个将汇编代码重写为C函数的任务,这是我不明白的事情。我认为参数是int,因为mov 0x8(%esp),%edx,mov 0xc(%esp),%eax并且返回类型也是int,但这可能是错误的,因为我们的验证系统不接受我的解决方案。
整个代码用于x86,33位用于GNU / Linux。
我认为mov的语法类似于mov <target>, <source>但是那时mov $0x0,%edi并且我想,那个目标不能为0.同样的sub $0x18,%esp。
这是由toplevel_fnc
080aab5c <subroutine_fnc>:
80aab5c: 53 push %ebx // backup
80aab5d: 8b 54 24 08 mov 0x8(%esp),%edx // 1st parameter pointer to the memory
80aab61: 8b 44 24 0c mov 0xc(%esp),%eax // 2nd parameter int
80aab65: 83 f8 09 cmp $0x9,%eax // if (eax == 9)
80aab68: 74 15 je 80aab7f <subroutine_fnc+0x23> // true
80aab6a: 83 f8 20 cmp $0x20,%eax // else if(eax == 32)
80aab6d: 74 10 je 80aab7f <subroutine_fnc+0x23> // true
80aab6f: 3b 05 80 a9 0c 08 cmp 0x80ca980,%eax // else if(eax == 135047552)
80aab75: 74 08 je 80aab7f <subroutine_fnc+0x23> // true
80aab77: c7 02 00 00 00 00 movl $0x0,(%edx) // else edx = 0 -- first element in stack
80aab7d: eb 0e jmp 80aab8d <subroutine_fnc+0x31> // jump to end programm
80aab7f: 8b 0a mov (%edx),%ecx // ecx = edx
80aab81: 8d 59 01 lea 0x1(%ecx),%ebx // ebx = &(ecx + 1)
80aab84: 89 1a mov %ebx,(%edx) // edx = ebx
80aab86: 83 f9 01 cmp $0x1,%ecx // if(ecx == 1)
80aab89: 19 d2 sbb %edx,%edx // edx = 0 and CF is set
80aab8b: 21 d0 and %edx,%eax //
80aab8d: 5b pop %ebx
80aab8e: c3 ret
这是toplevel_fnc
080aab8f <toplevel_fnc>:
80aab8f: 55 push %ebp
80aab90: 57 push %edi
80aab91: 56 push %esi
80aab92: 53 push %ebx
80aab93: 83 ec 18 sub $0x18,%esp //24 byte for local variables
80aab96: c7 44 24 14 00 00 00 movl $0x0,0x14(%esp) //esp + 0x14 = 0
80aab9d: 00
80aab9e: bf 00 00 00 00 mov $0x0,%edi //edi = 0
80aaba3: 8d 74 24 13 lea 0x13(%esp),%esi
80aaba7: 8d 6c 24 14 lea 0x14(%esp),%ebp
80aabab: eb 2e jmp 80aabdb <toplevel_fnc+0x4c>
80aabad: 0f be 44 24 13 movsbl 0x13(%esp),%eax
80aabb2: 89 44 24 04 mov %eax,0x4(%esp)
80aabb6: 89 2c 24 mov %ebp,(%esp)
80aabb9: e8 9e ff ff ff call 80aab5c <subroutine_fnc>
80aabbe: 88 44 24 13 mov %al,0x13(%esp)
80aabc2: 84 c0 test %al,%al
80aabc4: 74 12 je 80aabd8 <toplevel_fnc+0x49>
80aabc6: ba 01 00 00 00 mov $0x1,%edx
80aabcb: 89 d3 mov %edx,%ebx
80aabcd: 89 f1 mov %esi,%ecx
80aabcf: b8 04 00 00 00 mov $0x4,%eax
80aabd4: cd 80 int $0x80
80aabd6: eb 03 jmp 80aabdb <toplevel_fnc+0x4c>
80aabd8: 83 c7 01 add $0x1,%edi
80aabdb: ba 01 00 00 00 mov $0x1,%edx
80aabe0: bb 00 00 00 00 mov $0x0,%ebx
80aabe5: 89 f1 mov %esi,%ecx
80aabe7: b8 03 00 00 00 mov $0x3,%eax
80aabec: cd 80 int $0x80
80aabee: 83 f8 01 cmp $0x1,%eax
80aabf1: 74 ba je 80aabad <toplevel_fnc+0x1e>
80aabf3: 89 f8 mov %edi,%eax
80aabf5: 83 c4 18 add $0x18,%esp
80aabf8: 5b pop %ebx
80aabf9: 5e pop %esi
80aabfa: 5f pop %edi
80aabfb: 5d pop %ebp
80aabfc: c3 ret
提前谢谢!
答案 0 :(得分:1)
如何在汇编程序函数中找出给定参数的类型和返回值?
您只能通过查看用于在R0(即EAX)中存储返回值的指令并查看存储在那里的数据来进行有根据的猜测。汇编语言是无类型的。
lea 0x1(%ecx),%ebx究竟做了什么? 0x1(%ecx)的地址是否存储在%ebx?
中
将ecx + 1指定的地址存储在ebx中。使用这些操作数,它实际上是ebx = ecx + 1。