我有一个二进制文件,发现strcmp got没有链接到libc strcmp但__strcmp_sse2_unaligned,我想知道它们之间的区别。
pwndbg> p strcmp
$2 = {<text gnu-indirect-function variable, no debug info>} 0x7fcc5e5fbcd0 <strcmp>
pwndbg> got
GOT protection: Partial RELRO | GOT functions: 44
[0x6260e0] strcmp@GLIBC_2.2.5 -> 0x7fcc5e611570 (__strcmp_sse2_unaligned) ◂— mov eax, edi
pwndbg> disass 0x7fcc5e5fbcd0
Dump of assembler code for function strcmp:
0x00007fcc5e5fbcd0 <+0>: mov rdx,QWORD PTR [rip+0x33a199] # 0x7fcc5e935e70
0x00007fcc5e5fbcd7 <+7>: lea rax,[rip+0x15892] # 0x7fcc5e611570 <__strcmp_sse2_unaligned>
0x00007fcc5e5fbcde <+14>: test DWORD PTR [rdx+0xb0],0x10
0x00007fcc5e5fbce8 <+24>: jne 0x7fcc5e5fbd04 <strcmp+52>
0x00007fcc5e5fbcea <+26>: lea rax,[rip+0xc48df] # 0x7fcc5e6c05d0 <__strcmp_ssse3>
0x00007fcc5e5fbcf1 <+33>: test DWORD PTR [rdx+0x80],0x200
0x00007fcc5e5fbcfb <+43>: jne 0x7fcc5e5fbd04 <strcmp+52>
0x00007fcc5e5fbcfd <+45>: lea rax,[rip+0xc] # 0x7fcc5e5fbd10 <__strcmp_sse2>
0x00007fcc5e5fbd04 <+52>: ret
End of assembler dump.
答案 0 :(得分:1)
据我了解,strcmp是所谓的间接函数之一(这是GNU扩展),请参阅GCC documentation on function attributes,ifunc部分。加载libc.so时,链接器会将strcmp符号标记为间接函数:
$ nm -D /lib/x86_64-linux-gnu/libc-2.26.so | grep strcmp
0000000000093ad0 i strcmp
然后它调用解析器函数并将strcmp符号解析为解析器返回的值。 在您的计算机上,它恰好是SSE2实施。