简单的C程序反汇编
第一次练习,可能有错误的地方。
最近在学习(打发时间)逆向方面的知识
#C源代码 下面是main.c的代码
#include <stdio.h>
int function(int i,int *j)
{
char ch='A';
int a=char array[]="abc";
char array[]="abc";
b=i+(*j)+a;
return b;
}
void main()
{
int i=6,j=4;
function(i,&j);
}对上面代码进行编译gcc -g main.c -o main.out
下面我们来用gdb反编译main.out文件 得到其main和function的汇编指令如下
- main()
0x00000000004004eb <+0>: push rbp
0x00000000004004ec <+1>: mov rbp,rsp
0x00000000004004ef <+4>: sub rsp,0x10
0x00000000004004f3 <+8>: mov DWORD PTR [rbp-0x4],0x6
0x00000000004004fa <+15>: mov DWORD PTR [rbp-0x8],0x4
0x0000000000400501 <+22>: lea rdx,[rbp-0x8]
0x0000000000400505 <+26>: mov eax,DWORD PTR [rbp-0x4]
0x0000000000400508 <+29>: mov rsi,rdx
0x000000000040050b <+32>: mov edi,eax
0x000000000040050d <+34>: call 0x4004b6 <function>
0x0000000000400512 <+39>: leave
0x0000000000400513 <+40>: ret - function()
0x00000000004004b6 <+0>: push rbp
0x00000000004004b7 <+1>: mov rbp,rsp
0x00000000004004ba <+4>: mov DWORD PTR [rbp-0x14],edi
0x00000000004004bd <+7>: mov QWORD PTR [rbp-0x20],rsi
0x00000000004004c1 <+11>: mov BYTE PTR [rbp-0x1],0x41
0x00000000004004c5 <+15>: mov DWORD PTR [rbp-0x8],0x5
0x00000000004004cc <+22>: mov DWORD PTR [rbp-0x10],0x636261
0x00000000004004d3 <+29>: mov rax,QWORD PTR [rbp-0x20]
0x00000000004004d7 <+33>: mov edx,DWORD PTR [rax]
0x00000000004004d9 <+35>: mov eax,DWORD PTR [rbp-0x14]
0x00000000004004dc <+38>: add edx,eax
0x00000000004004de <+40>: mov eax,DWORD PTR [rbp-0x8]
0x00000000004004e1 <+43>: add eax,edx
0x00000000004004e3 <+45>: mov DWORD PTR [rbp-0xc],eax
0x00000000004004e6 <+48>: mov eax,DWORD PTR [rbp-0xc]
0x00000000004004e9 <+51>: pop rbp
0x00000000004004ea <+52>: ret #最后内存中的情况如下图
如果有分析错误请别打我
Published 13 July 2015