内存分布图
结论:
- 在存储上,文件外作用域和文件内作用域没有区别,因为在链接后两者是一样的。
- 凡是未初始化的“静态”(块作用域的,文件作用域的,const的,非const的) 变量一律在.bss上分配
- 自动变量(块内且非静态,非寄存器变量,一律在栈上分配)
C语言变量内存布局
实验代码
自己动手验证更好
#include < stdio.h > #include < stdlib.h >
int add(int x, int y, int z) {
return x + y;
}
//extern int extern_file_int = 0x1; //A0:这样使用会报错:‘const_extern_file_int’已初始化,却又被声明为‘extern’;
int extern_file_int = 0x1; //A1:extern关键字只用于声明,在定义变量的时候只需要int extern_file_int 即可 // .data
int extern_file_int_null; //未初始化 // .bss
static int static_file_int = 0x2; // .data
static int static_file_int_null; //未初始化 // .bss
//const
const int const_extern_file_int = 0x11; // .rodata
const int const_extern_file_int_null; //未初始化 // .bss
const static int const_static_file_int = 0x21; // .rodata
const static int const_static_file_int_null; //未初始化 // .bss
int main() {
//access
extern_file_int = 0x1; //0x804a010 //可用gdb改写
static_file_int = 0x2; //0x804a014 //可用gdb改写
extern_file_int_null = 0x11; //0x804a03c //可用gdb改写
static_file_int_null = 0x21; //0x804a028 //可用gdb改写
int access_int;
access_int = const_extern_file_int; //0x8048560 //可用gdb改写 .rodata也可以改写!!!
access_int = const_extern_file_int_null; //0x804a038 //可用gdb改写
access_int = const_static_file_int; //0x8048564 //可用gdb改写
access_int = const_static_file_int_null; //0x804a02c //可用gdb改写 .bss中的const可以用gdb改写
//未初始化
auto int auto_int_null; //未初始化 //分配:bss
register int register_int_null; //未初始化
static int static_block_int_null; //未初始化 // .bss
////access:
auto_int_null = 0x201; //movl $0x201,-0x18(%ebp)
register_int_null = 0x202; //mov $0x202,%ebx
static_block_int_null = 0x203; //movl $0x203,0x804a030
//已初始化
auto int auto_int = 0x3; //movl $0x3,-0x14(%ebp)
register int register_int = 0x4; //没有 为什么? 被优化掉了? //TODO 多申请几个register变量,看其他的是在哪里分配的
static int static_block_int = 0x5; //没有(.data 在编译时赋值,所有这里没有) //.data
//access:
auto_int = 0x6; //movl $0x6,-0x14(%ebp) 即:0xbffff1d4
register_int = 0x7; //没有。为什么?
static_block_int = 0x8; //movl $0x8,0x804a018
//const
//const,未初始化
auto int const_auto_int_null; //未初始化 //分配:bss
register int const_register_int_null; //未初始化
static int const_static_block_int_null; //未初始化 // .bss
//access:
access_int = const_auto_int_null; //-0x10(%ebp)
access_int = const_register_int_null; //mov %esi,-0x1c(%ebp)
access_int = const_static_block_int_null; //mov 0x804a034,%eax //可用gdb改写
//const,已初始化
auto int const_auto_int = 0x31; //movl $0x31,-0xc(%ebp) //可用gdb改写
register int const_register_int = 0x41; //mov $0x41,%esi //可用gdb改写
static int const_static_block_int = 0x51; //没有(在编译时初始化) // .data
//access:
access_int = const_auto_int;
access_int = const_register_int;
access_int = const_static_block_int; //mov 0x804a01c,%eax //可用gdb改写
int * p1 = (int * ) malloc(sizeof(int) * 4);
printf("%p\n", p1);
int * p2 = (int * ) malloc(sizeof(int) * 10);
printf("%p\n", p2);
getchar();
//access
return add(auto_int_null, register_int_null, static_block_int_null);
}
留给你的问题
- .bss中如何区分const和非const的? const的都放在一块的吗?
- const只是C中的编程约束,并未用内存保护来实现。对应的页框仍旧能用gdb改写(是不是gdb具有特殊权限,所以不具有代表性?看看程序内存布局,关注内存段的读写权限)
附录
obj.dump
cmem: file format elf32-i386
Disassembly of section .interp:
08048154 <.interp>:
8048154: 2f das
8048155: 6c insb (%dx),%es:(%edi)
8048156: 69 62 2f 6c 64 2d 6c imul $0x6c2d646c,0x2f(%edx),%esp
804815d: 69 6e 75 78 2e 73 6f imul $0x6f732e78,0x75(%esi),%ebp
8048164: 2e 32 00 xor %cs:(%eax),%al
Disassembly of section .note.ABI-tag:
08048168 <.note.ABI-tag>:
8048168: 04 00 add $0x0,%al
804816a: 00 00 add %al,(%eax)
804816c: 10 00 adc %al,(%eax)
804816e: 00 00 add %al,(%eax)
8048170: 01 00 add %eax,(%eax)
8048172: 00 00 add %al,(%eax)
8048174: 47 inc %edi
8048175: 4e dec %esi
8048176: 55 push %ebp
8048177: 00 00 add %al,(%eax)
8048179: 00 00 add %al,(%eax)
804817b: 00 02 add %al,(%edx)
804817d: 00 00 add %al,(%eax)
804817f: 00 06 add %al,(%esi)
8048181: 00 00 add %al,(%eax)
8048183: 00 18 add %bl,(%eax)
8048185: 00 00 add %al,(%eax)
...
Disassembly of section .note.gnu.build-id:
08048188 <.note.gnu.build-id>:
8048188: 04 00 add $0x0,%al
804818a: 00 00 add %al,(%eax)
804818c: 14 00 adc $0x0,%al
804818e: 00 00 add %al,(%eax)
8048190: 03 00 add (%eax),%eax
8048192: 00 00 add %al,(%eax)
8048194: 47 inc %edi
8048195: 4e dec %esi
8048196: 55 push %ebp
8048197: 00 05 a2 8b 05 ad add %al,0xad058ba2
804819d: b2 a0 mov $0xa0,%dl
804819f: 83 68 68 e0 subl $0xffffffe0,0x68(%eax)
80481a3: c8 19 8f 34 enter $0x8f19,$0x34
80481a7: b8 3e 94 ea a8 mov $0xa8ea943e,%eax
Disassembly of section .gnu.hash:
080481ac <.gnu.hash>:
80481ac: 02 00 add (%eax),%al
80481ae: 00 00 add %al,(%eax)
80481b0: 06 push %es
80481b1: 00 00 add %al,(%eax)
80481b3: 00 01 add %al,(%ecx)
80481b5: 00 00 add %al,(%eax)
80481b7: 00 05 00 00 00 00 add %al,0x0
80481bd: 20 00 and %al,(%eax)
80481bf: 20 00 and %al,(%eax)
80481c1: 00 00 add %al,(%eax)
80481c3: 00 06 add %al,(%esi)
80481c5: 00 00 add %al,(%eax)
80481c7: 00 .byte 0x0
80481c8: ad lods %ds:(%esi),%eax
80481c9: 4b dec %ebx
80481ca: e3 c0 jecxz 804818c <_init-0x16c>
Disassembly of section .dynsym:
080481cc <.dynsym>:
...
80481dc: 29 00 sub %eax,(%eax)
...
80481e6: 00 00 add %al,(%eax)
80481e8: 12 00 adc (%eax),%al
80481ea: 00 00 add %al,(%eax)
80481ec: 30 00 xor %al,(%eax)
...
80481f6: 00 00 add %al,(%eax)
80481f8: 12 00 adc (%eax),%al
80481fa: 00 00 add %al,(%eax)
80481fc: 38 00 cmp %al,(%eax)
...
8048206: 00 00 add %al,(%eax)
8048208: 12 00 adc (%eax),%al
804820a: 00 00 add %al,(%eax)
804820c: 01 00 add %eax,(%eax)
...
8048216: 00 00 add %al,(%eax)
8048218: 20 00 and %al,(%eax)
804821a: 00 00 add %al,(%eax)
804821c: 3f aas
...
8048225: 00 00 add %al,(%eax)
8048227: 00 12 add %dl,(%edx)
8048229: 00 00 add %al,(%eax)
804822b: 00 1a add %bl,(%edx)
804822d: 00 00 add %al,(%eax)
804822f: 00 4c 86 04 add %cl,0x4(%esi,%eax,4)
8048233: 08 04 00 or %al,(%eax,%eax,1)
8048236: 00 00 add %al,(%eax)
8048238: 11 00 adc %eax,(%eax)
804823a: 0f .byte 0xf
...
Disassembly of section .dynstr:
0804823c <.dynstr>:
804823c: 00 5f 5f add %bl,0x5f(%edi)
804823f: 67 6d insl (%dx),%es:(%di)
8048241: 6f outsl %ds:(%esi),(%dx)
8048242: 6e outsb %ds:(%esi),(%dx)
8048243: 5f pop %edi
8048244: 73 74 jae 80482ba <_init-0x3e>
8048246: 61 popa
8048247: 72 74 jb 80482bd <_init-0x3b>
8048249: 5f pop %edi
804824a: 5f pop %edi
804824b: 00 6c 69 62 add %ch,0x62(%ecx,%ebp,2)
804824f: 63 2e arpl %bp,(%esi)
8048251: 73 6f jae 80482c2 <_init-0x36>
8048253: 2e 36 00 5f 49 cs add %bl,%cs:%ss:0x49(%edi)
8048258: 4f dec %edi
8048259: 5f pop %edi
804825a: 73 74 jae 80482d0 <_init-0x28>
804825c: 64 69 6e 5f 75 73 65 imul $0x64657375,%fs:0x5f(%esi),%ebp
8048263: 64
8048264: 00 70 72 add %dh,0x72(%eax)
8048267: 69 6e 74 66 00 67 65 imul $0x65670066,0x74(%esi),%ebp
804826e: 74 63 je 80482d3 <_init-0x25>
8048270: 68 61 72 00 6d push $0x6d007261
8048275: 61 popa
8048276: 6c insb (%dx),%es:(%edi)
8048277: 6c insb (%dx),%es:(%edi)
8048278: 6f outsl %ds:(%esi),(%dx)
8048279: 63 00 arpl %ax,(%eax)
804827b: 5f pop %edi
804827c: 5f pop %edi
804827d: 6c insb (%dx),%es:(%edi)
804827e: 69 62 63 5f 73 74 61 imul $0x6174735f,0x63(%edx),%esp
8048285: 72 74 jb 80482fb <_init+0x3>
8048287: 5f pop %edi
8048288: 6d insl (%dx),%es:(%edi)
8048289: 61 popa
804828a: 69 6e 00 47 4c 49 42 imul $0x42494c47,0x0(%esi),%ebp
8048291: 43 inc %ebx
8048292: 5f pop %edi
8048293: 32 2e xor (%esi),%ch
8048295: 30 00 xor %al,(%eax)
Disassembly of section .gnu.version:
08048298 <.gnu.version>:
8048298: 00 00 add %al,(%eax)
804829a: 02 00 add (%eax),%al
804829c: 02 00 add (%eax),%al
804829e: 02 00 add (%eax),%al
80482a0: 00 00 add %al,(%eax)
80482a2: 02 00 add (%eax),%al
80482a4: 01 00 add %eax,(%eax)
Disassembly of section .gnu.version_r:
080482a8 <.gnu.version_r>:
80482a8: 01 00 add %eax,(%eax)
80482aa: 01 00 add %eax,(%eax)
80482ac: 10 00 adc %al,(%eax)
80482ae: 00 00 add %al,(%eax)
80482b0: 10 00 adc %al,(%eax)
80482b2: 00 00 add %al,(%eax)
80482b4: 00 00 add %al,(%eax)
80482b6: 00 00 add %al,(%eax)
80482b8: 10 69 69 adc %ch,0x69(%ecx)
80482bb: 0d 00 00 02 00 or $0x20000,%eax
80482c0: 51 push %ecx
80482c1: 00 00 add %al,(%eax)
80482c3: 00 00 add %al,(%eax)
80482c5: 00 00 add %al,(%eax)
...
Disassembly of section .rel.dyn:
080482c8 <.rel.dyn>:
80482c8: f0 9f lock lahf
80482ca: 04 08 add $0x8,%al
80482cc: 06 push %es
80482cd: 04 00 add $0x0,%al
...
Disassembly of section .rel.plt:
080482d0 <.rel.plt>:
80482d0: 00 a0 04 08 07 01 add %ah,0x1070804(%eax)
80482d6: 00 00 add %al,(%eax)
80482d8: 04 a0 add $0xa0,%al
80482da: 04 08 add $0x8,%al
80482dc: 07 pop %es
80482dd: 02 00 add (%eax),%al
80482df: 00 08 add %cl,(%eax)
80482e1: a0 04 08 07 03 mov 0x3070804,%al
80482e6: 00 00 add %al,(%eax)
80482e8: 0c a0 or $0xa0,%al
80482ea: 04 08 add $0x8,%al
80482ec: 07 pop %es
80482ed: 04 00 add $0x0,%al
80482ef: 00 10 add %dl,(%eax)
80482f1: a0 04 08 07 05 mov 0x5070804,%al
...
Disassembly of section .init:
080482f8 <_init>:
80482f8: 53 push %ebx
80482f9: 83 ec 08 sub $0x8,%esp
80482fc: e8 00 00 00 00 call 8048301 <_init+0x9>
8048301: 5b pop %ebx
8048302: 81 c3 f3 1c 00 00 add $0x1cf3,%ebx
8048308: 8b 83 fc ff ff ff mov -0x4(%ebx),%eax
804830e: 85 c0 test %eax,%eax
8048310: 74 05 je 8048317 <_init+0x1f>
8048312: e8 59 00 00 00 call 8048370 <__gmon_start__@plt>
8048317: e8 04 01 00 00 call 8048420
804831c: e8 df 02 00 00 call 8048600 <__do_global_ctors_aux>
8048321: 83 c4 08 add $0x8,%esp
8048324: 5b pop %ebx
8048325: c3 ret
Disassembly of section .plt:
08048330 :
8048330: ff 35 f8 9f 04 08 pushl 0x8049ff8
8048336: ff 25 fc 9f 04 08 jmp *0x8049ffc
804833c: 00 00 add %al,(%eax)
...
08048340 :
8048340: ff 25 00 a0 04 08 jmp *0x804a000
8048346: 68 00 00 00 00 push $0x0
804834b: e9 e0 ff ff ff jmp 8048330 <_init+0x38>
08048350 :
8048350: ff 25 04 a0 04 08 jmp *0x804a004
8048356: 68 08 00 00 00 push $0x8
804835b: e9 d0 ff ff ff jmp 8048330 <_init+0x38>
08048360 :
8048360: ff 25 08 a0 04 08 jmp *0x804a008
8048366: 68 10 00 00 00 push $0x10
804836b: e9 c0 ff ff ff jmp 8048330 <_init+0x38>
08048370 <__gmon_start__@plt>:
8048370: ff 25 0c a0 04 08 jmp *0x804a00c
8048376: 68 18 00 00 00 push $0x18
804837b: e9 b0 ff ff ff jmp 8048330 <_init+0x38>
08048380 <__libc_start_main@plt>:
8048380: ff 25 10 a0 04 08 jmp *0x804a010
8048386: 68 20 00 00 00 push $0x20
804838b: e9 a0 ff ff ff jmp 8048330 <_init+0x38>
Disassembly of section .text:
08048390 <_start>:
8048390: 31 ed xor %ebp,%ebp
8048392: 5e pop %esi
8048393: 89 e1 mov %esp,%ecx
8048395: 83 e4 f0 and $0xfffffff0,%esp
8048398: 50 push %eax
8048399: 54 push %esp
804839a: 52 push %edx
804839b: 68 f0 85 04 08 push $0x80485f0
80483a0: 68 80 85 04 08 push $0x8048580
80483a5: 51 push %ecx
80483a6: 56 push %esi
80483a7: 68 51 84 04 08 push $0x8048451
80483ac: e8 cf ff ff ff call 8048380 <__libc_start_main@plt>
80483b1: f4 hlt
80483b2: 90 nop
80483b3: 90 nop
80483b4: 90 nop
80483b5: 90 nop
80483b6: 90 nop
80483b7: 90 nop
80483b8: 90 nop
80483b9: 90 nop
80483ba: 90 nop
80483bb: 90 nop
80483bc: 90 nop
80483bd: 90 nop
80483be: 90 nop
80483bf: 90 nop
080483c0 <__do_global_dtors_aux>:
80483c0: 55 push %ebp
80483c1: 89 e5 mov %esp,%ebp
80483c3: 53 push %ebx
80483c4: 83 ec 04 sub $0x4,%esp
80483c7: 80 3d 2c a0 04 08 00 cmpb $0x0,0x804a02c
80483ce: 75 3f jne 804840f <__do_global_dtors_aux+0x4f>
80483d0: a1 30 a0 04 08 mov 0x804a030,%eax
80483d5: bb 20 9f 04 08 mov $0x8049f20,%ebx
80483da: 81 eb 1c 9f 04 08 sub $0x8049f1c,%ebx
80483e0: c1 fb 02 sar $0x2,%ebx
80483e3: 83 eb 01 sub $0x1,%ebx
80483e6: 39 d8 cmp %ebx,%eax
80483e8: 73 1e jae 8048408 <__do_global_dtors_aux+0x48>
80483ea: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
80483f0: 83 c0 01 add $0x1,%eax
80483f3: a3 30 a0 04 08 mov %eax,0x804a030
80483f8: ff 14 85 1c 9f 04 08 call *0x8049f1c(,%eax,4)
80483ff: a1 30 a0 04 08 mov 0x804a030,%eax
8048404: 39 d8 cmp %ebx,%eax
8048406: 72 e8 jb 80483f0 <__do_global_dtors_aux+0x30>
8048408: c6 05 2c a0 04 08 01 movb $0x1,0x804a02c
804840f: 83 c4 04 add $0x4,%esp
8048412: 5b pop %ebx
8048413: 5d pop %ebp
8048414: c3 ret
8048415: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
8048419: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
08048420 :
8048420: 55 push %ebp
8048421: 89 e5 mov %esp,%ebp
8048423: 83 ec 18 sub $0x18,%esp
8048426: a1 24 9f 04 08 mov 0x8049f24,%eax
804842b: 85 c0 test %eax,%eax
804842d: 74 12 je 8048441
804842f: b8 00 00 00 00 mov $0x0,%eax
8048434: 85 c0 test %eax,%eax
8048436: 74 09 je 8048441
8048438: c7 04 24 24 9f 04 08 movl $0x8049f24,(%esp)
804843f: ff d0 call *%eax
8048441: c9 leave
8048442: c3 ret
8048443: 90 nop
08048444 :
8048444: 55 push %ebp
8048445: 89 e5 mov %esp,%ebp
8048447: 8b 45 0c mov 0xc(%ebp),%eax
804844a: 8b 55 08 mov 0x8(%ebp),%edx
804844d: 01 d0 add %edx,%eax
804844f: 5d pop %ebp
8048450: c3 ret
08048451 :
8048451: 55 push %ebp
8048452: 89 e5 mov %esp,%ebp
8048454: 56 push %esi
8048455: 53 push %ebx
8048456: 83 e4 f0 and $0xfffffff0,%esp
8048459: 83 ec 30 sub $0x30,%esp
804845c: c7 05 1c a0 04 08 01 movl $0x1,0x804a01c
8048463: 00 00 00
8048466: c7 05 20 a0 04 08 02 movl $0x2,0x804a020
804846d: 00 00 00
8048470: c7 05 48 a0 04 08 11 movl $0x11,0x804a048
8048477: 00 00 00
804847a: c7 05 34 a0 04 08 21 movl $0x21,0x804a034
8048481: 00 00 00
8048484: a1 50 86 04 08 mov 0x8048650,%eax
8048489: 89 44 24 14 mov %eax,0x14(%esp)
804848d: a1 44 a0 04 08 mov 0x804a044,%eax
8048492: 89 44 24 14 mov %eax,0x14(%esp)
8048496: a1 54 86 04 08 mov 0x8048654,%eax
804849b: 89 44 24 14 mov %eax,0x14(%esp)
804849f: a1 38 a0 04 08 mov 0x804a038,%eax
80484a4: 89 44 24 14 mov %eax,0x14(%esp)
80484a8: c7 44 24 18 01 02 00 movl $0x201,0x18(%esp)
80484af: 00
80484b0: bb 02 02 00 00 mov $0x202,%ebx
80484b5: c7 05 3c a0 04 08 03 movl $0x203,0x804a03c
80484bc: 02 00 00
80484bf: c7 44 24 1c 03 00 00 movl $0x3,0x1c(%esp)
80484c6: 00
80484c7: c7 44 24 1c 06 00 00 movl $0x6,0x1c(%esp)
80484ce: 00
80484cf: c7 05 24 a0 04 08 08 movl $0x8,0x804a024
80484d6: 00 00 00
80484d9: 8b 44 24 20 mov 0x20(%esp),%eax
80484dd: 89 44 24 14 mov %eax,0x14(%esp)
80484e1: 89 74 24 14 mov %esi,0x14(%esp)
80484e5: a1 40 a0 04 08 mov 0x804a040,%eax
80484ea: 89 44 24 14 mov %eax,0x14(%esp)
80484ee: c7 44 24 24 31 00 00 movl $0x31,0x24(%esp)
80484f5: 00
80484f6: be 41 00 00 00 mov $0x41,%esi
80484fb: 8b 44 24 24 mov 0x24(%esp),%eax
80484ff: 89 44 24 14 mov %eax,0x14(%esp)
8048503: 89 74 24 14 mov %esi,0x14(%esp)
8048507: a1 28 a0 04 08 mov 0x804a028,%eax
804850c: 89 44 24 14 mov %eax,0x14(%esp)
8048510: c7 04 24 10 00 00 00 movl $0x10,(%esp)
8048517: e8 44 fe ff ff call 8048360
804851c: 89 44 24 28 mov %eax,0x28(%esp)
8048520: b8 58 86 04 08 mov $0x8048658,%eax
8048525: 8b 54 24 28 mov 0x28(%esp),%edx
8048529: 89 54 24 04 mov %edx,0x4(%esp)
804852d: 89 04 24 mov %eax,(%esp)
8048530: e8 0b fe ff ff call 8048340
8048535: c7 04 24 28 00 00 00 movl $0x28,(%esp)
804853c: e8 1f fe ff ff call 8048360
8048541: 89 44 24 2c mov %eax,0x2c(%esp)
8048545: b8 58 86 04 08 mov $0x8048658,%eax
804854a: 8b 54 24 2c mov 0x2c(%esp),%edx
804854e: 89 54 24 04 mov %edx,0x4(%esp)
8048552: 89 04 24 mov %eax,(%esp)
8048555: e8 e6 fd ff ff call 8048340
804855a: e8 f1 fd ff ff call 8048350
804855f: a1 3c a0 04 08 mov 0x804a03c,%eax
8048564: 89 44 24 08 mov %eax,0x8(%esp)
8048568: 89 5c 24 04 mov %ebx,0x4(%esp)
804856c: 8b 44 24 18 mov 0x18(%esp),%eax
8048570: 89 04 24 mov %eax,(%esp)
8048573: e8 cc fe ff ff call 8048444
8048578: 8d 65 f8 lea -0x8(%ebp),%esp
804857b: 5b pop %ebx
804857c: 5e pop %esi
804857d: 5d pop %ebp
804857e: c3 ret
804857f: 90 nop
08048580 <__libc_csu_init>:
8048580: 55 push %ebp
8048581: 57 push %edi
8048582: 56 push %esi
8048583: 53 push %ebx
8048584: e8 69 00 00 00 call 80485f2 <__i686.get_pc_thunk.bx>
8048589: 81 c3 6b 1a 00 00 add $0x1a6b,%ebx
804858f: 83 ec 1c sub $0x1c,%esp
8048592: 8b 6c 24 30 mov 0x30(%esp),%ebp
8048596: 8d bb 20 ff ff ff lea -0xe0(%ebx),%edi
804859c: e8 57 fd ff ff call 80482f8 <_init>
80485a1: 8d 83 20 ff ff ff lea -0xe0(%ebx),%eax
80485a7: 29 c7 sub %eax,%edi
80485a9: c1 ff 02 sar $0x2,%edi
80485ac: 85 ff test %edi,%edi
80485ae: 74 29 je 80485d9 <__libc_csu_init+0x59>
80485b0: 31 f6 xor %esi,%esi
80485b2: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
80485b8: 8b 44 24 38 mov 0x38(%esp),%eax
80485bc: 89 2c 24 mov %ebp,(%esp)
80485bf: 89 44 24 08 mov %eax,0x8(%esp)
80485c3: 8b 44 24 34 mov 0x34(%esp),%eax
80485c7: 89 44 24 04 mov %eax,0x4(%esp)
80485cb: ff 94 b3 20 ff ff ff call *-0xe0(%ebx,%esi,4)
80485d2: 83 c6 01 add $0x1,%esi
80485d5: 39 fe cmp %edi,%esi
80485d7: 75 df jne 80485b8 <__libc_csu_init+0x38>
80485d9: 83 c4 1c add $0x1c,%esp
80485dc: 5b pop %ebx
80485dd: 5e pop %esi
80485de: 5f pop %edi
80485df: 5d pop %ebp
80485e0: c3 ret
80485e1: eb 0d jmp 80485f0 <__libc_csu_fini>
80485e3: 90 nop
80485e4: 90 nop
80485e5: 90 nop
80485e6: 90 nop
80485e7: 90 nop
80485e8: 90 nop
80485e9: 90 nop
80485ea: 90 nop
80485eb: 90 nop
80485ec: 90 nop
80485ed: 90 nop
80485ee: 90 nop
80485ef: 90 nop
080485f0 <__libc_csu_fini>:
80485f0: f3 c3 repz ret
080485f2 <__i686.get_pc_thunk.bx>:
80485f2: 8b 1c 24 mov (%esp),%ebx
80485f5: c3 ret
80485f6: 90 nop
80485f7: 90 nop
80485f8: 90 nop
80485f9: 90 nop
80485fa: 90 nop
80485fb: 90 nop
80485fc: 90 nop
80485fd: 90 nop
80485fe: 90 nop
80485ff: 90 nop
08048600 <__do_global_ctors_aux>:
8048600: 55 push %ebp
8048601: 89 e5 mov %esp,%ebp
8048603: 53 push %ebx
8048604: 83 ec 04 sub $0x4,%esp
8048607: a1 14 9f 04 08 mov 0x8049f14,%eax
804860c: 83 f8 ff cmp $0xffffffff,%eax
804860f: 74 13 je 8048624 <__do_global_ctors_aux+0x24>
8048611: bb 14 9f 04 08 mov $0x8049f14,%ebx
8048616: 66 90 xchg %ax,%ax
8048618: 83 eb 04 sub $0x4,%ebx
804861b: ff d0 call *%eax
804861d: 8b 03 mov (%ebx),%eax
804861f: 83 f8 ff cmp $0xffffffff,%eax
8048622: 75 f4 jne 8048618 <__do_global_ctors_aux+0x18>
8048624: 83 c4 04 add $0x4,%esp
8048627: 5b pop %ebx
8048628: 5d pop %ebp
8048629: c3 ret
804862a: 90 nop
804862b: 90 nop
Disassembly of section .fini:
0804862c <_fini>:
804862c: 53 push %ebx
804862d: 83 ec 08 sub $0x8,%esp
8048630: e8 00 00 00 00 call 8048635 <_fini+0x9>
8048635: 5b pop %ebx
8048636: 81 c3 bf 19 00 00 add $0x19bf,%ebx
804863c: e8 7f fd ff ff call 80483c0 <__do_global_dtors_aux>
8048641: 83 c4 08 add $0x8,%esp
8048644: 5b pop %ebx
8048645: c3 ret
Disassembly of section .rodata:
08048648 <_fp_hw>:
8048648: 03 00 add (%eax),%eax
...
0804864c <_IO_stdin_used>:
804864c: 01 00 add %eax,(%eax)
804864e: 02 00 add (%eax),%al
08048650 :
8048650: 11 00 adc %eax,(%eax)
...
08048654 :
8048654: 21 00 and %eax,(%eax)
8048656: 00 00 add %al,(%eax)
8048658: 25 .byte 0x25
8048659: 70 0a jo 8048665
...
Disassembly of section .eh_frame_hdr:
0804865c <.eh_frame_hdr>:
804865c: 01 1b add %ebx,(%ebx)
804865e: 03 3b add (%ebx),%edi
8048660: 38 00 cmp %al,(%eax)
8048662: 00 00 add %al,(%eax)
8048664: 06 push %es
8048665: 00 00 add %al,(%eax)
8048667: 00 d4 add %dl,%ah
8048669: fc cld
804866a: ff (bad)
804866b: ff 54 00 00 call *0x0(%eax,%eax,1)
804866f: 00 e8 add %ch,%al
8048671: fd std
8048672: ff (bad)
8048673: ff (bad)
8048674: 78 00 js 8048676
8048676: 00 00 add %al,(%eax)
8048678: f5 cmc
8048679: fd std
804867a: ff (bad)
804867b: ff 98 00 00 00 24 lcall *0x24000000(%eax)
8048681: ff (bad)
8048682: ff (bad)
8048683: ff c4 inc %esp
8048685: 00 00 add %al,(%eax)
8048687: 00 94 ff ff ff 00 01 add %dl,0x100ffff(%edi,%edi,8)
804868e: 00 00 add %al,(%eax)
8048690: 96 xchg %eax,%esi
8048691: ff (bad)
8048692: ff (bad)
8048693: ff 14 01 call *(%ecx,%eax,1)
...
Disassembly of section .eh_frame:
08048698 <__FRAME_END__-0xec>:
8048698: 14 00 adc $0x0,%al
804869a: 00 00 add %al,(%eax)
804869c: 00 00 add %al,(%eax)
804869e: 00 00 add %al,(%eax)
80486a0: 01 7a 52 add %edi,0x52(%edx)
80486a3: 00 01 add %al,(%ecx)
80486a5: 7c 08 jl 80486af
80486a7: 01 1b add %ebx,(%ebx)
80486a9: 0c 04 or $0x4,%al
80486ab: 04 88 add $0x88,%al
80486ad: 01 00 add %eax,(%eax)
80486af: 00 20 add %ah,(%eax)
80486b1: 00 00 add %al,(%eax)
80486b3: 00 1c 00 add %bl,(%eax,%eax,1)
80486b6: 00 00 add %al,(%eax)
80486b8: 78 fc js 80486b6
80486ba: ff (bad)
80486bb: ff 60 00 jmp *0x0(%eax)
80486be: 00 00 add %al,(%eax)
80486c0: 00 0e add %cl,(%esi)
80486c2: 08 46 0e or %al,0xe(%esi)
80486c5: 0c 4a or $0x4a,%al
80486c7: 0f 0b ud2
80486c9: 74 04 je 80486cf
80486cb: 78 00 js 80486cd
80486cd: 3f aas
80486ce: 1a 3b sbb (%ebx),%bh
80486d0: 2a 32 sub (%edx),%dh
80486d2: 24 22 and $0x22,%al
80486d4: 1c 00 sbb $0x0,%al
80486d6: 00 00 add %al,(%eax)
80486d8: 40 inc %eax
80486d9: 00 00 add %al,(%eax)
80486db: 00 68 fd add %ch,-0x3(%eax)
80486de: ff (bad)
80486df: ff 0d 00 00 00 00 decl 0x0
80486e5: 41 inc %ecx
80486e6: 0e push %cs
80486e7: 08 85 02 42 0d 05 or %al,0x50d4202(%ebp)
80486ed: 49 dec %ecx
80486ee: 0c 04 or $0x4,%al
80486f0: 04 c5 add $0xc5,%al
80486f2: 00 00 add %al,(%eax)
80486f4: 28 00 sub %al,(%eax)
80486f6: 00 00 add %al,(%eax)
80486f8: 60 pusha
80486f9: 00 00 add %al,(%eax)
80486fb: 00 55 fd add %dl,-0x3(%ebp)
80486fe: ff (bad)
80486ff: ff 2e ljmp *(%esi)
8048701: 01 00 add %eax,(%eax)
8048703: 00 00 add %al,(%eax)
8048705: 41 inc %ecx
8048706: 0e push %cs
8048707: 08 85 02 42 0d 05 or %al,0x50d4202(%ebp)
804870d: 02 61 83 add -0x7d(%ecx),%ah
8048710: 04 86 add $0x86,%al
8048712: 03 02 add (%edx),%eax
8048714: c7 c3 41 c6 41 0c mov $0xc41c641,%ebx
804871a: 04 04 add $0x4,%al
804871c: c5 00 lds (%eax),%eax
804871e: 00 00 add %al,(%eax)
8048720: 38 00 cmp %al,(%eax)
8048722: 00 00 add %al,(%eax)
8048724: 8c 00 mov %es,(%eax)
8048726: 00 00 add %al,(%eax)
8048728: 58 pop %eax
8048729: fe (bad)
804872a: ff (bad)
804872b: ff 61 00 jmp *0x0(%ecx)
804872e: 00 00 add %al,(%eax)
8048730: 00 41 0e add %al,0xe(%ecx)
8048733: 08 85 02 41 0e 0c or %al,0xc0e4102(%ebp)
8048739: 87 03 xchg %eax,(%ebx)
804873b: 41 inc %ecx
804873c: 0e push %cs
804873d: 10 86 04 41 0e 14 adc %al,0x140e4104(%esi)
8048743: 83 05 4e 0e 30 02 4a addl $0x4a,0x2300e4e
804874a: 0e push %cs
804874b: 14 41 adc $0x41,%al
804874d: 0e push %cs
804874e: 10 c3 adc %al,%bl
8048750: 41 inc %ecx
8048751: 0e push %cs
8048752: 0c c6 or $0xc6,%al
8048754: 41 inc %ecx
8048755: 0e push %cs
8048756: 08 c7 or %al,%bh
8048758: 41 inc %ecx
8048759: 0e push %cs
804875a: 04 c5 add $0xc5,%al
804875c: 10 00 adc %al,(%eax)
804875e: 00 00 add %al,(%eax)
8048760: c8 00 00 00 enter $0x0,$0x0
8048764: 8c fe mov %?,%esi
8048766: ff (bad)
8048767: ff 02 incl (%edx)
8048769: 00 00 add %al,(%eax)
804876b: 00 00 add %al,(%eax)
804876d: 00 00 add %al,(%eax)
804876f: 00 10 add %dl,(%eax)
8048771: 00 00 add %al,(%eax)
8048773: 00 dc add %bl,%ah
8048775: 00 00 add %al,(%eax)
8048777: 00 7a fe add %bh,-0x2(%edx)
804877a: ff (bad)
804877b: ff 04 00 incl (%eax,%eax,1)
804877e: 00 00 add %al,(%eax)
8048780: 00 00 add %al,(%eax)
...
08048784 <__FRAME_END__>:
8048784: 00 00 add %al,(%eax)
...
Disassembly of section .ctors:
08049f14 <__CTOR_LIST__>:
8049f14: ff (bad)
8049f15: ff (bad)
8049f16: ff (bad)
8049f17: ff 00 incl (%eax)
08049f18 <__CTOR_END__>:
8049f18: 00 00 add %al,(%eax)
...
Disassembly of section .dtors:
08049f1c <__DTOR_LIST__>:
8049f1c: ff (bad)
8049f1d: ff (bad)
8049f1e: ff (bad)
8049f1f: ff 00 incl (%eax)
08049f20 <__DTOR_END__>:
8049f20: 00 00 add %al,(%eax)
...
Disassembly of section .jcr:
08049f24 <__JCR_END__>:
8049f24: 00 00 add %al,(%eax)
...
Disassembly of section .dynamic:
08049f28 <_DYNAMIC>:
8049f28: 01 00 add %eax,(%eax)
8049f2a: 00 00 add %al,(%eax)
8049f2c: 10 00 adc %al,(%eax)
8049f2e: 00 00 add %al,(%eax)
8049f30: 0c 00 or $0x0,%al
8049f32: 00 00 add %al,(%eax)
8049f34: f8 clc
8049f35: 82 (bad)
8049f36: 04 08 add $0x8,%al
8049f38: 0d 00 00 00 2c or $0x2c000000,%eax
8049f3d: 86 04 08 xchg %al,(%eax,%ecx,1)
8049f40: f5 cmc
8049f41: fe (bad)
8049f42: ff 6f ac ljmp *-0x54(%edi)
8049f45: 81 04 08 05 00 00 00 addl $0x5,(%eax,%ecx,1)
8049f4c: 3c 82 cmp $0x82,%al
8049f4e: 04 08 add $0x8,%al
8049f50: 06 push %es
8049f51: 00 00 add %al,(%eax)
8049f53: 00 cc add %cl,%ah
8049f55: 81 04 08 0a 00 00 00 addl $0xa,(%eax,%ecx,1)
8049f5c: 5b pop %ebx
8049f5d: 00 00 add %al,(%eax)
8049f5f: 00 0b add %cl,(%ebx)
8049f61: 00 00 add %al,(%eax)
8049f63: 00 10 add %dl,(%eax)
8049f65: 00 00 add %al,(%eax)
8049f67: 00 15 00 00 00 00 add %dl,0x0
8049f6d: 00 00 add %al,(%eax)
8049f6f: 00 03 add %al,(%ebx)
8049f71: 00 00 add %al,(%eax)
8049f73: 00 f4 add %dh,%ah
8049f75: 9f lahf
8049f76: 04 08 add $0x8,%al
8049f78: 02 00 add (%eax),%al
8049f7a: 00 00 add %al,(%eax)
8049f7c: 28 00 sub %al,(%eax)
8049f7e: 00 00 add %al,(%eax)
8049f80: 14 00 adc $0x0,%al
8049f82: 00 00 add %al,(%eax)
8049f84: 11 00 adc %eax,(%eax)
8049f86: 00 00 add %al,(%eax)
8049f88: 17 pop %ss
8049f89: 00 00 add %al,(%eax)
8049f8b: 00 d0 add %dl,%al
8049f8d: 82 (bad)
8049f8e: 04 08 add $0x8,%al
8049f90: 11 00 adc %eax,(%eax)
8049f92: 00 00 add %al,(%eax)
8049f94: c8 82 04 08 enter $0x482,$0x8
8049f98: 12 00 adc (%eax),%al
8049f9a: 00 00 add %al,(%eax)
8049f9c: 08 00 or %al,(%eax)
8049f9e: 00 00 add %al,(%eax)
8049fa0: 13 00 adc (%eax),%eax
8049fa2: 00 00 add %al,(%eax)
8049fa4: 08 00 or %al,(%eax)
8049fa6: 00 00 add %al,(%eax)
8049fa8: fe (bad)
8049fa9: ff (bad)
8049faa: ff 6f a8 ljmp *-0x58(%edi)
8049fad: 82 (bad)
8049fae: 04 08 add $0x8,%al
8049fb0: ff (bad)
8049fb1: ff (bad)
8049fb2: ff 6f 01 ljmp *0x1(%edi)
8049fb5: 00 00 add %al,(%eax)
8049fb7: 00 f0 add %dh,%al
8049fb9: ff (bad)
8049fba: ff 6f 98 ljmp *-0x68(%edi)
8049fbd: 82 (bad)
8049fbe: 04 08 add $0x8,%al
...
Disassembly of section .got:
08049ff0 <.got>:
8049ff0: 00 00 add %al,(%eax)
...
Disassembly of section .got.plt:
08049ff4 <_GLOBAL_OFFSET_TABLE_>:
8049ff4: 28 9f 04 08 00 00 sub %bl,0x804(%edi)
8049ffa: 00 00 add %al,(%eax)
8049ffc: 00 00 add %al,(%eax)
8049ffe: 00 00 add %al,(%eax)
804a000: 46 inc %esi
804a001: 83 04 08 56 addl $0x56,(%eax,%ecx,1)
804a005: 83 04 08 66 addl $0x66,(%eax,%ecx,1)
804a009: 83 04 08 76 addl $0x76,(%eax,%ecx,1)
804a00d: 83 04 08 86 addl $0xffffff86,(%eax,%ecx,1)
804a011: 83 .byte 0x83
804a012: 04 08 add $0x8,%al
Disassembly of section .data:
0804a014 <__data_start>:
804a014: 00 00 add %al,(%eax)
...
0804a018 <__dso_handle>:
804a018: 00 00 add %al,(%eax)
...
0804a01c :
804a01c: 01 00 add %eax,(%eax)
...
0804a020 :
804a020: 02 00 add (%eax),%al
...
0804a024 :
804a024: 05 00 00 00 51 add $0x51000000,%eax
0804a028 :
804a028: 51 push %ecx
804a029: 00 00 add %al,(%eax)
...
Disassembly of section .bss:
0804a02c :
804a02c: 00 00 add %al,(%eax)
...
0804a030 :
804a030: 00 00 add %al,(%eax)
...
0804a034 :
804a034: 00 00 add %al,(%eax)
...
0804a038 :
804a038: 00 00 add %al,(%eax)
...
0804a03c :
804a03c: 00 00 add %al,(%eax)
...
0804a040 :
804a040: 00 00 add %al,(%eax)
...
0804a044 :
804a044: 00 00 add %al,(%eax)
...
0804a048 :
804a048: 00 00 add %al,(%eax)
...
Disassembly of section .comment:
00000000 <.comment>:
0: 47 inc %edi
1: 43 inc %ebx
2: 43 inc %ebx
3: 3a 20 cmp (%eax),%ah
5: 28 55 62 sub %dl,0x62(%ebp)
8: 75 6e jne 78 <_init-0x8048280>
a: 74 75 je 81 <_init-0x8048277>
c: 2f das
d: 4c dec %esp
e: 69 6e 61 72 6f 20 34 imul $0x34206f72,0x61(%esi),%ebp
15: 2e 36 2e 33 2d 31 75 cs ss xor %cs:%ss:0x75627531,%ebp
1c: 62 75
1e: 6e outsb %ds:(%esi),(%dx)
1f: 74 75 je 96 <_init-0x8048262>
21: 35 29 20 34 2e xor $0x2e342029,%eax
26: 36 2e 33 00 ss xor %cs:%ss:(%eax),%eax