1.7 编写一个打印EOF值的程序
#include
int main(){
unsigned char a = EOF;
unsigned int b = 0;
b+=a;
printf("%c\n",a);
printf("%d\n",b);
return 0;
}
结果:
root@192:~/workdir/KandG/1# ./a.out
ÿ
255
说明了EOF的二进制值为1111 1111
root@192:~/workdir/KandG/1# gcc -c 1_7.c
root@192:~/workdir/KandG/1# ls
1_7.c 1_7.o 1_7.s a.out
root@192:~/workdir/KandG/1# objdump 1_7.o
反编译结果:
00000000 :
0: 55 push %ebp
1: 89 e5 mov %esp,%ebp
3: 83 e4 f0 and $0xfffffff0,%esp
6: 83 ec 20 sub $0x20,%esp
9: c6 44 24 1b ff movb $0xff,0x1b(%esp)
e: c7 44 24 1c 00 00 00 movl $0x0,0x1c(%esp)
15: 00
16: 0f b6 44 24 1b movzbl 0x1b(%esp),%eax
1b: 01 44 24 1c add %eax,0x1c(%esp)
1f: 0f b6 44 24 1b movzbl 0x1b(%esp),%eax
24: 89 44 24 04 mov %eax,0x4(%esp)
28: c7 04 24 00 00 00 00 movl $0x0,(%esp)
2f: e8 fc ff ff ff call 30
34: 8b 44 24 1c mov 0x1c(%esp),%eax
38: 89 44 24 04 mov %eax,0x4(%esp)
3c: c7 04 24 04 00 00 00 movl $0x4,(%esp)
43: e8 fc ff ff ff call 44
48: b8 00 00 00 00 mov $0x0,%eax
4d: c9 leave
4e: c3 ret
上面的反编译结果没有经过链接,所以并不知道43: e8 fc ff ff ff call 44
root@192:~/workdir/KandG/1# gcc 1_7.o
root@192:~/workdir/KandG/1# objdump -d a.out
Disassembly of section .init:
080482b4 <_init>:
80482b4: 53 push %ebx
80482b5: 83 ec 08 sub $0x8,%esp
80482b8: e8 93 00 00 00 call 8048350 <__x86.get_pc_thunk.bx>
80482bd: 81 c3 43 1d 00 00 add $0x1d43,%ebx
80482c3: 8b 83 fc ff ff ff mov -0x4(%ebx),%eax
80482c9: 85 c0 test %eax,%eax
80482cb: 74 05 je 80482d2 <_init+0x1e>
80482cd: e8 2e 00 00 00 call 8048300 <__gmon_start__@plt>
80482d2: 83 c4 08 add $0x8,%esp
80482d5: 5b pop %ebx
80482d6: c3 ret
Disassembly of section .plt:
080482e0 :
80482e0: ff 35 04 a0 04 08 pushl 0x804a004
80482e6: ff 25 08 a0 04 08 jmp *0x804a008
80482ec: 00 00 add %al,(%eax)
...
080482f0 :
80482f0: ff 25 0c a0 04 08 jmp *0x804a00c
80482f6: 68 00 00 00 00 push $0x0
80482fb: e9 e0 ff ff ff jmp 80482e0 <_init+0x2c>
08048300 <__gmon_start__@plt>:
8048300: ff 25 10 a0 04 08 jmp *0x804a010
8048306: 68 08 00 00 00 push $0x8
804830b: e9 d0 ff ff ff jmp 80482e0 <_init+0x2c>
08048310 <__libc_start_main@plt>:
8048310: ff 25 14 a0 04 08 jmp *0x804a014
8048316: 68 10 00 00 00 push $0x10
804831b: e9 c0 ff ff ff jmp 80482e0 <_init+0x2c>
Disassembly of section .text:
08048320 <_start>:
8048320: 31 ed xor %ebp,%ebp
8048322: 5e pop %esi
8048323: 89 e1 mov %esp,%ecx
8048325: 83 e4 f0 and $0xfffffff0,%esp
8048328: 50 push %eax
8048329: 54 push %esp
804832a: 52 push %edx
804832b: 68 e0 84 04 08 push $0x80484e0
8048330: 68 70 84 04 08 push $0x8048470
8048335: 51 push %ecx
8048336: 56 push %esi
8048337: 68 1d 84 04 08 push $0x804841d
804833c: e8 cf ff ff ff call 8048310 <__libc_start_main@plt>
8048341: f4 hlt
8048342: 66 90 xchg %ax,%ax
8048344: 66 90 xchg %ax,%ax
8048346: 66 90 xchg %ax,%ax
8048348: 66 90 xchg %ax,%ax
804834a: 66 90 xchg %ax,%ax
804834c: 66 90 xchg %ax,%ax
804834e: 66 90 xchg %ax,%ax
08048350 <__x86.get_pc_thunk.bx>:
8048350: 8b 1c 24 mov (%esp),%ebx
8048353: c3 ret
8048354: 66 90 xchg %ax,%ax
8048356: 66 90 xchg %ax,%ax
8048358: 66 90 xchg %ax,%ax
804835a: 66 90 xchg %ax,%ax
804835c: 66 90 xchg %ax,%ax
804835e: 66 90 xchg %ax,%ax
08048360 :
8048360: b8 23 a0 04 08 mov $0x804a023,%eax
8048365: 2d 20 a0 04 08 sub $0x804a020,%eax
804836a: 83 f8 06 cmp $0x6,%eax
804836d: 77 01 ja 8048370
804836f: c3 ret
8048370: b8 00 00 00 00 mov $0x0,%eax
8048375: 85 c0 test %eax,%eax
8048377: 74 f6 je 804836f
8048379: 55 push %ebp
804837a: 89 e5 mov %esp,%ebp
804837c: 83 ec 18 sub $0x18,%esp
804837f: c7 04 24 20 a0 04 08 movl $0x804a020,(%esp)
8048386: ff d0 call *%eax
8048388: c9 leave
8048389: c3 ret
804838a: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
08048390 :
8048390: b8 20 a0 04 08 mov $0x804a020,%eax
8048395: 2d 20 a0 04 08 sub $0x804a020,%eax
804839a: c1 f8 02 sar $0x2,%eax
804839d: 89 c2 mov %eax,%edx
804839f: c1 ea 1f shr $0x1f,%edx
80483a2: 01 d0 add %edx,%eax
80483a4: d1 f8 sar %eax
80483a6: 75 01 jne 80483a9
80483a8: c3 ret
80483a9: ba 00 00 00 00 mov $0x0,%edx
80483ae: 85 d2 test %edx,%edx
80483b0: 74 f6 je 80483a8
80483b2: 55 push %ebp
80483b3: 89 e5 mov %esp,%ebp
80483b5: 83 ec 18 sub $0x18,%esp
80483b8: 89 44 24 04 mov %eax,0x4(%esp)
80483bc: c7 04 24 20 a0 04 08 movl $0x804a020,(%esp)
80483c3: ff d2 call *%edx
80483c5: c9 leave
80483c6: c3 ret
80483c7: 89 f6 mov %esi,%esi
80483c9: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
080483d0 <__do_global_dtors_aux>:
80483d0: 80 3d 20 a0 04 08 00 cmpb $0x0,0x804a020
80483d7: 75 13 jne 80483ec <__do_global_dtors_aux+0x1c>
80483d9: 55 push %ebp
80483da: 89 e5 mov %esp,%ebp
80483dc: 83 ec 08 sub $0x8,%esp
80483df: e8 7c ff ff ff call 8048360
80483e4: c6 05 20 a0 04 08 01 movb $0x1,0x804a020
80483eb: c9 leave
80483ec: f3 c3 repz ret
80483ee: 66 90 xchg %ax,%ax
080483f0 :
80483f0: a1 10 9f 04 08 mov 0x8049f10,%eax
80483f5: 85 c0 test %eax,%eax
80483f7: 74 1f je 8048418
80483f9: b8 00 00 00 00 mov $0x0,%eax
80483fe: 85 c0 test %eax,%eax
8048400: 74 16 je 8048418
8048402: 55 push %ebp
8048403: 89 e5 mov %esp,%ebp
8048405: 83 ec 18 sub $0x18,%esp
8048408: c7 04 24 10 9f 04 08 movl $0x8049f10,(%esp)
804840f: ff d0 call *%eax
8048411: c9 leave
8048412: e9 79 ff ff ff jmp 8048390
8048417: 90 nop
8048418: e9 73 ff ff ff jmp 8048390
0804841d :
804841d: 55 push %ebp
804841e: 89 e5 mov %esp,%ebp
8048420: 83 e4 f0 and $0xfffffff0,%esp
8048423: 83 ec 20 sub $0x20,%esp
8048426: c6 44 24 1b ff movb $0xff,0x1b(%esp)
804842b: c7 44 24 1c 00 00 00 movl $0x0,0x1c(%esp)
8048432: 00
8048433: 0f b6 44 24 1b movzbl 0x1b(%esp),%eax
8048438: 01 44 24 1c add %eax,0x1c(%esp)
804843c: 0f b6 44 24 1b movzbl 0x1b(%esp),%eax
8048441: 89 44 24 04 mov %eax,0x4(%esp)
8048445: c7 04 24 00 85 04 08 movl $0x8048500,(%esp)
804844c: e8 9f fe ff ff call 80482f0
8048451: 8b 44 24 1c mov 0x1c(%esp),%eax
8048455: 89 44 24 04 mov %eax,0x4(%esp)
8048459: c7 04 24 04 85 04 08 movl $0x8048504,(%esp)
8048460: e8 8b fe ff ff call 80482f0
8048465: b8 00 00 00 00 mov $0x0,%eax
804846a: c9 leave
804846b: c3 ret
804846c: 66 90 xchg %ax,%ax
804846e: 66 90 xchg %ax,%ax
08048470 <__libc_csu_init>:
8048470: 55 push %ebp
8048471: 57 push %edi
8048472: 31 ff xor %edi,%edi
8048474: 56 push %esi
8048475: 53 push %ebx
8048476: e8 d5 fe ff ff call 8048350 <__x86.get_pc_thunk.bx>
804847b: 81 c3 85 1b 00 00 add $0x1b85,%ebx
8048481: 83 ec 1c sub $0x1c,%esp
8048484: 8b 6c 24 30 mov 0x30(%esp),%ebp
8048488: 8d b3 0c ff ff ff lea -0xf4(%ebx),%esi
804848e: e8 21 fe ff ff call 80482b4 <_init>
8048493: 8d 83 08 ff ff ff lea -0xf8(%ebx),%eax
8048499: 29 c6 sub %eax,%esi
804849b: c1 fe 02 sar $0x2,%esi
804849e: 85 f6 test %esi,%esi
80484a0: 74 27 je 80484c9 <__libc_csu_init+0x59>
80484a2: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
80484a8: 8b 44 24 38 mov 0x38(%esp),%eax
80484ac: 89 2c 24 mov %ebp,(%esp)
80484af: 89 44 24 08 mov %eax,0x8(%esp)
80484b3: 8b 44 24 34 mov 0x34(%esp),%eax
80484b7: 89 44 24 04 mov %eax,0x4(%esp)
80484bb: ff 94 bb 08 ff ff ff call *-0xf8(%ebx,%edi,4)
80484c2: 83 c7 01 add $0x1,%edi
80484c5: 39 f7 cmp %esi,%edi
80484c7: 75 df jne 80484a8 <__libc_csu_init+0x38>
80484c9: 83 c4 1c add $0x1c,%esp
80484cc: 5b pop %ebx
80484cd: 5e pop %esi
80484ce: 5f pop %edi
80484cf: 5d pop %ebp
80484d0: c3 ret
80484d1: eb 0d jmp 80484e0 <__libc_csu_fini>
80484d3: 90 nop
80484d4: 90 nop
80484d5: 90 nop
80484d6: 90 nop
80484d7: 90 nop
80484d8: 90 nop
80484d9: 90 nop
80484da: 90 nop
80484db: 90 nop
80484dc: 90 nop
80484dd: 90 nop
80484de: 90 nop
80484df: 90 nop
080484e0 <__libc_csu_fini>:
80484e0: f3 c3 repz ret
Disassembly of section .fini:
080484e4 <_fini>:
80484e4: 53 push %ebx
80484e5: 83 ec 08 sub $0x8,%esp
80484e8: e8 63 fe ff ff call 8048350 <__x86.get_pc_thunk.bx>
80484ed: 81 c3 13 1b 00 00 add $0x1b13,%ebx
80484f3: 83 c4 08 add $0x8,%esp
80484f6: 5b pop %ebx
80484f7: c3 ret
call 44
root@192:~/workdir/KandG/1# gcc -S 1_7.c
root@192:~/workdir/KandG/1# ls
1_7.c 1_7.o 1_7.s a.out
root@192:~/workdir/KandG/1# cat 1_7.s
.file "1_7.c"
.section .rodata
.LC0:
.string "Hello World%c\n"
.LC1:
.string "hello world%d\n"
.text
.globl main
.type main, @function
main:
.LFB0:
.cfi_startproc
pushl %ebp
.cfi_def_cfa_offset 8
.cfi_offset 5, -8
movl %esp, %ebp
.cfi_def_cfa_register 5
andl $-16, %esp
subl $32, %esp
movb $-1, 27(%esp)
movl $0, 28(%esp)
movzbl 27(%esp), %eax
addl %eax, 28(%esp)
movzbl 27(%esp), %eax
movl %eax, 4(%esp)
movl $.LC0, (%esp)
call printf
movl 28(%esp), %eax
movl %eax, 4(%esp)
movl $.LC1, (%esp)
call printf
movl $0, %eax
leave
.cfi_restore 5
.cfi_def_cfa 4, 4
ret
.cfi_endproc
0804841d :
804841d: 55 push %ebp
804841e: 89 e5 mov %esp,%ebp
8048420: 83 e4 f0 and $0xfffffff0,%esp
8048423: 83 ec 20 sub $0x20,%esp
8048426: c6 44 24 1b ff movb $0xff,0x1b(%esp)
804842b: c7 44 24 1c 00 00 00 movl $0x0,0x1c(%esp)
8048432: 00
8048433: 0f b6 44 24 1b movzbl 0x1b(%esp),%eax
8048438: 01 44 24 1c add %eax,0x1c(%esp)
804843c: 0f b6 44 24 1b movzbl 0x1b(%esp),%eax
8048441: 89 44 24 04 mov %eax,0x4(%esp)
8048445: c7 04 24 00 85 04 08 movl $0x8048500,(%esp)
804844c: e8 9f fe ff ff call 80482f0
8048451: 8b 44 24 1c mov 0x1c(%esp),%eax
8048455: 89 44 24 04 mov %eax,0x4(%esp)
8048459: c7 04 24 0f 85 04 08 movl $0x804850f,(%esp)
8048460: e8 8b fe ff ff call 80482f0
8048465: b8 00 00 00 00 mov $0x0,%eax
804846a: c9 leave
804846b: c3 ret
804846c: 66 90 xchg %ax,%ax
804846e: 66 90 xchg %ax,%ax
gcc -o 1_7.c
objdump -dSs a.out
Contents of section .rodata:
80484f8 03000000 01000200 48656c6c 6f20576f ........Hello Wo
8048508 726c6425 630a0068 656c6c6f 20776f72 rld%c..hello wor
8048518 6c642564 0a00
可以看到,这次的地址变为了 $0x8048500,而这个地址H的首地址,那么之前的猜测没有问题。
查看二进制:
root@192:~/workdir/KandG/1# hexdump -C a.out
00000000 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
...
00001c50 61 72 74 00 5f 66 70 5f 68 77 00 5f 5f 62 73 73 |art._fp_hw.__bss|
00001c60 5f 73 74 61 72 74 00 6d 61 69 6e 00 5f 4a 76 5f |_start.main._Jv_|
00001c70 52 65 67 69 73 74 65 72 43 6c 61 73 73 65 73 00 |RegisterClasses.|
00001c80 5f 5f 54 4d 43 5f 45 4e 44 5f 5f 00 5f 49 54 4d |__TMC_END__._ITM|
00001c90 5f 72 65 67 69 73 74 65 72 54 4d 43 6c 6f 6e 65 |_registerTMClone|
00001ca0 54 61 62 6c 65 00 5f 69 6e 69 74 00 |Table._init.|
00001cac