11b6: f3 0f 1e fa endbr64
11ba: 55 push %rbp
11bb: 48 89 e5 mov %rsp,%rbp
11be: bf 03 00 00 00 mov $0x3,%edi
11c3: e8 81 ff ff ff callq 1149
11c8: 90 nop
11c9: 5d pop %rbp
11ca: c3 retq
11cb: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
逆向-beginners之switch顺序case
#include
/*
* fall through (滑梯)
*/
#define R 1
#define W 2
#define RW 3
void f(int type)
{
int read = 0, write = 0;
switch (type) {
case RW:
read = 1;
case W:
write = 1;
break;
case R:
read = 1;
break;
default:
break;
}
printf("read = %d, write = %d\n", read, write);
}
void main()
{
f(3);
}
#if 0
无论type的值是RW还是W,程序都有会执行第15行的指令。type为RW的陈述语句里没有break,从而利用switch的fall through效应。
#endif
#if 0
/*
* intel
*/
0000000000001149
1149: f3 0f 1e fa endbr64
114d: 55 push %rbp
114e: 48 89 e5 mov %rsp,%rbp
1151: 48 83 ec 20 sub $0x20,%rsp
1155: 89 7d ec mov %edi,-0x14(%rbp)
1158: c7 45 f8 00 00 00 00 movl $0x0,-0x8(%rbp)
115f: c7 45 fc 00 00 00 00 movl $0x0,-0x4(%rbp)
1166: 83 7d ec 03 cmpl $0x3,-0x14(%rbp)
116a: 74 14 je 1180
116c: 83 7d ec 03 cmpl $0x3,-0x14(%rbp)
1170: 7f 27 jg 1199
1172: 83 7d ec 01 cmpl $0x1,-0x14(%rbp)
1176: 74 18 je 1190
1178: 83 7d ec 02 cmpl $0x2,-0x14(%rbp)
117c: 74 09 je 1187
117e: eb 19 jmp 1199
1180: c7 45 f8 01 00 00 00 movl $0x1,-0x8(%rbp)
1187: c7 45 fc 01 00 00 00 movl $0x1,-0x4(%rbp)
118e: eb 0a jmp 119a
1190: c7 45 f8 01 00 00 00 movl $0x1,-0x8(%rbp)
1197: eb 01 jmp 119a
1199: 90 nop
119a: 8b 55 fc mov -0x4(%rbp),%edx
119d: 8b 45 f8 mov -0x8(%rbp),%eax
11a0: 89 c6 mov %eax,%esi
11a2: 48 8d 3d 5b 0e 00 00 lea 0xe5b(%rip),%rdi # 2004 <_IO_stdin_used+0x4>
11a9: b8 00 00 00 00 mov $0x0,%eax
11ae: e8 9d fe ff ff callq 1050
11b3: 90 nop
11b4: c9 leaveq
11b5: c3 retq
00000000000011b6
11b6: f3 0f 1e fa endbr64
11ba: 55 push %rbp
11bb: 48 89 e5 mov %rsp,%rbp
11be: bf 03 00 00 00 mov $0x3,%edi
11c3: e8 81 ff ff ff callq 1149
11c8: 90 nop
11c9: 5d pop %rbp
11ca: c3 retq
11cb: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
/*
* arm
*/
000000000040055c
40055c: a9bd7bfd stp x29, x30, [sp, #-48]!
400560: 910003fd mov x29, sp
400564: b9001fa0 str w0, [x29, #28]
400568: b9002fbf str wzr, [x29, #44]
40056c: b9002bbf str wzr, [x29, #40]
400570: b9401fa0 ldr w0, [x29, #28]
400574: 7100081f cmp w0, #0x2
400578: 54000100 b.eq 400598
40057c: 71000c1f cmp w0, #0x3
400580: 54000080 b.eq 400590
400584: 7100041f cmp w0, #0x1
400588: 540000e0 b.eq 4005a4
40058c: 14000009 b 4005b0
400590: 52800020 mov w0, #0x1 // #1
400594: b9002fa0 str w0, [x29, #44]
400598: 52800020 mov w0, #0x1 // #1
40059c: b9002ba0 str w0, [x29, #40]
4005a0: 14000004 b 4005b0
4005a4: 52800020 mov w0, #0x1 // #1
4005a8: b9002fa0 str w0, [x29, #44]
4005ac: d503201f nop
4005b0: 90000000 adrp x0, 400000 <_init-0x3e8>
4005b4: 911a8000 add x0, x0, #0x6a0
4005b8: b9402ba2 ldr w2, [x29, #40]
4005bc: b9402fa1 ldr w1, [x29, #44]
4005c0: 97ffffa4 bl 400450
4005c4: d503201f nop
4005c8: a8c37bfd ldp x29, x30, [sp], #48
4005cc: d65f03c0 ret
00000000004005d0
4005d0: a9bf7bfd stp x29, x30, [sp, #-16]!
4005d4: 910003fd mov x29, sp
4005d8: 52800060 mov w0, #0x3 // #3
4005dc: 97ffffe0 bl 40055c
4005e0: d503201f nop
4005e4: a8c17bfd ldp x29, x30, [sp], #16
4005e8: d65f03c0 ret
4005ec: 00000000 .inst 0x00000000 ; undefined
#endif