学习C++反汇编-下标寻址和指针寻址

C++源代码：

#include<stdio.h>
int main()
{
	char *Buf1=0;
	char Buf2[]="Hello";
	Buf1=Buf2;
	printf("%c\n",*Buf1);
	printf("%c\n",Buf2[0]);
}

生成的汇编代码：

Dump of assembler code for function main:
0x004012f0 <main+0>:	push   %ebp
0x004012f1 <main+1>:	mov    %esp,%ebp
0x004012f3 <main+3>:	sub    $0x48,%esp
0x004012f6 <main+6>:	and    $0xfffffff0,%esp
0x004012f9 <main+9>:	mov    $0x0,%eax
0x004012fe <main+14>:	add    $0xf,%eax
0x00401301 <main+17>:	add    $0xf,%eax
0x00401304 <main+20>:	shr    $0x4,%eax
0x00401307 <main+23>:	shl    $0x4,%eax
0x0040130a <main+26>:	mov    %eax,-0x2c(%ebp)
0x0040130d <main+29>:	mov    -0x2c(%ebp),%eax
0x00401310 <main+32>:	call   0x40187c <_alloca>
0x00401315 <main+37>:	call   0x4013fc <__main>
0x0040131a <main+42>:	movl   $0x0,-0xc(%ebp)
0x00401321 <main+49>:	mov    0x403000,%eax
0x00401326 <main+54>:	mov    %eax,-0x28(%ebp)
0x00401329 <main+57>:	movzwl 0x403004,%eax
0x00401330 <main+64>:	mov    %ax,-0x24(%ebp)
0x00401334 <main+68>:	lea    -0x28(%ebp),%eax
0x00401337 <main+71>:	mov    %eax,-0xc(%ebp)
0x0040133a <main+74>:	mov    -0xc(%ebp),%eax
0x0040133d <main+77>:	movsbl (%eax),%eax
0x00401340 <main+80>:	mov    %eax,0x4(%esp)
0x00401344 <main+84>:	movl   $0x403006,(%esp)
0x0040134b <main+91>:	call   0x4018dc <printf>
0x00401350 <main+96>:	movsbl -0x28(%ebp),%eax
0x00401354 <main+100>:	mov    %eax,0x4(%esp)
0x00401358 <main+104>:	movl   $0x403006,(%esp)
0x0040135f <main+111>:	call   0x4018dc <printf>
0x00401364 <main+116>:	mov    $0x0,%eax
0x00401369 <main+121>:	leave  
0x0040136a <main+122>:	ret    
End of assembler dump.
(gdb)

数组寻址只需要经过一次寻址：

movsbl -0x28(%ebp),%eax

而指针寻址需要两次寻址，首先获得指针本身的值，然后获得指针所指向的内容：

lea    -0x28(%ebp),%eax

movsbl (%eax),%eax