test: 文件格式 elf32-i386 反汇编 .init 节: 08048278 <_init>: 8048278: 55 push %ebp 8048279: 89 e5 mov %esp,%ebp 804827b: 83 ec 08 sub $0x8,%esp 804827e: e8 61 00 00 00 call 80482e4 8048283: e8 c8 00 00 00 call 8048350 8048288: e8 23 02 00 00 call 80484b0 <__do_global_ctors_aux> 804828d: c9 leave 804828e: c3 ret 反汇编 .plt 节: 08048290 <__libc_start_main@plt-0x10>: 8048290: ff 35 04 96 04 08 pushl 0x8049604 8048296: ff 25 08 96 04 08 jmp *0x8049608 804829c: 00 00 add %al,(%eax) ... 080482a0 <__libc_start_main@plt>: 80482a0: ff 25 0c 96 04 08 jmp *0x804960c 80482a6: 68 00 00 00 00 push $0x0 80482ab: e9 e0 ff ff ff jmp 8048290 <_init+0x18> 080482b0 : 80482b0: ff 25 10 96 04 08 jmp *0x8049610 80482b6: 68 08 00 00 00 push $0x8 80482bb: e9 d0 ff ff ff jmp 8048290 <_init+0x18> 反汇编 .text 节: 080482c0 <_start>: 80482c0: 31 ed xor %ebp,%ebp 80482c2: 5e pop %esi 80482c3: 89 e1 mov %esp,%ecx 80482c5: 83 e4 f0 and $0xfffffff0,%esp 80482c8: 50 push %eax 80482c9: 54 push %esp 80482ca: 52 push %edx 80482cb: 68 61 84 04 08 push $0x8048461 80482d0: 68 10 84 04 08 push $0x8048410 80482d5: 51 push %ecx 80482d6: 56 push %esi 80482d7: 68 a6 83 04 08 push $0x80483a6 80482dc: e8 bf ff ff ff call 80482a0 <__libc_start_main@plt> 80482e1: f4 hlt 80482e2: 90 nop 80482e3: 90 nop 080482e4 : 80482e4: 55 push %ebp 80482e5: 89 e5 mov %esp,%ebp 80482e7: 53 push %ebx 80482e8: e8 1b 00 00 00 call 8048308 <__i686.get_pc_thunk.bx> 80482ed: 81 c3 13 13 00 00 add $0x1313,%ebx 80482f3: 83 ec 04 sub $0x4,%esp 80482f6: 8b 83 fc ff ff ff mov 0xfffffffc(%ebx),%eax 80482fc: 85 c0 test %eax,%eax 80482fe: 74 02 je 8048302 8048300: ff d0 call *%eax 8048302: 83 c4 04 add $0x4,%esp 8048305: 5b pop %ebx 8048306: 5d pop %ebp 8048307: c3 ret 08048308 <__i686.get_pc_thunk.bx>: 8048308: 8b 1c 24 mov (%esp),%ebx 804830b: c3 ret 804830c: 90 nop 804830d: 90 nop 804830e: 90 nop 804830f: 90 nop 08048310 <__do_global_dtors_aux>: 8048310: 55 push %ebp 8048311: 89 e5 mov %esp,%ebp 8048313: 83 ec 08 sub $0x8,%esp 8048316: 80 3d 20 96 04 08 00 cmpb $0x0,0x8049620 804831d: 74 1b je 804833a <__do_global_dtors_aux+0x2a> 804831f: eb 2b jmp 804834c <__do_global_dtors_aux+0x3c> 8048321: eb 0d jmp 8048330 <__do_global_dtors_aux+0x20> 8048323: 90 nop 8048324: 90 nop 8048325: 90 nop 8048326: 90 nop 8048327: 90 nop 8048328: 90 nop 8048329: 90 nop 804832a: 90 nop 804832b: 90 nop 804832c: 90 nop 804832d: 90 nop 804832e: 90 nop 804832f: 90 nop 8048330: 83 c0 04 add $0x4,%eax 8048333: a3 1c 96 04 08 mov %eax,0x804961c 8048338: ff d2 call *%edx 804833a: a1 1c 96 04 08 mov 0x804961c,%eax 804833f: 8b 10 mov (%eax),%edx 8048341: 85 d2 test %edx,%edx 8048343: 75 eb jne 8048330 <__do_global_dtors_aux+0x20> 8048345: c6 05 20 96 04 08 01 movb $0x1,0x8049620 804834c: c9 leave 804834d: c3 ret 804834e: 89 f6 mov %esi,%esi 08048350 : 8048350: 55 push %ebp 8048351: 89 e5 mov %esp,%ebp 8048353: 83 ec 08 sub $0x8,%esp 8048356: a1 30 95 04 08 mov 0x8049530,%eax 804835b: 85 c0 test %eax,%eax 804835d: 74 16 je 8048375 804835f: b8 00 00 00 00 mov $0x0,%eax 8048364: 85 c0 test %eax,%eax 8048366: 74 0d je 8048375 8048368: 83 ec 0c sub $0xc,%esp 804836b: 68 30 95 04 08 push $0x8049530 8048370: ff d0 call *%eax 8048372: 83 c4 10 add $0x10,%esp 8048375: c9 leave 8048376: c3 ret 8048377: 90 nop 08048378 : #include void p1(char c) { 8048378: 55 push %ebp 8048379: 89 e5 mov %esp,%ebp 804837b: 83 ec 08 sub $0x8,%esp 804837e: 8b 45 08 mov 0x8(%ebp),%eax 8048381: 88 45 fc mov %al,0xfffffffc(%ebp) printf("%c\n",c); 8048384: 0f be 45 fc movsbl 0xfffffffc(%ebp),%eax 8048388: 83 ec 08 sub $0x8,%esp 804838b: 50 push %eax 804838c: 68 0c 85 04 08 push $0x804850c 8048391: e8 1a ff ff ff call 80482b0 8048396: 83 c4 10 add $0x10,%esp } 8048399: c9 leave 804839a: c3 ret /*************************************************************** * cxl: p2的函数框架比较清晰 ***************************************************************/ 0804839b : int p2(int x,int y) { 804839b: 55 push %ebp //cxl:ebp入栈,保存调用者的框架基址指针 804839c: 89 e5 mov %esp,%ebp //cxl:设置ebp指向当前栈顶,p2的框架从这里开始 return x+y; 804839e: 8b 45 0c mov 0xc(%ebp),%eax //为什么可以根据ebp取值 80483a1: 03 45 08 add 0x8(%ebp),%eax } 80483a4: 5d pop %ebp //cxl: 恢复调用者的框架 80483a5: c3 ret 080483a6
: int main(void) { 80483a6: 55 push %ebp 80483a7: 89 e5 mov %esp,%ebp 80483a9: 83 ec 18 sub $0x18,%esp 80483ac: 83 e4 f0 and $0xfffffff0,%esp 80483af: b8 00 00 00 00 mov $0x0,%eax 80483b4: 83 c0 0f add $0xf,%eax 80483b7: 83 c0 0f add $0xf,%eax 80483ba: c1 e8 04 shr $0x4,%eax 80483bd: c1 e0 04 shl $0x4,%eax 80483c0: 29 c4 sub %eax,%esp char c='a'; 80483c2: c6 45 f3 61 movb $0x61,0xfffffff3(%ebp) //cxl:c这个局部变量是在哪里分配的? int x,y,z; x=1; 80483c6: c7 45 f4 01 00 00 00 movl $0x1,0xfffffff4(%ebp) y=2; 80483cd: c7 45 f8 02 00 00 00 movl $0x2,0xfffffff8(%ebp) p1(c); 80483d4: 0f be 45 f3 movsbl 0xfffffff3(%ebp),%eax 80483d8: 83 ec 0c sub $0xc,%esp 80483db: 50 push %eax //cxl:为什么要将eax压栈 80483dc: e8 97 ff ff ff call 8048378 80483e1: 83 c4 10 add $0x10,%esp z=p2(x,y); 80483e4: ff 75 f8 pushl 0xfffffff8(%ebp) 80483e7: ff 75 f4 pushl 0xfffffff4(%ebp) 80483ea: e8 ac ff ff ff call 804839b 80483ef: 83 c4 08 add $0x8,%esp 80483f2: 89 45 fc mov %eax,0xfffffffc(%ebp) printf("%d=%d+%d\n",z,x,y); 80483f5: ff 75 f8 pushl 0xfffffff8(%ebp) 80483f8: ff 75 f4 pushl 0xfffffff4(%ebp) 80483fb: ff 75 fc pushl 0xfffffffc(%ebp) 80483fe: 68 10 85 04 08 push $0x8048510 8048403: e8 a8 fe ff ff call 80482b0 8048408: 83 c4 10 add $0x10,%esp } 804840b: c9 leave 804840c: c3 ret 804840d: 90 nop 804840e: 90 nop 804840f: 90 nop 08048410 <__libc_csu_init>: 8048410: 55 push %ebp 8048411: 89 e5 mov %esp,%ebp 8048413: 57 push %edi 8048414: 56 push %esi 8048415: 31 f6 xor %esi,%esi 8048417: 53 push %ebx 8048418: e8 eb fe ff ff call 8048308 <__i686.get_pc_thunk.bx> 804841d: 81 c3 e3 11 00 00 add $0x11e3,%ebx 8048423: 83 ec 0c sub $0xc,%esp 8048426: e8 4d fe ff ff call 8048278 <_init> 804842b: 8d 83 20 ff ff ff lea 0xffffff20(%ebx),%eax 8048431: 8d 93 20 ff ff ff lea 0xffffff20(%ebx),%edx 8048437: 89 45 f0 mov %eax,0xfffffff0(%ebp) 804843a: 29 d0 sub %edx,%eax 804843c: c1 f8 02 sar $0x2,%eax 804843f: 39 c6 cmp %eax,%esi 8048441: 73 16 jae 8048459 <__libc_csu_init+0x49> 8048443: 89 d7 mov %edx,%edi 8048445: ff 14 b2 call *(%edx,%esi,4) 8048448: 8b 45 f0 mov 0xfffffff0(%ebp),%eax 804844b: 83 c6 01 add $0x1,%esi 804844e: 29 f8 sub %edi,%eax 8048450: 89 fa mov %edi,%edx 8048452: c1 f8 02 sar $0x2,%eax 8048455: 39 c6 cmp %eax,%esi 8048457: 72 ec jb 8048445 <__libc_csu_init+0x35> 8048459: 83 c4 0c add $0xc,%esp 804845c: 5b pop %ebx 804845d: 5e pop %esi 804845e: 5f pop %edi 804845f: 5d pop %ebp 8048460: c3 ret 08048461 <__libc_csu_fini>: 8048461: 55 push %ebp 8048462: 89 e5 mov %esp,%ebp 8048464: 83 ec 18 sub $0x18,%esp 8048467: 89 5d f4 mov %ebx,0xfffffff4(%ebp) 804846a: e8 99 fe ff ff call 8048308 <__i686.get_pc_thunk.bx> 804846f: 81 c3 91 11 00 00 add $0x1191,%ebx 8048475: 89 75 f8 mov %esi,0xfffffff8(%ebp) 8048478: 89 7d fc mov %edi,0xfffffffc(%ebp) 804847b: 8d b3 20 ff ff ff lea 0xffffff20(%ebx),%esi 8048481: 8d bb 20 ff ff ff lea 0xffffff20(%ebx),%edi 8048487: 29 fe sub %edi,%esi 8048489: c1 fe 02 sar $0x2,%esi 804848c: eb 03 jmp 8048491 <__libc_csu_fini+0x30> 804848e: ff 14 b7 call *(%edi,%esi,4) 8048491: 83 ee 01 sub $0x1,%esi 8048494: 83 fe ff cmp $0xffffffff,%esi 8048497: 75 f5 jne 804848e <__libc_csu_fini+0x2d> 8048499: e8 46 00 00 00 call 80484e4 <_fini> 804849e: 8b 5d f4 mov 0xfffffff4(%ebp),%ebx 80484a1: 8b 75 f8 mov 0xfffffff8(%ebp),%esi 80484a4: 8b 7d fc mov 0xfffffffc(%ebp),%edi 80484a7: 89 ec mov %ebp,%esp 80484a9: 5d pop %ebp 80484aa: c3 ret 80484ab: 90 nop 80484ac: 90 nop 80484ad: 90 nop 80484ae: 90 nop 80484af: 90 nop 080484b0 <__do_global_ctors_aux>: 80484b0: 55 push %ebp 80484b1: 89 e5 mov %esp,%ebp 80484b3: 53 push %ebx 80484b4: 52 push %edx 80484b5: a1 20 95 04 08 mov 0x8049520,%eax 80484ba: 83 f8 ff cmp $0xffffffff,%eax 80484bd: 74 1e je 80484dd <__do_global_ctors_aux+0x2d> 80484bf: bb 20 95 04 08 mov $0x8049520,%ebx 80484c4: 8d b6 00 00 00 00 lea 0x0(%esi),%esi 80484ca: 8d bf 00 00 00 00 lea 0x0(%edi),%edi 80484d0: ff d0 call *%eax 80484d2: 8b 43 fc mov 0xfffffffc(%ebx),%eax 80484d5: 83 eb 04 sub $0x4,%ebx 80484d8: 83 f8 ff cmp $0xffffffff,%eax 80484db: 75 f3 jne 80484d0 <__do_global_ctors_aux+0x20> 80484dd: 58 pop %eax 80484de: 5b pop %ebx 80484df: 5d pop %ebp 80484e0: c3 ret 80484e1: 90 nop 80484e2: 90 nop 80484e3: 90 nop 反汇编 .fini 节: 080484e4 <_fini>: 80484e4: 55 push %ebp 80484e5: 89 e5 mov %esp,%ebp 80484e7: 53 push %ebx 80484e8: e8 1b fe ff ff call 8048308 <__i686.get_pc_thunk.bx> 80484ed: 81 c3 13 11 00 00 add $0x1113,%ebx 80484f3: 83 ec 04 sub $0x4,%esp 80484f6: e8 15 fe ff ff call 8048310 <__do_global_dtors_aux> 80484fb: 83 c4 04 add $0x4,%esp 80484fe: 5b pop %ebx 80484ff: 5d pop %ebp 8048500: c3 ret