随便写了个代码分析汇编
- 源代码
#include<stdio.h> int sum(int a,int b) { int tmp=0; tmp=a+b; return tmp; } int main() { int a=10; int b=20; int ret=0; ret=sum(a,b); printf("ret=%d ",ret); return 0; }
代码比较简单,但分析起来却对我这个小白极不友善,话不多说,直接上汇编
2.
(1)main()函数汇编代码
1 push rbp # rbp入栈 2 mov rbp,rsp # rsp的值放入rbp 3 sub rsp,0x30 # rsp-=0x30 4 call 0x402130 <__main> # 调用main() 5 mov DWORD PTR [rbp-0x4],0xa # [rbp-0x4]地址(a) 6 mov DWORD PTR [rbp-0x8],0x14 # [rbp-0x8]地址(b) 7 mov DWORD PTR [rbp-0xc],0x0 # [rbp-0xc]地址ret 8 mov edx,DWORD PTR [rbp-0x8] # rbp-0x8为地址里的值赋予edx,即edx=20 9 mov eax,DWORD PTR [rbp-0x4] # eax=10 10 mov ecx,eax # ecx=10 11 call 0x401530 <sum(int, int)> 12 mov DWORD PTR [rbp-0xc],eax # eax是sum()返回值 eax=30 13 mov eax,DWORD PTR [rbp-0xc] 14 mov edx,eax # edx=30 15 lea rcx,[rip+0x2a69] # 0x404000 16 call 0x402b48 <printf> 17 mov eax,0x0 # eax=0 18 add rsp,0x30 # 释放 19 ret
(2)sum()汇编代码
1 push rbp 2 mov rbp,rsp 3 sub rsp,0x10 # 生成栈空间(栈帧) 4 mov DWORD PTR [rbp+0x10],ecx # 已知ecx=10 5 mov DWORD PTR [rbp+0x18],edx # 已知edx=20 6 mov DWORD PTR [rbp-0x4],0x0 7 mov edx,DWORD PTR [rbp+0x10] # edx=10 8 mov eax,DWORD PTR [rbp+0x18] # eax=20 9 add eax,edx # eax=10+20 10 mov DWORD PTR [rbp-0x4],eax # 赋值 11 mov eax,DWORD PTR [rbp-0x4] # 赋值 12 add rsp,0x10 # rsp=rbp释放栈空间 13 pop rbp # 14 ret