之前看过一点汇编,不过现在都忘记得差不多了。最近又很蛋疼地想起反汇编这个东西。这里使用 gcc 命令对 .c 文件进行反汇编,把 C语言 翻译成汇编语言
先准备一个简单的 C 程序
sum.c
#include <stdio.h> int add(int, int); int mode(int, int); int main() { int a = 3, b = 2; int s = add(3, 2); int m = mode(3, 2); return 0; } int add(int a, int b) { return a + b; } int mode(int a, int b) { return a % b; }
在控制台中先进到 保存 sum.c 的文件夹下,当然你也可以用绝对路径,使用以下命令
gcc -S sum.c -o sum_at.s
这个命令默认生成的是 AT&T 汇编,生成的 sum_at.s 如下
.file "sum.c" .text .def ___main; .scl 2; .type 32; .endef .globl _main .def _main; .scl 2; .type 32; .endef _main: LFB13: .cfi_startproc pushl %ebp .cfi_def_cfa_offset 8 .cfi_offset 5, -8 movl %esp, %ebp .cfi_def_cfa_register 5 andl $-16, %esp subl $32, %esp call ___main movl $3, 28(%esp) movl $2, 24(%esp) movl $2, 4(%esp) movl $3, (%esp) call _add movl %eax, 20(%esp) movl $2, 4(%esp) movl $3, (%esp) call _mode movl %eax, 16(%esp) movl $0, %eax leave .cfi_restore 5 .cfi_def_cfa 4, 4 ret .cfi_endproc LFE13: .globl _add .def _add; .scl 2; .type 32; .endef _add: LFB14: .cfi_startproc pushl %ebp .cfi_def_cfa_offset 8 .cfi_offset 5, -8 movl %esp, %ebp .cfi_def_cfa_register 5 movl 8(%ebp), %edx movl 12(%ebp), %eax addl %edx, %eax popl %ebp .cfi_restore 5 .cfi_def_cfa 4, 4 ret .cfi_endproc LFE14: .globl _mode .def _mode; .scl 2; .type 32; .endef _mode: LFB15: .cfi_startproc pushl %ebp .cfi_def_cfa_offset 8 .cfi_offset 5, -8 movl %esp, %ebp .cfi_def_cfa_register 5 movl 8(%ebp), %eax cltd idivl 12(%ebp) movl %edx, %eax popl %ebp .cfi_restore 5 .cfi_def_cfa 4, 4 ret .cfi_endproc LFE15: .ident "GCC: (i686-posix-dwarf-rev0, Built by MinGW-W64 project) 7.3.0"
我之前看的是intel汇编 也就是8086这种 intel 芯片,要转成 intel 汇编 使用以下命令
gcc -S -masm=intel sum.c -o sum_intel.s
生成的 sum_intel.s 文件内容如下
.file "sum.c" .intel_syntax noprefix .text .def ___main; .scl 2; .type 32; .endef .globl _main .def _main; .scl 2; .type 32; .endef _main: LFB13: .cfi_startproc push ebp .cfi_def_cfa_offset 8 .cfi_offset 5, -8 mov ebp, esp .cfi_def_cfa_register 5 and esp, -16 sub esp, 32 call ___main mov DWORD PTR [esp+28], 3 mov DWORD PTR [esp+24], 2 mov DWORD PTR [esp+4], 2 mov DWORD PTR [esp], 3 call _add mov DWORD PTR [esp+20], eax mov DWORD PTR [esp+4], 2 mov DWORD PTR [esp], 3 call _mode mov DWORD PTR [esp+16], eax mov eax, 0 leave .cfi_restore 5 .cfi_def_cfa 4, 4 ret .cfi_endproc LFE13: .globl _add .def _add; .scl 2; .type 32; .endef _add: LFB14: .cfi_startproc push ebp .cfi_def_cfa_offset 8 .cfi_offset 5, -8 mov ebp, esp .cfi_def_cfa_register 5 mov edx, DWORD PTR [ebp+8] mov eax, DWORD PTR [ebp+12] add eax, edx pop ebp .cfi_restore 5 .cfi_def_cfa 4, 4 ret .cfi_endproc LFE14: .globl _mode .def _mode; .scl 2; .type 32; .endef _mode: LFB15: .cfi_startproc push ebp .cfi_def_cfa_offset 8 .cfi_offset 5, -8 mov ebp, esp .cfi_def_cfa_register 5 mov eax, DWORD PTR [ebp+8] cdq idiv DWORD PTR [ebp+12] mov eax, edx pop ebp .cfi_restore 5 .cfi_def_cfa 4, 4 ret .cfi_endproc LFE15: .ident "GCC: (i686-posix-dwarf-rev0, Built by MinGW-W64 project) 7.3.0"
等我复习下汇编再回来看这段代码到底干了什么