C语言函数调用过程的汇编分析(停更)
Posted Dontla
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了C语言函数调用过程的汇编分析(停更)相关的知识,希望对你有一定的参考价值。
https://www.cnblogs.com/xiaojianliu/articles/8733560.html
vi test.c
int bar(int c, int d)
{
int e = c + d;
return e;
}
int foo(int a, int b)
{
return bar(a, b);
}
int main(void)
{
foo(2, 3);
return 0;
}
gcc test.c -g
objdump -dS a.out
注意大小写
dontla@dontla-virtual-machine:~/桌面/test$ objdump -dS a.out
a.out: 文件格式 elf64-x86-64
Disassembly of section .init:
0000000000001000 <_init>:
1000: f3 0f 1e fa endbr64
1004: 48 83 ec 08 sub $0x8,%rsp
1008: 48 8b 05 d9 2f 00 00 mov 0x2fd9(%rip),%rax # 3fe8 <__gmon_start__>
100f: 48 85 c0 test %rax,%rax
1012: 74 02 je 1016 <_init+0x16>
1014: ff d0 callq *%rax
1016: 48 83 c4 08 add $0x8,%rsp
101a: c3 retq
Disassembly of section .plt:
0000000000001020 <.plt>:
1020: ff 35 a2 2f 00 00 pushq 0x2fa2(%rip) # 3fc8 <_GLOBAL_OFFSET_TABLE_+0x8>
1026: f2 ff 25 a3 2f 00 00 bnd jmpq *0x2fa3(%rip) # 3fd0 <_GLOBAL_OFFSET_TABLE_+0x10>
102d: 0f 1f 00 nopl (%rax)
Disassembly of section .plt.got:
0000000000001030 <__cxa_finalize@plt>:
1030: f3 0f 1e fa endbr64
1034: f2 ff 25 bd 2f 00 00 bnd jmpq *0x2fbd(%rip) # 3ff8 <__cxa_finalize@GLIBC_2.2.5>
103b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
Disassembly of section .text:
0000000000001040 <_start>:
1040: f3 0f 1e fa endbr64
1044: 31 ed xor %ebp,%ebp
1046: 49 89 d1 mov %rdx,%r9
1049: 5e pop %rsi
104a: 48 89 e2 mov %rsp,%rdx
104d: 48 83 e4 f0 and $0xfffffffffffffff0,%rsp
1051: 50 push %rax
1052: 54 push %rsp
1053: 4c 8d 05 a6 01 00 00 lea 0x1a6(%rip),%r8 # 1200 <__libc_csu_fini>
105a: 48 8d 0d 2f 01 00 00 lea 0x12f(%rip),%rcx # 1190 <__libc_csu_init>
1061: 48 8d 3d 02 01 00 00 lea 0x102(%rip),%rdi # 116a <main>
1068: ff 15 72 2f 00 00 callq *0x2f72(%rip) # 3fe0 <__libc_start_main@GLIBC_2.2.5>
106e: f4 hlt
106f: 90 nop
0000000000001070 <deregister_tm_clones>:
1070: 48 8d 3d 99 2f 00 00 lea 0x2f99(%rip),%rdi # 4010 <__TMC_END__>
1077: 48 8d 05 92 2f 00 00 lea 0x2f92(%rip),%rax # 4010 <__TMC_END__>
107e: 48 39 f8 cmp %rdi,%rax
1081: 74 15 je 1098 <deregister_tm_clones+0x28>
1083: 48 8b 05 4e 2f 00 00 mov 0x2f4e(%rip),%rax # 3fd8 <_ITM_deregisterTMCloneTable>
108a: 48 85 c0 test %rax,%rax
108d: 74 09 je 1098 <deregister_tm_clones+0x28>
108f: ff e0 jmpq *%rax
1091: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
1098: c3 retq
1099: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
00000000000010a0 <register_tm_clones>:
10a0: 48 8d 3d 69 2f 00 00 lea 0x2f69(%rip),%rdi # 4010 <__TMC_END__>
10a7: 48 8d 35 62 2f 00 00 lea 0x2f62(%rip),%rsi # 4010 <__TMC_END__>
10ae: 48 29 fe sub %rdi,%rsi
10b1: 48 89 f0 mov %rsi,%rax
10b4: 48 c1 ee 3f shr $0x3f,%rsi
10b8: 48 c1 f8 03 sar $0x3,%rax
10bc: 48 01 c6 add %rax,%rsi
10bf: 48 d1 fe sar %rsi
10c2: 74 14 je 10d8 <register_tm_clones+0x38>
10c4: 48 8b 05 25 2f 00 00 mov 0x2f25(%rip),%rax # 3ff0 <_ITM_registerTMCloneTable>
10cb: 48 85 c0 test %rax,%rax
10ce: 74 08 je 10d8 <register_tm_clones+0x38>
10d0: ff e0 jmpq *%rax
10d2: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
10d8: c3 retq
10d9: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
00000000000010e0 <__do_global_dtors_aux>:
10e0: f3 0f 1e fa endbr64
10e4: 80 3d 25 2f 00 00 00 cmpb $0x0,0x2f25(%rip) # 4010 <__TMC_END__>
10eb: 75 2b jne 1118 <__do_global_dtors_aux+0x38>
10ed: 55 push %rbp
10ee: 48 83 3d 02 2f 00 00 cmpq $0x0,0x2f02(%rip) # 3ff8 <__cxa_finalize@GLIBC_2.2.5>
10f5: 00
10f6: 48 89 e5 mov %rsp,%rbp
10f9: 74 0c je 1107 <__do_global_dtors_aux+0x27>
10fb: 48 8b 3d 06 2f 00 00 mov 0x2f06(%rip),%rdi # 4008 <__dso_handle>
1102: e8 29 ff ff ff callq 1030 <__cxa_finalize@plt>
1107: e8 64 ff ff ff callq 1070 <deregister_tm_clones>
110c: c6 05 fd 2e 00 00 01 movb $0x1,0x2efd(%rip) # 4010 <__TMC_END__>
1113: 5d pop %rbp
1114: c3 retq
1115: 0f 1f 00 nopl (%rax)
1118: c3 retq
1119: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
0000000000001120 <frame_dummy>:
1120: f3 0f 1e fa endbr64
1124: e9 77 ff ff ff jmpq 10a0 <register_tm_clones>
0000000000001129 <bar>:
int bar(int c, int d)
{
1129: f3 0f 1e fa endbr64
112d: 55 push %rbp
112e: 48 89 e5 mov %rsp,%rbp
1131: 89 7d ec mov %edi,-0x14(%rbp)
1134: 89 75 e8 mov %esi,-0x18(%rbp)
int e = c + d;
1137: 8b 55 ec mov -0x14(%rbp),%edx
113a: 8b 45 e8 mov -0x18(%rbp),%eax
113d: 01 d0 add %edx,%eax
113f: 89 45 fc mov %eax,-0x4(%rbp)
return e;
1142: 8b 45 fc mov -0x4(%rbp),%eax
}
1145: 5d pop %rbp
1146: c3 retq
0000000000001147 <foo>:
int foo(int a, int b)
{
1147: f3 0f 1e fa endbr64
114b: 55 push %rbp
114c: 48 89 e5 mov %rsp,%rbp
114f: 48 83 ec 08 sub $0x8,%rsp
1153: 89 7d fc mov %edi,-0x4(%rbp)
1156: 89 75 f8 mov %esi,-0x8(%rbp)
return bar(a, b);
1159: 8b 55 f8 mov -0x8(%rbp),%edx
115c: 8b 45 fc mov -0x4(%rbp),%eax
115f: 89 d6 mov %edx,%esi
1161: 89 c7 mov %eax,%edi
1163: e8 c1 ff ff ff callq 1129 <bar>
}
1168: c9 leaveq
1169: c3 retq
000000000000116a <main>:
int main(void)
{
116a: f3 0f 1e fa endbr64
116e: 55 push %rbp
116f: 48 89 e5 mov %rsp,%rbp
foo(2, 3);
1172: be 03 00 00 00 mov $0x3,%esi
1177: bf 02 00 00 00 mov $0x2,%edi
117c: e8 c6 ff ff ff callq 1147 <foo>
return 0;
1181: b8 00 00 00 00 mov $0x0,%eax
}
1186: 5d pop %rbp
1187: c3 retq
1188: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
118f: 00
0000000000001190 <__libc_csu_init>:
1190: f3 0f 1e fa endbr64
1194: 41 57 push %r15
1196: 4c 8d 3d 53 2c 00 00 lea 0x2c53(%rip),%r15 # 3df0 <__frame_dummy_init_array_entry>
119d: 41 56 push %r14
119f: 49 89 d6 mov %rdx,%r14
11a2: 41 55 push %r13
11a4: 49 89 f5 mov %rsi,%r13
11a7: 41 54 push %r12
11a9: 41 89 fc mov %edi,%r12d
11ac: 55 push %rbp
11ad: 48 8d 2d 44 2c 00 00 lea 0x2c44(%rip),%rbp # 3df8 <__do_global_dtors_aux_fini_array_entry>
11b4: 53 push %rbx
11b5: 4c 29 fd sub %r15,%rbp
11b8: 48 83 ec 08 sub $0x8,%rsp
11bc: e8 3f fe ff ff callq 1000 <_init>
11c1: 48 c1 fd 03 sar $0x3,%rbp
11c5: 74 1f je 11e6 <__libc_csu_init+0x56>
11c7: 31 db xor %ebx,%ebx
11c9: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
11d0: 4c 89 f2 mov %r14,%rdx
11d3: 4c 89 ee mov %r13,%rsi
11d6: 44 89 e7 mov %r12d,%edi
11d9: 41 ff 14 df callq *(%r15,%rbx,8)
11dd: 48 83 c3 01 add $0x1,%rbx
11e1: 48 39 dd cmp %rbx,%rbp
11e4: 75 ea jne 11d0 <__libc_csu_init+0x40>
11e6: 48 83 c4 08 add $0x8,%rsp
11ea: 5b pop %rbx
11eb: 5d pop %rbp
11ec: 41 5c pop %r12
11ee: 41 5d pop %r13
11f0: 41 5e pop %r14
11f2: 41 5f pop %r15
11f4: c3 retq
11f5: 66 66 2e 0f 1f 84 00 data16 nopw %cs:0x0(%rax,%rax,1)
11fc: 00 00 00 00
0000000000001200 <__libc_csu_fini>:
1200: f3 0f 1e fa endbr64
1204: c3 retq
Disassembly of section .fini:
0000000000001208 <_fini>:
1208: f3 0f 1e fa endbr64
120c: 48 83 ec 08 sub $0x8,%rsp
1210: 48 83 c4 08 add $0x8,%rsp
1214: c3 retq
查看关键部分:
0000000000001129 <bar>:
int bar(int c, int d)
{
1129: f3 0f 1e fa endbr64
112d: 55 push %rbp
112e: 48 89 e5 mov %rsp,%rbp
1131: 89 7d ec mov %edi,-0x14(%rbp)
1134: 89 75 e8 mov %esi,-0x18(%rbp)
int e = c + d;
1137: 8b 55 ec mov -0x14(%rbp),%edx
113a: 8b 45 e8 mov -0x18(从汇编角度分析C语言的过程调用
图解C/C++语言底层:函数调用过程之函数栈帧的创建和销毁(上)
图解C/C++语言底层:函数调用过程之函数栈帧的创建和销毁(上)