汇编器参数类型
Assembler parameters type
如何找出汇编函数中给定参数的类型和 return 值?
lea 0x1(%ecx),%ebx 的具体作用是什么? 0x1(%ecx)的地址是否存储在%ebx中?
我有一项任务是将汇编代码重写为 C 函数,这是我不明白的事情。我认为参数是 int 因为 mov 0x8(%esp),%edx、mov 0xc(%esp),%eax 和 return 类型也是 int,但这可能是错误的,因为我们的验证系统没有不要接受我的解决方案。
整个代码用于 x86,32 位用于 GNU/Linux。
我认为 mov 的语法有点像 mov <target>, <source> 但后来有 mov [=21=]x0,%edi 我想,目标不能为 0。与 [=22= 相同].
这是toplevel_fnc
调用的函数
080aab5c <subroutine_fnc>:
80aab5c: 53 push %ebx // backup
80aab5d: 8b 54 24 08 mov 0x8(%esp),%edx // 1st parameter pointer to the memory
80aab61: 8b 44 24 0c mov 0xc(%esp),%eax // 2nd parameter int
80aab65: 83 f8 09 cmp [=10=]x9,%eax // if (eax == 9)
80aab68: 74 15 je 80aab7f <subroutine_fnc+0x23> // true
80aab6a: 83 f8 20 cmp [=10=]x20,%eax // else if(eax == 32)
80aab6d: 74 10 je 80aab7f <subroutine_fnc+0x23> // true
80aab6f: 3b 05 80 a9 0c 08 cmp 0x80ca980,%eax // else if(eax == 135047552)
80aab75: 74 08 je 80aab7f <subroutine_fnc+0x23> // true
80aab77: c7 02 00 00 00 00 movl [=10=]x0,(%edx) // else edx = 0 -- first element in stack
80aab7d: eb 0e jmp 80aab8d <subroutine_fnc+0x31> // jump to end programm
80aab7f: 8b 0a mov (%edx),%ecx // ecx = edx
80aab81: 8d 59 01 lea 0x1(%ecx),%ebx // ebx = &(ecx + 1)
80aab84: 89 1a mov %ebx,(%edx) // edx = ebx
80aab86: 83 f9 01 cmp [=10=]x1,%ecx // if(ecx == 1)
80aab89: 19 d2 sbb %edx,%edx // edx = 0 and CF is set
80aab8b: 21 d0 and %edx,%eax //
80aab8d: 5b pop %ebx
80aab8e: c3 ret
这是toplevel_fnc
080aab8f <toplevel_fnc>:
80aab8f: 55 push %ebp
80aab90: 57 push %edi
80aab91: 56 push %esi
80aab92: 53 push %ebx
80aab93: 83 ec 18 sub [=11=]x18,%esp //24 byte for local variables
80aab96: c7 44 24 14 00 00 00 movl [=11=]x0,0x14(%esp) //esp + 0x14 = 0
80aab9d: 00
80aab9e: bf 00 00 00 00 mov [=11=]x0,%edi //edi = 0
80aaba3: 8d 74 24 13 lea 0x13(%esp),%esi
80aaba7: 8d 6c 24 14 lea 0x14(%esp),%ebp
80aabab: eb 2e jmp 80aabdb <toplevel_fnc+0x4c>
80aabad: 0f be 44 24 13 movsbl 0x13(%esp),%eax
80aabb2: 89 44 24 04 mov %eax,0x4(%esp)
80aabb6: 89 2c 24 mov %ebp,(%esp)
80aabb9: e8 9e ff ff ff call 80aab5c <subroutine_fnc>
80aabbe: 88 44 24 13 mov %al,0x13(%esp)
80aabc2: 84 c0 test %al,%al
80aabc4: 74 12 je 80aabd8 <toplevel_fnc+0x49>
80aabc6: ba 01 00 00 00 mov [=11=]x1,%edx
80aabcb: 89 d3 mov %edx,%ebx
80aabcd: 89 f1 mov %esi,%ecx
80aabcf: b8 04 00 00 00 mov [=11=]x4,%eax
80aabd4: cd 80 int [=11=]x80
80aabd6: eb 03 jmp 80aabdb <toplevel_fnc+0x4c>
80aabd8: 83 c7 01 add [=11=]x1,%edi
80aabdb: ba 01 00 00 00 mov [=11=]x1,%edx
80aabe0: bb 00 00 00 00 mov [=11=]x0,%ebx
80aabe5: 89 f1 mov %esi,%ecx
80aabe7: b8 03 00 00 00 mov [=11=]x3,%eax
80aabec: cd 80 int [=11=]x80
80aabee: 83 f8 01 cmp [=11=]x1,%eax
80aabf1: 74 ba je 80aabad <toplevel_fnc+0x1e>
80aabf3: 89 f8 mov %edi,%eax
80aabf5: 83 c4 18 add [=11=]x18,%esp
80aabf8: 5b pop %ebx
80aabf9: 5e pop %esi
80aabfa: 5f pop %edi
80aabfb: 5d pop %ebp
80aabfc: c3 ret
提前致谢!
How can I find out what is the type of given parameter and return value in the assembler function?
您只能通过查看用于将 return 值存储在 R0(也称为 EAX)中的指令并查看存储在那里的数据来做出有根据的猜测。汇编语言是无类型的。
What does the lea 0x1(%ecx),%ebx exactly do? Is the address of 0x1(%ecx) stored in %ebx?
即把ecx+1指定的地址存放在ebx中。使用这些操作数,实际上是 ebx = ecx + 1.
如何找出汇编函数中给定参数的类型和 return 值?
lea 0x1(%ecx),%ebx 的具体作用是什么? 0x1(%ecx)的地址是否存储在%ebx中?
我有一项任务是将汇编代码重写为 C 函数,这是我不明白的事情。我认为参数是 int 因为 mov 0x8(%esp),%edx、mov 0xc(%esp),%eax 和 return 类型也是 int,但这可能是错误的,因为我们的验证系统没有不要接受我的解决方案。
整个代码用于 x86,32 位用于 GNU/Linux。
我认为 mov 的语法有点像 mov <target>, <source> 但后来有 mov [=21=]x0,%edi 我想,目标不能为 0。与 [=22= 相同].
这是toplevel_fnc
080aab5c <subroutine_fnc>:
80aab5c: 53 push %ebx // backup
80aab5d: 8b 54 24 08 mov 0x8(%esp),%edx // 1st parameter pointer to the memory
80aab61: 8b 44 24 0c mov 0xc(%esp),%eax // 2nd parameter int
80aab65: 83 f8 09 cmp [=10=]x9,%eax // if (eax == 9)
80aab68: 74 15 je 80aab7f <subroutine_fnc+0x23> // true
80aab6a: 83 f8 20 cmp [=10=]x20,%eax // else if(eax == 32)
80aab6d: 74 10 je 80aab7f <subroutine_fnc+0x23> // true
80aab6f: 3b 05 80 a9 0c 08 cmp 0x80ca980,%eax // else if(eax == 135047552)
80aab75: 74 08 je 80aab7f <subroutine_fnc+0x23> // true
80aab77: c7 02 00 00 00 00 movl [=10=]x0,(%edx) // else edx = 0 -- first element in stack
80aab7d: eb 0e jmp 80aab8d <subroutine_fnc+0x31> // jump to end programm
80aab7f: 8b 0a mov (%edx),%ecx // ecx = edx
80aab81: 8d 59 01 lea 0x1(%ecx),%ebx // ebx = &(ecx + 1)
80aab84: 89 1a mov %ebx,(%edx) // edx = ebx
80aab86: 83 f9 01 cmp [=10=]x1,%ecx // if(ecx == 1)
80aab89: 19 d2 sbb %edx,%edx // edx = 0 and CF is set
80aab8b: 21 d0 and %edx,%eax //
80aab8d: 5b pop %ebx
80aab8e: c3 ret
这是toplevel_fnc
080aab8f <toplevel_fnc>:
80aab8f: 55 push %ebp
80aab90: 57 push %edi
80aab91: 56 push %esi
80aab92: 53 push %ebx
80aab93: 83 ec 18 sub [=11=]x18,%esp //24 byte for local variables
80aab96: c7 44 24 14 00 00 00 movl [=11=]x0,0x14(%esp) //esp + 0x14 = 0
80aab9d: 00
80aab9e: bf 00 00 00 00 mov [=11=]x0,%edi //edi = 0
80aaba3: 8d 74 24 13 lea 0x13(%esp),%esi
80aaba7: 8d 6c 24 14 lea 0x14(%esp),%ebp
80aabab: eb 2e jmp 80aabdb <toplevel_fnc+0x4c>
80aabad: 0f be 44 24 13 movsbl 0x13(%esp),%eax
80aabb2: 89 44 24 04 mov %eax,0x4(%esp)
80aabb6: 89 2c 24 mov %ebp,(%esp)
80aabb9: e8 9e ff ff ff call 80aab5c <subroutine_fnc>
80aabbe: 88 44 24 13 mov %al,0x13(%esp)
80aabc2: 84 c0 test %al,%al
80aabc4: 74 12 je 80aabd8 <toplevel_fnc+0x49>
80aabc6: ba 01 00 00 00 mov [=11=]x1,%edx
80aabcb: 89 d3 mov %edx,%ebx
80aabcd: 89 f1 mov %esi,%ecx
80aabcf: b8 04 00 00 00 mov [=11=]x4,%eax
80aabd4: cd 80 int [=11=]x80
80aabd6: eb 03 jmp 80aabdb <toplevel_fnc+0x4c>
80aabd8: 83 c7 01 add [=11=]x1,%edi
80aabdb: ba 01 00 00 00 mov [=11=]x1,%edx
80aabe0: bb 00 00 00 00 mov [=11=]x0,%ebx
80aabe5: 89 f1 mov %esi,%ecx
80aabe7: b8 03 00 00 00 mov [=11=]x3,%eax
80aabec: cd 80 int [=11=]x80
80aabee: 83 f8 01 cmp [=11=]x1,%eax
80aabf1: 74 ba je 80aabad <toplevel_fnc+0x1e>
80aabf3: 89 f8 mov %edi,%eax
80aabf5: 83 c4 18 add [=11=]x18,%esp
80aabf8: 5b pop %ebx
80aabf9: 5e pop %esi
80aabfa: 5f pop %edi
80aabfb: 5d pop %ebp
80aabfc: c3 ret
提前致谢!
How can I find out what is the type of given parameter and return value in the assembler function?
您只能通过查看用于将 return 值存储在 R0(也称为 EAX)中的指令并查看存储在那里的数据来做出有根据的猜测。汇编语言是无类型的。
What does the lea 0x1(%ecx),%ebx exactly do? Is the address of 0x1(%ecx) stored in %ebx?
即把ecx+1指定的地址存放在ebx中。使用这些操作数,实际上是 ebx = ecx + 1.