4,441
社区成员
发帖
与我相关
我的任务
分享linux汇编语言的call指令
学习系统调用,编了一个程序
void main()
{
write(1, "hello\n", 6);
exit(0);
}
下面是生成的汇编代码
.file "syscall.c"
.section .rodata
.LC0:
.string "hello\n"
.text
.globl main
.type main, @function
main:
.LFB0:
.cfi_startproc
pushq %rbp
.cfi_def_cfa_offset 16
movq %rsp, %rbp
.cfi_offset 6, -16
.cfi_def_cfa_register 6
movl $6, %edx
movl $.LC0, %esi
movl $1, %edi
movl $0, %eax
call write //请问这句调用的write,具体是怎么实现的?书里面介绍的,是用int $0x80这个陷阱来实现的系统调用,这个write对int $0x80封装了么?去哪里找?
movl $0, %edi
call exit //这句也一样
.cfi_endproc
.LFE0:
.size main, .-main
.ident "GCC: (Ubuntu/Linaro 4.4.4-14ubuntu5) 4.4.5"
.section .note.GNU-stack,"",@progbits
希望会的朋友指点!谢谢了!
void main()
{
write(1, "hello\n", 6);
exit(0);
}
下面是生成的汇编代码
.file "syscall.c"
.section .rodata
.LC0:
.string "hello\n"
.text
.globl main
.type main, @function
main:
.LFB0:
.cfi_startproc
pushq %rbp
.cfi_def_cfa_offset 16
movq %rsp, %rbp
.cfi_offset 6, -16
.cfi_def_cfa_register 6
movl $6, %edx
movl $.LC0, %esi
movl $1, %edi
movl $0, %eax
call write //请问这句调用的write,具体是怎么实现的?书里面介绍的,是用int $0x80这个陷阱来实现的系统调用,这个write对int $0x80封装了么?去哪里找?
movl $0, %edi
call exit //这句也一样
.cfi_endproc
.LFE0:
.size main, .-main
.ident "GCC: (Ubuntu/Linaro 4.4.4-14ubuntu5) 4.4.5"
.section .note.GNU-stack,"",@progbits
希望会的朋友指点!谢谢了!
...全文
请发表友善的回复…
发表回复
mayer 2013-04-12
- 打赏
- 举报
这个和动态链接有关,如果加-static选项编译出来就能看到不同的结果,我这边看到的是直接用syscall指令实现的
agtma 2013-04-12
- 打赏
- 举报
接楼上代码
<__bss_start>
40050d: 48 83 c4 08 add $0x8,%rsp
400511: 5b pop %rbx
400512: c9 leaveq
400513: c3 retq
400514: eb 0a jmp 400520 <frame_dummy>
400516: 90 nop
400517: 90 nop
400518: 90 nop
400519: 90 nop
40051a: 90 nop
40051b: 90 nop
40051c: 90 nop
40051d: 90 nop
40051e: 90 nop
40051f: 90 nop
0000000000400520 <frame_dummy>:
400520: 55 push %rbp
400521: 48 83 3d 1f 09 20 00 cmpq $0x0,0x20091f(%rip) # 600e48 <__JCR_END__>
400528: 00
400529: 48 89 e5 mov %rsp,%rbp
40052c: 74 12 je 400540 <frame_dummy+0x20>
40052e: b8 00 00 00 00 mov $0x0,%eax
400533: 48 85 c0 test %rax,%rax
400536: 74 08 je 400540 <frame_dummy+0x20>
400538: bf 48 0e 60 00 mov $0x600e48,%edi
40053d: c9 leaveq
40053e: ff e0 jmpq *%rax
400540: c9 leaveq
400541: c3 retq
400542: 90 nop
400543: 90 nop
0000000000400544 <main>:
400544: 55 push %rbp
400545: 48 89 e5 mov %rsp,%rbp
400548: ba 06 00 00 00 mov $0x6,%edx
40054d: be 5c 06 40 00 mov $0x40065c,%esi
400552: bf 01 00 00 00 mov $0x1,%edi
400557: b8 00 00 00 00 mov $0x0,%eax
40055c: e8 e7 fe ff ff callq 400448 <write@plt>
400561: bf 00 00 00 00 mov $0x0,%edi
400566: e8 bd fe ff ff callq 400428 <exit@plt>
40056b: 90 nop
40056c: 90 nop
40056d: 90 nop
40056e: 90 nop
40056f: 90 nop
0000000000400570 <__libc_csu_fini>:
400570: f3 c3 repz retq
400572: eb 0c jmp 400580 <__libc_csu_init>
400574: 90 nop
400575: 90 nop
400576: 90 nop
400577: 90 nop
400578: 90 nop
400579: 90 nop
40057a: 90 nop
40057b: 90 nop
40057c: 90 nop
40057d: 90 nop
40057e: 90 nop
40057f: 90 nop
0000000000400580 <__libc_csu_init>:
400580: 48 89 6c 24 d8 mov %rbp,-0x28(%rsp)
400585: 4c 89 64 24 e0 mov %r12,-0x20(%rsp)
40058a: 48 8d 2d 93 08 20 00 lea 0x200893(%rip),%rbp # 600e24 <__init_array_end>
400591: 4c 8d 25 8c 08 20 00 lea 0x20088c(%rip),%r12 # 600e24 <__init_array_end>
400598: 4c 89 6c 24 e8 mov %r13,-0x18(%rsp)
40059d: 4c 89 74 24 f0 mov %r14,-0x10(%rsp)
4005a2: 4c 89 7c 24 f8 mov %r15,-0x8(%rsp)
4005a7: 48 89 5c 24 d0 mov %rbx,-0x30(%rsp)
4005ac: 48 83 ec 38 sub $0x38,%rsp
4005b0: 4c 29 e5 sub %r12,%rbp
4005b3: 41 89 fd mov %edi,%r13d
4005b6: 49 89 f6 mov %rsi,%r14
4005b9: 48 c1 fd 03 sar $0x3,%rbp
4005bd: 49 89 d7 mov %rdx,%r15
4005c0: e8 3b fe ff ff callq 400400 <_init>
4005c5: 48 85 ed test %rbp,%rbp
4005c8: 74 1c je 4005e6 <__libc_csu_init+0x66>
4005ca: 31 db xor %ebx,%ebx
4005cc: eb 02 jmp 4005d0 <__libc_csu_init+0x50>
4005ce: 90 nop
4005cf: 90 nop
4005d0: 4c 89 fa mov %r15,%rdx
4005d3: 4c 89 f6 mov %r14,%rsi
4005d6: 44 89 ef mov %r13d,%edi
4005d9: 41 ff 14 dc callq *(%r12,%rbx,8)
4005dd: 48 83 c3 01 add $0x1,%rbx
4005e1: 48 39 eb cmp %rbp,%rbx
4005e4: 72 ea jb 4005d0 <__libc_csu_init+0x50>
4005e6: 48 8b 5c 24 08 mov 0x8(%rsp),%rbx
4005eb: 48 8b 6c 24 10 mov 0x10(%rsp),%rbp
4005f0: 4c 8b 64 24 18 mov 0x18(%rsp),%r12
4005f5: 4c 8b 6c 24 20 mov 0x20(%rsp),%r13
4005fa: 4c 8b 74 24 28 mov 0x28(%rsp),%r14
4005ff: 4c 8b 7c 24 30 mov 0x30(%rsp),%r15
400604: 48 83 c4 38 add $0x38,%rsp
400608: c3 retq
400609: 90 nop
40060a: 90 nop
40060b: 90 nop
40060c: 90 nop
40060d: 90 nop
40060e: 90 nop
40060f: 90 nop
0000000000400610 <__do_global_ctors_aux>:
400610: 55 push %rbp
400611: 48 89 e5 mov %rsp,%rbp
400614: 53 push %rbx
400615: 48 83 ec 08 sub $0x8,%rsp
400619: 48 8b 05 08 08 20 00 mov 0x200808(%rip),%rax # 600e28 <__CTOR_LIST__>
400620: 48 83 f8 ff cmp $0xffffffffffffffff,%rax
400624: 74 19 je 40063f <__do_global_ctors_aux+0x2f>
400626: bb 28 0e 60 00 mov $0x600e28,%ebx
40062b: eb 03 jmp 400630 <__do_global_ctors_aux+0x20>
40062d: 90 nop
40062e: 90 nop
40062f: 90 nop
400630: 48 83 eb 08 sub $0x8,%rbx
400634: ff d0 callq *%rax
400636: 48 8b 03 mov (%rbx),%rax
400639: 48 83 f8 ff cmp $0xffffffffffffffff,%rax
40063d: 75 f1 jne 400630 <__do_global_ctors_aux+0x20>
40063f: 48 83 c4 08 add $0x8,%rsp
400643: 5b pop %rbx
400644: c9 leaveq
400645: c3 retq
400646: 90 nop
400647: 90 nop
Disassembly of section .fini:
0000000000400648 <_fini>:
400648: 48 83 ec 08 sub $0x8,%rsp
40064c: e8 5f fe ff ff callq 4004b0 <__do_global_dtors_aux>
400651: 48 83 c4 08 add $0x8,%rsp
400655: c3 retq
agtma 2013-04-12
- 打赏
- 举报
那么生成可执行文件再反汇编是链接以后的代码吗?这是用objdump生成的,麻烦看看
./syscall: file format elf64-x86-64
Disassembly of section .init:
0000000000400400 <_init>:
400400: 48 83 ec 08 sub $0x8,%rsp
400404: e8 83 00 00 00 callq 40048c <call_gmon_start>
400409: e8 12 01 00 00 callq 400520 <frame_dummy>
40040e: e8 fd 01 00 00 callq 400610 <__do_global_ctors_aux>
400413: 48 83 c4 08 add $0x8,%rsp
400417: c3 retq
Disassembly of section .plt:
0000000000400418 <exit@plt-0x10>:
400418: ff 35 d2 0b 20 00 pushq 0x200bd2(%rip) # 600ff0 <_GLOBAL_OFFSET_TABLE_+0x8>
40041e: ff 25 d4 0b 20 00 jmpq *0x200bd4(%rip) # 600ff8 <_GLOBAL_OFFSET_TABLE_+0x10>
400424: 0f 1f 40 00 nopl 0x0(%rax)
0000000000400428 <exit@plt>:
400428: ff 25 d2 0b 20 00 jmpq *0x200bd2(%rip) # 601000 <_GLOBAL_OFFSET_TABLE_+0x18>
40042e: 68 00 00 00 00 pushq $0x0
400433: e9 e0 ff ff ff jmpq 400418 <_init+0x18>
0000000000400438 <__libc_start_main@plt>:
400438: ff 25 ca 0b 20 00 jmpq *0x200bca(%rip) # 601008 <_GLOBAL_OFFSET_TABLE_+0x20>
40043e: 68 01 00 00 00 pushq $0x1
400443: e9 d0 ff ff ff jmpq 400418 <_init+0x18>
0000000000400448 <write@plt>: //这里就是调用write的地方吧?怎么解释这段代码呢?看不懂唉
400448: ff 25 c2 0b 20 00 jmpq *0x200bc2(%rip) # 601010 <_GLOBAL_OFFSET_TABLE_+0x28>
40044e: 68 02 00 00 00 pushq $0x2
400453: e9 c0 ff ff ff jmpq 400418 <_init+0x18>
Disassembly of section .text:
0000000000400460 <_start>:
400460: 31 ed xor %ebp,%ebp
400462: 49 89 d1 mov %rdx,%r9
400465: 5e pop %rsi
400466: 48 89 e2 mov %rsp,%rdx
400469: 48 83 e4 f0 and $0xfffffffffffffff0,%rsp
40046d: 50 push %rax
40046e: 54 push %rsp
40046f: 49 c7 c0 70 05 40 00 mov $0x400570,%r8
400476: 48 c7 c1 80 05 40 00 mov $0x400580,%rcx
40047d: 48 c7 c7 44 05 40 00 mov $0x400544,%rdi
400484: e8 af ff ff ff callq 400438 <__libc_start_main@plt>
400489: f4 hlt
40048a: 90 nop
40048b: 90 nop
000000000040048c <call_gmon_start>:
40048c: 48 83 ec 08 sub $0x8,%rsp
400490: 48 8b 05 49 0b 20 00 mov 0x200b49(%rip),%rax # 600fe0 <_DYNAMIC+0x190>
400497: 48 85 c0 test %rax,%rax
40049a: 74 02 je 40049e <call_gmon_start+0x12>
40049c: ff d0 callq *%rax
40049e: 48 83 c4 08 add $0x8,%rsp
4004a2: c3 retq
4004a3: 90 nop
4004a4: 90 nop
4004a5: 90 nop
4004a6: 90 nop
4004a7: 90 nop
4004a8: 90 nop
4004a9: 90 nop
4004aa: 90 nop
4004ab: 90 nop
4004ac: 90 nop
4004ad: 90 nop
4004ae: 90 nop
4004af: 90 nop
00000000004004b0 <__do_global_dtors_aux>:
4004b0: 55 push %rbp
4004b1: 48 89 e5 mov %rsp,%rbp
4004b4: 53 push %rbx
4004b5: 48 83 ec 08 sub $0x8,%rsp
4004b9: 80 3d 68 0b 20 00 00 cmpb $0x0,0x200b68(%rip) # 601028 <__bss_start>
4004c0: 75 4b jne 40050d <__do_global_dtors_aux+0x5d>
4004c2: bb 40 0e 60 00 mov $0x600e40,%ebx
4004c7: 48 8b 05 62 0b 20 00 mov 0x200b62(%rip),%rax # 601030 <dtor_idx.7426>
4004ce: 48 81 eb 38 0e 60 00 sub $0x600e38,%rbx
4004d5: 48 c1 fb 03 sar $0x3,%rbx
4004d9: 48 83 eb 01 sub $0x1,%rbx
4004dd: 48 39 d8 cmp %rbx,%rax
4004e0: 73 24 jae 400506 <__do_global_dtors_aux+0x56>
4004e2: eb 04 jmp 4004e8 <__do_global_dtors_aux+0x38>
4004e4: 90 nop
4004e5: 90 nop
4004e6: 90 nop
4004e7: 90 nop
4004e8: 48 83 c0 01 add $0x1,%rax
4004ec: 48 89 05 3d 0b 20 00 mov %rax,0x200b3d(%rip) # 601030 <dtor_idx.7426>
4004f3: ff 14 c5 38 0e 60 00 callq *0x600e38(,%rax,8)
4004fa: 48 8b 05 2f 0b 20 00 mov 0x200b2f(%rip),%rax # 601030 <dtor_idx.7426>
400501: 48 39 d8 cmp %rbx,%rax
400504: 72 e2 jb 4004e8 <__do_global_dtors_aux+0x38>
400506: c6 05 1b 0b 20 00 01 movb $0x1,0x200b1b(%rip) # 601028
agtma 2013-04-12
- 打赏
- 举报
我是用GCC直接-S生成的,可能像2楼的兄弟说的,还未链接。我用objdump反汇编出来的,看不懂,还是没有找到int 0x80这个软中断指令啊
agtma 2013-04-12
- 打赏
- 举报
非常感谢!
但是syscall又是什么呢?是一条汇编指令?它和int 0x80一样吗?
wanghb1989 2013-04-11
- 打赏
- 举报
首先write的函数肯定是具有默认连接的,就是说:比如一个printf()函数,有的IDE环境需要加头文件#include<stdio.h>但是有的环境不需要加头文件也能编译连接!这个write函数是一个库函数!要想找这个函数只能找你的默认目录下找到(每个系统不一样)。
mayer 2013-04-11
- 打赏
- 举报
lz用什么方式得到汇编的呢,偶使用 objdump -d 得到的东西和lz不太一样呢
