_ alloca_probe_8. The Code is as follows:
.xlist include cruntime.inc.listextern _chkstk:near; size of a page of memory CODESEGpagepublic _alloca_probe_8_alloca_probe_16 proc ; 16 byte aligned alloca push ecx lea ecx, [esp] + 8 ; TOS before entering this function sub ecx, eax ; New TOS and ecx, (16 - 1) ; Distance from 16 bit align (align down) add
National embedded Talent Training Base
1. function callPrevious PageChapter 2 Relationship Between assembly and CNext Page
--------------------------------------------------------------------------------
1. Please comment on function calls
We use the following code to study the function call process.Example 19.1: Study the function call ProcessInt bar (int c, int D)
{
Int e = C + D;
Return E;
}
Int Foo (int A, int B)
{
Return bar (A, B );
}
Int main (void)
{
Foo (2, 3 );
Return 0;
}
If the-G
"
Ref = 2;
Int* P = I;
Cout "Ref ="", I ="
}
Use the above CodeG ++ test. cCompile and decompileObjdump-d a. OutTo obtain the assembly code of the main function:
08048714 8048714: 55 push % EBP 8048715: 89 E5 mov % ESP, % EBP 8048717: 83 E4 F0 and $0xfffffff0, % ESP// Reserved location for the parameters argc and argv of the Main Function 80100001a: 56 push % ESI 801
We can know the interface function parameters through disassembly. We recommend that you use w32dsm for analysis, or you can directly use VC for analysis, which is a little more troublesome.The following describes how to use w32dsm:1. First open the DLL to be analyzed, and then find the function to be analyzed through the menu function-> export, double-click it.It can directly locate the function.2. Check the function entry. Generally, the function uses the following code as the entry point.Push
pointers and references
We use the following simple code to analyze pointers and references in depth:
# Include
Using namespace STD;
Int main (INT argc, char ** argv)
{
Int I = 1;
Int ref = I;
Int x = ref;
Cout
Ref = 2;
Int * P = I;
Cout
}
Use the above CodeG ++ test. cCompile and decompileObjdump-d a. OutTo obtain the assembly code of the main function:
08048714 8048714: 55 push % EBP8048715: 89 E5 mov % ESP, % EBP8048717: 83
-draw a vertical asterisk (*) through the pointer declaration, if the const appears to the left of the line, the pointer to the data is a constant, if the const appears on the right, the pointer itself is a constant. and the reference itself and the sky is the constant, that is, can not change the point.4. Implementation of pointers and referencesWe use the following simple code to drill down on pointers and references:#include using namespace Std;int main (int argc, char** argv){int i=1;int ref
Database learning-Linux Mysql source package installation system environment: Operating System: RedHatEL6DBSoft: Mysql5.6.4-m7Mysql in linux There are two installation methods, one is Binary (Binary ), in addition
Database learning-Linux Mysql source package installation system environment: Operating System: RedHatEL6DBSoft: Mysql5.6.4-m7Mysql in linux There are two installation methods, one is Binary (Binary ), in addition
There are two installation methods for Mysql in linux: Binary (Binar
change the point. 4. Implementation of pointers and references
We use the following simple code to drill down on pointers and references:
#include
using namespace Std;
int main (int argc, char** argv)
{
int i=1;
int ref=i;
int x=ref;
cout
ref=2;
int* p=i;
cout
}
The code above is compiled with g++ test.c and then disassembled objdump-d a.outto get a section of the assembly code for the main function as follows:
08048714 8048714:55 Push%EBP8048715:89 e5 mov%
of viewAPI: interface between programmer and computerABI: Program and CPU binary interface, instruction encoding, mainly assembly instructions, need to be familiar with the instructions involved in the register layout, most instructions can access memory.The EIP in X86 automatically adds an instruction after the CPU executes an instruction, the instruction length is different, and can be modified by other instructions such as CALL,RET,JMP and conditional JMP.Ii. the basis of x86 compilationStac
Program Description: Output multi-line content, the content is as follows:*************************1#include 2 using namespacestd;3 intMain ()4 {5cout " *"Endl;6cout " ***"Endl;7cout " *****"Endl;8cout "*******"Endl;9cout " *****"Endl;Tencout " ***"Endl; Onecout " *"Endl; A -System"Pause"); - return 0; the}Debug Disassembly CodeintMain () {00ff5e00 push ebp //Enter function after the first thing, save the bottom pointer, used to exit the function to restore the bottom of the stack. 00
reference itself and the sky is the constant, that is, can not change the point.4. Implementation of pointers and referencesWe use the following simple code to drill down on pointers and references:#include using namespace Std;int main (int argc, char** argv){int i=1;int ref=i;int x=ref;coutref=2;int* p=i;cout}The above code is compiled with g++ test.c , and then disassembled objdump-d a.out, to get the assembly code of the main function as follows:
08048714 8048714:55 P
as the preceding type description.Then go back to the previous example, X is a two-dimensional array of definitions, p is an array pointer to an array of length 4, one to the first line of X (the line of x is an int array of length 4) and the next for loop, then the p+1 value, plus K (actually 1) and then the value, and add it to the variable N. The loop performs a total of 2 times, taking the first element (i.e. x[0][1],x[1][1]) of line 1th and line 2nd (corresponding to the first subscript 0
.
Mov a and B send the value of B to a, and regard it as a value assignment statement in programming, that is, B is assigned to a. Then the value of a is B.
Nop does not work, that is, nothing is done.
Retn retrieves the return address from the stack and jumps to the address for execution.
Here are some arithmetic operation commands:
ADD Addition
Sub Subtraction
Inc plus 1
Dec minus 1
Finally, the jump command:
Jmp unconditional jump
Je or jz jump if equal
Skip if not equal to jne or jnz
Skip if
To simplify the problem, analyze the compilation code generated by the simplest c code:# Vi test1.c
Int main (){Return 0;}
Compile the program to generate a binary file:# Gcc test1.c-o test1# File test1Test1: ELF 32-bit LSB executable 80386 Version 1, dynamically linked, not stripped
Test1 is an executable file in the ELF format of 32-bit Little Endian. It is dynamically linked and the symbol table is not removed.
This is a typical executable file format on the Unix/Linux platform.
With mdb dis
add eax,0x8; Pptr+2 003cc57c; In C language, the operation of pointers is 003cc57c based on pointer type; An int pointer plus 1 means that the address it points to is moved backward in length to a 003cc57c; The distance of the int size, which is 4 bytes. If it's a word type, move backwards by 2 bytes. 003cc57f Push eax003cc580 mov ecx,[local.7]003cc583 add ecx,0x4; Pptr+1 003cc586 push ecx003cc587 mov edx,[local.7]003cc58a push edx; pptr+0 003cc58b push 9-44.00420c6c; ASCII "%x%x%x\r\n" 0
We can encapsulate everything that a single task uses in a LDT, which is the embryonic form of multitasking.The types of segments used by multitasking are shown below, and the method of using LDT to isolate each application task is one of the key protection requirements:
Process schematic:
We need a data structure to record the state of a process, the process information is written to the data structure when the process is to be suspended, and the information is read again when the process resta
In C + +, when a class contains a virtual function, the class has polymorphism. An important function of the constructor is to initialize the vptr pointer, which is a critical step to ensure polymorphism.
Constructor initializes the vptr pointer
The following is the C + + Source:
Class X {
private:
int i;
Public:
X (int ii) {
i = II
}
virtual void set (int II) {//virtual function
i = II;
}
};
int main () {
x x (1);
}
The following is the corresponding main
Switch statementUsing System;Using System.Collections.Generic;Using System.Linq;Using System.Text;Using System.Threading.Tasks;Namespace @switch{Class Program{static void Main (string[] args){for (;;){Switch Case Selection Statementint m1 = to, M2 = 30, M3 = to, M4 =, M5 = To, M6 =--M7 =--M8 = =, M9 =-M10Console.Write ("Please enter month =");int a = Int. Parse ((Console.ReadLine ()));if (a //{Console.Write ("Please enter the day =");int b = Int. Pars
courseware has pointed out: sending a username that exceeds 480 bytes to the server can trigger the vulnerability (that is, using the command USER longString \ r \ n). After overflow, the content in ESP contains part of longString. Verification and analysis are required.2.2 analyze the stack structure of war-ftp v1.65, that is, the exact location of EIP, ESP, and ebp in the analysis stack.2.3 construct exp
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.