This article will analyze the running process of C program on IA-32 system pc through compiler generated assembly code.Experimental environment: GCC 4.8.2Memory structure of C language programC code is as followsint g(int x){ return x + 1;}int f(int x){ return g(x);}int main(void){ return f(2) + 3;}Compile gcc -S -O0 -o main.s main.c -m32 The assembly file using the Compile command, as followsg: pushl %ebp movl %esp, %ebp movl
What is the code after this code Disassembly?
# Include
Long test (int a, int B){A = a + 3;B = B + 5;Return a + B;}
Int main (int argc, char * argv []){Printf ("% d", test (10, 90 ));Return 0;}
Let's look at an overview.
16: int main (int argc, char * argv [])17 :{00401070 push ebp00401071 mov ebp, esp00401073 sub esp, 40 h00401076 push ebx00401077 push esi00401078 push edi00401079 lea edi, [ebp-40h]00401_c mov ecx, 10 h00401081 mov eax, 0 CCCCCCCCh0
WusiDeep understanding of the function call stackA stack is a space that the C language program must run with a record call path and parametersThe role of the stack
Function call Framework
Passing parameters
Save return address
Provides local variable space
Stack-related registers
ESP, stack pointer, pointing to the top of the stack
EBP, base point pointer, to the bottom of the stack, used in C to record the curr
In the Win32 assembly, we often have to deal with the API, but also will often use their own API-like with the parameters of the subroutine, this article is about the subroutine call in the process of the concept and analysis of parameter transfer. Generally in a program, the passing of parameters is carried out through the stack, that is, the caller presses the parameters to be passed to the subroutine (or the callee), and the subroutine takes the corresponding value out of the stack and uses i
When one function calls another function, you must first prepare the parameters of the called function. Then, the call command is executed to complete two tasks:
1. The next instruction of the called function is loaded into the stack. After the called function is returned, the instruction is taken to continue execution.
2. Modify the eip value of the instruction pointer register to point to the execution position of the called function.
To call a function, you must first create a new stack fram
task */Structthread {unsignedlongip;// the EIP used to save the process unsignedlongsp;// The user save process esp};ID number of the typedefstructpcb{intpid;//processVolatilelongstate; /* Status of Process:-1 unrunnable, 0 runnable, >0 stopped * /the stack of charstack[kernel_stack_size];//processes has only one core stack. /* cpu-specific State of this task * /Structthread thread;// Only one thread per process. The starting entry address of the uns
1. Call and return of C functionsTo understand the implementation of the C + + exception mechanism, first understand the call and return mechanism of a function, which involves the ESP and EBP registers. Let's take a look at the function call and the return process.The following is the call convention __stdcall calling function test (intP1,intp2) Assembly code assumes that the function is executed before the stack pointer
): Access violation - code c0000005 (!!! second chance !!!)*** ERROR: Symbol file could not be found. Defaulted to export symbols for F:\Program Files (x86)\Amazon\Kindle\Kindle.exe - eax=000000dd ebx=000004e4 ecx=00000000 edx=0022ed44 esi=0022ed68 edi=000000ddeip=0197383f esp=0022ed14 ebp=05920448 iopl=0 nv up ei pl nz na po nccs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210202Kindle!std::_Init_locks::operator=+0x13
process the preprocessing part of the source program. After the processing is completed, the system will automatically compile the source program.
2.2 compile
The compilation result is the compilation code.
gcc -S Example.c -o Example.s
The. s file is generated as follows:
. File "example. C ". text. globlg. typeg, @ functiong :. lfb0 :. cfi_startprocpushl % EBP; EBP register content pressure stack. cfi_def_cfa_offset 8. cfi_offset 5,-8 movl % ESP,
;int *p;var1 = Arg1;var2 = Arg2;var3 = Arg3;p = (int *) arg4;*p = M_var1;return 0;}There are also portals and global functions:Main.cpp #include The following is a look at the call procedure under Debug, note that if VS.NET,VC is compiled, a DWORD is added before and after each variable to detect a buffer overflowThe first is to call the void function with no return value, which is __cdecl called by default:: fnvoid (1, 2, 3); 0040135D push 30040135F push 200401361 push
There has always been a vague concept, so we use an example to strengthen memory.
Linux x86 gcc3.2.3 att format Compilation
The Code is as follows:
Void
Fun ()
{
Int A = 'a ';
}
Void
Main ()
{
Int B;
Fun ();
Return;
}
Start debugging
[Sanool @ sanool ex2] $ gdb a. Out
Gnu gdb Red Hat Linux (6.0post-0.20031117.6rh)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
Welcome to change it and/or distribute copies of it un
Monensin "Linux kernel Analysis" first week experimentZou LeOriginal works reproduced please indicate the source.Course Information:"Linux kernel Analysis" MOOC course http://mooc.study.163.com/course/USTC-1000029000---------------------------the body of the experiment---------------------------This experiment is carried out under the 64-bit liinux virtual machine in the experimental building.The C code is as follows:int increment5 (int x) { return5;} int Solve (int x) { return2;} int Main (
represents the current EIP execution position) 1. At the beginning, the EIP points to 19 lines, EBP ESP is in 0 position (01234 on the right is set for convenient analysis) 2.PUSHL%ebp, the EBP value stack 3.movl%esp,%ebp, Assign ESP value to EBP 4.subl $4,%esp, move esp
shelling methods:Method 1: single-step trackingMethod 2: shelling the ESP LawMethod 3: Memory trackingMethod 4: Tracing exit MethodMethod 5: last exception MethodMethod 6: loose shell Removal
The specific operations of the above methods will be given at the bottom of the article at the end. If you want to know more about it, you can check it out. You can save time.========================================================== ============================
, protocols, and port numbers, if applicable. The filter action defines the security requirements for the network traffic flow. You can configure filter actions to allow traffic, block traffic, or negotiate security (Negotiate IPsec). If the filter action is configured to negotiate security, you must also configure various key exchange security measures (and the precedence of these methods), whether to accept the unsecured traffic that was originally passed in, whether to allow unsecured communi
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.