如何解释objdump反汇编输出列? [英] How to interpret objdump disassembly output columns?
问题描述
我用c语言编写了一个简单程序,该程序调用带有参数4,3,2的while_loop函数.该函数基本上只是一个while循环,我不认为它与我的问题确实相关,因为它更像是一个通用问题.有人告诉我要运行objdump -d,所以我做到了.
I wrote a simple program in c which calls a function called while_loop with arguments 4,3,2. The function is just basically a while loop, I don't think it's really that relevant to my question since it's more of a generic question. I was told to run objdump -d, so I did.
我有多个问题,就这样:
I have multiple questions so here it goes:
- 我知道最左边的列中有地址,它们根据前面的字节数递增.我不太了解的是第二栏.是正在执行但十六进制的指令吗?这是否意味着推送%ebp等于55?我不太了解.
- 由于这是IA-32并且是低位字节序,所以我知道最低有效字节存储在最低地址中.但是,我不明白这些字节的显示顺序是否根据它们在内存中的位置而定.看看第3行,"8b 55 10"这是否意味着最低地址中有8b,而我将以另一种方式读取它?或者这意味着10在最低地址中,而我将以另一种方式读取它?
- 这些地址是在绝对内存左侧还是相对地址上?
推荐答案
在这种情况下,您的地址是绝对的,因为您具有依赖于位置的 可执行文件(不是PIE). ELF元数据中有一个字段(由链接器设置),用于指定映射可执行文件的虚拟地址.您可以使用readelf -a查看更多内容.
In this case your addresses are absolute because you have a position-dependent executable (not a PIE). There's a field in the ELF metadata (set by the linker) that specifies what virtual address to map the executable. You can use readelf -a to see that and much more.
在PIE可执行文件中,十六进制地址将相对于图像库",这通常意味着相对于文件的开始. (类似于.o,其中地址在.text节的开头从0开始计数).您可以使用--adjust-vma=offset设置用于打印这些地址的基本地址.
In a PIE executable the hex addresses would be relative to the "image base", which normally means relative to the start of the file. (Similar to a .o, where the addresses count from 0 at the start of the .text section). You can use --adjust-vma=offset to set a base address for printing those addresses.
是的,第2列是机器代码的十六进制转储,以内存顺序中的单个字节显示. Objdump不会将它们解释为小尾数词或类似的东西,而是按地址递增的顺序,每个字节只有一对十六进制数字.
Yes, column 2 is a hexdump of the machine code, as single bytes in memory order. Objdump isn't interpreting them as little-endian-words or anything like that, just a pair of hex digits per byte, in order of increasing address.
x86机器代码基本上是字节流.指令由
[prefixes] opcode [modrm [SIB] displacement0/8/32] [immediate8/32]
操作码可以是一个字节,也可以是按Intel/AMD文档中的内存顺序指定的字节序列,例如0F AF /r用于 imul reg, reg/mem
The opcode is either a single byte, or a sequence of bytes specified in memory order in Intel / AMD's documentation, e.g. 0F AF /r for imul reg, reg/mem
某些指令具有16位立即数,但如果有的话通常为1或4个字节.
Some instructions have 16-bit immediates, but normally it's 1 or 4 bytes if present at all.
字节序仅与寻址模式下的多字节位移或多字节立即数相关.
例如foo.s中的mov $0x12345678, %eax,与gcc -c foo.s组装为.o,其分解为:
e.g. mov $0x12345678, %eax in foo.s, assembles with gcc -c foo.s to a .o that disassembles as:
0: b8 78 56 34 12 mov $0x12345678,%eax
另请参见 SO的x86标签Wiki 中的x86文档/手册链接,包括英特尔的PDF手册
See also more links to x86 docs / manuals in SO's x86 tag wiki, including Intel's PDF manuals
这篇关于如何解释objdump反汇编输出列?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
