“剥削艺术"反汇编示例不一样(C代码) [英] "Art of Exploitation" disassembly example isn't the same (C code)
问题描述
我正在按照《剥削艺术》一书中的示例尝试使用C语言反汇编程序,尽管该书带有自己的Linux LiveCD,但我更喜欢使用BT5(32位).
I'm following the example in the Art of Exploitation book to try and disassemble a program in C, while the book comes with its own Linux LiveCD, I prefer using BT5 (32 bit).
该代码示例非常简单-(我用过相同的代码)
The code example is very simple - (I've used it the same)
#include <stdio.h>
int main()
{
int i;
for(i=0; i < 10; i++) // Loop 10 times.
{
puts("Hello, world!\n"); // put the string to the output.
}
return 0; // Tell OS the program exited without errors.
}
作者正在使用
gcc file_name.c
gcc file_name.c
编译代码,并且我使用几乎相同的语法,但使用-o来将编译后的路径保存到我想要的位置.
to compile the code, and I use the almost the same syntax but with -o in order to save the compiled path to where I want.
然后他使用命令-
objdump -D循环|grep -A20 main.:
objdump -D loop | grep -A20 main.:
检查编译后的二进制文件.
to examine the compiled binary.
这是他的输出-
reader@hacking:~/booksrc $ objdump -D a.out | grep -A20 main.:
08048374 <main>:
8048374: 55 push %ebp
8048375: 89 e5 mov %esp,%ebp
8048377: 83 ec 08 sub $0x8,%esp
804837a: 83 e4 f0 and $0xfffffff0,%esp
804837d: b8 00 00 00 00 mov $0x0,%eax
8048382: 29 c4 sub %eax,%esp
8048384: c7 45 fc 00 00 00 00 movl $0x0,0xfffffffc(%ebp)
804838b: 83 7d fc 09 cmpl $0x9,0xfffffffc(%ebp)
804838f: 7e 02 jle 8048393 <main+0x1f>
8048391: eb 13 jmp 80483a6 <main+0x32>
8048393: c7 04 24 84 84 04 08 movl $0x8048484,(%esp)
804839a: e8 01 ff ff ff call 80482a0 <printf@plt>
804839f: 8d 45 fc lea 0xfffffffc(%ebp),%eax
80483a2: ff 00 incl (%eax)
80483a4: eb e5 jmp 804838b <main+0x17>
80483a6: c9 leave
80483a7: c3 ret
80483a8: 90 nop
80483a9: 90 nop
80483aa: 90 nop
reader@hacking:~/booksrc $
这是我对同一程序的输出-
and this is my output for the same program -
root @ bt:〜#objdump -D循环|grep -A20 main.:
root@bt:~# objdump -D loop | grep -A20 main.:
080483e4 <main>:
80483e4: 55 push %ebp
80483e5: 89 e5 mov %esp,%ebp
80483e7: 83 e4 f0 and $0xfffffff0,%esp
80483ea: 83 ec 20 sub $0x20,%esp
80483ed: c7 44 24 1c 00 00 00 movl $0x0,0x1c(%esp)
80483f4: 00
80483f5: eb 11 jmp 8048408 <main+0x24>
80483f7: c7 04 24 e0 84 04 08 movl $0x80484e0,(%esp)
80483fe: e8 15 ff ff ff call 8048318 <puts@plt>
8048403: 83 44 24 1c 01 addl $0x1,0x1c(%esp)
8048408: 83 7c 24 1c 09 cmpl $0x9,0x1c(%esp)
804840d: 7e e8 jle 80483f7 <main+0x13>
804840f: b8 00 00 00 00 mov $0x0,%eax
8048414: c9 leave
8048415: c3 ret
8048416: 90 nop
8048417: 90 nop
8048418: 90 nop
8048419: 90 nop
804841a: 90 nop
root@bt:~#
您是否认为我没有使用相同的Linux发行版,所以有区别吗?看起来他的代码正在调用 printf()
函数,而我的代码正在调用 puts()
函数(就像他在示例中使用的一样).
Do you think there's a difference because I'm not using the same Linux Distribution? It also looks like his code is calling the printf()
function while mine is calling the puts()
function (like he used in his example).
推荐答案
这不一定是操作系统差异,如果您使用不同版本的GCC生成不同的机器代码/汇编代码就足够了.
It doesn't have to be the OS difference, it's enough if you use different version of GCC to produce different machine code / assembly code.
关于 put
/ printf
-编译器在调用 printf
时会使用它认为更好的决定(在效率,安全性等方面).没有格式,就不需要它,所以他使用了更快的 puts
.
Regarding puts
/ printf
- the compiler uses whatever it decides better (in terms of efficiency, security etc.) when you call printf
with no format, there is no need for it, so he uses puts
which is faster.
这篇关于“剥削艺术"反汇编示例不一样(C代码)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!