作者:kikokikolove | 来源:互联网 | 2023-05-18 02:51
IdisassembledasmallprogramthataskstheuserfortheirnamethenoutputsHello+[users_name]
I disassembled a small program that asks the user for their name then outputs "Hello + [user's_name]"
我反汇编了一个小程序,询问用户他们的名字,然后输出“你好+ [用户名]”
This is the disassembled output:
这是反汇编的输出:
Main function:
Say hello function:
问你好功能:
I noticed that for the main() function, the ESP register is decremented by Ox10 and for the say_hello() function, the ESP register is decremented by Ox20. Why is this the case?
我注意到对于main()函数,ESP寄存器递减了Ox10,而对于say_hello()函数,ESP寄存器递减了Ox20。为什么会这样?
FYI: My processor is an 1.4 GHz Intel Core i5 and I'm running OSX
仅供参考:我的处理器是1.4 GHz Intel Core i5,我正在运行OSX
Original C code:
原始C代码:
void say_hello (void);
int main (){
printf("Enter your name\n");
say_hello();
return 0;
}
void say_hello (void) {
char name[5];
gets(name); //this is a unsafe function to use. Results in stack overflow
printf("Hello %s\n", name);
}
3 个解决方案
The stack is "implemented" by means of the stack pointer, which points into the stack segment. Every time something is pushed on the stack (by means of pushl, call, or a similar stack opcode), it is written to the address the stack pointer points to, and the stack pointer decremented (stack is growing downwards, i.e. smaller addresses). When you pop something off the stack (popl, ret), the stack pointer is incremented and the value read off the stack.
通过堆栈指针“实现”堆栈,堆栈指针指向堆栈段。每次在堆栈上推送某些东西(通过pushl,call或类似的堆栈操作码)时,它会被写入堆栈指针指向的地址,并且堆栈指针递减(堆栈向下增长,即较小的地址) 。当您从堆栈中弹出一些东西(popl,ret)时,堆栈指针会递增,并从堆栈中读取值。
For different function calls, we reserve space for local variables in the stack, so we decrement it and get the space. This is usually done using prologue and epilogue.
对于不同的函数调用,我们为堆栈中的局部变量保留空间,因此我们减少它并获得空间。这通常使用序言和结语来完成。
Prologue
A function prologue typically does the following actions if the architecture has a base pointer (also known as frame pointer) and a stack pointer (the following actions may not be applicable to those architectures that are missing a base pointer or stack pointer) :
如果体系结构具有基指针(也称为帧指针)和堆栈指针(以下操作可能不适用于缺少基本指针或堆栈指针的那些体系结构),则函数序言通常执行以下操作:
- Pushes the old base pointer onto the stack, such that it can be restored later (by getting the new base pointer value which is set in the next step and is always pointed to this location).
将旧的基指针推送到堆栈上,以便稍后可以恢复(通过获取在下一步中设置的新基本指针值并始终指向此位置)。
- Assigns the value of stack pointer (which is pointed to the saved base pointer and the top of the old stack frame) into base pointer such that a new stack frame will be created on top of the old stack frame (i.e. the top of the old stack frame will become the base of the new stack frame).
将堆栈指针的值(指向保存的基本指针和旧堆栈框架的顶部)分配到基本指针中,以便在旧堆栈框架的顶部创建新的堆栈框架(即旧堆栈框架的顶部)堆栈帧将成为新堆栈帧的基础)。
- Moves the stack pointer further by decreasing or increasing its value, depending on whether the stack grows down or up. On x86, the stack pointer is decreased to make room for variables (i.e. the function's local variables).
通过减少或增加其值来进一步移动堆栈指针,具体取决于堆栈是向下还是向上增长。在x86上,堆栈指针被减少以为变量腾出空间(即函数的局部变量)。
Epilogue
Function epilogue reverses the actions of the function prologue and returns control to the calling function. It typically does the following actions (this procedure may differ from one architecture to another):
函数结尾反转函数序言的动作并将控制返回给调用函数。它通常执行以下操作(此过程可能因架构而异):
- Replaces the stack pointer with the current base (or frame) pointer, so the stack pointer is restored to its value before the prologue
用当前基(或帧)指针替换堆栈指针,以便在序言之前将堆栈指针恢复为其值
- Pops the base pointer off the stack, so it is restored to its value before the prologue
将基指针弹出堆栈,因此在序言之前将其恢复为其值
- Returns to the calling function, by popping the previous frame's program counter off the stack and jumping to it
返回到调用函数,方法是将前一帧的程序计数器从堆栈中弹出并跳转到它
京公网安备 11010802041100号