Hello world Disassemble
1. 환경
- Cent OS Linux release 7.3.1611 (Core) -64 bit
2. 소스
#include <stdio.h>
int main(int argc, const char *argv[])
{
printf("hellow world\n");
return 0;
}
3. 목표
- 메모리의 hello world 찾기
4. gdb를 이용한 disassemble
- main부터 보기 위해 main에 break 걸기
[root@client basic]# gdb main
(gdb) b main
Breakpoint 1 at 0x40053c: file main.c, line 5.
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /root/my_git/reversing/basic/main
Breakpoint 1, main (argc=1, argv=0x7fffffffe388) at main.c:5
5 printf("hellow world\n");
(gdb) disassemble /m main
Dump of assembler code for function main:
4 {
0x000000000040052d <+0>: push %rbp
0x000000000040052e <+1>: mov %rsp,%rbp
0x0000000000400531 <+4>: sub $0x10,%rsp
0x0000000000400535 <+8>: mov %edi,-0x4(%rbp)
0x0000000000400538 <+11>: mov %rsi,-0x10(%rbp)
5 printf("hellow world\n");
=> 0x000000000040053c <+15>: mov $0x4005e0,%edi
0x0000000000400541 <+20>: callq 0x400410 <puts@plt>
6 return 0;
0x0000000000400546 <+25>: mov $0x0,%eax
7 }
0x000000000040054b <+30>: leaveq
0x000000000040054c <+31>: retq
End of assembler dump.
(gdb)
- ni를 하여 assemble 코드한 줄을 실행하여 puts 함수 call 전에 대기
(gdb) ni
0x0000000000400541 5 printf("hellow world\n");
(gdb) disassemble /m main
Dump of assembler code for function main:
4 {
0x000000000040052d <+0>: push %rbp
0x000000000040052e <+1>: mov %rsp,%rbp
0x0000000000400531 <+4>: sub $0x10,%rsp
0x0000000000400535 <+8>: mov %edi,-0x4(%rbp)
0x0000000000400538 <+11>: mov %rsi,-0x10(%rbp)
5 printf("hellow world\n");
0x000000000040053c <+15>: mov $0x4005e0,%edi
=> 0x0000000000400541 <+20>: callq 0x400410 <puts@plt>
6 return 0;
0x0000000000400546 <+25>: mov $0x0,%eax
7 }
0x000000000040054b <+30>: leaveq
0x000000000040054c <+31>: retq
End of assembler dump.
(gdb)
- 0x000000000040053c에서 puts 콜 전에 매개 변수를 edi통해서 넘기는 것을 확인 할수 있다. 메모리 값 확인
(gdb) x/40c $edi
0x4005e0: 104 'h' 101 'e' 108 'l' 108 'l' 111 'o' 119 'w' 32 ' ' 119 'w'
0x4005e8: 111 'o' 114 'r' 108 'l' 100 'd' 0 '\000' 0 '\000' 0 '\000' 0 '\000'
0x4005f0: 1 '\001' 27 '\033' 3 '\003' 59 ';' 52 '4' 0 '\000' 0 '\000' 0 '\000'
0x4005f8: 5 '\005' 0 '\000' 0 '\000' 0 '\000' 16 '\020' -2 '\376' -1 '\377' -1 '\377'
0x400600: -128 '\200' 0 '\000' 0 '\000' 0 '\000' 80 'P' -2 '\376' -1 '\377' -1 '\377'
(gdb)
요약. 본 프로그램에서는 printf 함수 호출시 $edi 에 문자열 주소를 넣어 매개 변수는 넘기는 것을 알수 있다.
'disassemble' 카테고리의 다른 글
| 4) gdb TUI에 대해서 (0) | 2017.03.18 |
|---|---|
| 2) gdb 출력 형식 지정 (0) | 2017.03.18 |
| 1) stack frame에대한 정리 (0) | 2017.03.11 |
| 0) disassemble의 종류 GAS / NASM (0) | 2017.03.11 |