[root@localhost mhello]# objdump -S hello
hello: file format elf32-i386
Disassembly of section .init:
080483c8 <_init>:
80483c8: 55 push %ebp
80483c9: 89 e5 mov %esp,%ebp
80483cb: 53 push %ebx
80483cc: 83 ec 04 sub $0x4,%esp
80483cf: e8 00 00 00 00 call 80483d4 <_init+0xc>
80483d4: 5b pop %ebx
80483d5: 81 c3 a8 14 00 00 add $0x14a8,%ebx
80483db: 8b 93 fc ff ff ff mov -0x4(%ebx),%edx
80483e1: 85 d2 test %edx,%edx
80483e3: 74 05 je 80483ea <_init+0x22>
80483e5: e8 1e 00 00 00 call 8048408 <__gmon_start__@plt>
80483ea: e8 01 01 00 00 call 80484f0 <frame_dummy>
80483ef: e8 5c 02 00 00 call 8048650 <__do_global_ctors_aux>
80483f4: 58 pop %eax
80483f5: 5b pop %ebx
80483f6: c9 leave
80483f7: c3 ret
Disassembly of section .plt:
080483f8 <__gmon_start__@plt-0x10>:
80483f8: ff 35 80 98 04 08 pushl 0x8049880
80483fe: ff 25 84 98 04 08 jmp *0x8049884
8048404: 00 00 add %al,(%eax)
...
08048408 <__gmon_start__@plt>:
8048408: ff 25 88 98 04 08 jmp *0x8049888
804840e: 68 00 00 00 00 push $0x0
8048413: e9 e0 ff ff ff jmp 80483f8 <_init+0x30>
08048418 <__libc_start_main@plt>:
8048418: ff 25 8c 98 04 08 jmp *0x804988c
804841e: 68 08 00 00 00 push $0x8
8048423: e9 d0 ff ff ff jmp 80483f8 <_init+0x30>
08048428 <printf@plt>:
8048428: ff 25 90 98 04 08 jmp *0x8049890
804842e: 68 10 00 00 00 push $0x10
8048433: e9 c0 ff ff ff jmp 80483f8 <_init+0x30>
08048438 <puts@plt>:
8048438: ff 25 94 98 04 08 jmp *0x8049894
804843e: 68 18 00 00 00 push $0x18
8048443: e9 b0 ff ff ff jmp 80483f8 <_init+0x30>
08048448 <func_file_b@plt>:
8048448: ff 25 98 98 04 08 jmp *0x8049898
804844e: 68 20 00 00 00 push $0x20
8048453: e9 a0 ff ff ff jmp 80483f8 <_init+0x30>
Disassembly of section .text:
08048460 <_start>:
8048460: 31 ed xor %ebp,%ebp
8048462: 5e pop %esi
8048463: 89 e1 mov %esp,%ecx
8048465: 83 e4 f0 and $0xfffffff0,%esp
8048468: 50 push %eax
8048469: 54 push %esp
804846a: 52 push %edx
804846b: 68 e0 85 04 08 push $0x80485e0
8048470: 68 f0 85 04 08 push $0x80485f0
8048475: 51 push %ecx
8048476: 56 push %esi
8048477: 68 28 85 04 08 push $0x8048528
804847c: e8 97 ff ff ff call 8048418 <__libc_start_main@plt>
8048481: f4 hlt
8048482: 90 nop
8048483: 90 nop
8048484: 90 nop
8048485: 90 nop
8048486: 90 nop
8048487: 90 nop
8048488: 90 nop
8048489: 90 nop
804848a: 90 nop
804848b: 90 nop
804848c: 90 nop
804848d: 90 nop
804848e: 90 nop
804848f: 90 nop
08048490 <__do_global_dtors_aux>:
8048490: 55 push %ebp
8048491: 89 e5 mov %esp,%ebp
8048493: 53 push %ebx
8048494: 83 ec 04 sub $0x4,%esp
8048497: 80 3d a4 98 04 08 00 cmpb $0x0,0x80498a4
804849e: 75 40 jne 80484e0 <__do_global_dtors_aux+0x50>
80484a0: 8b 15 a8 98 04 08 mov 0x80498a8,%edx
80484a6: b8 a0 97 04 08 mov $0x80497a0,%eax
80484ab: 2d 9c 97 04 08 sub $0x804979c,%eax
80484b0: c1 f8 02 sar $0x2,%eax
80484b3: 8d 58 ff lea -0x1(%eax),%ebx
80484b6: 39 da cmp %ebx,%edx
80484b8: 73 1f jae 80484d9 <__do_global_dtors_aux+0x49>
80484ba: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
80484c0: 8d 42 01 lea 0x1(%edx),%eax
80484c3: a3 a8 98 04 08 mov %eax,0x80498a8
80484c8: ff 14 85 9c 97 04 08 call *0x804979c(,%eax,4)
80484cf: 8b 15 a8 98 04 08 mov 0x80498a8,%edx
80484d5: 39 da cmp %ebx,%edx
80484d7: 72 e7 jb 80484c0 <__do_global_dtors_aux+0x30>
80484d9: c6 05 a4 98 04 08 01 movb $0x1,0x80498a4
80484e0: 83 c4 04 add $0x4,%esp
80484e3: 5b pop %ebx
80484e4: 5d pop %ebp
80484e5: c3 ret
80484e6: 8d 76 00 lea 0x0(%esi),%esi
80484e9: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
080484f0 <frame_dummy>:
80484f0: 55 push %ebp
80484f1: 89 e5 mov %esp,%ebp
80484f3: 83 ec 08 sub $0x8,%esp
80484f6: a1 a4 97 04 08 mov 0x80497a4,%eax
80484fb: 85 c0 test %eax,%eax
80484fd: 74 12 je 8048511 <frame_dummy+0x21>
80484ff: b8 00 00 00 00 mov $0x0,%eax
8048504: 85 c0 test %eax,%eax
8048506: 74 09 je 8048511 <frame_dummy+0x21>
8048508: c7 04 24 a4 97 04 08 movl $0x80497a4,(%esp)
804850f: ff d0 call *%eax
8048511: c9 leave
8048512: c3 ret
8048513: 90 nop
08048514 <func_hello>:
8048514: 55 push %ebp
8048515: 89 e5 mov %esp,%ebp
8048517: 83 ec 08 sub $0x8,%esp
804851a: c7 04 24 a4 86 04 08 movl $0x80486a4,(%esp)
8048521: e8 12 ff ff ff call 8048438 <puts@plt>
8048526: c9 leave
8048527: c3 ret
08048528 <main>:
8048528: 8d 4c 24 04 lea 0x4(%esp),%ecx
804852c: 83 e4 f0 and $0xfffffff0,%esp
804852f: ff 71 fc pushl -0x4(%ecx)
8048532: 55 push %ebp
8048533: 89 e5 mov %esp,%ebp
8048535: 51 push %ecx
8048536: 83 ec 04 sub $0x4,%esp
8048539: c7 04 24 b9 86 04 08 movl $0x80486b9,(%esp)
8048540: e8 f3 fe ff ff call 8048438 <puts@plt>
8048545: e8 ca ff ff ff call 8048514 <func_hello>
804854a: c7 04 24 06 00 00 00 movl $0x6,(%esp)
8048551: e8 26 00 00 00 call 804857c <func_file_a>
8048556: c7 04 24 06 00 00 00 movl $0x6,(%esp)
804855d: e8 e6 fe ff ff call 8048448 <func_file_b@plt>
8048562: c7 04 24 c4 86 04 08 movl $0x80486c4,(%esp)
8048569: e8 ca fe ff ff call 8048438 <puts@plt>
804856e: b8 00 00 00 00 mov $0x0,%eax
8048573: 83 c4 04 add $0x4,%esp
8048576: 59 pop %ecx
8048577: 5d pop %ebp
8048578: 8d 61 fc lea -0x4(%ecx),%esp
804857b: c3 ret
//8048545: e8 ca ff ff ff call 8048514 <func_hello>
//8048551: e8 26 00 00 00 call 804857c <func_file_a>
// 8048556: c7 04 24 06 00 00 00 movl $0x6,(%esp)
//hello模块内的符号func_hello地址已经确定,8048514
//从.o中掠夺过来的符号func_file_a,地址已经确定,804857c
//不是像hello.o的那种call 3e <main+0x2a>之类的东东了,
//这些都是链接器的功劳,链接器已经将距离hello.o的text段头3e处 的内存单元的内容
//偷梁换柱成了26 00 00 00
//为什么是26 00 00 00 ?因为这样才能找到804857c (=8048556+26)
//可见静态连接的步骤
//1.1扫描所有输入.o和.so文件,将所有.o文件的某些相似段合并成为一个大段作为可执行文件的段,比如合并代码段,合并数据段
//并且给合并段分配虚拟地址(段起址)
//将所有.o和.so文件的符号表中记录的符号统一放到一个全局符号表
//1.2符号地址的确定(通过符号表查找需要确定地址的符号)
//由于段起址已经确定,而各个符号在段中的偏移也是一定的,所以可以确定段中符号的虚拟地址
//比如hello的.text段起址是08048460 ,func_file_a的相对func_file_a.o的.text段的偏移是0,那么func_file_a的符号地址是......??这里貌似没法确定
//因为hello的text段由hello,o和file_a.o和其他一些模块的text段组成,而func_file_a相对file_a中text的偏移是0,欲求相对hello中text的偏移,
还需知道file_a中text段被合并到hello中的text段的位置X.......所以俞甲子在p103中貌似说的有些糊糊
这里假设X已知,那么func_file_a的地址确实可定,为08048460 +X+0=0804857c
这样就为可以确定地址的符号计算出了地址
//2.1符号的重定位(通过各个.o的重定位表查找需要重定位的符号)
上一步已经确定了符号定义在哪个位置了,但是那些引用这些符号的指令还不知道呢,链接器需要
通知一下
该去哪里通知呢?链接器从hello.o,file_a.o的重定位表中获知代码段中的哪个位置调用过符号
比如hello.o的符号表记录了
00000032 00000802 R_386_PC32 00000000 func_hello
0000003e 00000b02 R_386_PC32 00000000 func_file_a
表示距离本段32,3e处各有一个数据是需要重新填写一下的
32 33 34 35(hello.o text段)------对应8048546 8048547 8048548 8048549 (hello text段)//这32位内存中需要重新塞进一个偏移量,使cpu可以跳到func_hello的虚拟地址
3e 3f 40 41(hello.o text段)-------对应8048552 8048553 8048554 8048555 (hello text段)///这32位内存中需要重新塞进一个偏移量,使cpu可以跳到func_file_a的虚拟地址
--------对照file_a.o和hello的反汇编代码,可以找到对应关系
塞进多少呢?例如
8048551: e8 26 00 00 00 call 804857c <func_file_a>
即
8048552 26
8048553 00
8048554 00
8048554 00
是26,--------因为func_file_a的地址已定是0804857c ,而下一条指令的地址是8048556,0804857c -8048556=26,所以想
跳到func_file_a,要填26
// 还有类似如下符号func_file_b貌似没有确定虚拟地址,
//804855d: e8 e6 fe ff ff call 8048448 <func_file_b@plt>
//这个是动态连接的咚咚
0804857c <func_file_a>:
804857c: 55 push %ebp
804857d: 89 e5 mov %esp,%ebp
804857f: 83 ec 18 sub $0x18,%esp
8048582: c7 05 a0 98 04 08 0b movl $0xb,0x80498a0
8048589: 00 00 00
804858c: c7 45 fc 64 00 00 00 movl $0x64,-0x4(%ebp)
8048593: c7 04 24 cd 86 04 08 movl $0x80486cd,(%esp)
804859a: e8 99 fe ff ff call 8048438 <puts@plt>
804859f: 8b 45 fc mov -0x4(%ebp),%eax
80485a2: 89 44 24 04 mov %eax,0x4(%esp)
80485a6: c7 04 24 df 86 04 08 movl $0x80486df,(%esp)
80485ad: e8 76 fe ff ff call 8048428 <printf@plt>
80485b2: 8b 45 08 mov 0x8(%ebp),%eax
80485b5: 01 45 fc add %eax,-0x4(%ebp)
80485b8: 8b 45 fc mov -0x4(%ebp),%eax
80485bb: 89 44 24 04 mov %eax,0x4(%esp)
80485bf: c7 04 24 f5 86 04 08 movl $0x80486f5,(%esp)
80485c6: e8 5d fe ff ff call 8048428 <printf@plt>
80485cb: c7 04 24 10 87 04 08 movl $0x8048710,(%esp)
80485d2: e8 61 fe ff ff call 8048438 <puts@plt>
80485d7: 8b 45 fc mov -0x4(%ebp),%eax
80485da: c9 leave
80485db: c3 ret
80485dc: 90 nop
80485dd: 90 nop
80485de: 90 nop
80485df: 90 nop
080485e0 <__libc_csu_fini>:
80485e0: 55 push %ebp
80485e1: 89 e5 mov %esp,%ebp
80485e3: 5d pop %ebp
80485e4: c3 ret
80485e5: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
80485e9: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
080485f0 <__libc_csu_init>:
80485f0: 55 push %ebp
80485f1: 89 e5 mov %esp,%ebp
80485f3: 57 push %edi
80485f4: 56 push %esi
80485f5: 53 push %ebx
80485f6: e8 4f 00 00 00 call 804864a <__i686.get_pc_thunk.bx>
80485fb: 81 c3 81 12 00 00 add $0x1281,%ebx
8048601: 83 ec 0c sub $0xc,%esp
8048604: e8 bf fd ff ff call 80483c8 <_init>
8048609: 8d bb 18 ff ff ff lea -0xe8(%ebx),%edi
804860f: 8d 83 18 ff ff ff lea -0xe8(%ebx),%eax
8048615: 29 c7 sub %eax,%edi
8048617: c1 ff 02 sar $0x2,%edi
804861a: 85 ff test %edi,%edi
804861c: 74 24 je 8048642 <__libc_csu_init+0x52>
804861e: 31 f6 xor %esi,%esi
8048620: 8b 45 10 mov 0x10(%ebp),%eax
8048623: 89 44 24 08 mov %eax,0x8(%esp)
8048627: 8b 45 0c mov 0xc(%ebp),%eax
804862a: 89 44 24 04 mov %eax,0x4(%esp)
804862e: 8b 45 08 mov 0x8(%ebp),%eax
8048631: 89 04 24 mov %eax,(%esp)
8048634: ff 94 b3 18 ff ff ff call *-0xe8(%ebx,%esi,4)
804863b: 83 c6 01 add $0x1,%esi
804863e: 39 fe cmp %edi,%esi
8048640: 72 de jb 8048620 <__libc_csu_init+0x30>
8048642: 83 c4 0c add $0xc,%esp
8048645: 5b pop %ebx
8048646: 5e pop %esi
8048647: 5f pop %edi
8048648: 5d pop %ebp
8048649: c3 ret
0804864a <__i686.get_pc_thunk.bx>:
804864a: 8b 1c 24 mov (%esp),%ebx
804864d: c3 ret
804864e: 90 nop
804864f: 90 nop
08048650 <__do_global_ctors_aux>:
8048650: 55 push %ebp
8048651: 89 e5 mov %esp,%ebp
8048653: 53 push %ebx
8048654: 83 ec 04 sub $0x4,%esp
8048657: a1 94 97 04 08 mov 0x8049794,%eax
804865c: 83 f8 ff cmp $0xffffffff,%eax
804865f: 74 13 je 8048674 <__do_global_ctors_aux+0x24>
8048661: bb 94 97 04 08 mov $0x8049794,%ebx
8048666: 66 90 xchg %ax,%ax
8048668: 83 eb 04 sub $0x4,%ebx
804866b: ff d0 call *%eax
804866d: 8b 03 mov (%ebx),%eax
804866f: 83 f8 ff cmp $0xffffffff,%eax
8048672: 75 f4 jne 8048668 <__do_global_ctors_aux+0x18>
8048674: 83 c4 04 add $0x4,%esp
8048677: 5b pop %ebx
8048678: 5d pop %ebp
8048679: c3 ret
804867a: 90 nop
804867b: 90 nop
Disassembly of section .fini:
0804867c <_fini>:
804867c: 55 push %ebp
804867d: 89 e5 mov %esp,%ebp
804867f: 53 push %ebx
8048680: 83 ec 04 sub $0x4,%esp
8048683: e8 00 00 00 00 call 8048688 <_fini+0xc>
8048688: 5b pop %ebx
8048689: 81 c3 f4 11 00 00 add $0x11f4,%ebx
804868f: e8 fc fd ff ff call 8048490 <__do_global_dtors_aux>
8048694: 59 pop %ecx
8048695: 5b pop %ebx
8048696: c9 leave
8048697: c3 ret
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
