逆向-beginners之结构体嵌套

最新推荐文章于 2024-08-26 16:13:46 发布

xiaozhiwise

最新推荐文章于 2024-08-26 16:13:46 发布

阅读量867

点赞数

分类专栏： Assembly 文章标签：汇编

本文链接：https://blog.csdn.net/xiaozhiwise/article/details/133212613

版权

Assembly 专栏收录该内容

443 篇文章 3 订阅

订阅专栏

#include <stdio.h>

/*
* 嵌套
*/

struct inner_struct
{
int a;
int b;
};

struct outer_struct
{
   char a;
   int b;
   struct inner_struct c;
   char d;
   int e;
};

void f(struct outer_struct s)
{
printf("a=%d,b=%d,c.a=%d,c.b=%d,d=%d,e=%d\n",
s.a, s.b, s.c.a, s.c.b, s.d, s.e);
}

int main()
{
struct outer_struct s;

   s.a = 1;
   s.b = 2;
   s.c.a = 100;
   s.c.b = 101;
   s.d = 3;
   s.e = 4;

f(s);
}

#if 0
/*
* intel
*/
0000000000001149 <f>:
1149:   f3 0f 1e fa     endbr64           // rsp=0x7fffffffe0f8   rbp=0x7fffffffe140
114d:   55    push %rbp       // rsp=rsp-0x48-0x8=rsp-0x50   rsp=0x7fffffffe0f0   rbp=0x7fffffffe140
114e:   48 89 e5    mov %rsp,%rbp   // rbp=rsp-0x50   rsp=rbp=0x7fffffffe0f0
1151:   8b 75 24    mov 0x24(%rbp),%esi   // esi=(rbp-0x50+0x24)   (rbp+0x24)=0x7fffffffe114: 0x00000004
1154:   0f b6 45 20     movzbl 0x20(%rbp),%eax   // 0x20(%rbp)=0x7fffffffe110: 0xffffe203
1158:   44 0f be c0     movsbl %al,%r8d           // al=0x3   r8d=0x3
115c:   8b 7d 1c    mov 0x1c(%rbp),%edi   // 0x7fffffffe10c: 0xffffe20300000065   edi=0x65
115f:   8b 4d 18    mov 0x18(%rbp),%ecx   // 0x7fffffffe108: 0x0000006500000064   ecx=0x64
1162:   8b 55 14    mov 0x14(%rbp),%edx   // 0x7fffffffe104: 0x0000006400000002   edx=0x2
1165:   0f b6 45 10     movzbl 0x10(%rbp),%eax   // 0x7fffffffe100: 0x0000000200000001   eax=0x1
1169:   0f be c0    movsbl %al,%eax           // al=0x1   eax=0x1
116c:   48 83 ec 08     sub $0x8,%rsp       // rsp=0x7fffffffe0e8   rbp=0x7fffffffe0f0
1170:   56    push %rsi               // rsp=0x7fffffffe0e0   rbp=0x7fffffffe0f0   rsi=0x4
1171:   45 89 c1    mov %r8d,%r9d       // r9d=0x3
1174:   41 89 f8    mov %edi,%r8d       // r8d=0x65
1177:   89 c6     mov %eax,%esi       // esi=0x1
1179:   48 8d 3d 88 0e 00 00    lea 0xe88(%rip),%rdi # 2008 <_IO_stdin_used+0x8>
1180:   b8 00 00 00 00    mov $0x0,%eax
1185:   e8 c6 fe ff ff    callq 1050 <printf@plt>   // printf(rdi, esi, edx, ecx, r8d, r9d, rsp)
118a:   48 83 c4 10     add $0x10,%rsp
118e:   90    nop
118f:   c9    leaveq
1190:   c3    retq

0000000000001191 <main>:
1191:   f3 0f 1e fa     endbr64               // rsp=0x7fffffffe148   rbp=0
1195:   55    push %rbp           // rsp=0x7fffffffe140   rbp=0
1196:   48 89 e5    mov %rsp,%rbp       // rbp=rsp=0x7fffffffe140
1199:   48 83 ec 20     sub $0x20,%rsp       // rsp=0x7fffffffe120   rbp=0x7fffffffe140
119d:   c6 45 e0 01     movb $0x1,-0x20(%rbp)       // (rbp-0x20)=0x1       0x7fffffffe120: 0x00000001
11a1:   c7 45 e4 02 00 00 00    movl $0x2,-0x1c(%rbp)       // (rbp-0x1c)=0x2       0x7fffffffe124: 0x00000002
11a8:   c7 45 e8 64 00 00 00    movl $0x64,-0x18(%rbp)   // (rbp-0x18)=0x64       0x7fffffffe128: 0x00000064
11af:   c7 45 ec 65 00 00 00    movl $0x65,-0x14(%rbp)   // (rbp-0x14)=0x65       0x7fffffffe12c: 0x00000065
11b6:   c6 45 f0 03     movb $0x3,-0x10(%rbp)       // (rbp-0x10)=0x3       0x7fffffffe130: 0xffffe203
11ba:   c7 45 f4 04 00 00 00    movl $0x4,-0xc(%rbp)       // (rbp-0xc)=0x4       0x7fffffffe134: 0x00000004
11c1:   48 83 ec 08     sub $0x8,%rsp       // rsp=rsp-8=rsp-0x28       rsp=0x7fffffffe118   rbp=0x7fffffffe140
11c5:   ff 75 f0    pushq -0x10(%rbp)       // rsp-0x30=0x3               rsp=0x7fffffffe110:0xffffe203
11c8:   ff 75 e8    pushq -0x18(%rbp)       // rsp-0x38=0x64           rsp=0x7fffffffe108:0x00000064
11cb:   ff 75 e0    pushq -0x20(%rbp)       // rsp-0x40=0x1               rsp=0x7fffffffe100:0x00000001
11ce:   e8 76 ff ff ff    callq 1149 <f>           // rsp=rsp-0x48 f(rbp-0x40)   rsp=0x7fffffffe0f8 rbp=0x7fffffffe140
11d3:   48 83 c4 20     add $0x20,%rsp
11d7:   b8 00 00 00 00    mov $0x0,%eax
11dc:   c9    leaveq        // 0x28-0x18=0x40
11dd:   c3    retq
11de:   66 90     xchg %ax,%ax

(gdb) x/20w $rsp+0x10 ===> 0x7fffffffe0f0+0x10=0x7fffffffe100
0x7fffffffe100: 0x00000001 0x00000002 0x00000064 0x00000065
0x7fffffffe110: 0xffffe203 0x00000004 0x555551e0 0x00005555
0x7fffffffe120: 0x00000001 0x00000002 0x00000064 0x00000065
0x7fffffffe130: 0xffffe203 0x00000004 0x00000000 0x00000000
0x7fffffffe140: 0x00000000 0x00000000 0xf7de00b3 0x00007fff

(gdb) x/20g $rsp+0x10
0x7fffffffe100: 0x0000000200000001 0x0000006500000064
0x7fffffffe110: 0x00000004ffffe203 0x00005555555551e0
0x7fffffffe120: 0x0000000200000001 0x0000006500000064
0x7fffffffe130: 0x00000004ffffe203 0x0000000000000000
0x7fffffffe140: 0x0000000000000000 0x00007ffff7de00b3
0x7fffffffe150: 0x00007ffff7ffc620 0x00007fffffffe238
0x7fffffffe160: 0x0000000100000000 0x0000555555555191
0x7fffffffe170: 0x00005555555551e0 0x8aa22c405dddec8e
0x7fffffffe180: 0x0000555555555060 0x00007fffffffe230
0x7fffffffe190: 0x0000000000000000 0x0000000000000000

/*
* arm
*/
000000000040055c <f>:
40055c:   a9be7bfd    stp   x29, x30, [sp, #-32]!
400560:   910003fd    mov   x29, sp       // x29=sp
400564:   f9000bf3    str   x19, [sp, #16]   // [sp+16]=x19
400568:   aa0003f3    mov   x19, x0       // x19=x0
40056c:   39400260    ldrb   w0, [x19]   // w0=1
400570:   2a0003e7    mov   w7, w0       // w7=1
400574:   b9400661    ldr   w1, [x19, #4]   // w1=2
400578:   b9400a62    ldr   w2, [x19, #8]   // w2=100
40057c:   b9400e63    ldr   w3, [x19, #12]   // w3=101
400580:   39404260    ldrb   w0, [x19, #16]   // w0=3
400584:   2a0003e5    mov   w5, w0       // w5=3
400588:   b9401664    ldr   w4, [x19, #20]   // w4=4
40058c:   90000000    adrp   x0, 400000 <_init-0x3e8>
400590:   911b4000    add   x0, x0, #0x6d0
400594:   2a0403e6    mov   w6, w4       // w6=4
400598:   2a0303e4    mov   w4, w3       // w4=101
40059c:   2a0203e3    mov   w3, w2       // w3=100
4005a0:   2a0103e2    mov   w2, w1       // w2=2
4005a4:   2a0703e1    mov   w1, w7       // w1=1
4005a8:   97ffffaa    bl   400450 <printf@plt>   // printf(x0, w1, w2, w3, w4, w5, w6)
4005ac:   d503201f    nop
4005b0:   f9400bf3    ldr   x19, [sp, #16]
4005b4:   a8c27bfd    ldp   x29, x30, [sp], #32
4005b8:   d65f03c0    ret

00000000004005bc <main>:
4005bc:   a9bb7bfd    stp   x29, x30, [sp, #-80]!
4005c0:   910003fd    mov   x29, sp
4005c4:   52800020    mov   w0, #0x1    // #1
4005c8:   3900e3a0    strb   w0, [x29, #56]
4005cc:   52800040    mov   w0, #0x2    // #2
4005d0:   b9003fa0    str   w0, [x29, #60]
4005d4:   52800c80    mov   w0, #0x64     // #100
4005d8:   b90043a0    str   w0, [x29, #64]
4005dc:   52800ca0    mov   w0, #0x65     // #101
4005e0:   b90047a0    str   w0, [x29, #68]
4005e4:   52800060    mov   w0, #0x3    // #3
4005e8:   390123a0    strb   w0, [x29, #72]
4005ec:   52800080    mov   w0, #0x4    // #4
4005f0:   b9004fa0    str   w0, [x29, #76]
4005f4:   910043a2    add   x2, x29, #0x10       // x2=x29+0x10
4005f8:   9100e3a3    add   x3, x29, #0x38       // x3=x29+0x38 (56)
4005fc:   a9400460    ldp   x0, x1, [x3]       // x0=[x3]=1, x1=[x3+8]=100
400600:   a9000440    stp   x0, x1, [x2]       // [x2]=x0=1, [x2+8]=x1=100
400604:   f9400860    ldr   x0, [x3, #16]       // x0=[x3+16]=3
400608:   f9000840    str   x0, [x2, #16]       // [x2+16]=x0=3
40060c:   910043a0    add   x0, x29, #0x10       // x0=x29+0x10
400610:   97ffffd3    bl   40055c <f>       // f(x29+0x10)
400614:   52800000    mov   w0, #0x0    // #0
400618:   a8c57bfd    ldp   x29, x30, [sp], #80
40061c:   d65f03c0    ret