2
我尝试从.text节中定义字符串。它编译没有错误,但当我用gdb反汇编时,我得到了糟糕的指令。 这里,它的代码在C:gcc内嵌汇编程序定义字符串
void main(){
__asm__(
"jmp .+0x35;"
"pop %rsi;"
"mov %rsi, -0x10(%rsi);"
"movq $0x0,-0x8(%rsi);"
"mov -0x10(%rsi), %rax;"
"lea -0x10(%rsi), %rcx;"
"mov $0x0, %edx;"
"mov %rcx, %rsi;"
"mov %rax, %rdi;"
"mov $0x3b,%eax;"
"syscall;"
"mov $0x0,%ebx;"
"mov $0x1,%eax;"
"syscall;"
"call .-0x33;"
".string \"/bin/bash\";"
);
}
拆机:
0x0000000000400494 <+0>: push %rbp
0x0000000000400495 <+1>: mov %rsp,%rbp
0x0000000000400498 <+4>: jmp 0x4004cd <main+57>
0x000000000040049a <+6>: pop %rsi
0x000000000040049b <+7>: mov %rsi,-0x10(%rsi)
0x000000000040049f <+11>: movq $0x0,-0x8(%rsi)
0x00000000004004a7 <+19>: mov -0x10(%rsi),%rax
0x00000000004004ab <+23>: lea -0x10(%rsi),%rcx
0x00000000004004af <+27>: mov $0x0,%edx
0x00000000004004b4 <+32>: mov %rcx,%rsi
0x00000000004004b7 <+35>: mov %rax,%rdi
0x00000000004004ba <+38>: mov $0x3b,%eax
0x00000000004004bf <+43>: syscall
0x00000000004004c1 <+45>: mov $0x0,%ebx
0x00000000004004c6 <+50>: mov $0x1,%eax
0x00000000004004cb <+55>: syscall
0x00000000004004cd <+57>: callq 0x40049a <main+6>
0x00000000004004d2 <+62>: (bad) (**here is define string**)
0x00000000004004d3 <+63>: (bad)
0x00000000004004d4 <+64>: imul $0x68736162,0x2f(%rsi),%ebp
0x00000000004004db <+71>: add %cl,%cl
0x00000000004004dd <+73>: retq
我怎样才能避免这个错误?
我真的不会调用C. –
除了“/ bin/bash”的编码是否可以反汇编成有意义的东西? – Leeor
我除了“/ bin/bash”的地址(内存中的某处) – kokichi88