2019-2020-1 20199318 "Linux kernel principle and Analysis" in the second week of work

Others 2019-09-22 15:53:26 views: null

Chapter 1 Computers Work

Specific experimental procedure is as follows:

I. Experimental C code as shown:

Second, the C language code is converted to assembly language code as shown:

Third, the stack space diagram shown in FIG:

  在这里,0~9代表堆栈空间的标号,压栈时标号加1,出栈时标号减1。右侧的数字表示内存地址,EBP和ESP寄存器都指向栈底,即指向一个4字节存储单元的下边缘2000的位置,表示2000~2003这4个字节,也就是标号为0的存储单元,以此类推,标号为1的存储单元为1996~1999这4个字节。

Fourth, the assembly process execution code analysis:

Program execution begins assembly code from line 18, which is started from the "main", performed as follows:

  • Line 18: effect of this instruction is to actually function ebp register onto the stack, the pushl instruction ESP register points to the first reference position 1, i.e. reference numeral 1 plus or minus 4 address, then the value of the EBP register reference numeral 0 (address 2000) into a position of the stack of labels.
  • Line 19: when the execution start instruction, the EIP register has been automatically increment to the statement, line 19, will be the EBP register points to the location of reference numeral 1. Line 18 and line 19 statement is to create your own main function calls function stack space.
  • Line 20: when the execution start instruction, the EIP register has been automatically increment to the statement, line 20, minus the ESP register 4, the ESP register is actually a downward movement and a reference, the reference numeral 2 points to the location.
  • Line 21: when the execution start instruction, the EIP register has been automatically increment to the line 21 the statement, the immediate data into the reference numeral 5 ESP register points to the second position, i.e. 20 lines of code set aside the reference numeral 2 position. 20 and 21-line statement to prepare it for the next call to the function f, that is needed to push the parameters of the function f.
  • Line 22: when the execution start instruction, EIP register has been automatically increment to the line 22 the statement: "call f". The first row 22 starts executing the statement, the EIP register has been automatically increment to the next instruction, i.e. the statement of line 23, in fact, the value of the EIP register (line number 23 of the instruction address, indicated by line 23) to put reference to the spatial position of the stack 3. Since push ESP register value before the reference numeral 2, the ESP register when the first push Save 4 bytes, reference numeral 3 refers to the next position, and then the row number of the EIP register stack 23 to the reference position of the stack space 3. Next, the first instruction of the function f line 9 into the EIP register, so that the EIP register points to the function f. Then started the function f.
  • Statement on line 9 and the line 10 and the above statement on line 18 and line 19 is the same, their effect is a function of the initialization function call stack space.
  • Line 11: 4 Save the ESP register, stack space position refers to a downward reference numeral 5, in fact, is to push aside the space of a memory cell.
  • Line 12: This is an indexed addressing statement: EBP register plus the value of 8, the current position of the EBP register points of reference 4, plus 8 and then move upward position i.e. two plus two reference memory cells, the actual points position is the reference position of the stack 2 of space, immediate data stored reference position 2 is 5, then the effect of this statement is the immediate 5 into the EAX register.
  • The immediate location of the EAX register into a position stored in the ESP register 5 is now referred to, i.e., line 11 the statement label stack space set aside 5: line 13.
  • Line 14: line 22 and the action statement similar to above, the ESP register points to an empty stack position reference numeral 6, the contents of the line number of the EIP register stack space 15 into a position of reference numeral 6, and the EIP register points to the function g the first instruction. I.e., the position of the second row.
  • Line 2 Line 3 of the statement is a function of the establishment of an independent logical function call stack space g.
  • Line 4: Indexed Addressing a statement. EBP register plus 8, i.e. in the reference current stack space EBP register points 7 is moved upward on the basis of the position of the two memory cells numeral 5 points, then the contents of the reference numeral 5 into the EAX register. In fact, this step is taken out parameters of function g.

  • Line 5: 2 was added to the immediate EAX register is 5 + 2, 7 is the EAX register. ESP and EBP registers At this point reference numeral 7, EAX register 7, EIP register with the line number 6, a function call space shown in FIG. EBP or ESP + numerals stack memory space is at some point EBP or ESP register value, EIP + line number represented by the stored value of the EIP register is a moment in time.

  • Action line 6 and line 7 statement is dismantled g function call stack, and returns to the calling function g location. EIP register points to make the position of the 15 lines of code.
  • Line 15 and line 16: leav instructions for revoking stack. EIP points to the location that the line 23.
  • Line 23: the EAX register plus immediate 2, i.e. 2 + 7, 9 at this time is the EAX register.

  • Line 24 and Line 25: revocation main function of the stack, the stack space back to the state at the beginning of the main function started.

Fifth, use gdb debugging C language program

  1. Start gdb debugger:

  2. View main function information:

      从图中可见call指令自动把返回地址0x4004fc压入栈中。

  3. View Information function f:

       在栈上保存上层帧的帧指针0x4004fc,然后将新的栈帧赋给帧指针%rsp。在这里rsp相当于书上的esp,rbp相当于书上的ebp。call指令自动把返回地址0x4004ed压入栈中。

  4. View function g Information:

      在栈上保存上层帧的帧指针0x4004ed,然后将新的栈帧赋给帧指针%rsp。

Problems encountered

A, gdb debugging issues

When using gdb debugging the C language program, use the run command following error appears:

In this case you can not see when the program is executed, every step of the stack information. It did not solve the problem after trying to set breakpoints and other methods. Next, I will continue to have access to relevant information, to solve the problem.

Guess you like

Origin www.cnblogs.com/SunMaolin/p/11567078.html
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com