- Figure:
long decode2(long x,long y,long z)
{
y -= z;
x *= y;
int tmp = y;
tmp = tmp << 63;
tmp = tmp >> 63;
tmp = x ^ tmp;
return tmp;
}
- FIG:
A: X in% rid, n is in the% esi, result in the% eax, mask% rdx in the
B: result initial value is 0, mask the initial value is. 1
C: test condition is determined whether the mask 0
D: left shift of n bits each mask
E: Result | X = & mask
F.: Code fill:
long loop(int x,int n)
{
long result = 0;
long mask;
for(mask = 1;mask!=0;mask = mask<<n)
{
result != x & mask;
}
return result;
}
- Figure:
long cread_alt(long *xp)
{
long tmp = 0;
if(!xp)
tmp = *xp;
return tmp;
}
- Figure:
long switch(long *p1,long *p2,mode_t action)
{
long result = 0;
swtich(action)
{
case MODE_A:
result = *p2;
int tmp = *p1;
*p2 = tmp;
break;
case MODE_B:
result = *p1;
result += *p2;
*p1 = result;
break;
case MODE_C:
*p1 = 59;
result = *p2;
break;
case MODE_D: //之后落入E
*p1 = *p2;
case MODE_E:
result = 27;
break;
default:
result = 12;
break;
}
return result;
}
- Figure:
long switch_prob(long x,long n)
{
long result = x;
switch(n)
{
case 0:
case 2:
result = 8x;
break;
case 3:
result = x;
result >> 3;
break;
case 4:
result = x;
result << 4;
x -= x;
case 5:
x = x*x;
case 1:
default:
result = x + 0x4b;
break;
}
return result;
}
-
FIG:
A: A [I] [J] [K] = first address L + ((S T) I S + J + K)
B: determining the value of R, S, and T.
The assembly code, can be derived R & lt S T . 8 = 3640 (Condition 1)
equation by the assembler code, A [i] [j] [k] is a position + A (65i + 13j + K) . 8, a first control Q formula derived, can be obtained = 13 is S T T = 65 (condition 2)
combination of conditions 1, 2, can calculate R = 7 S = 5 T = 13. -
Figure:
do this problem should pay attention to the data alignment
four principles of alignment规则0:第一个数据成员应该为1,或者是2的倍数 规则1:结构体(struct)的数据成员,第一个数据成员放在offset为0的地方,以后每个数据成员存放在offset为该数据成员大小的整数倍的地方(比如int在32位机为4字节,则要从4的整数倍地址开始存储)。 规则2:如果一个结构体B里嵌套另一个结构体A,则结构体A应从offset为A内部最大成员的整数倍的地方开始存储。(struct B里存有struct A,A里有char,int,double等成员,那A应该从8的整数倍开始存储。),结构体A中的成员的对齐规则仍满足原则1、原则2。 规则3:结构体的总大小,也就是sizeof的结果,必须是其内部最大成员的整数倍,不足的要补齐。
setVal:
movslq 8(%rsi), %rax # 5 <= B <= 8
addq 32(%rsi), %rax # 9<= A <= 10
movq %rax, 184(%rdi) # 180 <= A * B * 4 <= 184
ret
-
Figure:
<test>: mov 0x120(%rsi), %ecx # ecx = *(bp + 288) add (%rsi), %ecx # ecx += *bp # 上两行可推断 288 是 last 与 first 的首地址之差 lea (%rdi, %rdi, 4), %rax # rax = 5i lea (%rsi, %rax, 8), %rax # rax = bp + 40i mov 0x8(%rax), %rdx # rdx = *(bp + 40i + 8) movslq %ecx, %rcx # rcx = ecx(符号扩展) # ecx = n,将其符号扩展,赋值给 x # 由此推断 a_struct 中的 x 是长整型 long 的数组 mov %rcx, 0x10(%rax, %rdx, 8)# 8 * (*(bp + 40i + 8)) + bp + 40i + 16 = rcx retq
Comparison of inferred simply listed in the above figure;
Difficulties in 0x8 MOV (% RAX), RDX% RDX # = (40i + + BP. 8) and mov% rcx, 0x10 (% rax ,% rdx, 8) # 8 * ( (BP + 40i +. 8)) + BP + RCX = 16 + 40i, 40i + BP +. 8 is that it is easy to guess b_struct in a [i] is the first address, and eight-byte b_struct alignment word configuration a_struct section number is 40;
and 8 * (* (bp + 40i + 8)) may know that this is an index, and then infer a_struct in idx ahead of x;
then bp + 40i + 16 can be written bp + 8 + 40i + 8 , 8 is a first front shift, after a shift of 8 idx;
A.
the inference, the number of bytes is a_struct structure 40
the CNT = (288 - 8) / 40 =. 7
B.
typedef struct {
long idx;
long x[4];
} a_struct;
-
Figure:
A: e1.p 0 e1.y 8 e2.x 0 e2.next 8 B:总共需要16个字节
C:
void proc(union ele *up)
{
up->e2.x = *(up->e2.next->e1.p)-up->e2.next->e1.y;
}
- Figure:
#include<stdio.h>
#define MAX 10
void good_echo() {
char buffer[MAX];
while (fgets(buffer, MAX, stdin) != NULL) {
printf("%s", buffer);
if (ferror(stdin)) {
printf("\nError\n");
return;
}
}
}
- FIG:
A.
two consecutive xmm registers, for example, a plurality of the first parameter and% xmm1% xmm0 transfer, and the second to% xmm2% xmm3 transfer, so
B.
% xmm0 implemented as a return value unit,% xmm1 return value as the imaginary part
