汇编语言与逆向工程实验报告2

查看编译后的 32bit 代码,比较与 64bit 的不同

信息

hello_32.o: 文件格式 elf32-i386

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
hello_32.o:     文件格式 elf32-i386


Disassembly of section .text:

00000000 <fun>:
0: 55 push ebp
1: 89 e5 mov ebp,esp
3: e8 fc ff ff ff call 4 <fun+0x4>
8: 05 01 00 00 00 add eax,0x1
d: 8b 55 08 mov edx,DWORD PTR [ebp+0x8]
10: 8b 45 0c mov eax,DWORD PTR [ebp+0xc]
13: 01 d0 add eax,edx
15: 5d pop ebp
16: c3 ret

00000017 <main>:
17: 8d 4c 24 04 lea ecx,[esp+0x4]
1b: 83 e4 f0 and esp,0xfffffff0
1e: ff 71 fc push DWORD PTR [ecx-0x4]
21: 55 push ebp
22: 89 e5 mov ebp,esp
24: 53 push ebx
25: 51 push ecx
26: 83 ec 10 sub esp,0x10
29: e8 fc ff ff ff call 2a <main+0x13>
2e: 81 c3 02 00 00 00 add ebx,0x2
34: 6a 04 push 0x4
36: 6a 03 push 0x3
38: e8 fc ff ff ff call 39 <main+0x22>
3d: 83 c4 08 add esp,0x8
40: 89 45 f4 mov DWORD PTR [ebp-0xc],eax
43: 83 ec 08 sub esp,0x8
46: ff 75 f4 push DWORD PTR [ebp-0xc]
49: 8d 83 00 00 00 00 lea eax,[ebx+0x0]
4f: 50 push eax
50: e8 fc ff ff ff call 51 <main+0x3a>
55: 83 c4 10 add esp,0x10
58: b8 00 00 00 00 mov eax,0x0
5d: 8d 65 f8 lea esp,[ebp-0x8]
60: 59 pop ecx
61: 5b pop ebx
62: 5d pop ebp
63: 8d 61 fc lea esp,[ecx-0x4]
66: c3 ret

Disassembly of section .text.__x86.get_pc_thunk.ax:

00000000 <__x86.get_pc_thunk.ax>:
0: 8b 04 24 mov eax,DWORD PTR [esp]
3: c3 ret

Disassembly of section .text.__x86.get_pc_thunk.bx:

00000000 <__x86.get_pc_thunk.bx>:
0: 8b 1c 24 mov ebx,DWORD PTR [esp]
3: c3 ret

hello.o: 文件格式 elf64-x86-64

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
hello.o:     文件格式 elf64-x86-64


Disassembly of section .text:

0000000000000000 <fun>:
0: f3 0f 1e fa endbr64
4: 55 push rbp
5: 48 89 e5 mov rbp,rsp
8: 89 7d fc mov DWORD PTR [rbp-0x4],edi
b: 89 75 f8 mov DWORD PTR [rbp-0x8],esi
e: 8b 55 fc mov edx,DWORD PTR [rbp-0x4]
11: 8b 45 f8 mov eax,DWORD PTR [rbp-0x8]
14: 01 d0 add eax,edx
16: 5d pop rbp
17: c3 ret

0000000000000018 <main>:
18: f3 0f 1e fa endbr64
1c: 55 push rbp
1d: 48 89 e5 mov rbp,rsp
20: 48 83 ec 10 sub rsp,0x10
24: be 04 00 00 00 mov esi,0x4
29: bf 03 00 00 00 mov edi,0x3
2e: e8 00 00 00 00 call 33 <main+0x1b>
33: 89 45 fc mov DWORD PTR [rbp-0x4],eax
36: 8b 45 fc mov eax,DWORD PTR [rbp-0x4]
39: 89 c6 mov esi,eax
3b: 48 8d 05 00 00 00 00 lea rax,[rip+0x0] # 42 <main+0x2a>
42: 48 89 c7 mov rdi,rax
45: b8 00 00 00 00 mov eax,0x0
4a: e8 00 00 00 00 call 4f <main+0x37>
4f: b8 00 00 00 00 mov eax,0x0
54: c9 leave
55: c3 ret

区别

fun函数偏移地址不同,汇编指令不同

一个是32位一个是64位

  • 32 位 x86 指令集。
  • 64 位 x86-64 指令集。
  • 32 位寄存器(如 eaxebxedx)。
  • 64 位寄存器(如 raxrbxrdx)。

堆栈操作指令不同

push pop

mov sub