汇编语言与逆向工程实验报告2

查看编译后的 32bit 代码,比较与 64bit 的不同

信息

hello_32.o: 文件格式 elf32-i386

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
hello_32.o:     文件格式 elf32-i386


Disassembly of section .text:

00000000 <fun>:
   0:	55                   	push   ebp
   1:	89 e5                	mov    ebp,esp
   3:	e8 fc ff ff ff       	call   4 <fun+0x4>
   8:	05 01 00 00 00       	add    eax,0x1
   d:	8b 55 08             	mov    edx,DWORD PTR [ebp+0x8]
  10:	8b 45 0c             	mov    eax,DWORD PTR [ebp+0xc]
  13:	01 d0                	add    eax,edx
  15:	5d                   	pop    ebp
  16:	c3                   	ret    

00000017 <main>:
  17:	8d 4c 24 04          	lea    ecx,[esp+0x4]
  1b:	83 e4 f0             	and    esp,0xfffffff0
  1e:	ff 71 fc             	push   DWORD PTR [ecx-0x4]
  21:	55                   	push   ebp
  22:	89 e5                	mov    ebp,esp
  24:	53                   	push   ebx
  25:	51                   	push   ecx
  26:	83 ec 10             	sub    esp,0x10
  29:	e8 fc ff ff ff       	call   2a <main+0x13>
  2e:	81 c3 02 00 00 00    	add    ebx,0x2
  34:	6a 04                	push   0x4
  36:	6a 03                	push   0x3
  38:	e8 fc ff ff ff       	call   39 <main+0x22>
  3d:	83 c4 08             	add    esp,0x8
  40:	89 45 f4             	mov    DWORD PTR [ebp-0xc],eax
  43:	83 ec 08             	sub    esp,0x8
  46:	ff 75 f4             	push   DWORD PTR [ebp-0xc]
  49:	8d 83 00 00 00 00    	lea    eax,[ebx+0x0]
  4f:	50                   	push   eax
  50:	e8 fc ff ff ff       	call   51 <main+0x3a>
  55:	83 c4 10             	add    esp,0x10
  58:	b8 00 00 00 00       	mov    eax,0x0
  5d:	8d 65 f8             	lea    esp,[ebp-0x8]
  60:	59                   	pop    ecx
  61:	5b                   	pop    ebx
  62:	5d                   	pop    ebp
  63:	8d 61 fc             	lea    esp,[ecx-0x4]
  66:	c3                   	ret    

Disassembly of section .text.__x86.get_pc_thunk.ax:

00000000 <__x86.get_pc_thunk.ax>:
   0:	8b 04 24             	mov    eax,DWORD PTR [esp]
   3:	c3                   	ret    

Disassembly of section .text.__x86.get_pc_thunk.bx:

00000000 <__x86.get_pc_thunk.bx>:
   0:	8b 1c 24             	mov    ebx,DWORD PTR [esp]
   3:	c3                   	ret

hello.o: 文件格式 elf64-x86-64

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
hello.o:     文件格式 elf64-x86-64


Disassembly of section .text:

0000000000000000 <fun>:
   0:	f3 0f 1e fa          	endbr64 
   4:	55                   	push   rbp
   5:	48 89 e5             	mov    rbp,rsp
   8:	89 7d fc             	mov    DWORD PTR [rbp-0x4],edi
   b:	89 75 f8             	mov    DWORD PTR [rbp-0x8],esi
   e:	8b 55 fc             	mov    edx,DWORD PTR [rbp-0x4]
  11:	8b 45 f8             	mov    eax,DWORD PTR [rbp-0x8]
  14:	01 d0                	add    eax,edx
  16:	5d                   	pop    rbp
  17:	c3                   	ret    

0000000000000018 <main>:
  18:	f3 0f 1e fa          	endbr64 
  1c:	55                   	push   rbp
  1d:	48 89 e5             	mov    rbp,rsp
  20:	48 83 ec 10          	sub    rsp,0x10
  24:	be 04 00 00 00       	mov    esi,0x4
  29:	bf 03 00 00 00       	mov    edi,0x3
  2e:	e8 00 00 00 00       	call   33 <main+0x1b>
  33:	89 45 fc             	mov    DWORD PTR [rbp-0x4],eax
  36:	8b 45 fc             	mov    eax,DWORD PTR [rbp-0x4]
  39:	89 c6                	mov    esi,eax
  3b:	48 8d 05 00 00 00 00 	lea    rax,[rip+0x0]        # 42 <main+0x2a>
  42:	48 89 c7             	mov    rdi,rax
  45:	b8 00 00 00 00       	mov    eax,0x0
  4a:	e8 00 00 00 00       	call   4f <main+0x37>
  4f:	b8 00 00 00 00       	mov    eax,0x0
  54:	c9                   	leave  
  55:	c3                   	ret

区别

fun函数偏移地址不同,汇编指令不同

一个是32位一个是64位

  • 32 位 x86 指令集。

  • 64 位 x86-64 指令集。

  • 32 位寄存器(如 eaxebxedx)。

  • 64 位寄存器(如 raxrbxrdx)。

堆栈操作指令不同

push pop

mov sub