题目如下
...........................................................................
You are charged with maintaining a large C program, and you come across the following code:
typedef struct {
int left;
a_struct a[CNT];
int right;
} b_struct;
void test(int i, b_struct *bp)
{
int n = bp->left + bp->right;
a_struct *ap = &bp->a[i];
ap->x[ap->idx] = n;
}
|
Unfortunately, the ‘.h’ file defining the compile-time constant CNT and the structure a_struct are in files for which you do not have access privileges. Fortunately, you have access to a ‘.o’ version of code, which you are able to disassemble with the objdump program, yielding the disassembly shown in Figure below.
00000000 <test>:
0: 55 push %ebp
1: 89 e5 mov %esp,%ebp
3: 53 push %ebx
4: 8b 45 08 mov 0x8(%ebp),%eax
7: 8b 4d 0c mov 0xc(%ebp),%ecx
a: 8d 04 80 lea (%eax,%eax,4),%eax
d: 8d 44 81 04 lea 0x4(%ecx,%eax,4),%eax
11: 8b 10 mov (%eax),%edx
13: c1 e2 02 shl $0x2,%edx
16: 8b 99 b8 00 00 00 mov 0xb8(%ecx),%ebx
1c: 03 19 add (%ecx),%ebx
1e: 89 5c 02 04 mov %ebx,0x4(%edx,%eax,1)
22: 5b pop %ebx
23: 89 ec mov %ebp,%esp
25: 5d pop %ebp
26: c3 ret
|
Using your reverse engineering skills, deduce the following:
A. The value of CNT.
B. A complete declaration of structure a_struct. Assume that the only fields in this structure are idx and x.
........................................................................
将汇编代码按句翻译成伪代码
%eax = i
%ecx = bp
%eax = 5i
%eax = bp + 20i + 4 // int left占4 每个a_struct占20
%eax = &(bp->a[i])
%edx = *(int*) &(bp->a[i]) // int idx
%edx *= 4 // idx*4
%ebx = bp + (4 + 20*9) // right所在位置,所以CNT = 9
%ebx = left + right
%ebx = &(bp->a[i]) + idx*4 + 4 // 所以 a_struct是一个int加一个4 int的数组。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
记录下每一小步,就当备忘吧
阅读(1313) | 评论(0) | 转发(0) |
