80484b2: 55 push %ebp
80484b3: 89 e5 mov %esp,%ebp
80484b5: 83 e4 f0 and $0xfffffff0,%esp //地址对齐16字节,别问我为何要地址对齐喔?这都是编译器干的,方便地址寻址。
80484b8: 83 ec 20 sub $0x20,%esp //0x20字节的局部变量存储空间
80484bb: e8 94 ff ff ff call 8048454
80484c0: 89 44 24 1c mov %eax,0x1c(%esp) //将类对象指针存放到局部变量区 Expr* v_obj1 0x1c(%esp)
80484c4: e8 8b ff ff ff call 8048454
80484c9: 89 44 24 18 mov %eax,0x18(%esp) //将类对象指针存放到局部变量区 Expr* v_obj2 0x18(%esp) == 注意:局部变量中第一个变量在栈的下方,此main函数预先分配了32个字节的局部变量空间,变量地址对齐到16字节,也就是每个变量的地址末尾一定是 0,形如 :0xNNNNNNN0 。
80484cd: e8 82 ff ff ff call 8048454
80484d2: 89 44 24 14 mov %eax,0x14(%esp)//将类对象指针存放到局部变量区 Expr* v_obj3 0x14(%esp)
80484d6: e8 79 ff ff ff call 8048454
80484db: 89 44 24 10 mov %eax,0x10(%esp)//将类对象指针存放到局部变量区 Expr* v_obj4 0x10(%esp)
80484df: 8b 44 24 1c mov 0x1c(%esp),%eax //取v_obj1赋值给%eax保存
80484e3: 8b 50 10 mov 0x10(%eax),%edx //取类的成员地址赋给%edx => (type*)(v_obj1+16)
80484e6: c7 44 24 08 05 00 00 movl $0x5,0x8(%esp) //将参数0x5入栈
80484ed: 00
80484ee: c7 44 24 04 b0 86 04 movl $0x80486b0,0x4(%esp) //将参数$0x80486b0入栈,这个静态数猜测是一个静态地址(程序一般不会出来与代码段地址如此相似的整数),
所以我考虑这个是一个静态地址!它又代表什么值呢?我的思路是:先在汇编代码文本中收索地址80486b0,遗憾的是没有找到!!!但是,各位看官一定会发现汇编代码的最后一行是:
80486a7: c3 ret
这个地址非常接近80486b0 啊,haha,我们能够怀疑这个地址在expr程序的某个段中!来吧,用readelf命令看看expr都有那些段:
There are 30 section headers, starting at offset 0x1130:
Section Headers:
[Nr] Name
Type Addr Off Size ES Lk Inf Al
Flags
[ 0]
NULL 00000000 000000 000000 00 0 0 0
[00000000]:
[ 1] .interp
PROGBITS 08048134 000134 000013 00 0 0 1
[00000002]: ALLOC
[ 2] .note.ABI-tag
NOTE 08048148 000148 000020 00 0 0 4
[00000002]: ALLOC
[ 3] .note.gnu.build-id
NOTE 08048168 000168 000024 00 0 0 4
[00000002]: ALLOC
[ 4] .hash
HASH 0804818c 00018c 000030 04 6 0 4
[00000002]: ALLOC
[ 5] .gnu.hash
GNU_HASH 080481bc 0001bc 000020 04 6 0 4
[00000002]: ALLOC
[ 6] .dynsym
DYNSYM 080481dc 0001dc 000070 10 7 1 4
[00000002]: ALLOC
[ 7] .dynstr
STRTAB 0804824c 00024c 000059 00 0 0 1
[00000002]: ALLOC
[ 8] .gnu.version
VERSYM 080482a6 0002a6 00000e 02 6 0 2
[00000002]: ALLOC
[ 9] .gnu.version_r
VERNEED 080482b4 0002b4 000020 00 7 1 4
[00000002]: ALLOC
[10] .rel.dyn
REL 080482d4 0002d4 000008 08 6 0 4
[00000002]: ALLOC
[11] .rel.plt
REL 080482dc 0002dc 000028 08 6 13 4
[00000002]: ALLOC
[12] .init
PROGBITS 08048304 000304 000030 00 0 0 4
[00000006]: ALLOC, EXEC
[13] .plt
PROGBITS 08048334 000334 000060 04 0 0 4
[00000006]: ALLOC, EXEC
[14] .text
PROGBITS 080483a0 0003a0 0002ec 00 0 0 16
[00000006]: ALLOC, EXEC
[15] .fini
PROGBITS 0804868c 00068c 00001c 00 0 0 4
[00000006]: ALLOC, EXEC
[16] .rodata
PROGBITS 080486a8 0006a8 00000e 00 0 0 4
[00000002]: ALLOC
[17] .eh_frame
PROGBITS 080486b8 0006b8 000004 00 0 0 4
[00000002]: ALLOC
[18] .ctors
PROGBITS 08049f0c 000f0c 000008 00 0 0 4
[00000003]: WRITE, ALLOC
[19] .dtors
PROGBITS 08049f14 000f14 000008 00 0 0 4
[00000003]: WRITE, ALLOC
[20] .jcr
PROGBITS 08049f1c 000f1c 000004 00 0 0 4
[00000003]: WRITE, ALLOC
[21] .dynamic
DYNAMIC 08049f20 000f20 0000d0 08 7 0 4
[00000003]: WRITE, ALLOC
[22] .got
PROGBITS 08049ff0 000ff0 000004 04 0 0 4
[00000003]: WRITE, ALLOC
[23] .got.plt
PROGBITS 08049ff4 000ff4 000020 04 0 0 4
[00000003]: WRITE, ALLOC
[24] .data
PROGBITS 0804a014 001014 000008 00 0 0 4
[00000003]: WRITE, ALLOC
[25] .bss
NOBITS 0804a01c 00101c 000008 00 0 0 4
[00000003]: WRITE, ALLOC
[26] .comment
PROGBITS 00000000 00101c 000023 01 0 0 1
[00000030]: MERGE, STRINGS
[27] .shstrtab
STRTAB 00000000 00103f 0000ee 00 0 0 1
[00000000]:
[28] .symtab
SYMTAB 00000000 0015e0 000470 10 29 45 4
[00000000]:
[29] .strtab
STRTAB 00000000 001a50 000248 00 0 0 1
[00000000]:
嗯,段还不少!让我们看看地址0x80486b0是否在某个段中?! Ou,My God! 这个地址正好处于已初始化只读数据段 .rodata 中! 因为段.eh_frame以080486b8开始,.rodata以080486a8开始,并且这个段有0x0e个字节! 0x80486a8 < 0x80486b0 < 0x80486bc
[16] .rodata
PROGBITS 080486a8 0006a8 00000e 00 0 0 4
[00000002]: ALLOC
[17] .eh_frame
PROGBITS 080486b8 0006b8 000004 00 0 0 4
[00000002]: ALLOC
到此,我们一定要再深入一下,看看0x80486b0地址的内容到底是啥!使用readelf 命令,查看特定段的具体内容:
执行命令 readelf -x .rodata expr
(-x Dump the contents of section
Hex dump of section '.rodata':
0x080486a8 03000000 01000200 2d002b00 2a00 ........-.+.*.
wowo, 看到没有,从03开始数起,第9个字节是0x2d,就是字符串“-”啊!
也许这个并不直观,执行命令 readelf -p .rodata expr, 再看:
(-p Dump the contents of section
String dump of section '.rodata':
[ 8] - //没错,是“-”
[ a] +
[ c] *
=====================================================================
80484f5: 08
80484f6: 8b 44 24 1c mov 0x1c(%esp),%eax //取对象指针v_obj1赋值给%eax
80484fa: 89 04 24 mov %eax,(%esp) //将参数%eax也就是对象指针v_obj1入栈
//注意此时的函数栈空间布局
|v_obj1 |0x00 <= 当前 esp = (原始esp - 0x20)
|$0x80486b0 |0x04 “-”
|0x05 |0x08 5
|local_1 |0x0c
|v_obj4 |0x10
|v_obj3 |0x14
|v_obj2 |0x18
|v_obj1 |0x1c “-”
|ebp | <= 原始 esp
|eip |
|arg_1 |
|arg_2 |
|... |
|arg_n |
//C/C++语言函数参数按照从右到左的顺序压栈,注意: 区分__cdecl、stdcall、fastcall、thiscall 的区别
80484fd: ff d2 call *%edx //前面已经知道%edx = (Class Element Type*)(v_obj1+16) 其实就是call v_obj1->xx()函数!
用gdb 汇编单步调试到这里,果然发生Segmentation fault!!!让我们看看%edx到底是啥内容:
(gdb) x /x *$edx
Cannot access memory at address 0x0
(gdb) p %edx
A syntax error in expression, near `%edx'.
(gdb) p $edx
$2 = 0
(gdb) x /x $edx
0x0: Cannot access memory at address 0x0
(gdb) x /x *%edx
A syntax error in expression, near `%edx'.
(gdb) si
0x00000000 in ?? ()
=> 0x00000000: Cannot access memory at address 0x0
(gdb)
Program received signal SIGSEGV, Segmentation fault.
0x00000000 in ?? ()
=> 0x00000000: Cannot access memory at address 0x0
//原来%edx是NULL,也就是说 v_obj1->xx() 成员函数XX是一个NULL函数!原来如此,我们还没有给这个类成员赋予具体的函数指针!!!回头看看源代码,发现确实没有给类的initUnaryX成员变量赋值!
//让我们在expr.h源代码中添加如下内容:
//体现OOP设计: 用来替换抽象类中的print方法
void Int_node_print(Expr_node* t)
{
printf(“ %d “, SUB_PTR(t, Expr_node, Int_node)->n);
}
void Unary_node_print(Expr_node* t)
{
Unary_node* ut = SUB_PTR(t, Expr_node, Unary_node);
printf(“ %s “, ut->op);
ut->opnd->print(ut->opnd);
}
void Binary_node_print(Expr_node* t)
{
Binary_node* bt = SUB_PTR(t, Expr_node, Binary_node);
bt->left->print(bt->left);
printf(“ %s “, bt->op);
bt->right->print(bt->right);
}
void Expr_node_print(Expr_node* t)
{
printf(“ NULL “);
}
//实现Expr类的打印方法
void Expr_print(Expr* t)
{
t->p->print(t->p);
}
// 类对象的初始化函数
void Int_init(Int_node* t, int k)
{
t->n= k;
}
void Unary_init(Unary_node* t, const char* a, Expr* u)
{
strncpy(t->op, a, 2);
t->opnd = u;
}
void Binary_init(Binary_node* t, const char* a, Expr* b, Expr* c)
{
t->left = b;
t->right = c;
strncpy(t->op, a, 2);
}
// Expr类的成员函数实现
void Expr_initInt(Expr* t, int a)
{
t->p = SUPER_PTR(Int_node_new(), Expr_node);
Int_node* it = SUB_PTR(t->p, Expr_node, Int_node);
it->init(it, a);
}
void Expr_initUnaryX(Expr* t, const char* a, int k)
{
t->p = SUPER_PTR(Unary_node_new(), Expr_node);
Unary_node* ut = SUB_PTR(t->p, Expr_node, Unary_node);
Expr* m = Expr_new();
m->initInt(m, k);
ut->init(ut, a, m);
}
void Expr_initBinary(Expr* t, const char* a, Expr* t1, Expr* t2)
{
t->p = SUPER_PTR(Binary_node_new(), Expr_node);
Binary_node* bt = SUB_PTR(t->p, Expr_node, Binary_node);
bt->init(bt, a, t1, t2);
}
void Expr_initBinaryX(Expr* t, const char* a, int b, int c)
{
t->p = SUPER_PTR(Binary_node_new(), Expr_node);
Binary_node* bt = SUB_PTR(t->p, Expr_node, Binary_node);
Expr* t1 = Expr_new();
t1->initInt(t1, b);
Expr* t2 = Expr_new();
t2->initInt(t2, c);
bt->init(bt, a, t1, t2);
}
// 定义Int_node类的构造函数
CTOR(Int_node)
SUPER_CTOR(Expr_node); // 必须初始化基类
Expr_node* f = SUPER_PTR(cthis, Expr_node); //覆盖抽象基类的print方法
f->print = Int_node_print;
FUNCTION_SETTING(init, Int_init); //设置类的初始化函数
printf(“Construct Class Int_node\n”);
END_CTOR;
// 定义Int_node类的析构函数
DTOR(Int_node)
printf(“DeConstruct Class Int_node\n”);
return 1;
END_DTOR;
CTOR(Unary_node)
SUPER_CTOR(Expr_node);
Expr_node* f = SUPER_PTR(cthis, Expr_node);
f->print = Unary_node_print;
FUNCTION_SETTING(init, Unary_init); //设置类的初始化函数
printf(“Construct Class Unary_node\n”);
END_CTOR;
DTOR(Unary_node)
Expr_delete(cthis->opnd);
printf(“DeConstruct Class Unary_node\n”);
return 1;
END_DTOR;
CTOR(Binary_node)
SUPER_CTOR(Expr_node);
Expr_node* f = SUPER_PTR(cthis, Expr_node);
f->print = Binary_node_print;
FUNCTION_SETTING(init, Binary_init); //设置类的初始化函数
printf(“Construct Class Binary_node\n”);
END_CTOR;
DTOR(Binary_node)
Expr_delete(cthis->left);
Expr_delete(cthis->right);
printf(“DeConstruct Class Binary_node\n”);
return 1;
END_DTOR;
CTOR(Expr_node)
//FUNCTION_SETTING(print, Expr_node_print); //因为是抽象类,应该用派生类的成员函数来覆盖print方法
printf(“Construct Class Expr_node\n”);
END_CTOR;
DTOR(Expr_node)
printf(“DeConstruct Class Expr_node\n”);
return 1;
END_DTOR;
// Expr类构造函数
CTOR(Expr)
FUNCTION_SETTING(print, Expr_print); //设置类的初始化函数
FUNCTION_SETTING(initInt, Expr_initInt);
FUNCTION_SETTING(initUnaryX, Expr_initUnaryX);
FUNCTION_SETTING(initBinary, Expr_initBinary);
FUNCTION_SETTING(initBinaryX, Expr_initBinaryX);
printf(“Construct Class Expr\n”);
END_CTOR;
DTOR(Expr)
Expr_node_delete(cthis->p); //调用Expr_node的析构函数
printf(“DeConstruct Class Expr\n”);
return 1;
END_DTOR;
重新编译运行expr, 一切OK!
////////////////////////////////////////////////////////////////////
优化后并剔除符号表的汇编代码 gcc -O3 -s expr main.c
expr: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.15, stripped
////////////////////////////////////////////////////////////////////
expr: file format elf32-i386
Disassembly of section .init:
0804834c <.init>:
804834c: 55 push %ebp
804834d: 89 e5 mov %esp,%ebp
804834f: 53 push %ebx
8048350: 83 ec 04 sub $0x4,%esp
8048353: e8 00 00 00 00 call 8048358 <__gmon_start__@plt-0x34>
8048358: 5b pop %ebx
8048359: 81 c3 9c 2c 00 00 add $0x2c9c,%ebx
804835f: 8b 93 fc ff ff ff mov -0x4(%ebx),%edx
8048365: 85 d2 test %edx,%edx
8048367: 74 05 je 804836e <__gmon_start__@plt-0x1e>
8048369: e8 1e 00 00 00 call 804838c <__gmon_start__@plt>
804836e: e8 0d 01 00 00 call 8048480
8048373: e8 a8 10 00 00 call 8049420
8048378: 58 pop %eax
8048379: 5b pop %ebx
804837a: c9 leave
804837b: c3 ret
Disassembly of section .plt:
0804837c <__gmon_start__@plt-0x10>:
804837c: ff 35 f8 af 04 08 pushl 0x804aff8
8048382: ff 25 fc af 04 08 jmp *0x804affc
8048388: 00 00 add %al,(%eax)
...
0804838c <__gmon_start__@plt>:
804838c: ff 25 00 b0 04 08 jmp *0x804b000
8048392: 68 00 00 00 00 push $0x0
8048397: e9 e0 ff ff ff jmp 804837c <__gmon_start__@plt-0x10>
0804839c <__printf_chk@plt>:
804839c: ff 25 04 b0 04 08 jmp *0x804b004
80483a2: 68 08 00 00 00 push $0x8
80483a7: e9 d0 ff ff ff jmp 804837c <__gmon_start__@plt-0x10>
080483ac
80483ac: ff 25 08 b0 04 08 jmp *0x804b008
80483b2: 68 10 00 00 00 push $0x10
80483b7: e9 c0 ff ff ff jmp 804837c <__gmon_start__@plt-0x10>
080483bc
80483bc: ff 25 0c b0 04 08 jmp *0x804b00c
80483c2: 68 18 00 00 00 push $0x18
80483c7: e9 b0 ff ff ff jmp 804837c <__gmon_start__@plt-0x10>
080483cc <__libc_start_main@plt>:
80483cc: ff 25 10 b0 04 08 jmp *0x804b010
80483d2: 68 20 00 00 00 push $0x20
80483d7: e9 a0 ff ff ff jmp 804837c <__gmon_start__@plt-0x10>
080483dc
80483dc: ff 25 14 b0 04 08 jmp *0x804b014
80483e2: 68 28 00 00 00 push $0x28
80483e7: e9 90 ff ff ff jmp 804837c <__gmon_start__@plt-0x10>
Disassembly of section .text:
//对于去掉符号表的可执行程序,可以从这里开始分析程序的入口函数
//(gdb) set disassemble-next-line on
//(gdb) b *0x080483f0
//(gdb) b __libc_start_main@plt
//(gdb)
// __libc_start_main (main=0x8048cf0, argc=1, ubp_av=0xbffff314, init=0x80493c0, fini=0x80493b0,
// rtld_fini=0xb7ff10c0 <_dl_fini>, stack_end=0xbffff30c) at libc-start.c:96
080483f0 <.text>:
80483f0: 31 ed xor %ebp,%ebp
80483f2: 5e pop %esi
80483f3: 89 e1 mov %esp,%ecx
80483f5: 83 e4 f0 and $0xfffffff0,%esp
80483f8: 50 push %eax
80483f9: 54 push %esp //stack_end
80483fa: 52 push %edx //_dl_init (gdb) x /x $edx
80483fb: 68 b0 93 04 08 push $0x80493b0 //fini
8048400: 68 c0 93 04 08 push $0x80493c0 //init
8048405: 51 push %ecx //argv (gdb) x /s *$ecx (环境变量)
8048406: 56 push %esi //argc (gdb) p $esi (参数个数)
8048407: 68 f0 8c 04 08 push $0x8048cf0 //这个地址就是main() 函数的入口地址,因为本程序argc=1,可以推出int main(void)
804840c: e8 bb ff ff ff call 80483cc <__libc_start_main@plt>
8048411: f4 hlt
8048412: 90 nop
8048413: 90 nop
8048414: 90 nop
8048415: 90 nop
8048416: 90 nop
8048417: 90 nop
8048418: 90 nop
8048419: 90 nop
804841a: 90 nop
804841b: 90 nop
804841c: 90 nop
804841d: 90 nop
804841e: 90 nop
804841f: 90 nop
8048420: 55 push %ebp
8048421: 89 e5 mov %esp,%ebp
8048423: 53 push %ebx
8048424: 83 ec 04 sub $0x4,%esp
8048427: 80 3d 20 b0 04 08 00 cmpb $0x0,0x804b020
804842e: 75 3f jne 804846f
8048430: a1 24 b0 04 08 mov 0x804b024,%eax
8048435: bb 18 af 04 08 mov $0x804af18,%ebx
804843a: 81 eb 14 af 04 08 sub $0x804af14,%ebx
8048440: c1 fb 02 sar $0x2,%ebx
8048443: 83 eb 01 sub $0x1,%ebx
8048446: 39 d8 cmp %ebx,%eax
8048448: 73 1e jae 8048468
804844a: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
8048450: 83 c0 01 add $0x1,%eax
8048453: a3 24 b0 04 08 mov %eax,0x804b024
8048458: ff 14 85 14 af 04 08 call *0x804af14(,%eax,4)
804845f: a1 24 b0 04 08 mov 0x804b024,%eax
8048464: 39 d8 cmp %ebx,%eax
8048466: 72 e8 jb 8048450
8048468: c6 05 20 b0 04 08 01 movb $0x1,0x804b020
804846f: 83 c4 04 add $0x4,%esp
8048472: 5b pop %ebx
8048473: 5d pop %ebp
8048474: c3 ret
8048475: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
8048479: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
8048480: 55 push %ebp
8048481: 89 e5 mov %esp,%ebp
8048483: 83 ec 18 sub $0x18,%esp
8048486: a1 1c af 04 08 mov 0x804af1c,%eax
804848b: 85 c0 test %eax,%eax
804848d: 74 12 je 80484a1
804848f: b8 00 00 00 00 mov $0x0,%eax
8048494: 85 c0 test %eax,%eax
8048496: 74 09 je 80484a1
8048498: c7 04 24 1c af 04 08 movl $0x804af1c,(%esp)
804849f: ff d0 call *%eax
80484a1: c9 leave
80484a2: c3 ret
80484a3: 90 nop
80484a4: 90 nop
80484a5: 90 nop
80484a6: 90 nop
80484a7: 90 nop
80484a8: 90 nop
80484a9: 90 nop
80484aa: 90 nop
80484ab: 90 nop
80484ac: 90 nop
80484ad: 90 nop
80484ae: 90 nop
80484af: 90 nop
//function func_1
80484b0: 55 push %ebp
80484b1: 89 e5 mov %esp,%ebp
80484b3: 83 ec 08 sub $0x8,%esp
80484b6: 8b 45 08 mov 0x8(%ebp),%eax
80484b9: 8b 40 04 mov 0x4(%eax),%eax
80484bc: 89 45 08 mov %eax,0x8(%ebp)
80484bf: 8b 40 04 mov 0x4(%eax),%eax
80484c2: c9 leave
80484c3: ff e0 jmp *%eax
80484c5: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
80484c9: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
80484d0: 55 push %ebp
80484d1: 89 e5 mov %esp,%ebp
80484d3: 8b 55 0c mov 0xc(%ebp),%edx
80484d6: 8b 45 08 mov 0x8(%ebp),%eax
80484d9: 89 50 0c mov %edx,0xc(%eax)
80484dc: 5d pop %ebp
80484dd: c3 ret
80484de: 66 90 xchg %ax,%ax
80484e0: 55 push %ebp
80484e1: 89 e5 mov %esp,%ebp
80484e3: 83 ec 18 sub $0x18,%esp
80484e6: 8b 45 08 mov 0x8(%ebp),%eax
//设置对象成员
80484e9: c7 40 24 b0 84 04 08 movl $0x80484b0,0x24(%eax)
80484f0: c7 40 08 40 8b 04 08 movl $0x8048b40,0x8(%eax)
80484f7: c7 40 10 80 91 04 08 movl $0x8049180,0x10(%eax)
80484fe: c7 40 14 a0 8a 04 08 movl $0x8048aa0,0x14(%eax)
8048505: c7 40 18 30 90 04 08 movl $0x8049030,0x18(%eax)
804850c: c7 44 24 04 d9 94 04 movl $0x80494d9,0x4(%esp)
8048513: 08
8048514: c7 04 24 01 00 00 00 movl $0x1,(%esp)
804851b: e8 7c fe ff ff call 804839c <__printf_chk@plt>
8048520: c9 leave
8048521: c3 ret
8048522: 8d b4 26 00 00 00 00 lea 0x0(%esi,%eiz,1),%esi
8048529: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
8048530: 55 push %ebp
8048531: 89 e5 mov %esp,%ebp
8048533: 83 ec 18 sub $0x18,%esp
8048536: c7 44 24 04 70 94 04 movl $0x8049470,0x4(%esp)
804853d: 08
804853e: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048545: e8 52 fe ff ff call 804839c <__printf_chk@plt>
804854a: b8 01 00 00 00 mov $0x1,%eax
804854f: c9 leave
8048550: c3 ret
8048551: eb 0d jmp 8048560
8048553: 90 nop
8048554: 90 nop
8048555: 90 nop
8048556: 90 nop
8048557: 90 nop
8048558: 90 nop
8048559: 90 nop
804855a: 90 nop
804855b: 90 nop
804855c: 90 nop
804855d: 90 nop
804855e: 90 nop
804855f: 90 nop
8048560: 55 push %ebp
8048561: 89 e5 mov %esp,%ebp
8048563: 83 ec 18 sub $0x18,%esp
8048566: c7 44 24 04 72 94 04 movl $0x8049472,0x4(%esp)
804856d: 08
804856e: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048575: e8 22 fe ff ff call 804839c <__printf_chk@plt>
804857a: c9 leave
804857b: c3 ret
804857c: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
8048580: 55 push %ebp
8048581: 89 e5 mov %esp,%ebp
8048583: 83 ec 18 sub $0x18,%esp
8048586: c7 44 24 04 8d 94 04 movl $0x804948d,0x4(%esp)
804858d: 08
804858e: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048595: e8 02 fe ff ff call 804839c <__printf_chk@plt>
804859a: b8 01 00 00 00 mov $0x1,%eax
804859f: c9 leave
80485a0: c3 ret
80485a1: eb 0d jmp 80485b0
80485a3: 90 nop
80485a4: 90 nop
80485a5: 90 nop
80485a6: 90 nop
80485a7: 90 nop
80485a8: 90 nop
80485a9: 90 nop
80485aa: 90 nop
80485ab: 90 nop
80485ac: 90 nop
80485ad: 90 nop
80485ae: 90 nop
80485af: 90 nop
80485b0: 55 push %ebp
80485b1: 89 e5 mov %esp,%ebp
80485b3: 83 ec 18 sub $0x18,%esp
80485b6: c7 44 24 04 a9 94 04 movl $0x80494a9,0x4(%esp)
80485bd: 08
80485be: c7 04 24 01 00 00 00 movl $0x1,(%esp)
80485c5: e8 d2 fd ff ff call 804839c <__printf_chk@plt>
80485ca: c9 leave
80485cb: c3 ret
80485cc: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
80485d0: 55 push %ebp
80485d1: 89 e5 mov %esp,%ebp
80485d3: 53 push %ebx
80485d4: 83 ec 14 sub $0x14,%esp
80485d7: 8b 5d 08 mov 0x8(%ebp),%ebx
80485da: 8b 43 10 mov 0x10(%ebx),%eax
80485dd: 89 04 24 mov %eax,(%esp)
80485e0: ff 50 24 call *0x24(%eax)
80485e3: 8d 43 0c lea 0xc(%ebx),%eax
80485e6: 89 44 24 08 mov %eax,0x8(%esp)
80485ea: c7 44 24 04 b0 94 04 movl $0x80494b0,0x4(%esp)
80485f1: 08
80485f2: c7 04 24 01 00 00 00 movl $0x1,(%esp)
80485f9: e8 9e fd ff ff call 804839c <__printf_chk@plt>
80485fe: 8b 43 14 mov 0x14(%ebx),%eax
8048601: 89 45 08 mov %eax,0x8(%ebp)
8048604: 8b 40 24 mov 0x24(%eax),%eax
8048607: 83 c4 14 add $0x14,%esp
804860a: 5b pop %ebx
804860b: 5d pop %ebp
804860c: ff e0 jmp *%eax
804860e: 66 90 xchg %ax,%ax
8048610: 55 push %ebp
8048611: 89 e5 mov %esp,%ebp
8048613: 53 push %ebx
8048614: 83 ec 14 sub $0x14,%esp
8048617: 8b 5d 08 mov 0x8(%ebp),%ebx
804861a: c7 44 24 04 b0 94 04 movl $0x80494b0,0x4(%esp)
8048621: 08
8048622: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048629: 8d 43 0c lea 0xc(%ebx),%eax
804862c: 89 44 24 08 mov %eax,0x8(%esp)
8048630: e8 67 fd ff ff call 804839c <__printf_chk@plt>
8048635: 8b 43 10 mov 0x10(%ebx),%eax
8048638: 89 45 08 mov %eax,0x8(%ebp)
804863b: 8b 40 24 mov 0x24(%eax),%eax
804863e: 83 c4 14 add $0x14,%esp
8048641: 5b pop %ebx
8048642: 5d pop %ebp
8048643: ff e0 jmp *%eax
8048645: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
8048649: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
8048650: 55 push %ebp
8048651: 89 e5 mov %esp,%ebp
8048653: 83 ec 18 sub $0x18,%esp
8048656: 8b 45 08 mov 0x8(%ebp),%eax
8048659: 8b 40 0c mov 0xc(%eax),%eax
804865c: c7 44 24 04 b5 94 04 movl $0x80494b5,0x4(%esp)
8048663: 08
8048664: c7 04 24 01 00 00 00 movl $0x1,(%esp)
804866b: 89 44 24 08 mov %eax,0x8(%esp)
804866f: e8 28 fd ff ff call 804839c <__printf_chk@plt>
8048674: c9 leave
8048675: c3 ret
8048676: 8d 76 00 lea 0x0(%esi),%esi
8048679: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
8048680: 55 push %ebp
8048681: 89 e5 mov %esp,%ebp
8048683: 83 ec 08 sub $0x8,%esp
8048686: 8b 45 08 mov 0x8(%ebp),%eax
8048689: 8b 55 10 mov 0x10(%ebp),%edx
804868c: 89 50 10 mov %edx,0x10(%eax)
804868f: 8b 55 14 mov 0x14(%ebp),%edx
8048692: 89 50 14 mov %edx,0x14(%eax)
8048695: 83 c0 0c add $0xc,%eax
8048698: c7 45 10 02 00 00 00 movl $0x2,0x10(%ebp)
804869f: 89 45 08 mov %eax,0x8(%ebp)
80486a2: c9 leave
80486a3: e9 14 fd ff ff jmp 80483bc
80486a8: 90 nop
80486a9: 8d b4 26 00 00 00 00 lea 0x0(%esi,%eiz,1),%esi
80486b0: 55 push %ebp
80486b1: 89 e5 mov %esp,%ebp
80486b3: 53 push %ebx
80486b4: 83 ec 14 sub $0x14,%esp
80486b7: 8b 5d 08 mov 0x8(%ebp),%ebx
80486ba: 8b 45 0c mov 0xc(%ebp),%eax
80486bd: c7 44 24 08 02 00 00 movl $0x2,0x8(%esp)
80486c4: 00
80486c5: 89 44 24 04 mov %eax,0x4(%esp)
80486c9: 8d 43 0c lea 0xc(%ebx),%eax
80486cc: 89 04 24 mov %eax,(%esp)
80486cf: e8 e8 fc ff ff call 80483bc
80486d4: 8b 45 10 mov 0x10(%ebp),%eax
80486d7: 89 43 10 mov %eax,0x10(%ebx)
80486da: 83 c4 14 add $0x14,%esp
80486dd: 5b pop %ebx
80486de: 5d pop %ebp
80486df: c3 ret
80486e0: 55 push %ebp
80486e1: 89 e5 mov %esp,%ebp
80486e3: 53 push %ebx
80486e4: 83 ec 14 sub $0x14,%esp
80486e7: 8b 5d 08 mov 0x8(%ebp),%ebx
80486ea: c7 44 24 04 70 94 04 movl $0x8049470,0x4(%esp)
80486f1: 08
80486f2: c7 04 24 01 00 00 00 movl $0x1,(%esp)
80486f9: e8 9e fc ff ff call 804839c <__printf_chk@plt>
80486fe: 89 5d 08 mov %ebx,0x8(%ebp)
8048701: 83 c4 14 add $0x14,%esp
8048704: 5b pop %ebx
8048705: 5d pop %ebp
8048706: e9 d1 fc ff ff jmp 80483dc
804870b: 90 nop
804870c: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
8048710: 55 push %ebp
8048711: 89 e5 mov %esp,%ebp
8048713: 53 push %ebx
8048714: 83 ec 14 sub $0x14,%esp
8048717: 8b 5d 08 mov 0x8(%ebp),%ebx
804871a: c7 44 24 04 8d 94 04 movl $0x804948d,0x4(%esp)
8048721: 08
8048722: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048729: e8 6e fc ff ff call 804839c <__printf_chk@plt>
804872e: 89 5d 08 mov %ebx,0x8(%ebp)
8048731: 83 c4 14 add $0x14,%esp
8048734: 5b pop %ebx
8048735: 5d pop %ebp
8048736: e9 a1 fc ff ff jmp 80483dc
804873b: 90 nop
804873c: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
8048740: 55 push %ebp
8048741: 89 e5 mov %esp,%ebp
8048743: 53 push %ebx
8048744: 83 ec 14 sub $0x14,%esp
8048747: 8b 5d 08 mov 0x8(%ebp),%ebx
804874a: c7 44 24 04 72 94 04 movl $0x8049472,0x4(%esp)
8048751: 08
8048752: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048759: e8 3e fc ff ff call 804839c <__printf_chk@plt>
804875e: c7 43 04 d0 85 04 08 movl $0x80485d0,0x4(%ebx)
8048765: c7 43 18 80 86 04 08 movl $0x8048680,0x18(%ebx)
804876c: c7 44 24 04 ba 94 04 movl $0x80494ba,0x4(%esp)
8048773: 08
8048774: c7 04 24 01 00 00 00 movl $0x1,(%esp)
804877b: e8 1c fc ff ff call 804839c <__printf_chk@plt>
8048780: 83 c4 14 add $0x14,%esp
8048783: 5b pop %ebx
8048784: 5d pop %ebp
8048785: c3 ret
8048786: 8d 76 00 lea 0x0(%esi),%esi
8048789: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
8048790: 55 push %ebp
8048791: 89 e5 mov %esp,%ebp
8048793: 53 push %ebx
8048794: 83 ec 14 sub $0x14,%esp
8048797: 8b 5d 08 mov 0x8(%ebp),%ebx
804879a: c7 44 24 04 72 94 04 movl $0x8049472,0x4(%esp)
80487a1: 08
80487a2: c7 04 24 01 00 00 00 movl $0x1,(%esp)
80487a9: e8 ee fb ff ff call 804839c <__printf_chk@plt>
80487ae: c7 43 04 10 86 04 08 movl $0x8048610,0x4(%ebx)
80487b5: c7 43 14 b0 86 04 08 movl $0x80486b0,0x14(%ebx)
80487bc: c7 44 24 04 f1 94 04 movl $0x80494f1,0x4(%esp)
80487c3: 08
80487c4: c7 04 24 01 00 00 00 movl $0x1,(%esp)
80487cb: e8 cc fb ff ff call 804839c <__printf_chk@plt>
80487d0: 83 c4 14 add $0x14,%esp
80487d3: 5b pop %ebx
80487d4: 5d pop %ebp
80487d5: c3 ret
80487d6: 8d 76 00 lea 0x0(%esi),%esi
80487d9: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
80487e0: 55 push %ebp
80487e1: 89 e5 mov %esp,%ebp
80487e3: 53 push %ebx
80487e4: 83 ec 14 sub $0x14,%esp
80487e7: 8b 5d 08 mov 0x8(%ebp),%ebx
80487ea: c7 44 24 04 72 94 04 movl $0x8049472,0x4(%esp)
80487f1: 08
80487f2: c7 04 24 01 00 00 00 movl $0x1,(%esp)
80487f9: e8 9e fb ff ff call 804839c <__printf_chk@plt>
80487fe: c7 43 04 50 86 04 08 movl $0x8048650,0x4(%ebx)
8048805: c7 43 10 d0 84 04 08 movl $0x80484d0,0x10(%ebx)
804880c: c7 44 24 04 8f 94 04 movl $0x804948f,0x4(%esp)
8048813: 08
8048814: c7 04 24 01 00 00 00 movl $0x1,(%esp)
804881b: e8 7c fb ff ff call 804839c <__printf_chk@plt>
8048820: 83 c4 14 add $0x14,%esp
8048823: 5b pop %ebx
8048824: 5d pop %ebp
8048825: c3 ret
8048826: 8d 76 00 lea 0x0(%esi),%esi
8048829: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
8048830: 55 push %ebp
8048831: 89 e5 mov %esp,%ebp
8048833: 53 push %ebx
8048834: 83 ec 14 sub $0x14,%esp
8048837: c7 44 24 04 0c 00 00 movl $0xc,0x4(%esp)
804883e: 00
804883f: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048846: e8 61 fb ff ff call 80483ac
804884b: 85 c0 test %eax,%eax
804884d: 89 c3 mov %eax,%ebx
804884f: 74 14 je 8048865
8048851: c7 44 24 04 72 94 04 movl $0x8049472,0x4(%esp)
8048858: 08
8048859: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048860: e8 37 fb ff ff call 804839c <__printf_chk@plt>
8048865: 89 d8 mov %ebx,%eax
8048867: 83 c4 14 add $0x14,%esp
804886a: 5b pop %ebx
804886b: 5d pop %ebp
804886c: c3 ret
804886d: 8d 76 00 lea 0x0(%esi),%esi
8048870: 55 push %ebp
8048871: 89 e5 mov %esp,%ebp
8048873: 53 push %ebx
8048874: 83 ec 14 sub $0x14,%esp
8048877: c7 44 24 04 28 00 00 movl $0x28,0x4(%esp)
804887e: 00
804887f: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048886: e8 21 fb ff ff call 80483ac
804888b: 85 c0 test %eax,%eax
804888d: 89 c3 mov %eax,%ebx
804888f: 74 37 je 80488c8
8048891: c7 40 24 b0 84 04 08 movl $0x80484b0,0x24(%eax)
8048898: c7 40 08 40 8b 04 08 movl $0x8048b40,0x8(%eax)
804889f: c7 40 10 80 91 04 08 movl $0x8049180,0x10(%eax)
80488a6: c7 40 14 a0 8a 04 08 movl $0x8048aa0,0x14(%eax)
80488ad: c7 40 18 30 90 04 08 movl $0x8049030,0x18(%eax)
80488b4: c7 44 24 04 d9 94 04 movl $0x80494d9,0x4(%esp)
80488bb: 08
80488bc: c7 04 24 01 00 00 00 movl $0x1,(%esp)
80488c3: e8 d4 fa ff ff call 804839c <__printf_chk@plt>
80488c8: 89 d8 mov %ebx,%eax
80488ca: 83 c4 14 add $0x14,%esp
80488cd: 5b pop %ebx
80488ce: 5d pop %ebp
80488cf: c3 ret
80488d0: 55 push %ebp
80488d1: 89 e5 mov %esp,%ebp
80488d3: 53 push %ebx
80488d4: 83 ec 14 sub $0x14,%esp
80488d7: 8b 45 08 mov 0x8(%ebp),%eax
80488da: 8b 58 04 mov 0x4(%eax),%ebx
80488dd: c7 44 24 04 70 94 04 movl $0x8049470,0x4(%esp)
80488e4: 08
80488e5: c7 04 24 01 00 00 00 movl $0x1,(%esp)
80488ec: e8 ab fa ff ff call 804839c <__printf_chk@plt>
80488f1: 89 1c 24 mov %ebx,(%esp)
80488f4: e8 e3 fa ff ff call 80483dc
80488f9: c7 44 24 04 d7 94 04 movl $0x80494d7,0x4(%esp)
8048900: 08
8048901: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048908: e8 8f fa ff ff call 804839c <__printf_chk@plt>
804890d: 83 c4 14 add $0x14,%esp
8048910: b8 01 00 00 00 mov $0x1,%eax
8048915: 5b pop %ebx
8048916: 5d pop %ebp
8048917: c3 ret
8048918: 90 nop
8048919: 8d b4 26 00 00 00 00 lea 0x0(%esi,%eiz,1),%esi
8048920: 55 push %ebp
8048921: 89 e5 mov %esp,%ebp
8048923: 53 push %ebx
8048924: 83 ec 14 sub $0x14,%esp
8048927: c7 44 24 04 14 00 00 movl $0x14,0x4(%esp)
804892e: 00
804892f: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048936: e8 71 fa ff ff call 80483ac
804893b: 85 c0 test %eax,%eax
804893d: 89 c3 mov %eax,%ebx
804893f: 74 36 je 8048977
8048941: c7 44 24 04 72 94 04 movl $0x8049472,0x4(%esp)
8048948: 08
8048949: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048950: e8 47 fa ff ff call 804839c <__printf_chk@plt>
8048955: c7 43 04 50 86 04 08 movl $0x8048650,0x4(%ebx)
804895c: c7 43 10 d0 84 04 08 movl $0x80484d0,0x10(%ebx)
8048963: c7 44 24 04 8f 94 04 movl $0x804948f,0x4(%esp)
804896a: 08
804896b: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048972: e8 25 fa ff ff call 804839c <__printf_chk@plt>
8048977: 89 d8 mov %ebx,%eax
8048979: 83 c4 14 add $0x14,%esp
804897c: 5b pop %ebx
804897d: 5d pop %ebp
804897e: c3 ret
804897f: 90 nop
8048980: 55 push %ebp
8048981: 89 e5 mov %esp,%ebp
8048983: 53 push %ebx
8048984: 83 ec 14 sub $0x14,%esp
8048987: c7 44 24 04 18 00 00 movl $0x18,0x4(%esp)
804898e: 00
804898f: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048996: e8 11 fa ff ff call 80483ac
804899b: 85 c0 test %eax,%eax
804899d: 89 c3 mov %eax,%ebx
804899f: 74 36 je 80489d7
80489a1: c7 44 24 04 72 94 04 movl $0x8049472,0x4(%esp)
80489a8: 08
80489a9: c7 04 24 01 00 00 00 movl $0x1,(%esp)
80489b0: e8 e7 f9 ff ff call 804839c <__printf_chk@plt>
80489b5: c7 43 04 10 86 04 08 movl $0x8048610,0x4(%ebx)
80489bc: c7 43 14 b0 86 04 08 movl $0x80486b0,0x14(%ebx)
80489c3: c7 44 24 04 f1 94 04 movl $0x80494f1,0x4(%esp)
80489ca: 08
80489cb: c7 04 24 01 00 00 00 movl $0x1,(%esp)
80489d2: e8 c5 f9 ff ff call 804839c <__printf_chk@plt>
80489d7: 89 d8 mov %ebx,%eax
80489d9: 83 c4 14 add $0x14,%esp
80489dc: 5b pop %ebx
80489dd: 5d pop %ebp
80489de: c3 ret
80489df: 90 nop
80489e0: 55 push %ebp
80489e1: 89 e5 mov %esp,%ebp
80489e3: 53 push %ebx
80489e4: 83 ec 14 sub $0x14,%esp
80489e7: c7 44 24 04 1c 00 00 movl $0x1c,0x4(%esp)
80489ee: 00
80489ef: c7 04 24 01 00 00 00 movl $0x1,(%esp)
80489f6: e8 b1 f9 ff ff call 80483ac
80489fb: 85 c0 test %eax,%eax
80489fd: 89 c3 mov %eax,%ebx
80489ff: 74 36 je 8048a37
8048a01: c7 44 24 04 72 94 04 movl $0x8049472,0x4(%esp)
8048a08: 08
8048a09: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048a10: e8 87 f9 ff ff call 804839c <__printf_chk@plt>
8048a15: c7 43 04 d0 85 04 08 movl $0x80485d0,0x4(%ebx)
8048a1c: c7 43 18 80 86 04 08 movl $0x8048680,0x18(%ebx)
8048a23: c7 44 24 04 ba 94 04 movl $0x80494ba,0x4(%esp)
8048a2a: 08
8048a2b: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048a32: e8 65 f9 ff ff call 804839c <__printf_chk@plt>
8048a37: 89 d8 mov %ebx,%eax
8048a39: 83 c4 14 add $0x14,%esp
8048a3c: 5b pop %ebx
8048a3d: 5d pop %ebp
8048a3e: c3 ret
8048a3f: 90 nop
8048a40: 55 push %ebp
8048a41: 89 e5 mov %esp,%ebp
8048a43: 83 ec 18 sub $0x18,%esp
8048a46: 89 5d f8 mov %ebx,-0x8(%ebp)
8048a49: 8b 5d 08 mov 0x8(%ebp),%ebx
8048a4c: 89 75 fc mov %esi,-0x4(%ebp)
8048a4f: 8b 73 04 mov 0x4(%ebx),%esi
8048a52: c7 44 24 04 70 94 04 movl $0x8049470,0x4(%esp)
8048a59: 08
8048a5a: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048a61: e8 36 f9 ff ff call 804839c <__printf_chk@plt>
8048a66: 89 34 24 mov %esi,(%esp)
8048a69: e8 6e f9 ff ff call 80483dc
8048a6e: c7 44 24 04 d7 94 04 movl $0x80494d7,0x4(%esp)
8048a75: 08
8048a76: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048a7d: e8 1a f9 ff ff call 804839c <__printf_chk@plt>
8048a82: 8b 75 fc mov -0x4(%ebp),%esi
8048a85: 89 5d 08 mov %ebx,0x8(%ebp)
8048a88: 8b 5d f8 mov -0x8(%ebp),%ebx
8048a8b: 89 ec mov %ebp,%esp
8048a8d: 5d pop %ebp
8048a8e: e9 49 f9 ff ff jmp 80483dc
8048a93: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
8048a99: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
//function func_4
8048aa0: 55 push %ebp
8048aa1: 89 e5 mov %esp,%ebp
8048aa3: 83 ec 38 sub $0x38,%esp
8048aa6: 8b 45 08 mov 0x8(%ebp),%eax
8048aa9: 89 5d f4 mov %ebx,-0xc(%ebp)
8048aac: 89 75 f8 mov %esi,-0x8(%ebp)
8048aaf: 8b 75 10 mov 0x10(%ebp),%esi
8048ab2: 89 7d fc mov %edi,-0x4(%ebp)
8048ab5: 8b 7d 14 mov 0x14(%ebp),%edi
8048ab8: 89 45 e4 mov %eax,-0x1c(%ebp)
8048abb: 8b 45 0c mov 0xc(%ebp),%eax
8048abe: 89 45 e0 mov %eax,-0x20(%ebp)
8048ac1: c7 44 24 04 1c 00 00 movl $0x1c,0x4(%esp)
8048ac8: 00
8048ac9: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048ad0: e8 d7 f8 ff ff call 80483ac
8048ad5: 85 c0 test %eax,%eax
8048ad7: 89 c3 mov %eax,%ebx
8048ad9: 74 36 je 8048b11
8048adb: c7 44 24 04 72 94 04 movl $0x8049472,0x4(%esp)
8048ae2: 08
8048ae3: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048aea: e8 ad f8 ff ff call 804839c <__printf_chk@plt>
8048aef: c7 43 04 d0 85 04 08 movl $0x80485d0,0x4(%ebx)
8048af6: c7 43 18 80 86 04 08 movl $0x8048680,0x18(%ebx)
8048afd: c7 44 24 04 ba 94 04 movl $0x80494ba,0x4(%esp)
8048b04: 08
8048b05: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048b0c: e8 8b f8 ff ff call 804839c <__printf_chk@plt>
8048b11: 8b 45 e4 mov -0x1c(%ebp),%eax
8048b14: 89 58 04 mov %ebx,0x4(%eax)
8048b17: 8b 45 e0 mov -0x20(%ebp),%eax
8048b1a: 89 7d 14 mov %edi,0x14(%ebp)
8048b1d: 8b 7d fc mov -0x4(%ebp),%edi
8048b20: 89 75 10 mov %esi,0x10(%ebp)
8048b23: 8b 75 f8 mov -0x8(%ebp),%esi
8048b26: 89 5d 08 mov %ebx,0x8(%ebp)
8048b29: 89 45 0c mov %eax,0xc(%ebp)
8048b2c: 8b 43 18 mov 0x18(%ebx),%eax
8048b2f: 8b 5d f4 mov -0xc(%ebp),%ebx
8048b32: 89 ec mov %ebp,%esp
8048b34: 5d pop %ebp
8048b35: ff e0 jmp *%eax
8048b37: 89 f6 mov %esi,%esi
8048b39: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
// function func_2
8048b40: 55 push %ebp
8048b41: 89 e5 mov %esp,%ebp
8048b43: 83 ec 28 sub $0x28,%esp
8048b46: 89 5d f4 mov %ebx,-0xc(%ebp)
8048b49: 89 75 f8 mov %esi,-0x8(%ebp)
8048b4c: 8b 75 0c mov 0xc(%ebp),%esi
8048b4f: 89 7d fc mov %edi,-0x4(%ebp)
8048b52: 8b 7d 08 mov 0x8(%ebp),%edi
8048b55: c7 44 24 04 14 00 00 movl $0x14,0x4(%esp)
8048b5c: 00
8048b5d: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048b64: e8 43 f8 ff ff call 80483ac
8048b69: 85 c0 test %eax,%eax
8048b6b: 89 c3 mov %eax,%ebx
8048b6d: 74 36 je 8048ba5
8048b6f: c7 44 24 04 72 94 04 movl $0x8049472,0x4(%esp)
8048b76: 08
8048b77: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048b7e: e8 19 f8 ff ff call 804839c <__printf_chk@plt>
8048b83: c7 43 04 50 86 04 08 movl $0x8048650,0x4(%ebx)
8048b8a: c7 43 10 d0 84 04 08 movl $0x80484d0,0x10(%ebx)
8048b91: c7 44 24 04 8f 94 04 movl $0x804948f,0x4(%esp)
8048b98: 08
8048b99: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048ba0: e8 f7 f7 ff ff call 804839c <__printf_chk@plt>
8048ba5: 89 5f 04 mov %ebx,0x4(%edi)
8048ba8: 8b 7d fc mov -0x4(%ebp),%edi
8048bab: 89 75 0c mov %esi,0xc(%ebp)
8048bae: 8b 75 f8 mov -0x8(%ebp),%esi
8048bb1: 89 5d 08 mov %ebx,0x8(%ebp)
8048bb4: 8b 43 10 mov 0x10(%ebx),%eax
8048bb7: 8b 5d f4 mov -0xc(%ebp),%ebx
8048bba: 89 ec mov %ebp,%esp
8048bbc: 5d pop %ebp
8048bbd: ff e0 jmp *%eax
8048bbf: 90 nop
8048bc0: 55 push %ebp
8048bc1: 89 e5 mov %esp,%ebp
8048bc3: 83 ec 18 sub $0x18,%esp
8048bc6: 8b 45 08 mov 0x8(%ebp),%eax
8048bc9: 89 5d f8 mov %ebx,-0x8(%ebp)
8048bcc: 89 75 fc mov %esi,-0x4(%ebp)
8048bcf: 8b 58 10 mov 0x10(%eax),%ebx
8048bd2: 8b 73 04 mov 0x4(%ebx),%esi
8048bd5: c7 44 24 04 70 94 04 movl $0x8049470,0x4(%esp)
8048bdc: 08
8048bdd: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048be4: e8 b3 f7 ff ff call 804839c <__printf_chk@plt>
8048be9: 89 34 24 mov %esi,(%esp)
8048bec: e8 eb f7 ff ff call 80483dc
8048bf1: c7 44 24 04 d7 94 04 movl $0x80494d7,0x4(%esp)
8048bf8: 08
8048bf9: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048c00: e8 97 f7 ff ff call 804839c <__printf_chk@plt>
8048c05: 89 1c 24 mov %ebx,(%esp)
8048c08: e8 cf f7 ff ff call 80483dc
8048c0d: c7 44 24 04 ef 94 04 movl $0x80494ef,0x4(%esp)
8048c14: 08
8048c15: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048c1c: e8 7b f7 ff ff call 804839c <__printf_chk@plt>
8048c21: 8b 5d f8 mov -0x8(%ebp),%ebx
8048c24: b8 01 00 00 00 mov $0x1,%eax
8048c29: 8b 75 fc mov -0x4(%ebp),%esi
8048c2c: 89 ec mov %ebp,%esp
8048c2e: 5d pop %ebp
8048c2f: c3 ret
8048c30: 55 push %ebp
8048c31: 89 e5 mov %esp,%ebp
8048c33: 83 ec 28 sub $0x28,%esp
8048c36: 89 5d f4 mov %ebx,-0xc(%ebp)
8048c39: 8b 5d 08 mov 0x8(%ebp),%ebx
8048c3c: 89 75 f8 mov %esi,-0x8(%ebp)
8048c3f: 89 7d fc mov %edi,-0x4(%ebp)
8048c42: 8b 73 10 mov 0x10(%ebx),%esi
8048c45: 8b 7e 04 mov 0x4(%esi),%edi
8048c48: c7 44 24 04 70 94 04 movl $0x8049470,0x4(%esp)
8048c4f: 08
8048c50: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048c57: e8 40 f7 ff ff call 804839c <__printf_chk@plt>
8048c5c: 89 3c 24 mov %edi,(%esp)
8048c5f: e8 78 f7 ff ff call 80483dc
8048c64: c7 44 24 04 d7 94 04 movl $0x80494d7,0x4(%esp)
8048c6b: 08
8048c6c: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048c73: e8 24 f7 ff ff call 804839c <__printf_chk@plt>
8048c78: 89 34 24 mov %esi,(%esp)
8048c7b: e8 5c f7 ff ff call 80483dc
8048c80: 8b 5b 14 mov 0x14(%ebx),%ebx
8048c83: 8b 73 04 mov 0x4(%ebx),%esi
8048c86: c7 44 24 04 70 94 04 movl $0x8049470,0x4(%esp)
8048c8d: 08
8048c8e: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048c95: e8 02 f7 ff ff call 804839c <__printf_chk@plt>
8048c9a: 89 34 24 mov %esi,(%esp)
8048c9d: e8 3a f7 ff ff call 80483dc
8048ca2: c7 44 24 04 d7 94 04 movl $0x80494d7,0x4(%esp)
8048ca9: 08
8048caa: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048cb1: e8 e6 f6 ff ff call 804839c <__printf_chk@plt>
8048cb6: 89 1c 24 mov %ebx,(%esp)
8048cb9: e8 1e f7 ff ff call 80483dc
8048cbe: c7 44 24 04 14 95 04 movl $0x8049514,0x4(%esp)
8048cc5: 08
8048cc6: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048ccd: e8 ca f6 ff ff call 804839c <__printf_chk@plt>
8048cd2: 8b 5d f4 mov -0xc(%ebp),%ebx
8048cd5: b8 01 00 00 00 mov $0x1,%eax
8048cda: 8b 75 f8 mov -0x8(%ebp),%esi
8048cdd: 8b 7d fc mov -0x4(%ebp),%edi
8048ce0: 89 ec mov %ebp,%esp
8048ce2: 5d pop %ebp
8048ce3: c3 ret
8048ce4: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
8048cea: 8d bf 00 00 00 00 lea 0x0(%edi),%edi
//funciton int main(void)
8048cf0: 55 push %ebp
8048cf1: 89 e5 mov %esp,%ebp
8048cf3: 83 e4 f0 and $0xfffffff0,%esp
8048cf6: 57 push %edi
8048cf7: 56 push %esi
8048cf8: 53 push %ebx
8048cf9: 83 ec 24 sub $0x24,%esp // 保留0x24个字节的临时变量空间
8048cfc: c7 44 24 04 28 00 00 movl $0x28,0x4(%esp)
8048d03: 00
8048d04: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048d0b: e8 9c f6 ff ff call 80483ac
8048d10: 85 c0 test %eax,%eax // if (%eax != NULL) 判断内存分配是否成功
8048d12: 89 c6 mov %eax,%esi // v_obj1 存入 %esi
8048d14: 74 37 je 8048d4d
// 设置对象v_obj1的成员
8048d16: c7 40 24 b0 84 04 08 movl $0x80484b0,0x24(%eax) // v_obj1->m_func1=func_1 (0x80484b0)
8048d1d: c7 40 08 40 8b 04 08 movl $0x8048b40,0x8(%eax) // v_obj1->m_func2=func_2 (0x8048b40)
8048d24: c7 40 10 80 91 04 08 movl $0x8049180,0x10(%eax) // v_obj1->m_func3=func_3 (0x8049180)
8048d2b: c7 40 14 a0 8a 04 08 movl $0x8048aa0,0x14(%eax) // v_obj1->m_func4=func_4 (0x8048aa0)
8048d32: c7 40 18 30 90 04 08 movl $0x8049030,0x18(%eax) // v_obj1->m_func5=func_5 (0x8049030)
//$0x80494d9 是一个立即数,应该考虑为一个立即寻址,而且它的地址与代码段地址很接近,因此可以怀疑它是在程序中的某个段中的地址
//使用readlef -t ./expr 查看程序的各个段信息如下:
There are 28 section headers, starting at offset 0x2124:
Section Headers:
[Nr] Name
Type Addr Off Size ES Lk Inf Al
Flags
[ 0]
NULL 00000000 000000 000000 00 0 0 0
[00000000]:
[ 1] .interp
PROGBITS 08048134 000134 000013 00 0 0 1
[00000002]: ALLOC
[ 2] .note.ABI-tag
NOTE 08048148 000148 000020 00 0 0 4
[00000002]: ALLOC
[ 3] .note.gnu.build-id
NOTE 08048168 000168 000024 00 0 0 4
[00000002]: ALLOC
[ 4] .hash
HASH 0804818c 00018c 000034 04 6 0 4
[00000002]: ALLOC
[ 5] .gnu.hash
GNU_HASH 080481c0 0001c0 000020 04 6 0 4
[00000002]: ALLOC
[ 6] .dynsym
DYNSYM 080481e0 0001e0 000080 10 7 1 4
[00000002]: ALLOC
[ 7] .dynstr
STRTAB 08048260 000260 000072 00 0 0 1
[00000002]: ALLOC
[ 8] .gnu.version
VERSYM 080482d2 0002d2 000010 02 6 0 2
[00000002]: ALLOC
[ 9] .gnu.version_r
VERNEED 080482e4 0002e4 000030 00 7 1 4
[00000002]: ALLOC
[10] .rel.dyn
REL 08048314 000314 000008 08 6 0 4
[00000002]: ALLOC
[11] .rel.plt
REL 0804831c 00031c 000030 08 6 13 4
[00000002]: ALLOC
[12] .init
PROGBITS 0804834c 00034c 000030 00 0 0 4
[00000006]: ALLOC, EXEC
[13] .plt
PROGBITS 0804837c 00037c 000070 04 0 0 4
[00000006]: ALLOC, EXEC
[14] .text
PROGBITS 080483f0 0003f0 00105c 00 0 0 16
[00000006]: ALLOC, EXEC
[15] .fini
PROGBITS 0804944c 00144c 00001c 00 0 0 4
[00000006]: ALLOC, EXEC
[16] .rodata
PROGBITS 08049468 001468 0000cc 00 0 0 4
[00000002]: ALLOC
[17] .eh_frame
PROGBITS 08049534 001534 000004 00 0 0 4
[00000002]: ALLOC
[18] .ctors
PROGBITS 0804af0c 001f0c 000008 00 0 0 4
[00000003]: WRITE, ALLOC
[19] .dtors
PROGBITS 0804af14 001f14 000008 00 0 0 4
[00000003]: WRITE, ALLOC
[20] .jcr
PROGBITS 0804af1c 001f1c 000004 00 0 0 4
[00000003]: WRITE, ALLOC
[21] .dynamic
DYNAMIC 0804af20 001f20 0000d0 08 7 0 4
[00000003]: WRITE, ALLOC
[22] .got
PROGBITS 0804aff0 001ff0 000004 04 0 0 4
[00000003]: WRITE, ALLOC
[23] .got.plt
PROGBITS 0804aff4 001ff4 000024 04 0 0 4
[00000003]: WRITE, ALLOC
[24] .data
PROGBITS 0804b018 002018 000008 00 0 0 4
[00000003]: WRITE, ALLOC
[25] .bss
NOBITS 0804b020 002020 000008 00 0 0 4
[00000003]: WRITE, ALLOC
[26] .comment
PROGBITS 00000000 002020 000023 01 0 0 1
[00000030]: MERGE, STRINGS
[27] .shstrtab
STRTAB 00000000 002043 0000de 00 0 0 1
[00000000]:
可以很明显地看出,0x80494d9地址出入.rodata段当中,再用命令
readelf -x .rodata ./expr
readelf -p .rodata ./expr
Hex dump of section '.rodata':
0x08049468 03000000 01000200 4465436f 6e737472 ........DeConstr
0x08049478 75637420 436c6173 73204578 70725f6e uct Class Expr_n
0x08049488 6f64650a 00446543 6f6e7374 72756374 ode..DeConstruct
0x08049498 20436c61 73732049 6e745f6e 6f64650a Class Int_node.
0x080494a8 00204e55 4c4c2000 20257320 00202564 . NULL . %s . %d
0x080494b8 2000436f 6e737472 75637420 436c6173 .Construct Clas
0x080494c8 73204269 6e617279 5f6e6f64 650a0044 s Binary_node..D
0x080494d8 65436f6e 73747275 63742043 6c617373 eConstruct Class
0x080494e8 20457870 720a0044 65436f6e 73747275 Expr..DeConstru
0x080494f8 63742043 6c617373 20556e61 72795f6e ct Class Unary_n
0x08049508 6f64650a 002d002b 002a0000 4465436f ode..-.+.*..DeCo
0x08049518 6e737472 75637420 436c6173 73204269 nstruct Class Bi
0x08049528 6e617279 5f6e6f64 650a0000 nary_node...
String dump of section '.rodata':
[ 8] DeConstruct Class Expr_node // [ x] x代表相对本段开始地址的偏移字节数 offset
[ 25] DeConstruct Class Int_node
[ 41] NULL
[ 48] %s
[ 4d] %d
[ 52] Construct Class Binary_node
[ 6f] DeConstruct Class Expr
[ 87] DeConstruct Class Unary_node
[ a5] - //0x0804950d = 0x08049468 + 0xa5
[ a7] +
[ a9] *
[ ac] DeConstruct Class Binary_node
很快我们知道,0x80494d9 就是”Construct Class Expr\n”
8048d39: c7 44 24 04 d9 94 04 movl $0x80494d9,0x4(%esp)
8048d40: 08
8048d41: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048d48: e8 4f f6 ff ff call 804839c <__printf_chk@plt> //__printf_chk@plt(1, “Construct Class Expr\n”) ==> printf(“Construct Class Expr\n”)
//v_obj2
8048d4d: c7 44 24 04 28 00 00 movl $0x28,0x4(%esp)
8048d54: 00
8048d55: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048d5c: e8 4b f6 ff ff call 80483ac
8048d61: 85 c0 test %eax,%eax
8048d63: 89 c3 mov %eax,%ebx //v_obj2 -> %ebx
8048d65: 74 37 je 8048d9e
8048d67: c7 40 24 b0 84 04 08 movl $0x80484b0,0x24(%eax)
8048d6e: c7 40 08 40 8b 04 08 movl $0x8048b40,0x8(%eax)
8048d75: c7 40 10 80 91 04 08 movl $0x8049180,0x10(%eax)
8048d7c: c7 40 14 a0 8a 04 08 movl $0x8048aa0,0x14(%eax)
8048d83: c7 40 18 30 90 04 08 movl $0x8049030,0x18(%eax)
8048d8a: c7 44 24 04 d9 94 04 movl $0x80494d9,0x4(%esp)
8048d91: 08
8048d92: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048d99: e8 fe f5 ff ff call 804839c <__printf_chk@plt>
//v_obj3
8048d9e: c7 44 24 04 28 00 00 movl $0x28,0x4(%esp)
8048da5: 00
8048da6: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048dad: e8 fa f5 ff ff call 80483ac
8048db2: 85 c0 test %eax,%eax
8048db4: 89 c7 mov %eax,%edi //v_obj3 -> %edi
8048db6: 74 37 je 8048def
8048db8: c7 40 24 b0 84 04 08 movl $0x80484b0,0x24(%eax)
8048dbf: c7 40 08 40 8b 04 08 movl $0x8048b40,0x8(%eax)
8048dc6: c7 40 10 80 91 04 08 movl $0x8049180,0x10(%eax)
8048dcd: c7 40 14 a0 8a 04 08 movl $0x8048aa0,0x14(%eax)
8048dd4: c7 40 18 30 90 04 08 movl $0x8049030,0x18(%eax)
8048ddb: c7 44 24 04 d9 94 04 movl $0x80494d9,0x4(%esp)
8048de2: 08
8048de3: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048dea: e8 ad f5 ff ff call 804839c <__printf_chk@plt>
//v_obj4
8048def: c7 44 24 04 28 00 00 movl $0x28,0x4(%esp)
8048df6: 00
8048df7: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048dfe: e8 a9 f5 ff ff call 80483ac
8048e03: 85 c0 test %eax,%eax
8048e05: 89 c2 mov %eax,%edx //v_obj4 -> %edx
8048e07: 74 3f je 8048e48
8048e09: c7 40 24 b0 84 04 08 movl $0x80484b0,0x24(%eax)
8048e10: c7 40 08 40 8b 04 08 movl $0x8048b40,0x8(%eax)
8048e17: c7 40 10 80 91 04 08 movl $0x8049180,0x10(%eax)
8048e1e: c7 40 14 a0 8a 04 08 movl $0x8048aa0,0x14(%eax)
8048e25: c7 40 18 30 90 04 08 movl $0x8049030,0x18(%eax)
8048e2c: 89 44 24 1c mov %eax,0x1c(%esp) // 这里: 将v_obj4-> 0x1c(%esp)
8048e30: c7 44 24 04 d9 94 04 movl $0x80494d9,0x4(%esp)
8048e37: 08
8048e38: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048e3f: e8 58 f5 ff ff call 804839c <__printf_chk@plt>
//因为代码进行了编译优化,它实际将对象保存在寄存器中
//%edx v_obj4 %edi v_obj3 %ebx v_obj2 %esi v_obj1
8048e44: 8b 54 24 1c mov 0x1c(%esp),%edx //v_obj4 -> %edx
8048e48: 89 54 24 1c mov %edx,0x1c(%esp)
8048e4c: 89 34 24 mov %esi,(%esp) //v_obj1 入栈
8048e4f: c7 44 24 08 05 00 00 movl $0x5,0x8(%esp)
8048e56: 00
8048e57: c7 44 24 04 0d 95 04 movl $0x804950d,0x4(%esp) //看.rodata段,这个是”-”
8048e5e: 08
8048e5f: ff 56 10 call *0x10(%esi) //v_obj->m_func3(v_obj1, “-”, 5)
8048e62: 89 34 24 mov %esi,(%esp)
8048e65: ff 56 24 call *0x24(%esi) //v_obj->m_func1(v_obj1)
8048e68: c7 44 24 04 8b 94 04 movl $0x804948b,0x4(%esp) //0x804948b “\n”
8048e6f: 08
8048e70: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048e77: e8 20 f5 ff ff call 804839c <__printf_chk@plt> //printf(“\n”)
8048e7c: 89 1c 24 mov %ebx,(%esp)
8048e7f: c7 44 24 0c 04 00 00 movl $0x4,0xc(%esp)
8048e86: 00
8048e87: c7 44 24 08 03 00 00 movl $0x3,0x8(%esp)
8048e8e: 00
8048e8f: c7 44 24 04 0f 95 04 movl $0x804950f,0x4(%esp)
8048e96: 08
8048e97: ff 53 18 call *0x18(%ebx)
8048e9a: 89 1c 24 mov %ebx,(%esp)
8048e9d: ff 53 24 call *0x24(%ebx)
8048ea0: c7 44 24 04 8b 94 04 movl $0x804948b,0x4(%esp)
8048ea7: 08
8048ea8: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048eaf: e8 e8 f4 ff ff call 804839c <__printf_chk@plt>
8048eb4: 89 5c 24 0c mov %ebx,0xc(%esp)
8048eb8: 89 74 24 08 mov %esi,0x8(%esp)
8048ebc: 89 3c 24 mov %edi,(%esp)
8048ebf: c7 44 24 04 11 95 04 movl $0x8049511,0x4(%esp)
8048ec6: 08
8048ec7: ff 57 14 call *0x14(%edi)
8048eca: 8b 54 24 1c mov 0x1c(%esp),%edx
8048ece: 89 5c 24 0c mov %ebx,0xc(%esp)
8048ed2: 89 7c 24 08 mov %edi,0x8(%esp)
8048ed6: c7 44 24 04 11 95 04 movl $0x8049511,0x4(%esp)
8048edd: 08
8048ede: 89 14 24 mov %edx,(%esp)
8048ee1: ff 52 14 call *0x14(%edx)
8048ee4: 89 3c 24 mov %edi,(%esp)
8048ee7: ff 57 24 call *0x24(%edi)
8048eea: c7 44 24 04 8b 94 04 movl $0x804948b,0x4(%esp)
8048ef1: 08
8048ef2: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048ef9: e8 9e f4 ff ff call 804839c <__printf_chk@plt>
8048efe: 8b 54 24 1c mov 0x1c(%esp),%edx
8048f02: 89 14 24 mov %edx,(%esp)
8048f05: ff 52 24 call *0x24(%edx)
8048f08: c7 44 24 04 8b 94 04 movl $0x804948b,0x4(%esp)
8048f0f: 08
8048f10: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048f17: e8 80 f4 ff ff call 804839c <__printf_chk@plt>
8048f1c: 8b 54 24 1c mov 0x1c(%esp),%edx
8048f20: 8b 4a 04 mov 0x4(%edx),%ecx
8048f23: c7 44 24 04 70 94 04 movl $0x8049470,0x4(%esp)
8048f2a: 08
8048f2b: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048f32: 89 4c 24 18 mov %ecx,0x18(%esp)
8048f36: e8 61 f4 ff ff call 804839c <__printf_chk@plt>
8048f3b: 8b 4c 24 18 mov 0x18(%esp),%ecx
8048f3f: 89 0c 24 mov %ecx,(%esp)
8048f42: e8 95 f4 ff ff call 80483dc
8048f47: c7 44 24 04 d7 94 04 movl $0x80494d7,0x4(%esp)
8048f4e: 08
8048f4f: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048f56: e8 41 f4 ff ff call 804839c <__printf_chk@plt>
8048f5b: 8b 54 24 1c mov 0x1c(%esp),%edx
8048f5f: 89 14 24 mov %edx,(%esp)
8048f62: e8 75 f4 ff ff call 80483dc
8048f67: 8b 57 04 mov 0x4(%edi),%edx
8048f6a: c7 44 24 04 70 94 04 movl $0x8049470,0x4(%esp)
8048f71: 08
8048f72: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048f79: 89 54 24 1c mov %edx,0x1c(%esp)
8048f7d: e8 1a f4 ff ff call 804839c <__printf_chk@plt>
8048f82: 8b 54 24 1c mov 0x1c(%esp),%edx
8048f86: 89 14 24 mov %edx,(%esp)
8048f89: e8 4e f4 ff ff call 80483dc
8048f8e: c7 44 24 04 d7 94 04 movl $0x80494d7,0x4(%esp)
8048f95: 08
8048f96: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048f9d: e8 fa f3 ff ff call 804839c <__printf_chk@plt>
8048fa2: 89 3c 24 mov %edi,(%esp)
8048fa5: e8 32 f4 ff ff call 80483dc
8048faa: 8b 7b 04 mov 0x4(%ebx),%edi
8048fad: c7 44 24 04 70 94 04 movl $0x8049470,0x4(%esp)
8048fb4: 08
8048fb5: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048fbc: e8 db f3 ff ff call 804839c <__printf_chk@plt>
8048fc1: 89 3c 24 mov %edi,(%esp)
8048fc4: e8 13 f4 ff ff call 80483dc
8048fc9: c7 44 24 04 d7 94 04 movl $0x80494d7,0x4(%esp)
8048fd0: 08
8048fd1: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048fd8: e8 bf f3 ff ff call 804839c <__printf_chk@plt>
8048fdd: 89 1c 24 mov %ebx,(%esp)
8048fe0: e8 f7 f3 ff ff call 80483dc
8048fe5: 8b 5e 04 mov 0x4(%esi),%ebx
8048fe8: c7 44 24 04 70 94 04 movl $0x8049470,0x4(%esp)
8048fef: 08
8048ff0: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8048ff7: e8 a0 f3 ff ff call 804839c <__printf_chk@plt>
8048ffc: 89 1c 24 mov %ebx,(%esp)
8048fff: e8 d8 f3 ff ff call 80483dc
8049004: c7 44 24 04 d7 94 04 movl $0x80494d7,0x4(%esp)
804900b: 08
804900c: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8049013: e8 84 f3 ff ff call 804839c <__printf_chk@plt>
8049018: 89 34 24 mov %esi,(%esp)
804901b: e8 bc f3 ff ff call 80483dc
8049020: 83 c4 24 add $0x24,%esp
8049023: 31 c0 xor %eax,%eax
8049025: 5b pop %ebx
8049026: 5e pop %esi
8049027: 5f pop %edi
8049028: 89 ec mov %ebp,%esp
804902a: 5d pop %ebp
804902b: c3 ret
804902c: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
//function func_5
8049030: 55 push %ebp
8049031: 89 e5 mov %esp,%ebp
8049033: 57 push %edi
8049034: 56 push %esi
8049035: 53 push %ebx
8049036: 83 ec 2c sub $0x2c,%esp
8049039: 8b 45 0c mov 0xc(%ebp),%eax
804903c: 8b 5d 08 mov 0x8(%ebp),%ebx
804903f: 8b 75 10 mov 0x10(%ebp),%esi
8049042: 89 45 e4 mov %eax,-0x1c(%ebp)
8049045: 8b 45 14 mov 0x14(%ebp),%eax
8049048: 89 45 e0 mov %eax,-0x20(%ebp)
804904b: c7 44 24 04 1c 00 00 movl $0x1c,0x4(%esp)
8049052: 00
8049053: c7 04 24 01 00 00 00 movl $0x1,(%esp)
804905a: e8 4d f3 ff ff call 80483ac
804905f: 85 c0 test %eax,%eax
8049061: 89 c7 mov %eax,%edi
8049063: 74 36 je 804909b
8049065: c7 44 24 04 72 94 04 movl $0x8049472,0x4(%esp)
804906c: 08
804906d: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8049074: e8 23 f3 ff ff call 804839c <__printf_chk@plt>
8049079: c7 47 04 d0 85 04 08 movl $0x80485d0,0x4(%edi)
8049080: c7 47 18 80 86 04 08 movl $0x8048680,0x18(%edi)
8049087: c7 44 24 04 ba 94 04 movl $0x80494ba,0x4(%esp)
804908e: 08
804908f: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8049096: e8 01 f3 ff ff call 804839c <__printf_chk@plt>
804909b: 89 7b 04 mov %edi,0x4(%ebx)
804909e: c7 44 24 04 28 00 00 movl $0x28,0x4(%esp)
80490a5: 00
80490a6: c7 04 24 01 00 00 00 movl $0x1,(%esp)
80490ad: e8 fa f2 ff ff call 80483ac
80490b2: 85 c0 test %eax,%eax
80490b4: 89 c3 mov %eax,%ebx
80490b6: 74 37 je 80490ef
80490b8: c7 40 24 b0 84 04 08 movl $0x80484b0,0x24(%eax)
80490bf: c7 40 08 40 8b 04 08 movl $0x8048b40,0x8(%eax)
80490c6: c7 40 10 80 91 04 08 movl $0x8049180,0x10(%eax)
80490cd: c7 40 14 a0 8a 04 08 movl $0x8048aa0,0x14(%eax)
80490d4: c7 40 18 30 90 04 08 movl $0x8049030,0x18(%eax)
80490db: c7 44 24 04 d9 94 04 movl $0x80494d9,0x4(%esp)
80490e2: 08
80490e3: c7 04 24 01 00 00 00 movl $0x1,(%esp)
80490ea: e8 ad f2 ff ff call 804839c <__printf_chk@plt>
80490ef: 89 74 24 04 mov %esi,0x4(%esp)
80490f3: 89 1c 24 mov %ebx,(%esp)
80490f6: ff 53 08 call *0x8(%ebx)
80490f9: c7 44 24 04 28 00 00 movl $0x28,0x4(%esp)
8049100: 00
8049101: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8049108: e8 9f f2 ff ff call 80483ac
804910d: 85 c0 test %eax,%eax
804910f: 89 c6 mov %eax,%esi
8049111: 74 37 je 804914a
8049113: c7 40 24 b0 84 04 08 movl $0x80484b0,0x24(%eax)
804911a: c7 40 08 40 8b 04 08 movl $0x8048b40,0x8(%eax)
8049121: c7 40 10 80 91 04 08 movl $0x8049180,0x10(%eax)
8049128: c7 40 14 a0 8a 04 08 movl $0x8048aa0,0x14(%eax)
804912f: c7 40 18 30 90 04 08 movl $0x8049030,0x18(%eax)
8049136: c7 44 24 04 d9 94 04 movl $0x80494d9,0x4(%esp)
804913d: 08
804913e: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8049145: e8 52 f2 ff ff call 804839c <__printf_chk@plt>
804914a: 8b 45 e0 mov -0x20(%ebp),%eax
804914d: 89 34 24 mov %esi,(%esp)
8049150: 89 44 24 04 mov %eax,0x4(%esp)
8049154: ff 56 08 call *0x8(%esi)
8049157: 8b 45 e4 mov -0x1c(%ebp),%eax
804915a: 89 75 14 mov %esi,0x14(%ebp)
804915d: 89 5d 10 mov %ebx,0x10(%ebp)
8049160: 89 7d 08 mov %edi,0x8(%ebp)
8049163: 89 45 0c mov %eax,0xc(%ebp)
8049166: 8b 47 18 mov 0x18(%edi),%eax
8049169: 83 c4 2c add $0x2c,%esp
804916c: 5b pop %ebx
804916d: 5e pop %esi
804916e: 5f pop %edi
804916f: 5d pop %ebp
8049170: ff e0 jmp *%eax
8049172: 8d b4 26 00 00 00 00 lea 0x0(%esi,%eiz,1),%esi
8049179: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
//function func_3
8049180: 55 push %ebp
8049181: 89 e5 mov %esp,%ebp
8049183: 83 ec 38 sub $0x38,%esp
8049186: 8b 45 10 mov 0x10(%ebp),%eax
8049189: 89 5d f4 mov %ebx,-0xc(%ebp)
804918c: 8b 5d 08 mov 0x8(%ebp),%ebx
804918f: 89 75 f8 mov %esi,-0x8(%ebp)
8049192: 89 7d fc mov %edi,-0x4(%ebp)
8049195: 8b 7d 0c mov 0xc(%ebp),%edi
8049198: 89 45 e4 mov %eax,-0x1c(%ebp)
804919b: c7 44 24 04 18 00 00 movl $0x18,0x4(%esp)
80491a2: 00
80491a3: c7 04 24 01 00 00 00 movl $0x1,(%esp)
80491aa: e8 fd f1 ff ff call 80483ac
80491af: 85 c0 test %eax,%eax
80491b1: 89 c6 mov %eax,%esi
80491b3: 74 36 je 80491eb
80491b5: c7 44 24 04 72 94 04 movl $0x8049472,0x4(%esp)
80491bc: 08
80491bd: c7 04 24 01 00 00 00 movl $0x1,(%esp)
80491c4: e8 d3 f1 ff ff call 804839c <__printf_chk@plt>
80491c9: c7 46 04 10 86 04 08 movl $0x8048610,0x4(%esi)
80491d0: c7 46 14 b0 86 04 08 movl $0x80486b0,0x14(%esi)
80491d7: c7 44 24 04 f1 94 04 movl $0x80494f1,0x4(%esp)
80491de: 08
80491df: c7 04 24 01 00 00 00 movl $0x1,(%esp)
80491e6: e8 b1 f1 ff ff call 804839c <__printf_chk@plt>
80491eb: 89 73 04 mov %esi,0x4(%ebx)
80491ee: c7 44 24 04 28 00 00 movl $0x28,0x4(%esp)
80491f5: 00
80491f6: c7 04 24 01 00 00 00 movl $0x1,(%esp)
80491fd: e8 aa f1 ff ff call 80483ac
8049202: 85 c0 test %eax,%eax
8049204: 89 c3 mov %eax,%ebx
8049206: 74 37 je 804923f
//设置对象成员
8049208: c7 40 24 b0 84 04 08 movl $0x80484b0,0x24(%eax)
804920f: c7 40 08 40 8b 04 08 movl $0x8048b40,0x8(%eax)
8049216: c7 40 10 80 91 04 08 movl $0x8049180,0x10(%eax)
804921d: c7 40 14 a0 8a 04 08 movl $0x8048aa0,0x14(%eax)
8049224: c7 40 18 30 90 04 08 movl $0x8049030,0x18(%eax)
804922b: c7 44 24 04 d9 94 04 movl $0x80494d9,0x4(%esp)
8049232: 08
8049233: c7 04 24 01 00 00 00 movl $0x1,(%esp)
804923a: e8 5d f1 ff ff call 804839c <__printf_chk@plt>
804923f: 8b 45 e4 mov -0x1c(%ebp),%eax
8049242: 89 1c 24 mov %ebx,(%esp)
8049245: 89 44 24 04 mov %eax,0x4(%esp)
8049249: ff 53 08 call *0x8(%ebx)
804924c: 89 5d 10 mov %ebx,0x10(%ebp)
804924f: 8b 5d f4 mov -0xc(%ebp),%ebx
8049252: 89 7d 0c mov %edi,0xc(%ebp)
8049255: 8b 7d fc mov -0x4(%ebp),%edi
8049258: 89 75 08 mov %esi,0x8(%ebp)
804925b: 8b 46 14 mov 0x14(%esi),%eax
804925e: 8b 75 f8 mov -0x8(%ebp),%esi
8049261: 89 ec mov %ebp,%esp
8049263: 5d pop %ebp
8049264: ff e0 jmp *%eax
8049266: 8d 76 00 lea 0x0(%esi),%esi
8049269: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
8049270: 55 push %ebp
8049271: 89 e5 mov %esp,%ebp
8049273: 83 ec 28 sub $0x28,%esp
8049276: 89 5d f4 mov %ebx,-0xc(%ebp)
8049279: 8b 5d 08 mov 0x8(%ebp),%ebx
804927c: 89 75 f8 mov %esi,-0x8(%ebp)
804927f: 89 7d fc mov %edi,-0x4(%ebp)
8049282: 8b 73 10 mov 0x10(%ebx),%esi
8049285: 8b 7e 04 mov 0x4(%esi),%edi
8049288: c7 44 24 04 70 94 04 movl $0x8049470,0x4(%esp)
804928f: 08
8049290: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8049297: e8 00 f1 ff ff call 804839c <__printf_chk@plt>
804929c: 89 3c 24 mov %edi,(%esp)
804929f: e8 38 f1 ff ff call 80483dc
80492a4: c7 44 24 04 d7 94 04 movl $0x80494d7,0x4(%esp)
80492ab: 08
80492ac: c7 04 24 01 00 00 00 movl $0x1,(%esp)
80492b3: e8 e4 f0 ff ff call 804839c <__printf_chk@plt>
80492b8: 89 34 24 mov %esi,(%esp)
80492bb: e8 1c f1 ff ff call 80483dc
80492c0: c7 44 24 04 ef 94 04 movl $0x80494ef,0x4(%esp)
80492c7: 08
80492c8: c7 04 24 01 00 00 00 movl $0x1,(%esp)
80492cf: e8 c8 f0 ff ff call 804839c <__printf_chk@plt>
80492d4: 8b 75 f8 mov -0x8(%ebp),%esi
80492d7: 89 5d 08 mov %ebx,0x8(%ebp)
80492da: 8b 7d fc mov -0x4(%ebp),%edi
80492dd: 8b 5d f4 mov -0xc(%ebp),%ebx
80492e0: 89 ec mov %ebp,%esp
80492e2: 5d pop %ebp
80492e3: e9 f4 f0 ff ff jmp 80483dc
80492e8: 90 nop
80492e9: 8d b4 26 00 00 00 00 lea 0x0(%esi,%eiz,1),%esi
80492f0: 55 push %ebp
80492f1: 89 e5 mov %esp,%ebp
80492f3: 83 ec 28 sub $0x28,%esp
80492f6: 89 5d f4 mov %ebx,-0xc(%ebp)
80492f9: 8b 5d 08 mov 0x8(%ebp),%ebx
80492fc: 89 75 f8 mov %esi,-0x8(%ebp)
80492ff: 89 7d fc mov %edi,-0x4(%ebp)
8049302: 8b 73 10 mov 0x10(%ebx),%esi
8049305: 8b 7e 04 mov 0x4(%esi),%edi
8049308: c7 44 24 04 70 94 04 movl $0x8049470,0x4(%esp)
804930f: 08
8049310: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8049317: e8 80 f0 ff ff call 804839c <__printf_chk@plt>
804931c: 89 3c 24 mov %edi,(%esp)
804931f: e8 b8 f0 ff ff call 80483dc
8049324: c7 44 24 04 d7 94 04 movl $0x80494d7,0x4(%esp)
804932b: 08
804932c: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8049333: e8 64 f0 ff ff call 804839c <__printf_chk@plt>
8049338: 89 34 24 mov %esi,(%esp)
804933b: e8 9c f0 ff ff call 80483dc
8049340: 8b 73 14 mov 0x14(%ebx),%esi
8049343: 8b 7e 04 mov 0x4(%esi),%edi
8049346: c7 44 24 04 70 94 04 movl $0x8049470,0x4(%esp)
804934d: 08
804934e: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8049355: e8 42 f0 ff ff call 804839c <__printf_chk@plt>
804935a: 89 3c 24 mov %edi,(%esp)
804935d: e8 7a f0 ff ff call 80483dc
8049362: c7 44 24 04 d7 94 04 movl $0x80494d7,0x4(%esp)
8049369: 08
804936a: c7 04 24 01 00 00 00 movl $0x1,(%esp)
8049371: e8 26 f0 ff ff call 804839c <__printf_chk@plt>
8049376: 89 34 24 mov %esi,(%esp)
8049379: e8 5e f0 ff ff call 80483dc
804937e: c7 44 24 04 14 95 04 movl $0x8049514,0x4(%esp)
8049385: 08
8049386: c7 04 24 01 00 00 00 movl $0x1,(%esp)
804938d: e8 0a f0 ff ff call 804839c <__printf_chk@plt>
8049392: 8b 75 f8 mov -0x8(%ebp),%esi
8049395: 89 5d 08 mov %ebx,0x8(%ebp)
8049398: 8b 7d fc mov -0x4(%ebp),%edi
804939b: 8b 5d f4 mov -0xc(%ebp),%ebx
804939e: 89 ec mov %ebp,%esp
80493a0: 5d pop %ebp
80493a1: e9 36 f0 ff ff jmp 80483dc
80493a6: 90 nop
80493a7: 90 nop
80493a8: 90 nop
80493a9: 90 nop
80493aa: 90 nop
80493ab: 90 nop
80493ac: 90 nop
80493ad: 90 nop
80493ae: 90 nop
80493af: 90 nop
80493b0: 55 push %ebp
80493b1: 89 e5 mov %esp,%ebp
80493b3: 5d pop %ebp
80493b4: c3 ret
80493b5: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
80493b9: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
80493c0: 55 push %ebp
80493c1: 89 e5 mov %esp,%ebp
80493c3: 57 push %edi
80493c4: 56 push %esi
80493c5: 53 push %ebx
80493c6: e8 4f 00 00 00 call 804941a
80493cb: 81 c3 29 1c 00 00 add $0x1c29,%ebx
80493d1: 83 ec 1c sub $0x1c,%esp
80493d4: e8 73 ef ff ff call 804834c <__gmon_start__@plt-0x40>
80493d9: 8d bb 18 ff ff ff lea -0xe8(%ebx),%edi
80493df: 8d 83 18 ff ff ff lea -0xe8(%ebx),%eax
80493e5: 29 c7 sub %eax,%edi
80493e7: c1 ff 02 sar $0x2,%edi
80493ea: 85 ff test %edi,%edi
80493ec: 74 24 je 8049412
80493ee: 31 f6 xor %esi,%esi
80493f0: 8b 45 10 mov 0x10(%ebp),%eax
80493f3: 89 44 24 08 mov %eax,0x8(%esp)
80493f7: 8b 45 0c mov 0xc(%ebp),%eax
80493fa: 89 44 24 04 mov %eax,0x4(%esp)
80493fe: 8b 45 08 mov 0x8(%ebp),%eax
8049401: 89 04 24 mov %eax,(%esp)
8049404: ff 94 b3 18 ff ff ff call *-0xe8(%ebx,%esi,4)
804940b: 83 c6 01 add $0x1,%esi
804940e: 39 fe cmp %edi,%esi
8049410: 72 de jb 80493f0
8049412: 83 c4 1c add $0x1c,%esp
8049415: 5b pop %ebx
8049416: 5e pop %esi
8049417: 5f pop %edi
8049418: 5d pop %ebp
8049419: c3 ret
804941a: 8b 1c 24 mov (%esp),%ebx
804941d: c3 ret
804941e: 90 nop
804941f: 90 nop
8049420: 55 push %ebp
8049421: 89 e5 mov %esp,%ebp
8049423: 53 push %ebx
8049424: 83 ec 04 sub $0x4,%esp
8049427: a1 0c af 04 08 mov 0x804af0c,%eax
804942c: 83 f8 ff cmp $0xffffffff,%eax
804942f: 74 13 je 8049444
8049431: bb 0c af 04 08 mov $0x804af0c,%ebx
8049436: 66 90 xchg %ax,%ax
8049438: 83 eb 04 sub $0x4,%ebx
804943b: ff d0 call *%eax
804943d: 8b 03 mov (%ebx),%eax
804943f: 83 f8 ff cmp $0xffffffff,%eax
8049442: 75 f4 jne 8049438
8049444: 83 c4 04 add $0x4,%esp
8049447: 5b pop %ebx
8049448: 5d pop %ebp
8049449: c3 ret
804944a: 90 nop
804944b: 90 nop
Disassembly of section .fini:
0804944c <.fini>:
804944c: 55 push %ebp
804944d: 89 e5 mov %esp,%ebp
804944f: 53 push %ebx
8049450: 83 ec 04 sub $0x4,%esp
8049453: e8 00 00 00 00 call 8049458
8049458: 5b pop %ebx
8049459: 81 c3 9c 1b 00 00 add $0x1b9c,%ebx
804945f: e8 bc ef ff ff call 8048420
8049464: 59 pop %ecx
8049465: 5b pop %ebx
8049466: c9 leave
8049467: c3 ret