1.1 用bochs对堆栈调试
a. bochs打印栈 print-stack,结合r 打印出的esp看
b. call === push IP ;即把下一条的指令压栈
ret === pop IP ;即把栈顶赋到IP中
1.2 代码如下
-
[bits 32]
-
section .text
-
global put_test
-
put_test:
-
mov ecx, 'A'
-
push ecx
-
call put_char
-
;pop ecx -->正确的代码是要把pop ecx打开
-
ret
1.3 调试过程
-
Next at t=0
-
(0) [0x0000fffffff0] f000:fff0 (unk. ctxt): jmpf 0xf000:e05b ; ea5be000f0
-
<bochs:1> b 0x1500 -->kernel.bin的运行地址,由0x70000挪到了0x1500处
-
<bochs:2> c
-
(0) Breakpoint 1, 0xc0001500 in ?? ()
-
Next at t=157030835
-
(0) [0x000000001500] 0008:c0001500 (unk. ctxt): push ebp ; 55
-
<bochs:3> n
-
Next at t=157030836
-
(0) [0x000000001501] 0008:c0001501 (unk. ctxt): mov ebp, esp ; 89e5
-
<bochs:4> n
-
Next at t=157030837
-
(0) [0x000000001503] 0008:c0001503 (unk. ctxt): and esp, 0xfffffff0 ; 83e4f0
-
<bochs:5>
-
Next at t=157030838
-
(0) [0x000000001506] 0008:c0001506 (unk. ctxt): sub esp, 0x00000020 ; 83ec20
-
<bochs:6>
-
Next at t=157030839
-
(0) [0x000000001509] 0008:c0001509 (unk. ctxt): mov dword ptr ss:[esp+28], 0x00000003 ; c744241c03000000
-
<bochs:7>
-
Next at t=157030840
-
(0) [0x000000001511] 0008:c0001511 (unk. ctxt): mov dword ptr ss:[esp], 0x0000006b ; c704246b000000
-
<bochs:8>
-
Next at t=157030841
-
(0) [0x000000001518] 0008:c0001518 (unk. ctxt): call .+47 (0xc000154c) ; e82f000000 -->0xc000154C是函数put_char的地址
-
<bochs:9> n
-
Next at t=157030887
-
(0) [0x00000000151d] 0008:c000151d (unk. ctxt): call .+30 (0xc0001540) ; e81e000000 -->0xc0001540是函数put_test的地址
-
<bochs:10> s -->step in跟进call的函数,即进入put_test
-
Next at t=157030888
-
(0) [0x000000001540] 0008:c0001540 (unk. ctxt): mov ecx, 0x00000041 ; b941000000
-
<bochs:11> print-stack -->查看栈
-
Stack address size 4
-
| STACK 0xc009efcc [0xc0001522] -->call之后的栈信息是正确的 esp=0xc009efcc,它的内容是0xc0001522,call后要执行的指令地址
-
| STACK 0xc009efd0 [0x0000006b]
-
| STACK 0xc009efd4 [0x00000000]
-
| STACK 0xc009efd8 [0x00000000]
-
| STACK 0xc009efdc [0x00000000]
-
| STACK 0xc009efe0 [0x00000000]
-
| STACK 0xc009efe4 [0x00000000]
-
| STACK 0xc009efe8 [0x00000000]
-
| STACK 0xc009efec [0x00000003]
-
| STACK 0xc009eff0 [0x00000000]
-
| STACK 0xc009eff4 [0x00000000]
-
| STACK 0xc009eff8 [0x00000000]
-
| STACK 0xc009effc [0x00000000]
-
| STACK 0xc009f000 [0x8ec031fa]
-
| STACK 0xc009f004 [0x10bb66d8]
-
| STACK 0xc009f008 [0x67000005]
-
<bochs:12> r
-
eax: 0x00070000 458752
-
ecx: 0x00000000 0
-
edx: 0x00000020 32
-
ebx: 0x00070094 458900
-
esp: 0xc009efcc -1073090612 -->esp=0xc009efcc
-
ebp: 0xc009effc -1073090564
-
esi: 0x00070000 458752
-
edi: 0x00000000 0
-
eip: 0xc0001540
-
eflags 0x00000087: id vip vif ac vm rf nt IOPL=0 of df if tf SF zf af PF CF
-
<bochs:13> n
-
Next at t=157030889
-
(0) [0x000000001545] 0008:c0001545 (unk. ctxt): push ecx ; 51
-
<bochs:14>
-
Next at t=157030890
-
(0) [0x000000001546] 0008:c0001546 (unk. ctxt): call .+1 (0xc000154c) ; e801000000
-
<bochs:15> print-stack
-
Stack address size 4
-
| STACK 0xc009efc8 [0x00000041] -->push之后破坏了stack的栈顶
-
| STACK 0xc009efcc [0xc0001522]
-
| STACK 0xc009efd0 [0x0000006b]
-
| STACK 0xc009efd4 [0x00000000]
-
| STACK 0xc009efd8 [0x00000000]
-
| STACK 0xc009efdc [0x00000000]
-
| STACK 0xc009efe0 [0x00000000]
-
| STACK 0xc009efe4 [0x00000000]
-
| STACK 0xc009efe8 [0x00000000]
-
| STACK 0xc009efec [0x00000003]
-
| STACK 0xc009eff0 [0x00000000]
-
| STACK 0xc009eff4 [0x00000000]
-
| STACK 0xc009eff8 [0x00000000]
-
| STACK 0xc009effc [0x00000000]
-
| STACK 0xc009f000 [0x8ec031fa]
-
| STACK 0xc009f004 [0x10bb66d8]
-
<bochs:16> n
-
Next at t=157030936
-
(0) [0x00000000154b] 0008:c000154b (unk. ctxt): ret ; c3
-
<bochs:17> n
-
Next at t=157030937
-
(0) [0x000000000041] 0008:00000041 (unk. ctxt): add dword ptr ds:[eax], eax ; 0100 -->这儿ret是要把栈顶当成下一条要执行的地址
1.4 代码打包
6_1print.rar(下载后改名为6_1print.tar.gz)
阅读(1138) | 评论(0) | 转发(0) |