Chinaunix首页 | 论坛 | 博客
  • 博客访问: 2159639
  • 博文数量: 438
  • 博客积分: 3871
  • 博客等级: 中校
  • 技术积分: 6075
  • 用 户 组: 普通用户
  • 注册时间: 2011-09-10 00:11
个人简介

邮箱: wangcong02345@163.com

文章分类

全部博文(438)

文章存档

2017年(15)

2016年(119)

2015年(91)

2014年(62)

2013年(56)

2012年(79)

2011年(16)

分类: LINUX

2016-08-29 15:07:23

1.1 用bochs对堆栈调试
a. bochs打印栈 print-stack,结合r 打印出的esp看
b. call === push IP    ;即把下一条的指令压栈
   ret ===  pop IP      ;即把栈顶赋到IP中
1.2 代码如下
  1. [bits 32]
  2. section .text
  3. global put_test
  4. put_test:
  5.     mov ecx, 'A'
  6.     push ecx
  7.     call put_char
  8.     ;pop ecx              -->正确的代码是要把pop ecx打开
  9.     ret
1.3 调试过程
  1. Next at t=0
  2. (0) [0x0000fffffff0] f000:fff0 (unk. ctxt): jmpf 0xf000:e05b ; ea5be000f0
  3. <bochs:1> b 0x1500                          -->kernel.bin的运行地址,由0x70000挪到了0x1500处
  4. <bochs:2> c
  5. (0) Breakpoint 1, 0xc0001500 in ?? ()
  6. Next at t=157030835
  7. (0) [0x000000001500] 0008:c0001500 (unk. ctxt): push ebp ; 55
  8. <bochs:3> n
  9. Next at t=157030836
  10. (0) [0x000000001501] 0008:c0001501 (unk. ctxt): mov ebp, esp ; 89e5
  11. <bochs:4> n
  12. Next at t=157030837
  13. (0) [0x000000001503] 0008:c0001503 (unk. ctxt): and esp, 0xfffffff0 ; 83e4f0
  14. <bochs:5>
  15. Next at t=157030838
  16. (0) [0x000000001506] 0008:c0001506 (unk. ctxt): sub esp, 0x00000020 ; 83ec20
  17. <bochs:6>
  18. Next at t=157030839
  19. (0) [0x000000001509] 0008:c0001509 (unk. ctxt): mov dword ptr ss:[esp+28], 0x00000003 ; c744241c03000000
  20. <bochs:7>
  21. Next at t=157030840
  22. (0) [0x000000001511] 0008:c0001511 (unk. ctxt): mov dword ptr ss:[esp], 0x0000006b ; c704246b000000
  23. <bochs:8>
  24. Next at t=157030841
  25. (0) [0x000000001518] 0008:c0001518 (unk. ctxt): call .+47 (0xc000154c) ; e82f000000   -->0xc000154C是函数put_char的地址
  26. <bochs:9> n
  27. Next at t=157030887
  28. (0) [0x00000000151d] 0008:c000151d (unk. ctxt): call .+30 (0xc0001540) ; e81e000000  -->0xc0001540是函数put_test的地址
  29. <bochs:10> s                           -->step in跟进call的函数,即进入put_test
  30. Next at t=157030888
  31. (0) [0x000000001540] 0008:c0001540 (unk. ctxt): mov ecx, 0x00000041 ; b941000000
  32. <bochs:11> print-stack      -->查看栈
  33. Stack address size 4
  34.  | STACK 0xc009efcc [0xc0001522]      -->call之后的栈信息是正确的 esp=0xc009efcc,它的内容是0xc0001522,call后要执行的指令地址
  35.  | STACK 0xc009efd0 [0x0000006b]
  36.  | STACK 0xc009efd4 [0x00000000]
  37.  | STACK 0xc009efd8 [0x00000000]
  38.  | STACK 0xc009efdc [0x00000000]
  39.  | STACK 0xc009efe0 [0x00000000]
  40.  | STACK 0xc009efe4 [0x00000000]
  41.  | STACK 0xc009efe8 [0x00000000]
  42.  | STACK 0xc009efec [0x00000003]
  43.  | STACK 0xc009eff0 [0x00000000]
  44.  | STACK 0xc009eff4 [0x00000000]
  45.  | STACK 0xc009eff8 [0x00000000]
  46.  | STACK 0xc009effc [0x00000000]
  47.  | STACK 0xc009f000 [0x8ec031fa]
  48.  | STACK 0xc009f004 [0x10bb66d8]
  49.  | STACK 0xc009f008 [0x67000005]
  50. <bochs:12> r
  51. eax: 0x00070000 458752
  52. ecx: 0x00000000 0
  53. edx: 0x00000020 32
  54. ebx: 0x00070094 458900
  55. esp: 0xc009efcc -1073090612        -->esp=0xc009efcc
  56. ebp: 0xc009effc -1073090564
  57. esi: 0x00070000 458752
  58. edi: 0x00000000 0
  59. eip: 0xc0001540
  60. eflags 0x00000087: id vip vif ac vm rf nt IOPL=0 of df if tf SF zf af PF CF
  61. <bochs:13> n
  62. Next at t=157030889
  63. (0) [0x000000001545] 0008:c0001545 (unk. ctxt): push ecx ; 51
  64. <bochs:14>
  65. Next at t=157030890
  66. (0) [0x000000001546] 0008:c0001546 (unk. ctxt): call .+1 (0xc000154c) ; e801000000
  67. <bochs:15> print-stack
  68. Stack address size 4
  69.  | STACK 0xc009efc8 [0x00000041]       -->push之后破坏了stack的栈顶
  70.  | STACK 0xc009efcc [0xc0001522]
  71.  | STACK 0xc009efd0 [0x0000006b]
  72.  | STACK 0xc009efd4 [0x00000000]
  73.  | STACK 0xc009efd8 [0x00000000]
  74.  | STACK 0xc009efdc [0x00000000]
  75.  | STACK 0xc009efe0 [0x00000000]
  76.  | STACK 0xc009efe4 [0x00000000]
  77.  | STACK 0xc009efe8 [0x00000000]
  78.  | STACK 0xc009efec [0x00000003]
  79.  | STACK 0xc009eff0 [0x00000000]
  80.  | STACK 0xc009eff4 [0x00000000]
  81.  | STACK 0xc009eff8 [0x00000000]
  82.  | STACK 0xc009effc [0x00000000]
  83.  | STACK 0xc009f000 [0x8ec031fa]
  84.  | STACK 0xc009f004 [0x10bb66d8]
  85. <bochs:16> n
  86. Next at t=157030936
  87. (0) [0x00000000154b] 0008:c000154b (unk. ctxt): ret ; c3
  88. <bochs:17> n
  89. Next at t=157030937
  90. (0) [0x000000000041] 0008:00000041 (unk. ctxt): add dword ptr ds:[eax], eax ; 0100  -->这儿ret是要把栈顶当成下一条要执行的地址
1.4 代码打包
6_1print.rar(下载后改名为6_1print.tar.gz)
阅读(1138) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~