- 论坛徽章:
- 0
|
这里有一个例子,很简单
#include <stdio.h>
int myadd(int i, int j)
{
int z = i + j;
return z;
}
int main()
{
int i,j;
i = 1;
j = 2;
int m = i + j;
int n;
n = myadd(i,j);
printf("the sum of i + j = %d \n", m);
printf("the sum of i + j = %d by call myadd.\n", n);
}
我现在执行:
gcc test.c -o test
objdump -d test
观察main函数
00000000004004df <main>:
4004df: 55 push %rbp
4004e0: 48 89 e5 mov %rsp,%rbp
4004e3: 48 83 ec 10 sub $0x10,%rsp
4004e7: c7 45 f0 01 00 00 00 movl $0x1,-0x10(%rbp)
4004ee: c7 45 f4 02 00 00 00 movl $0x2,-0xc(%rbp)
4004f5: 8b 45 f4 mov -0xc(%rbp),%eax
4004f8: 8b 55 f0 mov -0x10(%rbp),%edx
4004fb: 8d 04 02 lea (%rdx,%rax,1),%eax
4004fe: 89 45 f8 mov %eax,-0x8(%rbp)
400501: 8b 55 f4 mov -0xc(%rbp),%edx
400504: 8b 45 f0 mov -0x10(%rbp),%eax
400507: 89 d6 mov %edx,%esi
400509: 89 c7 mov %eax,%edi
40050b: e8 b4 ff ff ff callq 4004c4 <myadd>
400510: 89 45 fc mov %eax,-0x4(%rbp)
400513: b8 48 06 40 00 mov $0x400648,%eax
400518: 8b 55 f8 mov -0x8(%rbp),%edx
40051b: 89 d6 mov %edx,%esi
40051d: 48 89 c7 mov %rax,%rdi
400520: b8 00 00 00 00 mov $0x0,%eax
400525: e8 8e fe ff ff callq 4003b8 <printf@plt>
40052a: b8 60 06 40 00 mov $0x400660,%eax
40052f: 8b 55 fc mov -0x4(%rbp),%edx
400532: 89 d6 mov %edx,%esi
400534: 48 89 c7 mov %rax,%rdi
400537: b8 00 00 00 00 mov $0x0,%eax
40053c: e8 77 fe ff ff callq 4003b8 <printf@plt>
400541: c9 leaveq
400542: c3 retq
400543: 90 nop
400544: 90 nop
400545: 90 nop
400546: 90 nop
400547: 90 nop
400548: 90 nop
400549: 90 nop
40054a: 90 nop
40054b: 90 nop
40054c: 90 nop
40054d: 90 nop
40054e: 90 nop
40054f: 90 nop
然后,我再执行如下
gcc -c test.c
objdump -d test.o
再观察main函数
000000000000001b <main>:
1b: 55 push %rbp
1c: 48 89 e5 mov %rsp,%rbp
1f: 48 83 ec 10 sub $0x10,%rsp
23: c7 45 f0 01 00 00 00 movl $0x1,-0x10(%rbp)
2a: c7 45 f4 02 00 00 00 movl $0x2,-0xc(%rbp)
31: 8b 45 f4 mov -0xc(%rbp),%eax
34: 8b 55 f0 mov -0x10(%rbp),%edx
37: 8d 04 02 lea (%rdx,%rax,1),%eax
3a: 89 45 f8 mov %eax,-0x8(%rbp)
3d: 8b 55 f4 mov -0xc(%rbp),%edx
40: 8b 45 f0 mov -0x10(%rbp),%eax
43: 89 d6 mov %edx,%esi
45: 89 c7 mov %eax,%edi
47: e8 00 00 00 00 callq 4c <main+0x31>
4c: 89 45 fc mov %eax,-0x4(%rbp)
4f: b8 00 00 00 00 mov $0x0,%eax
54: 8b 55 f8 mov -0x8(%rbp),%edx
57: 89 d6 mov %edx,%esi
59: 48 89 c7 mov %rax,%rdi
5c: b8 00 00 00 00 mov $0x0,%eax
61: e8 00 00 00 00 callq 66 <main+0x4b>
66: b8 00 00 00 00 mov $0x0,%eax
6b: 8b 55 fc mov -0x4(%rbp),%edx
6e: 89 d6 mov %edx,%esi
70: 48 89 c7 mov %rax,%rdi
73: b8 00 00 00 00 mov $0x0,%eax
78: e8 00 00 00 00 callq 7d <main+0x62>
7d: c9 leaveq
7e: c3 retq
如上,主要是红色部分的区别,我的问题是,为什么不链接就无法显示所调用的函数名,而只是主函数名+偏移量,原因是什么?
如果我在反汇编存在的库文件的时候,出现和未链接一样的情况,我用什么办法得到主函数到底调用了哪个函数,请高手指点,万分感谢!
现在我在分析一个内核库文件的时候就遇到了这个问题,这个库文件的源代码没有公开,请高手指点 |
|