如何反汇编系统调用?

发布于 2024-10-16 06:28:18 字数 36 浏览 7 评论 0原文

我怎样才能反汇编系统调用,以便我可以获得其中涉及的汇编指令

How could I disassemble system call, so that i could get the assembly instructions involved in it

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

孤城病女 2024-10-23 06:28:18

嗯,你可以做这样的事情。假设我想获得“dup”的程序集转储:

写下:

#include <stdio.h>
#include <sys/file.h>
int main() {
        return dup(0)
}

编译它:

gcc  -o systest -g3 -O0 systest.c

转储它:

objdump -d systest

查看“main”我看到:

  400478:       55                      push   %rbp
  400479:       48 89 e5                mov    %rsp,%rbp
  40047c:       bf 00 00 00 00          mov    $0x0,%edi
  400481:       b8 00 00 00 00          mov    $0x0,%eax
  400486:       e8 1d ff ff ff          callq  4003a8 <dup@plt>
  40048b:       c9                      leaveq
  40048c:       c3                      retq
  40048d:       90                      nop
  40048e:       90                      nop
  40048f:       90                      nop

所以查看“dup@plt”我看到:

00000000004003a8 <dup@plt>:
  4003a8:       ff 25 7a 04 20 00       jmpq   *2098298(%rip)        # 600828 <_GLOBAL_OFFSET_TABLE_+0x20>
  4003ae:       68 01 00 00 00          pushq  $0x1
  4003b3:       e9 d0 ff ff ff          jmpq   400388 <_init+0x18>

所以它正在调用“全局”偏移表”,我假设它包含所有系统调用向量。就像另一篇文章所说,有关详细信息,请参阅内核源代码(或标准库源代码?)。

Well, you could do something like this. Say I wanted to get an assembly dump of "dup":

Write this:

#include <stdio.h>
#include <sys/file.h>
int main() {
        return dup(0)
}

Compile it:

gcc  -o systest -g3 -O0 systest.c

Dump it:

objdump -d systest

Looking in "main" I see:

  400478:       55                      push   %rbp
  400479:       48 89 e5                mov    %rsp,%rbp
  40047c:       bf 00 00 00 00          mov    $0x0,%edi
  400481:       b8 00 00 00 00          mov    $0x0,%eax
  400486:       e8 1d ff ff ff          callq  4003a8 <dup@plt>
  40048b:       c9                      leaveq
  40048c:       c3                      retq
  40048d:       90                      nop
  40048e:       90                      nop
  40048f:       90                      nop

So looking at "dup@plt" I see:

00000000004003a8 <dup@plt>:
  4003a8:       ff 25 7a 04 20 00       jmpq   *2098298(%rip)        # 600828 <_GLOBAL_OFFSET_TABLE_+0x20>
  4003ae:       68 01 00 00 00          pushq  $0x1
  4003b3:       e9 d0 ff ff ff          jmpq   400388 <_init+0x18>

So it's making a call into a "global offset table", which I would assume has all the syscall vectors. Like the other post said, see the kernel source (or standard library sources?) for details on that.

临风闻羌笛 2024-10-23 06:28:18

我认为你不想这样做。系统调用处理很复杂(请参阅 http://www.ibm.com /developerworks/linux/library/l-system-calls/)。由于您已经用“linux”标记了这个问题,因此您可以从 kernel.org 下载源代码(这将比比汇编代码更容易理解且信息丰富)。

I don't think you want to do this. System call handling is complex (see http://www.ibm.com/developerworks/linux/library/l-system-calls/). Since you have tagged this question with "linux", you can just download the source from kernel.org (which will be far more understandable and informative than the assembly code).

白芷 2024-10-23 06:28:18

要了解 Linux 系统调用,请浏览代码。

重要文件有:

<块引用>

/include/linux/syscalls.h(linux中所有支持的系统调用)

/arch/arm/kernel/entry-common.S(寄存器级系统调用的实现)

/arch/arm/kernel/calls.S(系统调用号)

/arch/arm/include/asm/unistd.h(系统调用地址)

注意:系统调用表只能从 system.map 中寻址。

For understanding linux system call, browse through the code.

Important files are:

/include/linux/syscalls.h (all the supported system calls in linux)

/arch/arm/kernel/entry-common.S (implementation of system call at register level)

/arch/arm/kernel/calls.S (system call numbers)

/arch/arm/include/asm/unistd.h (address of system call)

Note: system call table can be addressed only from system.map only.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文