Shammer's Philosophy

My private adversaria

逆アセンブルしてみる

C

objdump というコマンドで逆アセンブルできるみたいなのでちょっとやってみた。とりあえず、以下の HelloWorld プログラムを逆アセンブルしてみる。本当に Just Memo という内容だが。

#include <stdio.h>

int main(void){
    printf("HelloWorld!\n");
    return 0;
}

これをコンパイル、実行、逆アセンブルしたのが以下。

$ gcc hello.c 
$ ./a.out 
HelloWorld!
$ objdump -d a.out 

a.out:     file format elf64-x86-64


Disassembly of section .init:

00000000004003b8 <_init>:
  4003b8:	48 83 ec 08          	sub    $0x8,%rsp
  4003bc:	e8 6b 00 00 00       	callq  40042c <call_gmon_start>
  4003c1:	48 83 c4 08          	add    $0x8,%rsp
  4003c5:	c3                   	retq   

Disassembly of section .plt:

00000000004003d0 <puts@plt-0x10>:
  4003d0:	ff 35 f2 04 20 00    	pushq  0x2004f2(%rip)        # 6008c8 <_GLOBAL_OFFSET_TABLE_+0x8>
  4003d6:	ff 25 f4 04 20 00    	jmpq   *0x2004f4(%rip)        # 6008d0 <_GLOBAL_OFFSET_TABLE_+0x10>
  4003dc:	0f 1f 40 00          	nopl   0x0(%rax)

00000000004003e0 <puts@plt>:
  4003e0:	ff 25 f2 04 20 00    	jmpq   *0x2004f2(%rip)        # 6008d8 <_GLOBAL_OFFSET_TABLE_+0x18>
  4003e6:	68 00 00 00 00       	pushq  $0x0
  4003eb:	e9 e0 ff ff ff       	jmpq   4003d0 <_init+0x18>

00000000004003f0 <__libc_start_main@plt>:
  4003f0:	ff 25 ea 04 20 00    	jmpq   *0x2004ea(%rip)        # 6008e0 <_GLOBAL_OFFSET_TABLE_+0x20>
  4003f6:	68 01 00 00 00       	pushq  $0x1
  4003fb:	e9 d0 ff ff ff       	jmpq   4003d0 <_init+0x18>

Disassembly of section .text:

0000000000400400 <_start>:
  400400:	31 ed                	xor    %ebp,%ebp
  400402:	49 89 d1             	mov    %rdx,%r9
  400405:	5e                   	pop    %rsi
  400406:	48 89 e2             	mov    %rsp,%rdx
  400409:	48 83 e4 f0          	and    $0xfffffffffffffff0,%rsp
  40040d:	50                   	push   %rax
  40040e:	54                   	push   %rsp
  40040f:	49 c7 c0 30 05 40 00 	mov    $0x400530,%r8
  400416:	48 c7 c1 40 05 40 00 	mov    $0x400540,%rcx
  40041d:	48 c7 c7 0c 05 40 00 	mov    $0x40050c,%rdi
  400424:	e8 c7 ff ff ff       	callq  4003f0 <__libc_start_main@plt>
  400429:	f4                   	hlt    
  40042a:	90                   	nop
  40042b:	90                   	nop

000000000040042c <call_gmon_start>:
  40042c:	48 83 ec 08          	sub    $0x8,%rsp
  400430:	48 8b 05 81 04 20 00 	mov    0x200481(%rip),%rax        # 6008b8 <_DYNAMIC+0x1e0>
  400437:	48 85 c0             	test   %rax,%rax
  40043a:	74 02                	je     40043e <call_gmon_start+0x12>
  40043c:	ff d0                	callq  *%rax
  40043e:	48 83 c4 08          	add    $0x8,%rsp
  400442:	c3                   	retq   
  400443:	90                   	nop
  400444:	90                   	nop
  400445:	90                   	nop
  400446:	90                   	nop
  400447:	90                   	nop
  400448:	90                   	nop
  400449:	90                   	nop
  40044a:	90                   	nop
  40044b:	90                   	nop
  40044c:	90                   	nop
  40044d:	90                   	nop
  40044e:	90                   	nop
  40044f:	90                   	nop

0000000000400450 <deregister_tm_clones>:
  400450:	b8 ff 08 60 00       	mov    $0x6008ff,%eax
  400455:	55                   	push   %rbp
  400456:	48 2d f8 08 60 00    	sub    $0x6008f8,%rax
  40045c:	48 83 f8 0e          	cmp    $0xe,%rax
  400460:	48 89 e5             	mov    %rsp,%rbp
  400463:	77 02                	ja     400467 <deregister_tm_clones+0x17>
  400465:	5d                   	pop    %rbp
  400466:	c3                   	retq   
  400467:	b8 00 00 00 00       	mov    $0x0,%eax
  40046c:	48 85 c0             	test   %rax,%rax
  40046f:	74 f4                	je     400465 <deregister_tm_clones+0x15>
  400471:	5d                   	pop    %rbp
  400472:	bf f8 08 60 00       	mov    $0x6008f8,%edi
  400477:	ff e0                	jmpq   *%rax
  400479:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)

0000000000400480 <register_tm_clones>:
  400480:	b8 f8 08 60 00       	mov    $0x6008f8,%eax
  400485:	55                   	push   %rbp
  400486:	48 2d f8 08 60 00    	sub    $0x6008f8,%rax
  40048c:	48 c1 f8 03          	sar    $0x3,%rax
  400490:	48 89 e5             	mov    %rsp,%rbp
  400493:	48 89 c2             	mov    %rax,%rdx
  400496:	48 c1 ea 3f          	shr    $0x3f,%rdx
  40049a:	48 01 d0             	add    %rdx,%rax
  40049d:	48 89 c6             	mov    %rax,%rsi
  4004a0:	48 d1 fe             	sar    %rsi
  4004a3:	75 02                	jne    4004a7 <register_tm_clones+0x27>
  4004a5:	5d                   	pop    %rbp
  4004a6:	c3                   	retq   
  4004a7:	ba 00 00 00 00       	mov    $0x0,%edx
  4004ac:	48 85 d2             	test   %rdx,%rdx
  4004af:	74 f4                	je     4004a5 <register_tm_clones+0x25>
  4004b1:	5d                   	pop    %rbp
  4004b2:	bf f8 08 60 00       	mov    $0x6008f8,%edi
  4004b7:	ff e2                	jmpq   *%rdx
  4004b9:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)

00000000004004c0 <__do_global_dtors_aux>:
  4004c0:	80 3d 31 04 20 00 00 	cmpb   $0x0,0x200431(%rip)        # 6008f8 <__bss_start>
  4004c7:	75 11                	jne    4004da <__do_global_dtors_aux+0x1a>
  4004c9:	55                   	push   %rbp
  4004ca:	48 89 e5             	mov    %rsp,%rbp
  4004cd:	e8 7e ff ff ff       	callq  400450 <deregister_tm_clones>
  4004d2:	5d                   	pop    %rbp
  4004d3:	c6 05 1e 04 20 00 01 	movb   $0x1,0x20041e(%rip)        # 6008f8 <__bss_start>
  4004da:	f3 c3                	repz retq 
  4004dc:	0f 1f 40 00          	nopl   0x0(%rax)

00000000004004e0 <frame_dummy>:
  4004e0:	48 83 3d e8 01 20 00 	cmpq   $0x0,0x2001e8(%rip)        # 6006d0 <__JCR_END__>
  4004e7:	00 
  4004e8:	74 1b                	je     400505 <frame_dummy+0x25>
  4004ea:	b8 00 00 00 00       	mov    $0x0,%eax
  4004ef:	48 85 c0             	test   %rax,%rax
  4004f2:	74 11                	je     400505 <frame_dummy+0x25>
  4004f4:	55                   	push   %rbp
  4004f5:	bf d0 06 60 00       	mov    $0x6006d0,%edi
  4004fa:	48 89 e5             	mov    %rsp,%rbp
  4004fd:	ff d0                	callq  *%rax
  4004ff:	5d                   	pop    %rbp
  400500:	e9 7b ff ff ff       	jmpq   400480 <register_tm_clones>
  400505:	e9 76 ff ff ff       	jmpq   400480 <register_tm_clones>
  40050a:	90                   	nop
  40050b:	90                   	nop

000000000040050c <main>:
  40050c:	55                   	push   %rbp
  40050d:	48 89 e5             	mov    %rsp,%rbp
  400510:	bf dc 05 40 00       	mov    $0x4005dc,%edi
  400515:	e8 c6 fe ff ff       	callq  4003e0 <puts@plt>
  40051a:	b8 00 00 00 00       	mov    $0x0,%eax
  40051f:	5d                   	pop    %rbp
  400520:	c3                   	retq   
  400521:	90                   	nop
  400522:	90                   	nop
  400523:	90                   	nop
  400524:	90                   	nop
  400525:	90                   	nop
  400526:	90                   	nop
  400527:	90                   	nop
  400528:	90                   	nop
  400529:	90                   	nop
  40052a:	90                   	nop
  40052b:	90                   	nop
  40052c:	90                   	nop
  40052d:	90                   	nop
  40052e:	90                   	nop
  40052f:	90                   	nop

0000000000400530 <__libc_csu_fini>:
  400530:	f3 c3                	repz retq 
  400532:	66 66 66 66 66 2e 0f 	data32 data32 data32 data32 nopw %cs:0x0(%rax,%rax,1)
  400539:	1f 84 00 00 00 00 00 

0000000000400540 <__libc_csu_init>:
  400540:	48 89 6c 24 d8       	mov    %rbp,-0x28(%rsp)
  400545:	4c 89 64 24 e0       	mov    %r12,-0x20(%rsp)
  40054a:	48 8d 2d 77 01 20 00 	lea    0x200177(%rip),%rbp        # 6006c8 <__init_array_end>
  400551:	4c 8d 25 68 01 20 00 	lea    0x200168(%rip),%r12        # 6006c0 <__frame_dummy_init_array_entry>
  400558:	4c 89 6c 24 e8       	mov    %r13,-0x18(%rsp)
  40055d:	4c 89 74 24 f0       	mov    %r14,-0x10(%rsp)
  400562:	4c 89 7c 24 f8       	mov    %r15,-0x8(%rsp)
  400567:	48 89 5c 24 d0       	mov    %rbx,-0x30(%rsp)
  40056c:	48 83 ec 38          	sub    $0x38,%rsp
  400570:	4c 29 e5             	sub    %r12,%rbp
  400573:	41 89 fd             	mov    %edi,%r13d
  400576:	49 89 f6             	mov    %rsi,%r14
  400579:	48 c1 fd 03          	sar    $0x3,%rbp
  40057d:	49 89 d7             	mov    %rdx,%r15
  400580:	e8 33 fe ff ff       	callq  4003b8 <_init>
  400585:	48 85 ed             	test   %rbp,%rbp
  400588:	74 1c                	je     4005a6 <__libc_csu_init+0x66>
  40058a:	31 db                	xor    %ebx,%ebx
  40058c:	0f 1f 40 00          	nopl   0x0(%rax)
  400590:	4c 89 fa             	mov    %r15,%rdx
  400593:	4c 89 f6             	mov    %r14,%rsi
  400596:	44 89 ef             	mov    %r13d,%edi
  400599:	41 ff 14 dc          	callq  *(%r12,%rbx,8)
  40059d:	48 83 c3 01          	add    $0x1,%rbx
  4005a1:	48 39 eb             	cmp    %rbp,%rbx
  4005a4:	72 ea                	jb     400590 <__libc_csu_init+0x50>
  4005a6:	48 8b 5c 24 08       	mov    0x8(%rsp),%rbx
  4005ab:	48 8b 6c 24 10       	mov    0x10(%rsp),%rbp
  4005b0:	4c 8b 64 24 18       	mov    0x18(%rsp),%r12
  4005b5:	4c 8b 6c 24 20       	mov    0x20(%rsp),%r13
  4005ba:	4c 8b 74 24 28       	mov    0x28(%rsp),%r14
  4005bf:	4c 8b 7c 24 30       	mov    0x30(%rsp),%r15
  4005c4:	48 83 c4 38          	add    $0x38,%rsp
  4005c8:	c3                   	retq   
  4005c9:	90                   	nop
  4005ca:	90                   	nop
  4005cb:	90                   	nop

Disassembly of section .fini:

00000000004005cc <_fini>:
  4005cc:	48 83 ec 08          	sub    $0x8,%rsp
  4005d0:	48 83 c4 08          	add    $0x8,%rsp
  4005d4:	c3                   	retq   
$

うーん、nop というのが結構多いが。意味はよくわからない。