CSAPP学习笔记

数字的二进制表示

C中的类型转化

• 当从一个较小的类型, 转化为一个较大的类型时, 先是进行大小转换, 然后再进行符号的转换. 也就是, 一个short -> unsigned int, 是先由short变为int, 然后再转化为unsigned int.

Definition of Registers

• %rip : program counter(PC).
• %rsp : stack pointer.
• %rax : return value.
• %rbx : callee saved.
• %rcx : 4th argument.
• %rdx : 3th argument.
• %rsi : 2ed argument.
• %rdi : 1st argument.
• %rbp : callee saved. (may be used as “base pointer”)
• %r8 ~ %r15

生成汇编代码

gcc -Og -S x.c
/FAs : On Windows, this compile option will ask cl compiler to generate corresponding .asm files.

通过object文件反汇编

objdump -d xxx.o

x86-64汇编

栈

x86的栈, 增长方向是向低处的, 也就是栈越靠近顶部的项, 其地址越小. 并且sp指向的, 是栈顶, 对于push操作, 就是先减少sp, 然后再将值拷贝到sp指向的内存里去.

一般指令

nop : 无特殊含义, 只是为了让机器代码16位对齐.
ret : 返回.

64位汇编指令的一些规则

• 对于移动, 如果是移动1-2个字节, 则目标寄存器的其他位置的值保持不变. 如果移动了4个字节, 则目标寄存器的高4个字节, 也会被设置为0.

移动

movb movw movl movq : 移动指令
mov S, D : D <- S

Notes on movl

When using movl with a destination of register, the high-order 4 bytes of the register will be set to 0.

Shift bits

sal (or shl) : left shifts.
shr: right shifts (unsigned divides)
sar: right shifts (signed divides)

Load Effective Address

leaq : 和mov差不多, 只不过, 它直接将第一个操作数的结果拷贝到目标, 而不进行地址的实际值拷贝.

比较

cmpb cmpw cmpl cmpq : 比较指令.
cmp S1, S2 : 比较结果基于S2 - S1.
testb testw testl testq : 测试指令, 与AND指令差不多, 只不过只修改状态相关的寄存器, 而不修改两个操作数.
test S1, S2 : 测试结果基于S1 & S2.

Conditional move

According to the last comparing result, conditionally move data.
cmov is common prefix. Available instructions are cmove cmovne cmovs cmovge and others.
The assembler can infer the operand length of a conditional move instruction from the name of the destination register.

Procedures

Assume that procedure P calls procedure Q.

Control Transfer

Passing control from function P to function Q involves simply setting the program counter (PC) to the starting address of Q.
call Q : Push the address of instruction immediately following call to the stack and set the PC to starting address of Q.
ret : Pops the address off the stack and set the PC to the poped address.

Local Storage in Registers

Callee-Saved registers

By convention, registers %rbx, %rbp, and %r12-%r15 are classified as callee-saved registers.

Caller-Saved registers

All other registers, except for the stack pointer %rsp, are classified as caller-saved registers.

Data Alignment

Intel recommends a data alignment rule: any primitive object of K bytes must have an address that is a multiple of K.

Miscellaneous

movq %fs:40, %rax

This is possibly copying the unique “code” to provide the stack protection (in case of stack corruption).

GDB

linux> gdb prog : start the gdb.

Some gdb commands

Starting and stopping

quit : Exit gdb.
run : Run your program.
kill : Stop your program.

Breakpoints

break multstore : Set breakpoint at entry to function multstore.
break *0x400540 : Set breakpoint at address 0x400540.
delete 1 : Delete breakpoint 1.
delete : Delete all breakpoints.

Execution

stepi : Execute one instruction.
stepi 4 : Execute four instructions.
nexti : Like stepi, but proceed through function calls.
continue : Resume execution.
finish : Run until current function returns.

Examining Code

disas : Disassemble current function.
disas multistore : Disassemble function multistore.
disas 0x400544 : Disassemble function around address 0x400544.
disas 0x400544, 0x40054d : Disassemble code within specific address range.
print /x $rip : Print program counter in hex.

Examining Data

print $rax : Print contents of %rax in decimal.
print /x $rax : Print contents of %rax in hex.
print /t $rax : Print contents of %rax in binary.
print 0x100 : Print decimal representation of 0x100.
print /x 155 : Print hex representation of 155.
print /x ($rsp + 8) : Print contents of %rsp+8 in hex.
print *(long *) 0x7fffffffe818 : Print long integer at address 0x7fffffffe818.
print *(long *) ($rsp + 8) : Print long integer at address %rsp + 8.
x/2g 0x7fffffffe818 : Examine two (8-byte) words starting at address 0x7fffffffe818.
x/20b multstore : Examine first 20 bytes of function multstore.

Useful Information

info frame : Information about current stack frame.
info registers : Values of all registers.
help : Get help of gdb.

Tools for Manipulating Object Files

• AR : Creates static libraries.
• STRINGS : Lists all of the printable strings contained in an object file.
• STRIP : Deletes symbol table information from an object file.
• NM : Lists symbols defined in the symbol table of an object file.
• SIZE : Lists the names and sizes of the sections in an object file.
• READELF : Displays the complete structure of an object file, including all of the information encoded in the ELF header.
• OBJDUMP : The mother of all binary tools. Can display all of the information in an object file. Its most useful function is to disassembling the binary instructions in the .text section.
• LDD : Lists the shared libraries that an executable needs at run time.