Mac的反编译⼯具⼀:otool(objdump⼯具的OSX对应⼯
术中唤醒具)。
objdump的选项-S、-l⼗分⽅便。如果⼆进制⽂件中带有调试信息,可以将源代码、⽂件名和⾏号与汇编代码对应显⽰。 在OSX上,对应的⼯具是otool。与“objdump -Sl”能⼒接近的命令是otool -tV。
看⼀看insert sort算法的反编译。插⼊排序的⼀种实现:
#include <stdio.h>
void insert_sort(int* L, int size) {
int tmp, i, j;
for (i = 1; i < size; ++i) {
tmp = L[i];
for (j = i-1; j >= 0 && L[j] > tmp; --j) {
撬动战略L[j+1] = L[j];
}
L[j+1] = tmp;
}
}
void print_array(int* L, int size) {
printf("array: ");
for (int i = 0; i < size; ++i) {
printf("%d ", L[i]);中文科技期刊数据库
}
printf("\n");
}
int main (int argc, char** argv) {
int L[] = {18, 7, 5, 8, 99};
int size = sizeof(L) / sizeof(int);
insert_sort(L, size);
print_array(L, size);
return 0;
}
这个实现中没有全局变量,数据段(Data Section)应该没有内容。我们⽤"otool -dV insertsort"这个命令,只显⽰Data Section, 验证⼀下: [plain]
1. oliverluan@localhost:~/Documents/Opt/insertsort$ otool -dV insertsort
2. insertsort:
如果把L数据和size变量改写成全局变量:
[plain]
1. oliverluan@localhost:~/Documents/Opt/insertsort$ gcc -g insertsort_global.c -o insertsort_global
2. oliverluan@localhost:~/Documents/Opt/insertsort$ otool -dV insertsort_global
3. insertsort_global:
4. (__DATA,__data) section
5. 0000000100001020 12 00 00 00 07 00 00 00 05 00 00 00 08 00 00 00
6. 0000000100001030 63 00 00 00 05 00 00 00
看⼀看Text Section: otool -tV insertsort:
[plain]
1. oliverluan@localhost:~/Documents/Opt/insertsort$ otool -tV insertsort
2. insertsort:
3. (__TEXT,__text) section
4. _insert_sort:
5. 0000000100000dd0 pushq %rbp
6. 0000000100000dd1 movq %rsp, %rbp
7. 0000000100000dd4 movq %rdi, 0xfffffffffffffff8(%rbp)
8. 0000000100000dd8 movl %esi, 0xfffffffffffffff4(%rbp)
9. 0000000100000ddb movl $0x1, 0xffffffffffffffec(%rbp)
10. 0000000100000de2 movl 0xffffffffffffffec(%rbp), %eax
11. 0000000100000de5 cmpl 0xfffffffffffffff4(%rbp), %eax
12. 0000000100000de8 jge 0x100000e94
13. 0000000100000dee movslq 0xffffffffffffffec(%rbp), %rax
14. 0000000100000df2 movq 0xfffffffffffffff8(%rbp), %rcx
15. 0000000100000df6 movl (%rcx,%rax,4), %edx
16. 0000000100000df9 movl %edx, 0xfffffffffffffff0(%rbp)
17. 0000000100000dfc movl 0xffffffffffffffec(%rbp), %edx
18. 0000000100000dff subl $0x1, %edx
19. 0000000100000e05 movl %edx, 0xffffffffffffffe8(%rbp)
20. 0000000100000e08 movb $0x0, %al
21. 0000000100000e0a cmpl $0x0, 0xffffffffffffffe8(%rbp)
22. 0000000100000e11 movb %al, 0xffffffffffffffe7(%rbp)
23. 0000000100000e14 jl 0x100000e30
24. 0000000100000e1a movslq 0xffffffffffffffe8(%rbp), %rax
25. 0000000100000e1e movq 0xfffffffffffffff8(%rbp), %rcx
26. 0000000100000e22 movl (%rcx,%rax,4), %edx
27. 0000000100000e25 cmpl 0xfffffffffffffff0(%rbp), %edx
28. 0000000100000e28 setg %sil
29. 0000000100000e2c movb %sil, 0xffffffffffffffe7(%rbp)
30. 0000000100000e30 movb 0xffffffffffffffe7(%rbp), %al
31. 0000000100000e33 testb $0x1, %al
32. 0000000100000e35 jne 0x100000e40
33. 0000000100000e3b jmpq 0x100000e6e
33. 0000000100000e3b jmpq 0x100000e6e
34. 0000000100000e40 movslq 0xffffffffffffffe8(%rbp), %rax
35. 0000000100000e44 movq 0xfffffffffffffff8(%rbp), %rcx
36. 0000000100000e48 movl (%rcx,%rax,4), %edx
37. 0000000100000e4b movl 0xffffffffffffffe8(%rbp), %esi
38. 0000000100000e4e addl $0x1, %esi
39. 0000000100000e54 movslq %esi, %rax
40. 0000000100000e57 movq 0xfffffffffffffff8(%rbp), %rcx
41. 0000000100000e5b movl %edx, (%rcx,%rax,4)
42. 0000000100000e5e movl 0xffffffffffffffe8(%rbp), %eax
43. 0000000100000e61 addl $0xffffffff, %eax
44. 0000000100000e66 movl %eax, 0xffffffffffffffe8(%rbp)
45. 0000000100000e69 jmpq 0x100000e08
46. 0000000100000e6e movl 0xfffffffffffffff0(%rbp), %eax
47. 0000000100000e71 movl 0xffffffffffffffe8(%rbp), %ecx
48. 0000000100000e74 addl $0x1, %ecx
49. 0000000100000e7a movslq %ecx, %rdx
50. 0000000100000e7d movq 0xfffffffffffffff8(%rbp), %rsi
51. 0000000100000e81 movl %eax, (%rsi,%rdx,4)
52. 0000000100000e84 movl 0xffffffffffffffec(%rbp), %eax
53. 0000000100000e87 addl $0x1, %eax
54. 0000000100000e8c movl %eax, 0xffffffffffffffec(%rbp)
55. 0000000100000e8f jmpq 0x100000de2
56. 0000000100000e94 popq %rbp
57. 0000000100000e95 ret
58. 0000000100000e96 nopw %cs:(%rax,%rax)
59. _print_array:
60. 0000000100000ea0 pushq %rbp
61. 0000000100000ea1 movq %rsp, %rbp
62. 0000000100000ea4 subq $0x20, %rsp
63. 0000000100000ea8 leaq 0xdb(%rip), %rax ## literal pool for: array:
64. 0000000100000eaf movq %rdi, 0xfffffffffffffff8(%rbp)
65. 0000000100000eb3 movl %esi, 0xfffffffffffffff4(%rbp)
66. 0000000100000eb6 movq %rax, %rdi
67. 0000000100000eb9 movb $0x0, %al
68. 0000000100000ebb callq 0x100000f68 ## symbol stub for: _printf
69. 0000000100000ec0 movl $0x0, 0xfffffffffffffff0(%rbp)
70. 0000000100000ec7 movl %eax, 0xffffffffffffffec(%rbp)
71. 0000000100000eca movl 0xfffffffffffffff0(%rbp), %eax
72. 0000000100000ecd cmpl 0xfffffffffffffff4(%rbp), %eax
73. 0000000100000ed0 jge 0x100000f02
74. 0000000100000ed6 leaq 0xb5(%rip), %rdi ## literal pool for: %d
75. 0000000100000edd movslq 0xfffffffffffffff0(%rbp), %rax
76. 0000000100000ee1 movq 0xfffffffffffffff8(%rbp), %rcx
77. 0000000100000ee5 movl (%rcx,%rax,4), %esi
78. 0000000100000ee8 movb $0x0, %al
79. 0000000100000eea callq 0x100000f68 ## symbol stub for: _printf
80. 0000000100000eef movl %eax, 0xffffffffffffffe8(%rbp)
81. 0000000100000ef2 movl 0xfffffffffffffff0(%rbp), %eax
82. 0000000100000ef5 addl $0x1, %eax
83. 0000000100000efa movl %eax, 0xfffffffffffffff0(%rbp)
84. 0000000100000efd jmpq 0x100000eca
85. 0000000100000f02 leaq 0x8d(%rip), %rdi ## literal pool for:
86.
87. 0000000100000f09 movb $0x0, %al
88. 0000000100000f0b callq 0x100000f68 ## symbol stub for: _printf
89. 0000000100000f10 movl %eax, 0xffffffffffffffe4(%rbp)
90. 0000000100000f13 addq $0x20, %rsp
91. 0000000100000f17 popq %rbp
92. 0000000100000f18 ret
广东省电力第一工程局93. 0000000100000f19 nopl (%rax)
透明加密94. _main:
95. 0000000100000f20 pushq %rbp
96. 0000000100000f21 movq %rsp, %rbp
97. 0000000100000f24 subq $0x10, %rsp
98. 0000000100000f28 leaq _L(%rip), %rax
99. 0000000100000f2f movl $0x0, 0xfffffffffffffffc(%rbp)
100. 0000000100000f36 movl %edi, 0xfffffffffffffff8(%rbp)
101. 0000000100000f39 movq %rsi, 0xfffffffffffffff0(%rbp)
102. 0000000100000f3d movl _size(%rip), %esi
103. 0000000100000f43 movq %rax, %rdi
104. 0000000100000f46 callq _insert_sort
105. 0000000100000f4b leaq _L(%rip), %rdi
106. 0000000100000f52 movl _size(%rip), %esi
107. 0000000100000f58 callq _print_array
108. 0000000100000f5d movl $0x0, %eax
109. 0000000100000f62 addq $0x10, %rsp
110. 0000000100000f66 popq %rbp
111. 0000000100000f67 ret
另外,可以⽤-l选项查看load commands:
[plain]
1. oliverluan@localhost:~/Documents/Opt/insertsort$ otool -l insertsort_global
2. insertsort_global:
3. Load command 0
4. cmd LC_SEGMENT_64
5. cmdsize 72
5. cmdsize 72
6. segname __PAGEZERO
7. vmaddr 0x0000000000000000
8. vmsize 0x0000000100000000
9. fileoff 0
10. filesize 0
11. maxprot 0x00000000
12. initprot 0x00000000
13. nsects 0
14. flags 0x0
15. Load command 1
中国式养老困局16. cmd LC_SEGMENT_64
17. cmdsize 632
18. segname __TEXT
19. vmaddr 0x0000000100000000
20. vmsize 0x0000000000001000
21. fileoff 0
22. filesize 4096
23. maxprot 0x00000007
24. initprot 0x00000005
25. nsects 7
26. flags 0x0
27. Section
28. sectname __text
29. segname __TEXT
30. addr 0x0000000100000d60
31. size 0x00000000000001d9
32. offset 3424
33. align 2^4 (16)
34. reloff 0
35. nreloc 0
36. flags 0x80000400
37. reserved1 0
38. reserved2 0
39. Section
40. sectname __stubs
41. segname __TEXT
42. addr 0x0000000100000f3a
43. size 0x000000000000000c
44. offset 3898
45. align 2^1 (2)
46. reloff 0
47. nreloc 0
48. flags 0x80000408
豫公网安备41160202000603
站长QQ:729038198
关于我们
投诉建议