1.
源代码:myEx.cpp
#include<iostream>
using
namespace std;
struct
AAABBBCCC
{
AAABBBCCC():a(0),b(1),c(1.0){}
int a;
int b;
double c;
int d[10];
};
AAABBBCCC
changeAAABBBCCC(AAABBBCCC m)
{
m.a = 10;
m.b = 20;
m.c = 2.0;
return m;
};
int
main ()
{
AAABBBCCC m;
AAABBBCCC n = changeAAABBBCCC(m);
cout<<n.b<<endl;
return n.a;
}
2.debug编译
g++ -g myEx.cpp -o myEx
2.1
$nm myEx
0000000000600bd8 d _DYNAMIC
0000000000600da0 d _GLOBAL_OFFSET_TABLE_
0000000000400842 t _GLOBAL__I__Z15changeAAABBBCCC9AAABBBCCC
0000000000400a08 R _IO_stdin_used
w _Jv_RegisterClasses
00000000004007a8 T _Z15changeAAABBBCCC9AAABBBCCC
0000000000400804 t _Z41__static_initialization_and_destruction_0ii
00000000004008ea W _ZN9AAABBBCCCC1Ev
U _ZNSolsEPFRSoS_E@@GLIBCXX_3.4
U _ZNSolsEi@@GLIBCXX_3.4
U _ZNSt8ios_base4InitC1Ev@@GLIBCXX_3.4
U _ZNSt8ios_base4InitD1Ev@@GLIBCXX_3.4
0000000000600e00 B _ZSt4cout@@GLIBCXX_3.4
U _ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_@@GLIBCXX_3.4
0000000000600f1c b _ZSt8__ioinit
0000000000600bb8 d __CTOR_END__
0000000000600ba8 d __CTOR_LIST__
0000000000600bc8 D __DTOR_END__
0000000000600bc0 d __DTOR_LIST__
0000000000400ba0 r __FRAME_END__
0000000000600bd0 d __JCR_END__
0000000000600bd0 d __JCR_LIST__
0000000000600dfc A __bss_start
U __cxa_atexit@@GLIBC_2.2.5
0000000000600df8 D __data_start
00000000004009c0 t __do_global_ctors_aux
0000000000400720 t __do_global_dtors_aux
0000000000400a10 R __dso_handle
0000000000600ba4 d __fini_array_end
0000000000600ba4 d __fini_array_start
w __gmon_start__
U __gxx_personality_v0@@CXXABI_1.3
0000000000600ba4 d __init_array_end
0000000000600ba4 d __init_array_start
0000000000400920 T __libc_csu_fini
0000000000400930 T __libc_csu_init
U __libc_start_main@@GLIBC_2.2.5
0000000000600ba4 d __preinit_array_end
0000000000600ba4 d __preinit_array_start
0000000000400858 t __tcf_0
0000000000600dfc A _edata
0000000000600f20 A _end
00000000004009f8 T _fini
0000000000400628 T _init
00000000004006d0 T _start
00000000004006fc t call_gmon_start
0000000000600f18 b completed.6145
0000000000600df8 W data_start
0000000000600f10 b dtor_idx.6147
0000000000400780 t frame_dummy
0000000000400870 T main
0000000000600bd8 d _DYNAMIC
0000000000600da0 d _GLOBAL_OFFSET_TABLE_
0000000000400842 t _GLOBAL__I__Z15changeAAABBBCCC9AAABBBCCC
0000000000400a08 R _IO_stdin_used
w _Jv_RegisterClasses
00000000004007a8 T _Z15changeAAABBBCCC9AAABBBCCC
0000000000400804 t _Z41__static_initialization_and_destruction_0ii
00000000004008ea W _ZN9AAABBBCCCC1Ev
U _ZNSolsEPFRSoS_E@@GLIBCXX_3.4
U _ZNSolsEi@@GLIBCXX_3.4
U _ZNSt8ios_base4InitC1Ev@@GLIBCXX_3.4
U _ZNSt8ios_base4InitD1Ev@@GLIBCXX_3.4
0000000000600e00 B _ZSt4cout@@GLIBCXX_3.4
U _ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_@@GLIBCXX_3.4
0000000000600f1c b _ZSt8__ioinit
0000000000600bb8 d __CTOR_END__
0000000000600ba8 d __CTOR_LIST__
0000000000600bc8 D __DTOR_END__
0000000000600bc0 d __DTOR_LIST__
0000000000400ba0 r __FRAME_END__
0000000000600bd0 d __JCR_END__
0000000000600bd0 d __JCR_LIST__
0000000000600dfc A __bss_start
U __cxa_atexit@@GLIBC_2.2.5
0000000000600df8 D __data_start
00000000004009c0 t __do_global_ctors_aux
0000000000400720 t __do_global_dtors_aux
0000000000400a10 R __dso_handle
0000000000600ba4 d __fini_array_end
0000000000600ba4 d __fini_array_start
w __gmon_start__
U __gxx_personality_v0@@CXXABI_1.3
0000000000600ba4 d __init_array_end
0000000000600ba4 d __init_array_start
0000000000400920 T __libc_csu_fini
0000000000400930 T __libc_csu_init
U __libc_start_main@@GLIBC_2.2.5
0000000000600ba4 d __preinit_array_end
0000000000600ba4 d __preinit_array_start
0000000000400858 t __tcf_0
0000000000600dfc A _edata
0000000000600f20 A _end
00000000004009f8 T _fini
0000000000400628 T _init
00000000004006d0 T _start
00000000004006fc t call_gmon_start
0000000000600f18 b completed.6145
0000000000600df8 W data_start
0000000000600f10 b dtor_idx.6147
0000000000400780 t frame_dummy
0000000000400870 T main
$nm
-C myEx
0000000000600bd8 d _DYNAMIC
0000000000600da0 d _GLOBAL_OFFSET_TABLE_
0000000000400842 t global constructors keyed to _Z15changeAAABBBCCC9AAABBBCCC
0000000000400a08 R _IO_stdin_used
w _Jv_RegisterClasses
00000000004007a8 T changeAAABBBCCC(AAABBBCCC)
0000000000400804 t __static_initialization_and_destruction_0(int, int)
00000000004008ea W AAABBBCCC::AAABBBCCC()
U std::ostream::operator<<(std::ostream& (*)(std::ostream&))@@GLIBCXX_3.4
U std::ostream::operator<<(int)@@GLIBCXX_3.4
U std::ios_base::Init::Init()@@GLIBCXX_3.4
U std::ios_base::Init::~Init()@@GLIBCXX_3.4
0000000000600e00 B std::cout@@GLIBCXX_3.4
U std::basic_ostream<char, std::char_traits<char> >& std::endl<char, std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&)@@GLIBCXX_3.4
0000000000600f1c b std::__ioinit
0000000000600bb8 d __CTOR_END__
0000000000600ba8 d __CTOR_LIST__
0000000000600bc8 D __DTOR_END__
0000000000600bc0 d __DTOR_LIST__
0000000000400ba0 r __FRAME_END__
0000000000600bd0 d __JCR_END__
0000000000600bd0 d __JCR_LIST__
0000000000600dfc A __bss_start
U __cxa_atexit@@GLIBC_2.2.5
0000000000600df8 D __data_start
00000000004009c0 t __do_global_ctors_aux
0000000000400720 t __do_global_dtors_aux
0000000000400a10 R __dso_handle
0000000000600ba4 d __fini_array_end
0000000000600ba4 d __fini_array_start
w __gmon_start__
U __gxx_personality_v0@@CXXABI_1.3
0000000000600ba4 d __init_array_end
0000000000600ba4 d __init_array_start
0000000000400920 T __libc_csu_fini
0000000000400930 T __libc_csu_init
U __libc_start_main@@GLIBC_2.2.5
0000000000600ba4 d __preinit_array_end
0000000000600ba4 d __preinit_array_start
0000000000400858 t __tcf_0
0000000000600dfc A _edata
0000000000600f20 A _end
00000000004009f8 T _fini
0000000000400628 T _init
00000000004006d0 T _start
00000000004006fc t call_gmon_start
0000000000600f18 b completed.6145
0000000000600df8 W data_start
0000000000600f10 b dtor_idx.6147
0000000000400780 t frame_dummy
0000000000400870 T main
0000000000600bd8 d _DYNAMIC
0000000000600da0 d _GLOBAL_OFFSET_TABLE_
0000000000400842 t global constructors keyed to _Z15changeAAABBBCCC9AAABBBCCC
0000000000400a08 R _IO_stdin_used
w _Jv_RegisterClasses
00000000004007a8 T changeAAABBBCCC(AAABBBCCC)
0000000000400804 t __static_initialization_and_destruction_0(int, int)
00000000004008ea W AAABBBCCC::AAABBBCCC()
U std::ostream::operator<<(std::ostream& (*)(std::ostream&))@@GLIBCXX_3.4
U std::ostream::operator<<(int)@@GLIBCXX_3.4
U std::ios_base::Init::Init()@@GLIBCXX_3.4
U std::ios_base::Init::~Init()@@GLIBCXX_3.4
0000000000600e00 B std::cout@@GLIBCXX_3.4
U std::basic_ostream<char, std::char_traits<char> >& std::endl<char, std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&)@@GLIBCXX_3.4
0000000000600f1c b std::__ioinit
0000000000600bb8 d __CTOR_END__
0000000000600ba8 d __CTOR_LIST__
0000000000600bc8 D __DTOR_END__
0000000000600bc0 d __DTOR_LIST__
0000000000400ba0 r __FRAME_END__
0000000000600bd0 d __JCR_END__
0000000000600bd0 d __JCR_LIST__
0000000000600dfc A __bss_start
U __cxa_atexit@@GLIBC_2.2.5
0000000000600df8 D __data_start
00000000004009c0 t __do_global_ctors_aux
0000000000400720 t __do_global_dtors_aux
0000000000400a10 R __dso_handle
0000000000600ba4 d __fini_array_end
0000000000600ba4 d __fini_array_start
w __gmon_start__
U __gxx_personality_v0@@CXXABI_1.3
0000000000600ba4 d __init_array_end
0000000000600ba4 d __init_array_start
0000000000400920 T __libc_csu_fini
0000000000400930 T __libc_csu_init
U __libc_start_main@@GLIBC_2.2.5
0000000000600ba4 d __preinit_array_end
0000000000600ba4 d __preinit_array_start
0000000000400858 t __tcf_0
0000000000600dfc A _edata
0000000000600f20 A _end
00000000004009f8 T _fini
0000000000400628 T _init
00000000004006d0 T _start
00000000004006fc t call_gmon_start
0000000000600f18 b completed.6145
0000000000600df8 W data_start
0000000000600f10 b dtor_idx.6147
0000000000400780 t frame_dummy
0000000000400870 T main
3.
objdump 结果
$objdump
-d myEx
myEx:
file format elf64-x86-64
Disassembly
of section .init:
0000000000400628
<_init>:
400628: 48 83 ec
08
sub $0x8,%rsp
40062c: e8 cb 00 00
00 callq 4006fc
<call_gmon_start>
400631: e8 4a 01 00
00 callq 400780
<frame_dummy>
400636: e8 85 03 00
00 callq 4009c0
<__do_global_ctors_aux>
40063b: 48 83 c4
08
add $0x8,%rsp
40063f:
c3
retq
Disassembly
of section .plt:
0000000000400640
<_ZNSolsEi@plt-0x10>:
400640: ff 35 62 07 20
00 pushq
2099042(%rip) # 600da8
<_GLOBAL_OFFSET_TABLE_+0x8>
400646: ff 25 64 07 20
00 jmpq
*2099044(%rip) # 600db0
<_GLOBAL_OFFSET_TABLE_+0x10>
40064c: 0f 1f 40
00
nopl 0x0(%rax)
0000000000400650
<_ZNSolsEi@plt>:
400650: ff 25 62 07 20
00 jmpq
*2099042(%rip) # 600db8
<_GLOBAL_OFFSET_TABLE_+0x18>
400656: 68 00 00 00
00 pushq $0x0
40065b: e9 e0 ff ff
ff jmpq 400640
<_init+0x18>
0000000000400660
<_ZNSt8ios_base4InitC1Ev@plt>:
400660: ff 25 5a 07 20
00 jmpq
*2099034(%rip) # 600dc0
<_GLOBAL_OFFSET_TABLE_+0x20>
400666: 68 01 00 00
00 pushq $0x1
40066b: e9 d0 ff ff
ff jmpq 400640
<_init+0x18>
0000000000400670
<__libc_start_main@plt>:
400670: ff 25 52 07 20
00 jmpq
*2099026(%rip) # 600dc8
<_GLOBAL_OFFSET_TABLE_+0x28>
400676: 68 02 00 00
00 pushq $0x2
40067b: e9 c0 ff ff
ff jmpq 400640
<_init+0x18>
0000000000400680
<__cxa_atexit@plt>:
400680: ff 25 4a 07 20
00 jmpq
*2099018(%rip) # 600dd0
<_GLOBAL_OFFSET_TABLE_+0x30>
400686: 68 03 00 00
00 pushq $0x3
40068b: e9 b0 ff ff
ff jmpq 400640
<_init+0x18>
0000000000400690
<_ZNSt8ios_base4InitD1Ev@plt>:
400690: ff 25 42 07 20
00 jmpq
*2099010(%rip) # 600dd8
<_GLOBAL_OFFSET_TABLE_+0x38>
400696: 68 04 00 00
00 pushq $0x4
40069b: e9 a0 ff ff
ff jmpq 400640
<_init+0x18>
00000000004006a0
<_ZNSolsEPFRSoS_E@plt>:
4006a0: ff 25 3a 07 20
00 jmpq
*2099002(%rip) # 600de0
<_GLOBAL_OFFSET_TABLE_+0x40>
4006a6: 68 05 00 00
00 pushq $0x5
4006ab: e9 90 ff ff
ff jmpq 400640
<_init+0x18>
00000000004006b0
<_ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_@plt>:
4006b0: ff 25 32 07 20
00 jmpq
*2098994(%rip) # 600de8
<_GLOBAL_OFFSET_TABLE_+0x48>
4006b6: 68 06 00 00
00 pushq $0x6
4006bb: e9 80 ff ff
ff jmpq 400640
<_init+0x18>
00000000004006c0
<__gxx_personality_v0@plt>:
4006c0: ff 25 2a 07 20
00 jmpq
*2098986(%rip) # 600df0
<_GLOBAL_OFFSET_TABLE_+0x50>
4006c6: 68 07 00 00
00 pushq $0x7
4006cb: e9 70 ff ff
ff jmpq 400640
<_init+0x18>
Disassembly
of section .text:
00000000004006d0
<_start>:
4006d0: 31
ed
xor %ebp,%ebp
4006d2: 49 89
d1
mov %rdx,%r9
4006d5:
5e
pop %rsi
4006d6: 48 89
e2
mov %rsp,%rdx
4006d9: 48 83 e4
f0
and $0xfffffffffffffff0,%rsp
4006dd:
50
push %rax
4006de:
54
push %rsp
4006df: 49 c7 c0 20 09 40
00 mov $0x400920,%r8
4006e6: 48 c7 c1 30 09 40
00 mov $0x400930,%rcx
4006ed: 48 c7 c7 70 08 40
00 mov $0x400870,%rdi
4006f4: e8 77 ff ff
ff callq 400670
<__libc_start_main@plt>
4006f9:
f4
hlt
4006fa:
90
nop
4006fb:
90
nop
00000000004006fc
<call_gmon_start>:
4006fc: 48 83 ec
08
sub $0x8,%rsp
400700: 48 8b 05 91 06 20
00 mov
2098833(%rip),%rax # 600d98
<_DYNAMIC+0x1c0>
400707: 48 85
c0
test %rax,%rax
40070a: 74
02
je 40070e <call_gmon_start+0x12>
40070c: ff
d0
callq *%rax
40070e: 48 83 c4
08
add $0x8,%rsp
400712:
c3
retq
400713:
90
nop
400714:
90
nop
400715:
90
nop
400716:
90
nop
400717:
90
nop
400718:
90
nop
400719:
90
nop
40071a:
90
nop
40071b:
90
nop
40071c:
90
nop
40071d:
90
nop
40071e:
90
nop
40071f:
90
nop
0000000000400720
<__do_global_dtors_aux>:
400720:
55
push %rbp
400721: 48 89
e5
mov %rsp,%rbp
400724:
53
push %rbx
400725: 48 83 ec
08
sub $0x8,%rsp
400729: 80 3d e8 07 20 00
00 cmpb
$0x0,2099176(%rip) # 600f18
<completed.6145>
400730: 75
44
jne 400776 <__do_global_dtors_aux+0x56>
400732: b8 c8 0b 60
00 mov
$0x600bc8,%eax
400737: 48 2d c0 0b 60
00 sub
$0x600bc0,%rax
40073d: 48 c1 f8
03
sar $0x3,%rax
400741: 48 8d 58
ff
lea 0xffffffffffffffff(%rax),%rbx
400745: 48 8b 05 c4 07 20
00 mov
2099140(%rip),%rax # 600f10
<dtor_idx.6147>
40074c: 48 39
c3
cmp %rax,%rbx
40074f: 76
1e
jbe 40076f <__do_global_dtors_aux+0x4f>
400751: 48 83 c0
01
add $0x1,%rax
400755: 48 89 05 b4 07 20
00 mov
%rax,2099124(%rip) # 600f10
<dtor_idx.6147>
40075c: ff 14 c5 c0 0b 60
00 callq *0x600bc0(,%rax,8)
400763: 48 8b 05 a6 07 20
00 mov
2099110(%rip),%rax # 600f10
<dtor_idx.6147>
40076a: 48 39
c3
cmp %rax,%rbx
40076d: 77
e2
ja 400751 <__do_global_dtors_aux+0x31>
40076f: c6 05 a2 07 20 00
01 movb
$0x1,2099106(%rip) # 600f18
<completed.6145>
400776: 48 83 c4
08
add $0x8,%rsp
40077a:
5b
pop %rbx
40077b:
c9
leaveq
40077c:
c3
retq
40077d: 0f 1f
00
nopl (%rax)
0000000000400780
<frame_dummy>:
400780:
55
push %rbp
400781: 48 83 3d 47 04 20
00 cmpq
$0x0,2098247(%rip) # 600bd0
<__JCR_END__>
400788: 00
400789: 48 89
e5
mov %rsp,%rbp
40078c: 74
16
je 4007a4 <frame_dummy+0x24>
40078e: b8 00 00 00
00 mov
$0x0,%eax
400793: 48 85
c0
test %rax,%rax
400796: 74
0c
je 4007a4 <frame_dummy+0x24>
400798: bf d0 0b 60
00 mov
$0x600bd0,%edi
40079d: 49 89
c3
mov %rax,%r11
4007a0:
c9
leaveq
4007a1: 41 ff
e3
jmpq *%r11
4007a4:
c9
leaveq
4007a5:
c3
retq
4007a6:
90
nop
4007a7:
90
nop
00000000004007a8
<_Z15changeAAABBBCCC9AAABBBCCC>:
4007a8:
55
push %rbp
4007a9: 48 89
e5
mov %rsp,%rbp
4007ac: c7 45 10 0a 00 00
00 movl $0xa,0x10(%rbp)
4007b3: c7 45 14 14 00 00
00 movl $0x14,0x14(%rbp)
4007ba: 48 b8 00 00 00 00
00 mov $0x4000000000000000,%rax
4007c1: 00 00 40
4007c4: 48 89 45
18
mov %rax,0x18(%rbp)
4007c8: 48 8b 45
10
mov 0x10(%rbp),%rax
4007cc: 48 89
07
mov %rax,(%rdi)
4007cf: 48 8b 45
18
mov 0x18(%rbp),%rax
4007d3: 48 89 47
08
mov %rax,0x8(%rdi)
4007d7: 48 8b 45
20
mov 0x20(%rbp),%rax
4007db: 48 89 47
10
mov %rax,0x10(%rdi)
4007df: 48 8b 45
28
mov 0x28(%rbp),%rax
4007e3: 48 89 47
18
mov %rax,0x18(%rdi)
4007e7: 48 8b 45
30
mov 0x30(%rbp),%rax
4007eb: 48 89 47
20
mov %rax,0x20(%rdi)
4007ef: 48 8b 45
38
mov 0x38(%rbp),%rax
4007f3: 48 89 47
28
mov %rax,0x28(%rdi)
4007f7: 48 8b 45
40
mov 0x40(%rbp),%rax
4007fb: 48 89 47
30
mov %rax,0x30(%rdi)
4007ff: 48 89
f8
mov %rdi,%rax
400802:
c9
leaveq
400803:
c3
retq
0000000000400804
<_Z41__static_initialization_and_destruction_0ii>:
400804:
55
push %rbp
400805: 48 89
e5
mov %rsp,%rbp
400808: 48 83 ec
10
sub $0x10,%rsp
40080c: 89 7d
fc
mov %edi,0xfffffffffffffffc(%rbp)
40080f: 89 75
f8
mov %esi,0xfffffffffffffff8(%rbp)
400812: 83 7d fc
01
cmpl $0x1,0xfffffffffffffffc(%rbp)
400816: 75
27
jne 40083f
<_Z41__static_initialization_and_destruction_0ii+0x3b>
400818: 81 7d f8 ff ff 00
00 cmpl $0xffff,0xfffffffffffffff8(%rbp)
40081f: 75
1e
jne 40083f
<_Z41__static_initialization_and_destruction_0ii+0x3b>
400821: bf 1c 0f 60
00 mov
$0x600f1c,%edi
400826: e8 35 fe ff
ff callq 400660
<_ZNSt8ios_base4InitC1Ev@plt>
40082b: ba 10 0a 40
00 mov
$0x400a10,%edx
400830: be 00 00 00
00 mov
$0x0,%esi
400835: bf 58 08 40
00 mov
$0x400858,%edi
40083a: e8 41 fe ff
ff callq 400680
<__cxa_atexit@plt>
40083f:
c9
leaveq
400840:
c3
retq
400841:
90
nop
0000000000400842
<_GLOBAL__I__Z15changeAAABBBCCC9AAABBBCCC>:
400842:
55
push %rbp
400843: 48 89
e5
mov %rsp,%rbp
400846: be ff ff 00
00 mov
$0xffff,%esi
40084b: bf 01 00 00
00 mov
$0x1,%edi
400850: e8 af ff ff
ff callq 400804
<_Z41__static_initialization_and_destruction_0ii>
400855:
c9
leaveq
400856:
c3
retq
400857:
90
nop
0000000000400858
<__tcf_0>:
400858:
55
push %rbp
400859: 48 89
e5
mov %rsp,%rbp
40085c: 48 83 ec
10
sub $0x10,%rsp
400860: 48 89 7d
f8
mov %rdi,0xfffffffffffffff8(%rbp)
400864: bf 1c 0f 60
00 mov
$0x600f1c,%edi
400869: e8 22 fe ff
ff callq 400690
<_ZNSt8ios_base4InitD1Ev@plt>
40086e:
c9
leaveq
40086f:
c3
retq
0000000000400870
<main>:
400870:
55
push %rbp
400871: 48 89
e5
mov %rsp,%rbp
400874: 48 81 ec c0 00 00
00 sub $0xc0,%rsp
40087b: 48 8d 7d
c0
lea 0xffffffffffffffc0(%rbp),%rdi
40087f: e8 66 00 00
00 callq 4008ea
<_ZN9AAABBBCCCC1Ev>
400884: 48 8d 7d
80
lea 0xffffffffffffff80(%rbp),%rdi
400888: 48 8b 45
c0
mov 0xffffffffffffffc0(%rbp),%rax
40088c: 48 89 04
24
mov %rax,(%rsp)
400890: 48 8b 45
c8
mov 0xffffffffffffffc8(%rbp),%rax
400894: 48 89 44 24
08 mov
%rax,0x8(%rsp)
400899: 48 8b 45
d0
mov 0xffffffffffffffd0(%rbp),%rax
40089d: 48 89 44 24
10 mov
%rax,0x10(%rsp)
4008a2: 48 8b 45
d8
mov 0xffffffffffffffd8(%rbp),%rax
4008a6: 48 89 44 24
18 mov
%rax,0x18(%rsp)
4008ab: 48 8b 45
e0
mov 0xffffffffffffffe0(%rbp),%rax
4008af: 48 89 44 24
20 mov
%rax,0x20(%rsp)
4008b4: 48 8b 45
e8
mov 0xffffffffffffffe8(%rbp),%rax
4008b8: 48 89 44 24
28 mov
%rax,0x28(%rsp)
4008bd: 48 8b 45
f0
mov 0xfffffffffffffff0(%rbp),%rax
4008c1: 48 89 44 24
30 mov
%rax,0x30(%rsp)
4008c6: e8 dd fe ff
ff callq 4007a8
<_Z15changeAAABBBCCC9AAABBBCCC>
4008cb: 8b 75
84
mov 0xffffffffffffff84(%rbp),%esi
4008ce: bf 00 0e 60
00 mov
$0x600e00,%edi
4008d3: e8 78 fd ff
ff callq 400650
<_ZNSolsEi@plt>
4008d8: 48 89
c7
mov %rax,%rdi
4008db: be b0 06 40
00 mov
$0x4006b0,%esi
4008e0: e8 bb fd ff
ff callq 4006a0
<_ZNSolsEPFRSoS_E@plt>
4008e5: 8b 45
80
mov 0xffffffffffffff80(%rbp),%eax
4008e8:
c9
leaveq
4008e9:
c3
retq
00000000004008ea
<_ZN9AAABBBCCCC1Ev>:
4008ea:
55
push %rbp
4008eb: 48 89
e5
mov %rsp,%rbp
4008ee: 48 89 7d
f8
mov %rdi,0xfffffffffffffff8(%rbp)
4008f2: 48 8b 45
f8
mov 0xfffffffffffffff8(%rbp),%rax
4008f6: c7 00 00 00 00
00 movl $0x0,(%rax)
4008fc: 48 8b 45
f8
mov 0xfffffffffffffff8(%rbp),%rax
400900: c7 40 04 01 00 00
00 movl $0x1,0x4(%rax)
400907: 48 8b 55
f8
mov 0xfffffffffffffff8(%rbp),%rdx
40090b: 48 b8 00 00 00 00
00 mov $0x3ff0000000000000,%rax
400912: 00 f0 3f
400915: 48 89 42
08
mov %rax,0x8(%rdx)
400919:
c9
leaveq
40091a:
c3
retq
40091b:
90
nop
40091c:
90
nop
40091d:
90
nop
40091e:
90
nop
40091f:
90
nop
0000000000400920
<__libc_csu_fini>:
400920: f3
c3
repz retq
400922: 0f 1f 80 00 00 00
00 nopl 0x0(%rax)
400929: 0f 1f 80 00 00 00
00 nopl 0x0(%rax)
0000000000400930
<__libc_csu_init>:
400930: 4c 89 64 24
e0 mov
%r12,0xffffffffffffffe0(%rsp)
400935: 4c 89 6c 24
e8 mov
%r13,0xffffffffffffffe8(%rsp)
40093a: 4c 8d 25 63 02 20
00 lea
2097763(%rip),%r12 # 600ba4
<__fini_array_end>
400941: 4c 89 74 24
f0 mov
%r14,0xfffffffffffffff0(%rsp)
400946: 4c 89 7c 24
f8 mov
%r15,0xfffffffffffffff8(%rsp)
40094b: 49 89
f6
mov %rsi,%r14
40094e: 48 89 5c 24
d0 mov
%rbx,0xffffffffffffffd0(%rsp)
400953: 48 89 6c 24
d8 mov
%rbp,0xffffffffffffffd8(%rsp)
400958: 48 83 ec
38
sub $0x38,%rsp
40095c: 41 89
ff
mov %edi,%r15d
40095f: 49 89
d5
mov %rdx,%r13
400962: e8 c1 fc ff
ff callq 400628
<_init>
400967: 48 8d 05 36 02 20
00 lea
2097718(%rip),%rax # 600ba4
<__fini_array_end>
40096e: 49 29
c4
sub %rax,%r12
400971: 49 c1 fc
03
sar $0x3,%r12
400975: 4d 85
e4
test %r12,%r12
400978: 74
1e
je 400998 <__libc_csu_init+0x68>
40097a: 31
ed
xor %ebp,%ebp
40097c: 48 89
c3
mov %rax,%rbx
40097f:
90
nop
400980: 48 83 c5
01
add $0x1,%rbp
400984: 4c 89
ea
mov %r13,%rdx
400987: 4c 89
f6
mov %r14,%rsi
40098a: 44 89
ff
mov %r15d,%edi
40098d: ff
13
callq *(%rbx)
40098f: 48 83 c3
08
add $0x8,%rbx
400993: 49 39
ec
cmp %rbp,%r12
400996: 75
e8
jne 400980 <__libc_csu_init+0x50>
400998: 48 8b 5c 24
08 mov
0x8(%rsp),%rbx
40099d: 48 8b 6c 24
10 mov
0x10(%rsp),%rbp
4009a2: 4c 8b 64 24
18 mov
0x18(%rsp),%r12
4009a7: 4c 8b 6c 24
20 mov
0x20(%rsp),%r13
4009ac: 4c 8b 74 24
28 mov
0x28(%rsp),%r14
4009b1: 4c 8b 7c 24
30 mov
0x30(%rsp),%r15
4009b6: 48 83 c4
38
add $0x38,%rsp
4009ba:
c3
retq
4009bb:
90
nop
4009bc:
90
nop
4009bd:
90
nop
4009be:
90
nop
4009bf:
90
nop
00000000004009c0
<__do_global_ctors_aux>:
4009c0:
55
push %rbp
4009c1: 48 89
e5
mov %rsp,%rbp
4009c4:
53
push %rbx
4009c5: bb b0 0b 60
00 mov
$0x600bb0,%ebx
4009ca: 48 83 ec
08
sub $0x8,%rsp
4009ce: 48 8b 05 db 01 20
00 mov
2097627(%rip),%rax # 600bb0
<__CTOR_LIST__+0x8>
4009d5: 48 83 f8
ff
cmp $0xffffffffffffffff,%rax
4009d9: 74
14
je 4009ef <__do_global_ctors_aux+0x2f>
4009db: 0f 1f 44 00
00 nopl
0x0(%rax,%rax,1)
4009e0: 48 83 eb
08
sub $0x8,%rbx
4009e4: ff
d0
callq *%rax
4009e6: 48 8b
03
mov (%rbx),%rax
4009e9: 48 83 f8
ff
cmp $0xffffffffffffffff,%rax
4009ed: 75
f1
jne 4009e0 <__do_global_ctors_aux+0x20>
4009ef: 48 83 c4
08
add $0x8,%rsp
4009f3:
5b
pop %rbx
4009f4:
c9
leaveq
4009f5:
c3
retq
4009f6:
90
nop
4009f7:
90
nop
Disassembly
of section .fini:
00000000004009f8
<_fini>:
4009f8: 48 83 ec
08
sub $0x8,%rsp
4009fc: e8 1f fd ff
ff callq 400720
<__do_global_dtors_aux>
400a01: 48 83 c4
08
add $0x8,%rsp
400a05:
c3
retq
4.
gdb myEx
start
(gdb)
disas /m
Dump
of assembler code for function main():
23
int main ()
0x0000000000400870 <+0>: push
%rbp
0x0000000000400871 <+1>: mov
%rsp,%rbp
0x0000000000400874 <+4>: sub
$0xc0,%rsp
24
{
25
AAABBBCCC m;
=>
0x000000000040087b <+11>: lea
-0x40(%rbp),%rdi
0x000000000040087f <+15>: callq 0x4008ea
<AAABBBCCC::AAABBBCCC()>
26
AAABBBCCC n = changeAAABBBCCC(m);
0x0000000000400884 <+20>: lea
-0x80(%rbp),%rdi
0x0000000000400888 <+24>: mov
-0x40(%rbp),%rax
0x000000000040088c <+28>: mov
%rax,(%rsp)
0x0000000000400890 <+32>: mov
-0x38(%rbp),%rax
0x0000000000400894 <+36>: mov
%rax,0x8(%rsp)
0x0000000000400899 <+41>: mov
-0x30(%rbp),%rax
0x000000000040089d <+45>: mov
%rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov
-0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov
%rax,0x18(%rsp)
0x00000000004008ab <+59>: mov
-0x20(%rbp),%rax
0x00000000004008af <+63>: mov
%rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov
-0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov
%rax,0x28(%rsp)
0x00000000004008bd <+77>: mov
-0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov
%rax,0x30(%rsp)
0x00000000004008c6 <+86>: callq 0x4007a8
<changeAAABBBCCC(AAABBBCCC)>
27
cout<<n.b<<endl;
0x00000000004008cb <+91>: mov
-0x7c(%rbp),%esi
0x00000000004008ce <+94>: mov
$0x600e00,%edi
0x00000000004008d3 <+99>: callq 0x400650
<_ZNSolsEi@plt>
0x00000000004008d8 <+104>: mov
%rax,%rdi
0x00000000004008db <+107>: mov
$0x4006b0,%esi
0x00000000004008e0 <+112>: callq 0x4006a0
<_ZNSolsEPFRSoS_E@plt>
28
return n.a;
0x00000000004008e5 <+117>: mov
-0x80(%rbp),%eax
29
}
0x00000000004008e8 <+120>: leaveq
0x00000000004008e9 <+121>: retq
End
of assembler dump.
5. (gdb)
i reg
rax
0x3651153a60 233288579680
rbx
0x3650c1bbc0 233283107776
rcx
0x4 4
rdx
0x7fffffffe618 140737488348696
rsi
0x7fffffffe608 140737488348680
rdi
0x1 1
rbp
0x7fffffffe520 0x7fffffffe520
rsp
0x7fffffffe460 0x7fffffffe460
r8
0x3651152370 233288573808
r9
0x3650a0d620 233280951840
r10
0x0 0
r11
0x3650e33560 233285301600
r12
0x0 0
r13
0x7fffffffe600 140737488348672
r14
0x0 0
r15
0x0 0
rip
0x40087b 0x40087b <main()+11>
eflags
0x206 [ PF IF ]
cs
0x33 51
ss
0x2b 43
ds
0x0 0
es
0x0 0
fs
0x0 0
gs
0x0 0
fctrl
0x37f 895
fstat
0x0 0
ftag
0xffff 65535
fiseg
0x0 0
fioff
0x0 0
foseg
0x0 0
fooff
0x0 0
fop
0x0 0
mxcsr
0x1f80 [ IM DM ZM OM UM PM ]
此时箭头指向的是c++代码的第25行,在进入main函数后,执行了三句汇编,也就是第23到24行之间的这三句,
0x0000000000400870 <+0>: push
%rbp
0x0000000000400871 <+1>: mov
%rsp,%rbp
0x0000000000400874 <+4>: sub
$0xc0,%rsp
这三句首先将%rbp寄存器里的值压入栈内,然后把栈指针%rsp所指的地址保存到%rbp寄存器中,最后把堆栈指针往下移
0xC0个字节(请记住,堆栈是由高地址往低地址生长的),这时候从上面的i
reg 可以看出,
rbp
0x7fffffffe520
rsp
0x7fffffffe460 (和rbp之间的距离正好是0xC0)
为什么会要留下这段0xC0的空间呢?这12*16字节的内容主要是main函数的栈帧。
接下来执行x,查看从rsp的位置开始往上走的30个8字节地址的内容,如下所示。
(gdb)
x /30xg 0x7fffffffe460
0x7fffffffe460:
0x0000000000400858 0x0000003650e33581
0x7fffffffe470:
0x0000000000600ba8 0x00007fffffffe4a0
0x7fffffffe480:
0x0000000000600ba4 0x000000000040083f
0x7fffffffe490:
0x0000000000000000 0x000000010000ffff
0x7fffffffe4a0:
0x00007fffffffe4b0 0x0000000000400855
0x7fffffffe4b0:
0x00007fffffffe4d0 0x00000000004009e6
0x7fffffffe4c0:
0x0000003650e08150 0x0000003650c1bbc0
0x7fffffffe4d0:
0x0000000000400930 0x000000000040063b
0x7fffffffe4e0:
0x00000036548ef100 0x0000000000400967
0x7fffffffe4f0:
0x00000036548e6100 0x0000003650c1bbc0
0x7fffffffe500:
0x0000000000400930 0x0000000000000000
0x7fffffffe510:
0x00007fffffffe600 0x0000000000000000
0x7fffffffe520:
0x0000000000000000 0x0000003650e1d994
0x7fffffffe530:
0x00000000004006d0 0x00007fffffffe608
0x7fffffffe540:
0x0000000100000000 0x0000000000400870
6.
执行si
(gdb)
si
0x000000000040087f
25 AAABBBCCC m;
(gdb)
disas /m
Dump
of assembler code for function main():
23
int main ()
0x0000000000400870 <+0>: push
%rbp
0x0000000000400871 <+1>: mov
%rsp,%rbp
0x0000000000400874 <+4>: sub
$0xc0,%rsp
24
{
25
AAABBBCCC m;
0x000000000040087b <+11>: lea
-0x40(%rbp),%rdi
=>
0x000000000040087f <+15>: callq 0x4008ea
<AAABBBCCC::AAABBBCCC()>
26
AAABBBCCC n = changeAAABBBCCC(m);
0x0000000000400884 <+20>: lea
-0x80(%rbp),%rdi
0x0000000000400888 <+24>: mov
-0x40(%rbp),%rax
0x000000000040088c <+28>: mov
%rax,(%rsp)
0x0000000000400890 <+32>: mov
-0x38(%rbp),%rax
0x0000000000400894 <+36>: mov
%rax,0x8(%rsp)
0x0000000000400899 <+41>: mov
-0x30(%rbp),%rax
0x000000000040089d <+45>: mov
%rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov
-0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov
%rax,0x18(%rsp)
0x00000000004008ab <+59>: mov
-0x20(%rbp),%rax
0x00000000004008af <+63>: mov
%rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov
-0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov
%rax,0x28(%rsp)
0x00000000004008bd <+77>: mov
-0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov
%rax,0x30(%rsp)
0x00000000004008c6 <+86>: callq 0x4007a8
<changeAAABBBCCC(AAABBBCCC)>
27
cout<<n.b<<endl;
0x00000000004008cb <+91>: mov
-0x7c(%rbp),%esi
0x00000000004008ce <+94>: mov
$0x600e00,%edi
0x00000000004008d3 <+99>: callq 0x400650
<_ZNSolsEi@plt>
0x00000000004008d8 <+104>: mov
%rax,%rdi
0x00000000004008db <+107>: mov
$0x4006b0,%esi
0x00000000004008e0 <+112>: callq 0x4006a0
<_ZNSolsEPFRSoS_E@plt>
28
return n.a;
0x00000000004008e5 <+117>: mov
-0x80(%rbp),%eax
29
}
0x00000000004008e8 <+120>: leaveq
0x00000000004008e9 <+121>: retq
---Type
<return> to continue, or q <return> to quit---
End
of assembler dump.
(gdb)
i reg
rax
0x3651153a60 233288579680
rbx
0x3650c1bbc0 233283107776
rcx
0x4 4
rdx
0x7fffffffe618 140737488348696
rsi
0x7fffffffe608 140737488348680
rdi
0x7fffffffe4e0 140737488348384
rbp
0x7fffffffe520 0x7fffffffe520
rsp
0x7fffffffe460 0x7fffffffe460
r8
0x3651152370 233288573808
r9
0x3650a0d620 233280951840
r10
0x0 0
r11
0x3650e33560 233285301600
r12
0x0 0
r13
0x7fffffffe600 140737488348672
r14
0x0 0
r15
0x0 0
rip
0x40087f 0x40087f <main()+15>
eflags
0x206 [ PF IF ]
cs
0x33 51
ss
0x2b 43
ds
0x0 0
es
0x0 0
fs
0x0 0
gs
0x0 0
fctrl
0x37f 895
fstat
0x0 0
ftag
0xffff 65535
fiseg
0x0 0
fioff
0x0 0
foseg
0x0 0
fooff
0x0 0
fop
0x0 0
mxcsr
0x1f80 [ IM DM ZM OM UM PM ]
可以看到rdi的值被赋为 0x7fffffffe4e0,这是 lea
-0x40(%rbp),%rdi执行的结果,将寄存器rbp所指的地址值向下移动0x40字节所得的地址赋给rdi寄存器。
这是为调用AAABBBCCC的构造函数做准备,构造函数真实的第一个参数其实是this指针,也就是这里%rdi的地址值,C++就是在栈上从这个地址开始了对一个AAABBBCCC对象,也就是m的构造,(不信的可以写一个带参数的构造函数,调用的时候,我们代码里的第一个参数,其实是传递给rsi或者esi寄存器的),
可以看出sizeof(AAABBBCCC)
= 56,而栈上预留了64字节的空间,这可能是编译器为了方便内存管理而故意留了8字节的空洞,后面我们可以进一步验证这个猜想。
7.
继续si往下走-------------------------------------------------------------------------------------------------------------------------------------------------------------------
(gdb)
si
AAABBBCCC::AAABBBCCC
(this=0x3) at myEx.cpp:6
6
AAABBBCCC():a(0),b(1),c(1.0){}
(gdb)
disas /m
Dump
of assembler code for function AAABBBCCC::AAABBBCCC():
6
AAABBBCCC():a(0),b(1),c(1.0){}
=>
0x00000000004008ea <+0>: push
%rbp
0x00000000004008eb <+1>: mov
%rsp,%rbp
0x00000000004008ee <+4>: mov
%rdi,-0x8(%rbp)
0x00000000004008f2 <+8>: mov
-0x8(%rbp),%rax
0x00000000004008f6 <+12>: movl
$0x0,(%rax)
0x00000000004008fc <+18>: mov
-0x8(%rbp),%rax
0x0000000000400900 <+22>: movl
$0x1,0x4(%rax)
0x0000000000400907 <+29>: mov
-0x8(%rbp),%rdx
0x000000000040090b <+33>: movabs
$0x3ff0000000000000,%rax
0x0000000000400915 <+43>: mov
%rax,0x8(%rdx)
0x0000000000400919 <+47>: leaveq
0x000000000040091a <+48>: retq
End
of assembler dump.
(gdb)
i reg
rax
0x3651153a60 233288579680
rbx
0x3650c1bbc0 233283107776
rcx
0x4 4
rdx
0x7fffffffe618 140737488348696
rsi
0x7fffffffe608 140737488348680
rdi
0x7fffffffe4e0 140737488348384
rbp
0x7fffffffe520 0x7fffffffe520
rsp
0x7fffffffe458 0x7fffffffe458
r8
0x3651152370 233288573808
r9
0x3650a0d620 233280951840
r10
0x0 0
r11
0x3650e33560 233285301600
r12
0x0 0
r13
0x7fffffffe600 140737488348672
r14
0x0 0
r15
0x0 0
rip
0x4008ea 0x4008ea <AAABBBCCC::AAABBBCCC()>
eflags
0x206 [ PF IF ]
cs
0x33 51
ss
0x2b 43
ds
0x0 0
es
0x0 0
fs
0x0 0
gs
0x0 0
fctrl
0x37f 895
fstat
0x0 0
ftag
0xffff 65535
fiseg
0x0 0
fioff
0x0 0
foseg
0x0 0
fooff
0x0 0
fop
0x0 0
mxcsr
0x1f80 [ IM DM ZM OM UM PM ]
(gdb)
x /30xg 0x7fffffffe458
0x7fffffffe458:
0x0000000000400884 0x0000000000400858
0x7fffffffe468:
0x0000003650e33581 0x0000000000600ba8
0x7fffffffe478:
0x00007fffffffe4a0 0x0000000000600ba4
0x7fffffffe488:
0x000000000040083f 0x0000000000000000
0x7fffffffe498:
0x000000010000ffff 0x00007fffffffe4b0
0x7fffffffe4a8:
0x0000000000400855 0x00007fffffffe4d0
0x7fffffffe4b8:
0x00000000004009e6 0x0000003650e08150
0x7fffffffe4c8:
0x0000003650c1bbc0 0x0000000000400930
0x7fffffffe4d8:
0x000000000040063b 0x00000036548ef100
0x7fffffffe4e8:
0x0000000000400967 0x00000036548e6100
0x7fffffffe4f8:
0x0000003650c1bbc0 0x0000000000400930
0x7fffffffe508:
0x0000000000000000 0x00007fffffffe600
0x7fffffffe518:
0x0000000000000000 0x0000000000000000
0x7fffffffe528:
0x0000003650e1d994 0x00000000004006d0
0x7fffffffe538:
0x00007fffffffe608 0x0000000100000000
这时候已经正式进入到AAABBBCCC的构造函数里来了,发现rsp已经变为0x7fffffffe458了,没进入之前是0x7fffffffe460,究竟是什么占据了这8字节呢?
猜测可能是个地址,但是是什么地址呢?用x看一下,发现是0x0000000000400884,对照一下objdump的输出,发现是构造函数完成后的下一条指令的地址,
400884:
48 8d 7d
80
lea 0xffffffffffffff80(%rbp),%rdi
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
8.
继续si
(gdb)
si
0x00000000004008eb
6
AAABBBCCC():a(0),b(1),c(1.0){}
(gdb)
disas /m
Dump
of assembler code for function AAABBBCCC::AAABBBCCC():
6
AAABBBCCC():a(0),b(1),c(1.0){}
0x00000000004008ea <+0>: push
%rbp
=>
0x00000000004008eb <+1>: mov
%rsp,%rbp
0x00000000004008ee <+4>: mov
%rdi,-0x8(%rbp)
0x00000000004008f2 <+8>: mov
-0x8(%rbp),%rax
0x00000000004008f6 <+12>: movl
$0x0,(%rax)
0x00000000004008fc <+18>: mov
-0x8(%rbp),%rax
0x0000000000400900 <+22>: movl
$0x1,0x4(%rax)
0x0000000000400907 <+29>: mov
-0x8(%rbp),%rdx
0x000000000040090b <+33>: movabs
$0x3ff0000000000000,%rax
0x0000000000400915 <+43>: mov
%rax,0x8(%rdx)
0x0000000000400919 <+47>: leaveq
0x000000000040091a <+48>: retq
End
of assembler dump.
(gdb)
i reg
rax
0x3651153a60 233288579680
rbx
0x3650c1bbc0 233283107776
rcx
0x4 4
rdx
0x7fffffffe618 140737488348696
rsi
0x7fffffffe608 140737488348680
rdi
0x7fffffffe4e0 140737488348384
rbp
0x7fffffffe520 0x7fffffffe520
rsp
0x7fffffffe450 0x7fffffffe450
r8
0x3651152370 233288573808
r9
0x3650a0d620 233280951840
r10
0x0 0
r11
0x3650e33560 233285301600
r12
0x0 0
r13
0x7fffffffe600 140737488348672
r14
0x0 0
r15
0x0 0
rip
0x4008eb 0x4008eb <AAABBBCCC::AAABBBCCC()+1>
eflags
0x206 [ PF IF ]
cs
0x33 51
ss
0x2b 43
ds
0x0 0
es
0x0 0
fs
0x0 0
gs
0x0 0
fctrl
0x37f 895
fstat
0x0 0
ftag
0xffff 65535
fiseg
0x0 0
fioff
0x0 0
foseg
0x0 0
fooff
0x0 0
fop
0x0 0
mxcsr
0x1f80 [ IM DM ZM OM UM PM ]
rbp入栈了,rsp=0x7fffffffe450了
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
9.
继续si
(gdb)
si
0x00000000004008ee
6
AAABBBCCC():a(0),b(1),c(1.0){}
(gdb)
disas /m
Dump
of assembler code for function AAABBBCCC::AAABBBCCC():
6
AAABBBCCC():a(0),b(1),c(1.0){}
0x00000000004008ea <+0>: push
%rbp
0x00000000004008eb <+1>: mov
%rsp,%rbp
=>
0x00000000004008ee <+4>: mov
%rdi,-0x8(%rbp)
0x00000000004008f2 <+8>: mov
-0x8(%rbp),%rax
0x00000000004008f6 <+12>: movl
$0x0,(%rax)
0x00000000004008fc <+18>: mov
-0x8(%rbp),%rax
0x0000000000400900 <+22>: movl
$0x1,0x4(%rax)
0x0000000000400907 <+29>: mov
-0x8(%rbp),%rdx
0x000000000040090b <+33>: movabs
$0x3ff0000000000000,%rax
0x0000000000400915 <+43>: mov
%rax,0x8(%rdx)
0x0000000000400919 <+47>: leaveq
0x000000000040091a <+48>: retq
End
of assembler dump.
(gdb)
i reg
rax
0x3651153a60 233288579680
rbx
0x3650c1bbc0 233283107776
rcx
0x4 4
rdx
0x7fffffffe618 140737488348696
rsi
0x7fffffffe608 140737488348680
rdi
0x7fffffffe4e0 140737488348384
rbp
0x7fffffffe450 0x7fffffffe450
rsp
0x7fffffffe450 0x7fffffffe450
r8
0x3651152370 233288573808
r9
0x3650a0d620 233280951840
r10
0x0 0
r11
0x3650e33560 233285301600
r12
0x0 0
r13
0x7fffffffe600 140737488348672
r14
0x0 0
r15
0x0 0
rip
0x4008ee 0x4008ee <AAABBBCCC::AAABBBCCC()+4>
eflags
0x206 [ PF IF ]
cs
0x33 51
ss
0x2b 43
ds
0x0 0
es
0x0 0
fs
0x0 0
gs
0x0 0
fctrl
0x37f 895
fstat
0x0 0
ftag
0xffff 65535
fiseg
0x0 0
fioff
0x0 0
foseg
0x0 0
fooff
0x0 0
fop
0x0 0
mxcsr
0x1f80 [ IM DM ZM OM UM PM ]
rbp
= rsp = 0x7fffffffe450
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
10.
继续si
(gdb)
si
0x00000000004008ee
6
AAABBBCCC():a(0),b(1),c(1.0){}
(gdb)
disas /m
Dump
of assembler code for function AAABBBCCC::AAABBBCCC():
6
AAABBBCCC():a(0),b(1),c(1.0){}
0x00000000004008ea <+0>: push
%rbp
0x00000000004008eb <+1>: mov
%rsp,%rbp
=>
0x00000000004008ee <+4>: mov
%rdi,-0x8(%rbp)
0x00000000004008f2 <+8>: mov
-0x8(%rbp),%rax
0x00000000004008f6 <+12>: movl
$0x0,(%rax)
0x00000000004008fc <+18>: mov
-0x8(%rbp),%rax
0x0000000000400900 <+22>: movl
$0x1,0x4(%rax)
0x0000000000400907 <+29>: mov
-0x8(%rbp),%rdx
0x000000000040090b <+33>: movabs
$0x3ff0000000000000,%rax
0x0000000000400915 <+43>: mov
%rax,0x8(%rdx)
0x0000000000400919 <+47>: leaveq
0x000000000040091a <+48>: retq
End
of assembler dump.
(gdb)
i reg
rax
0x3651153a60 233288579680
rbx
0x3650c1bbc0 233283107776
rcx
0x4 4
rdx
0x7fffffffe618 140737488348696
rsi
0x7fffffffe608 140737488348680
rdi
0x7fffffffe4e0 140737488348384
rbp
0x7fffffffe450 0x7fffffffe450
rsp
0x7fffffffe450 0x7fffffffe450
r8
0x3651152370 233288573808
r9
0x3650a0d620 233280951840
r10
0x0 0
r11
0x3650e33560 233285301600
r12
0x0 0
r13
0x7fffffffe600 140737488348672
r14
0x0 0
r15
0x0 0
rip
0x4008ee 0x4008ee <AAABBBCCC::AAABBBCCC()+4>
eflags
0x206 [ PF IF ]
cs
0x33 51
ss
0x2b 43
ds
0x0 0
es
0x0 0
fs
0x0 0
gs
0x0 0
fctrl
0x37f 895
fstat
0x0 0
ftag
0xffff 65535
fiseg
0x0 0
fioff
0x0 0
foseg
0x0 0
fooff
0x0 0
fop
0x0 0
mxcsr
0x1f80 [ IM DM ZM OM UM PM ]
(gdb)
x /16xg 0x7fffffffe448
0x7fffffffe448:
0x00007fffffffe4e0 0x00007fffffffe520
0x7fffffffe458:
0x0000000000400884 0x0000000000400858
0x7fffffffe468:
0x0000003650e33581 0x0000000000600ba8
0x7fffffffe478:
0x00007fffffffe4a0 0x0000000000600ba4
0x7fffffffe488:
0x000000000040083f 0x0000000000000000
0x7fffffffe498:
0x000000010000ffff 0x00007fffffffe4b0
0x7fffffffe4a8:
0x0000000000400855 0x00007fffffffe4d0
0x7fffffffe4b8:
0x00000000004009e6 0x0000003650e08150
内存448的位置存放了rdi的内容,也就是4e0。
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
11.
继续si
(gdb)
si
0x00000000004008f6
6
AAABBBCCC():a(0),b(1),c(1.0){}
(gdb)
i reg
rax
0x7fffffffe4e0 140737488348384
rbx
0x3650c1bbc0 233283107776
rcx
0x4 4
rdx
0x7fffffffe618 140737488348696
rsi
0x7fffffffe608 140737488348680
rdi
0x7fffffffe4e0 140737488348384
rbp
0x7fffffffe450 0x7fffffffe450
rsp
0x7fffffffe450 0x7fffffffe450
r8
0x3651152370 233288573808
r9
0x3650a0d620 233280951840
r10
0x0 0
r11
0x3650e33560 233285301600
r12
0x0 0
r13
0x7fffffffe600 140737488348672
r14
0x0 0
r15
0x0 0
rip
0x4008f6 0x4008f6 <AAABBBCCC::AAABBBCCC()+12>
eflags
0x206 [ PF IF ]
cs
0x33 51
ss
0x2b 43
ds
0x0 0
es
0x0 0
fs
0x0 0
gs
0x0 0
fctrl
0x37f 895
fstat
0x0 0
ftag
0xffff 65535
fiseg
0x0 0
fioff
0x0 0
foseg
0x0 0
fooff
0x0 0
fop
0x0 0
mxcsr
0x1f80 [ IM DM ZM OM UM PM ]
(gdb)
disas /m
Dump
of assembler code for function AAABBBCCC::AAABBBCCC():
6
AAABBBCCC():a(0),b(1),c(1.0){}
0x00000000004008ea <+0>: push
%rbp
0x00000000004008eb <+1>: mov
%rsp,%rbp
0x00000000004008ee <+4>: mov
%rdi,-0x8(%rbp)
0x00000000004008f2 <+8>: mov
-0x8(%rbp),%rax
=>
0x00000000004008f6 <+12>: movl
$0x0,(%rax)
0x00000000004008fc <+18>: mov
-0x8(%rbp),%rax
0x0000000000400900 <+22>: movl
$0x1,0x4(%rax)
0x0000000000400907 <+29>: mov
-0x8(%rbp),%rdx
0x000000000040090b <+33>: movabs
$0x3ff0000000000000,%rax
0x0000000000400915 <+43>: mov
%rax,0x8(%rdx)
0x0000000000400919 <+47>: leaveq
0x000000000040091a <+48>: retq
End
of assembler dump.
执行完后,%rax的值是448内存中的地址值0x7fffffffe4e0,rax一般是用来做函数返回值的寄存器,这里我们调用的是构造函数,当然也算。
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
12.
继续si
继续si
(gdb)
si
0x00000000004008fc
6
AAABBBCCC():a(0),b(1),c(1.0){}
(gdb)
i reg
rax
0x7fffffffe4e0 140737488348384
rbx
0x3650c1bbc0 233283107776
rcx
0x4 4
rdx
0x7fffffffe618 140737488348696
rsi
0x7fffffffe608 140737488348680
rdi
0x7fffffffe4e0 140737488348384
rbp
0x7fffffffe450 0x7fffffffe450
rsp
0x7fffffffe450 0x7fffffffe450
r8
0x3651152370 233288573808
r9
0x3650a0d620 233280951840
r10
0x0 0
r11
0x3650e33560 233285301600
r12
0x0 0
r13
0x7fffffffe600 140737488348672
r14
0x0 0
r15
0x0 0
rip
0x4008fc 0x4008fc <AAABBBCCC::AAABBBCCC()+18>
eflags
0x206 [ PF IF ]
cs
0x33 51
ss
0x2b 43
ds
0x0 0
es
0x0 0
fs
0x0 0
gs
0x0 0
fctrl
0x37f 895
fstat
0x0 0
ftag
0xffff 65535
fiseg
0x0 0
fioff
0x0 0
foseg
0x0 0
fooff
0x0 0
fop
0x0 0
mxcsr
0x1f80 [ IM DM ZM OM UM PM ]
(gdb)
disas /m
Dump
of assembler code for function AAABBBCCC::AAABBBCCC():
6
AAABBBCCC():a(0),b(1),c(1.0){}
0x00000000004008ea <+0>: push
%rbp
0x00000000004008eb <+1>: mov
%rsp,%rbp
0x00000000004008ee <+4>: mov
%rdi,-0x8(%rbp)
0x00000000004008f2 <+8>: mov
-0x8(%rbp),%rax
0x00000000004008f6 <+12>: movl
$0x0,(%rax)
=>
0x00000000004008fc <+18>: mov
-0x8(%rbp),%rax
0x0000000000400900 <+22>: movl
$0x1,0x4(%rax)
0x0000000000400907 <+29>: mov
-0x8(%rbp),%rdx
0x000000000040090b <+33>: movabs
$0x3ff0000000000000,%rax
0x0000000000400915 <+43>: mov
%rax,0x8(%rdx)
0x0000000000400919 <+47>: leaveq
0x000000000040091a <+48>: retq
End
of assembler dump.
(gdb)
x /4xg 0x7fffffffe4e0
0x7fffffffe4e0:
0x0000003600000000 0x0000000000400967
0x7fffffffe4f0:
0x00000036548e6100 0x0000003650c1bbc0
4e0位置的低4字节已经被置为0了,也就是说m.a已经被赋值,接着看看这条指令的上下文,发现是先给m.a赋值,接着给m.b赋值,m.b=1,接着是在地址4e8的位置赋值浮点数2.0,然后返回。
这里leaveq相当于:
movq
%rbp, %rsp
popq
%rbp
retq相当于:
popq
%rip
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
13. 一直si,执行完构造函数,
(gdb)
disas /m
Dump of assembler code for function main():
23 int main ()
0x0000000000400870 <+0>: push %rbp
0x0000000000400871 <+1>: mov %rsp,%rbp
0x0000000000400874 <+4>: sub $0xc0,%rsp
24 {
25 AAABBBCCC m;
0x000000000040087b <+11>: lea -0x40(%rbp),%rdi
0x000000000040087f <+15>: callq 0x4008ea <AAABBBCCC::AAABBBCCC()>
26 AAABBBCCC n = changeAAABBBCCC(m);
=> 0x0000000000400884 <+20>: lea -0x80(%rbp),%rdi
0x0000000000400888 <+24>: mov -0x40(%rbp),%rax
0x000000000040088c <+28>: mov %rax,(%rsp)
0x0000000000400890 <+32>: mov -0x38(%rbp),%rax
0x0000000000400894 <+36>: mov %rax,0x8(%rsp)
0x0000000000400899 <+41>: mov -0x30(%rbp),%rax
0x000000000040089d <+45>: mov %rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov -0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov %rax,0x18(%rsp)
0x00000000004008ab <+59>: mov -0x20(%rbp),%rax
0x00000000004008af <+63>: mov %rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov -0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov %rax,0x28(%rsp)
0x00000000004008bd <+77>: mov -0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov %rax,0x30(%rsp)
0x00000000004008c6 <+86>: callq 0x4007a8 <changeAAABBBCCC(AAABBBCCC)>
27 cout<<n.b<<endl;
0x00000000004008cb <+91>: mov -0x7c(%rbp),%esi
0x00000000004008ce <+94>: mov $0x600e00,%edi
0x00000000004008d3 <+99>: callq 0x400650 <_ZNSolsEi@plt>
0x00000000004008d8 <+104>: mov %rax,%rdi
0x00000000004008db <+107>: mov $0x4006b0,%esi
0x00000000004008e0 <+112>: callq 0x4006a0 <_ZNSolsEPFRSoS_E@plt>
28 return n.a;
0x00000000004008e5 <+117>: mov -0x80(%rbp),%eax
29 }
0x00000000004008e8 <+120>: leaveq
0x00000000004008e9 <+121>: retq
---Type <return> to continue, or q <return> to quit---
End of assembler dump.
(gdb) i reg
rax 0x3ff0000000000000 4607182418800017408
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe4e0 140737488348384
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4e0 140737488348384
rbp 0x7fffffffe520 0x7fffffffe520
rsp 0x7fffffffe460 0x7fffffffe460
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x400884 0x400884 <main()+20>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
Dump of assembler code for function main():
23 int main ()
0x0000000000400870 <+0>: push %rbp
0x0000000000400871 <+1>: mov %rsp,%rbp
0x0000000000400874 <+4>: sub $0xc0,%rsp
24 {
25 AAABBBCCC m;
0x000000000040087b <+11>: lea -0x40(%rbp),%rdi
0x000000000040087f <+15>: callq 0x4008ea <AAABBBCCC::AAABBBCCC()>
26 AAABBBCCC n = changeAAABBBCCC(m);
=> 0x0000000000400884 <+20>: lea -0x80(%rbp),%rdi
0x0000000000400888 <+24>: mov -0x40(%rbp),%rax
0x000000000040088c <+28>: mov %rax,(%rsp)
0x0000000000400890 <+32>: mov -0x38(%rbp),%rax
0x0000000000400894 <+36>: mov %rax,0x8(%rsp)
0x0000000000400899 <+41>: mov -0x30(%rbp),%rax
0x000000000040089d <+45>: mov %rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov -0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov %rax,0x18(%rsp)
0x00000000004008ab <+59>: mov -0x20(%rbp),%rax
0x00000000004008af <+63>: mov %rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov -0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov %rax,0x28(%rsp)
0x00000000004008bd <+77>: mov -0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov %rax,0x30(%rsp)
0x00000000004008c6 <+86>: callq 0x4007a8 <changeAAABBBCCC(AAABBBCCC)>
27 cout<<n.b<<endl;
0x00000000004008cb <+91>: mov -0x7c(%rbp),%esi
0x00000000004008ce <+94>: mov $0x600e00,%edi
0x00000000004008d3 <+99>: callq 0x400650 <_ZNSolsEi@plt>
0x00000000004008d8 <+104>: mov %rax,%rdi
0x00000000004008db <+107>: mov $0x4006b0,%esi
0x00000000004008e0 <+112>: callq 0x4006a0 <_ZNSolsEPFRSoS_E@plt>
28 return n.a;
0x00000000004008e5 <+117>: mov -0x80(%rbp),%eax
29 }
0x00000000004008e8 <+120>: leaveq
0x00000000004008e9 <+121>: retq
---Type <return> to continue, or q <return> to quit---
End of assembler dump.
(gdb) i reg
rax 0x3ff0000000000000 4607182418800017408
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe4e0 140737488348384
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4e0 140737488348384
rbp 0x7fffffffe520 0x7fffffffe520
rsp 0x7fffffffe460 0x7fffffffe460
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x400884 0x400884 <main()+20>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
(gdb)
x /10xg 0x7fffffffe4e0
0x7fffffffe4e0: 0x0000000100000000 0x3ff0000000000000
0x7fffffffe4f0: 0x00000036548e6100 0x0000003650c1bbc0
0x7fffffffe500: 0x0000000000400930 0x0000000000000000
0x7fffffffe510: 0x00007fffffffe600 0x0000000000000000
0x7fffffffe520: 0x0000000000000000 0x0000003650e1d994
0x7fffffffe4e0: 0x0000000100000000 0x3ff0000000000000
0x7fffffffe4f0: 0x00000036548e6100 0x0000003650c1bbc0
0x7fffffffe500: 0x0000000000400930 0x0000000000000000
0x7fffffffe510: 0x00007fffffffe600 0x0000000000000000
0x7fffffffe520: 0x0000000000000000 0x0000003650e1d994
发现,栈的sp和bp值回归到了步骤6的模样,就像什么事情也没有发生过一样,期间,我们发现,m中的数组d并没有进行任何的赋值,里面的值是乱值,所以这也进一步确定了类里的成员变量的初始值是不确定的,这一点符合C++的语法,但是编译器其实是可以聪明一点的,取决于有没有必要,如果要的话,可能会额外调用一下memset。
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
14. 继续si,接下来对后续的执行情况进行step by step的分析
26 AAABBBCCC n =
changeAAABBBCCC(m);
0x0000000000400884 <+20>: lea -0x80(%rbp),%rdi 将rbp地址值(0x7fffffffe520)-0x80,然后赋值给%rdi(存的是0x7fffffffe4a0)
0x0000000000400884 <+20>: lea -0x80(%rbp),%rdi 将rbp地址值(0x7fffffffe520)-0x80,然后赋值给%rdi(存的是0x7fffffffe4a0)
0x0000000000400888 <+24>:
mov -0x40(%rbp),%rax
将地址值(0x7fffffffe4e0)处的内容赋值给%rax,%rax=0x100000000
0x000000000040088c <+28>: mov %rax,(%rsp) 将%rax里的值赋值给%rsp所指的地址(0x7fffffffe460), 这个地址现在里面存的是0x100000000
=> 0x0000000000400890 <+32>: mov -0x38(%rbp),%rax 将地址值(0x7fffffffe4e8)处的内容赋值给%rax,%rax=0x3ff0000000000000 (浮点数2.0)
0x0000000000400894 <+36>: mov %rax,0x8(%rsp) 将%rax里的值赋值给%rsp所指的地址(0x7fffffffe468), 这个地址现在里面存的是0x3ff0000000000000
0x0000000000400899 <+41>: mov -0x30(%rbp),%rax 接下来的这10个语句是把5*8个字节,也就是数组m.d,的拷贝,由于没有初始化,所以还是乱值。
0x000000000040089d <+45>: mov %rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov -0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov %rax,0x18(%rsp)
0x00000000004008ab <+59>: mov -0x20(%rbp),%rax
0x00000000004008af <+63>: mov %rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov -0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov %rax,0x28(%rsp)
0x00000000004008bd <+77>: mov -0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov %rax,0x30(%rsp)
0x00000000004008c6 <+86>: callq 0x4007a8 <changeAAABBBCCC(AAABBBCCC)> 调用changeAAABBBCCC函数,
0x000000000040088c <+28>: mov %rax,(%rsp) 将%rax里的值赋值给%rsp所指的地址(0x7fffffffe460), 这个地址现在里面存的是0x100000000
=> 0x0000000000400890 <+32>: mov -0x38(%rbp),%rax 将地址值(0x7fffffffe4e8)处的内容赋值给%rax,%rax=0x3ff0000000000000 (浮点数2.0)
0x0000000000400894 <+36>: mov %rax,0x8(%rsp) 将%rax里的值赋值给%rsp所指的地址(0x7fffffffe468), 这个地址现在里面存的是0x3ff0000000000000
0x0000000000400899 <+41>: mov -0x30(%rbp),%rax 接下来的这10个语句是把5*8个字节,也就是数组m.d,的拷贝,由于没有初始化,所以还是乱值。
0x000000000040089d <+45>: mov %rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov -0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov %rax,0x18(%rsp)
0x00000000004008ab <+59>: mov -0x20(%rbp),%rax
0x00000000004008af <+63>: mov %rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov -0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov %rax,0x28(%rsp)
0x00000000004008bd <+77>: mov -0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov %rax,0x30(%rsp)
0x00000000004008c6 <+86>: callq 0x4007a8 <changeAAABBBCCC(AAABBBCCC)> 调用changeAAABBBCCC函数,
到达这一步,内存分布如下所示:
15. 继续si,调用changeAAABBBCCC之前的现场如下:
(gdb) i
reg
rax 0x7fffffffe600 140737488348672
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe4e0 140737488348384
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4a0 140737488348320
rbp 0x7fffffffe520 0x7fffffffe520
rsp 0x7fffffffe460 0x7fffffffe460
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x4008c6 0x4008c6 <main()+86>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
(gdb) disas /m
Dump of assembler code for function main():
23 int main ()
0x0000000000400870 <+0>: push %rbp
0x0000000000400871 <+1>: mov %rsp,%rbp
0x0000000000400874 <+4>: sub $0xc0,%rsp
24 {
25 AAABBBCCC m;
0x000000000040087b <+11>: lea -0x40(%rbp),%rdi
0x000000000040087f <+15>: callq 0x4008ea <AAABBBCCC::AAABBBCCC()>
26 AAABBBCCC n = changeAAABBBCCC(m);
0x0000000000400884 <+20>: lea -0x80(%rbp),%rdi
0x0000000000400888 <+24>: mov -0x40(%rbp),%rax
0x000000000040088c <+28>: mov %rax,(%rsp)
0x0000000000400890 <+32>: mov -0x38(%rbp),%rax
0x0000000000400894 <+36>: mov %rax,0x8(%rsp)
0x0000000000400899 <+41>: mov -0x30(%rbp),%rax
0x000000000040089d <+45>: mov %rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov -0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov %rax,0x18(%rsp)
0x00000000004008ab <+59>: mov -0x20(%rbp),%rax
0x00000000004008af <+63>: mov %rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov -0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov %rax,0x28(%rsp)
0x00000000004008bd <+77>: mov -0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov %rax,0x30(%rsp)
=> 0x00000000004008c6 <+86>: callq 0x4007a8 <changeAAABBBCCC(AAABBBCCC)>
27 cout<<n.b<<endl;
0x00000000004008cb <+91>: mov -0x7c(%rbp),%esi
0x00000000004008ce <+94>: mov $0x600e00,%edi
0x00000000004008d3 <+99>: callq 0x400650 <_ZNSolsEi@plt>
0x00000000004008d8 <+104>: mov %rax,%rdi
0x00000000004008db <+107>: mov $0x4006b0,%esi
0x00000000004008e0 <+112>: callq 0x4006a0 <_ZNSolsEPFRSoS_E@plt>
28 return n.a;
0x00000000004008e5 <+117>: mov -0x80(%rbp),%eax
29 }
0x00000000004008e8 <+120>: leaveq
0x00000000004008e9 <+121>: retq
End of assembler dump.
rax 0x7fffffffe600 140737488348672
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe4e0 140737488348384
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4a0 140737488348320
rbp 0x7fffffffe520 0x7fffffffe520
rsp 0x7fffffffe460 0x7fffffffe460
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x4008c6 0x4008c6 <main()+86>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
(gdb) disas /m
Dump of assembler code for function main():
23 int main ()
0x0000000000400870 <+0>: push %rbp
0x0000000000400871 <+1>: mov %rsp,%rbp
0x0000000000400874 <+4>: sub $0xc0,%rsp
24 {
25 AAABBBCCC m;
0x000000000040087b <+11>: lea -0x40(%rbp),%rdi
0x000000000040087f <+15>: callq 0x4008ea <AAABBBCCC::AAABBBCCC()>
26 AAABBBCCC n = changeAAABBBCCC(m);
0x0000000000400884 <+20>: lea -0x80(%rbp),%rdi
0x0000000000400888 <+24>: mov -0x40(%rbp),%rax
0x000000000040088c <+28>: mov %rax,(%rsp)
0x0000000000400890 <+32>: mov -0x38(%rbp),%rax
0x0000000000400894 <+36>: mov %rax,0x8(%rsp)
0x0000000000400899 <+41>: mov -0x30(%rbp),%rax
0x000000000040089d <+45>: mov %rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov -0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov %rax,0x18(%rsp)
0x00000000004008ab <+59>: mov -0x20(%rbp),%rax
0x00000000004008af <+63>: mov %rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov -0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov %rax,0x28(%rsp)
0x00000000004008bd <+77>: mov -0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov %rax,0x30(%rsp)
=> 0x00000000004008c6 <+86>: callq 0x4007a8 <changeAAABBBCCC(AAABBBCCC)>
27 cout<<n.b<<endl;
0x00000000004008cb <+91>: mov -0x7c(%rbp),%esi
0x00000000004008ce <+94>: mov $0x600e00,%edi
0x00000000004008d3 <+99>: callq 0x400650 <_ZNSolsEi@plt>
0x00000000004008d8 <+104>: mov %rax,%rdi
0x00000000004008db <+107>: mov $0x4006b0,%esi
0x00000000004008e0 <+112>: callq 0x4006a0 <_ZNSolsEPFRSoS_E@plt>
28 return n.a;
0x00000000004008e5 <+117>: mov -0x80(%rbp),%eax
29 }
0x00000000004008e8 <+120>: leaveq
0x00000000004008e9 <+121>: retq
End of assembler dump.
16. 继续 si,进入函数
changeAAABBBCCC (m=...) at
myEx.cpp:1414 AAABBBCCC changeAAABBBCCC(AAABBBCCC m)
(gdb) disas /m
Dump of assembler code for function changeAAABBBCCC(AAABBBCCC):
14 AAABBBCCC changeA
AABBBCCC(AAABBBCCC
m)
=> 0x00000000004007a8 <+0>: push %rbp 在这之前会先将函数返回后的下一条指令进行入栈操作,然后再保护rbp,rsp
0x00000000004007a9 <+1>: mov %rsp,%rbp
15 {
16 m.a = 10;
0x00000000004007ac <+4>: movl $0xa,0x10(%rbp) 这是将10赋值给地址0x7fffffffe460,此时%rbp + 0x10,由于这个函数使用的是传值调用,
=> 0x00000000004007a8 <+0>: push %rbp 在这之前会先将函数返回后的下一条指令进行入栈操作,然后再保护rbp,rsp
0x00000000004007a9 <+1>: mov %rsp,%rbp
15 {
16 m.a = 10;
0x00000000004007ac <+4>: movl $0xa,0x10(%rbp) 这是将10赋值给地址0x7fffffffe460,此时%rbp + 0x10,由于这个函数使用的是传值调用,
前面在函数调用的时候,没有像常规那样把第一个参数传递给%rdi,因为这是个结构体,大于8字节,所以用堆栈来实现参数的传递,对于传引用的话,以后有机会再给个小例子。
17 m.b = 20;
0x00000000004007b3 <+11>: movl $0x14,0x14(%rbp)
18 m.c = 2.0;
0x00000000004007ba <+18>: movabs $0x4000000000000000,%rax
0x00000000004007c4 <+28>: mov %rax,0x18(%rbp)
19 return m;
0x00000000004007c8 <+32>: mov 0x10(%rbp),%rax
0x00000000004007cc <+36>: mov %rax,(%rdi)
0x00000000004007cf <+39>: mov 0x18(%rbp),%rax
0x00000000004007d3 <+43>: mov %rax,0x8(%rdi)
0x00000000004007d7 <+47>: mov 0x20(%rbp),%rax
0x00000000004007db <+51>: mov %rax,0x10(%rdi)
0x00000000004007df <+55>: mov 0x28(%rbp),%rax
0x00000000004007e3 <+59>: mov %rax,0x18(%rdi)
0x00000000004007e7 <+63>: mov 0x30(%rbp),%rax
0x00000000004007eb <+67>: mov %rax,0x20(%rdi)
0x00000000004007ef <+71>: mov 0x38(%rbp),%rax
0x00000000004007f3 <+75>: mov %rax,0x28(%rdi)
0x00000000004007f7 <+79>: mov 0x40(%rbp),%rax
0x00000000004007fb <+83>: mov %rax,0x30(%rdi)
20 };
0x00000000004007ff <+87>: mov %rdi,%rax
0x0000000000400802 <+90>: leaveq
0x0000000000400803 <+91>: retq
End of assembler dump.
(gdb) i reg
rax 0x7fffffffe600 140737488348672
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe4e0 140737488348384
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4a0 140737488348320
rbp 0x7fffffffe520 0x7fffffffe520
rsp 0x7fffffffe458 0x7fffffffe458
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x4007a8 0x4007a8 <changeAAABBBCCC(AAABBBCCC)>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
17 m.b = 20;
0x00000000004007b3 <+11>: movl $0x14,0x14(%rbp)
18 m.c = 2.0;
0x00000000004007ba <+18>: movabs $0x4000000000000000,%rax
0x00000000004007c4 <+28>: mov %rax,0x18(%rbp)
19 return m;
0x00000000004007c8 <+32>: mov 0x10(%rbp),%rax
0x00000000004007cc <+36>: mov %rax,(%rdi)
0x00000000004007cf <+39>: mov 0x18(%rbp),%rax
0x00000000004007d3 <+43>: mov %rax,0x8(%rdi)
0x00000000004007d7 <+47>: mov 0x20(%rbp),%rax
0x00000000004007db <+51>: mov %rax,0x10(%rdi)
0x00000000004007df <+55>: mov 0x28(%rbp),%rax
0x00000000004007e3 <+59>: mov %rax,0x18(%rdi)
0x00000000004007e7 <+63>: mov 0x30(%rbp),%rax
0x00000000004007eb <+67>: mov %rax,0x20(%rdi)
0x00000000004007ef <+71>: mov 0x38(%rbp),%rax
0x00000000004007f3 <+75>: mov %rax,0x28(%rdi)
0x00000000004007f7 <+79>: mov 0x40(%rbp),%rax
0x00000000004007fb <+83>: mov %rax,0x30(%rdi)
20 };
0x00000000004007ff <+87>: mov %rdi,%rax
0x0000000000400802 <+90>: leaveq
0x0000000000400803 <+91>: retq
End of assembler dump.
(gdb) i reg
rax 0x7fffffffe600 140737488348672
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe4e0 140737488348384
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4a0 140737488348320
rbp 0x7fffffffe520 0x7fffffffe520
rsp 0x7fffffffe458 0x7fffffffe458
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x4007a8 0x4007a8 <changeAAABBBCCC(AAABBBCCC)>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
17.
继续si
(gdb)
disas /m
Dump of assembler code for function changeAAABBBCCC(AAABBBCCC):
14 AAABBBCCC changeAAABBBCCC(AAABBBCCC m)
0x00000000004007a8 <+0>: push %rbp
=> 0x00000000004007a9 <+1>: mov %rsp,%rbp 把0x7fffffffe450,赋值给rbp
15 {
16 m.a = 10;
0x00000000004007ac <+4>: movl $0xa,0x10(%rbp) 将10赋值给0x7fffffffe450 + 0x10的这4字节,其实就是把传递给函数的这个对象的a成员赋值了。
17 m.b = 20;
0x00000000004007b3 <+11>: movl $0x14,0x14(%rbp) 将20赋值给0x7fffffffe450 + 0x14的这4字节,其实就是把传递给函数的这个对象的b成员赋值了。
18 m.c = 2.0;
0x00000000004007ba <+18>: movabs $0x4000000000000000,%rax 将2.0赋值给%rax的这8字节,为什么要从%rax里绕一下呢?这是由于movabs能直接操作64位立即数,但是有一个问题是movabs只能以%rax为目的位置。
0x00000000004007c4 <+28>: mov %rax,0x18(%rbp) 将2.0赋值给0x7fffffffe450 + 0x18的这8字节,其实就是把传递给函数的这个对象的c成员赋值了。
Dump of assembler code for function changeAAABBBCCC(AAABBBCCC):
14 AAABBBCCC changeAAABBBCCC(AAABBBCCC m)
0x00000000004007a8 <+0>: push %rbp
=> 0x00000000004007a9 <+1>: mov %rsp,%rbp 把0x7fffffffe450,赋值给rbp
15 {
16 m.a = 10;
0x00000000004007ac <+4>: movl $0xa,0x10(%rbp) 将10赋值给0x7fffffffe450 + 0x10的这4字节,其实就是把传递给函数的这个对象的a成员赋值了。
17 m.b = 20;
0x00000000004007b3 <+11>: movl $0x14,0x14(%rbp) 将20赋值给0x7fffffffe450 + 0x14的这4字节,其实就是把传递给函数的这个对象的b成员赋值了。
18 m.c = 2.0;
0x00000000004007ba <+18>: movabs $0x4000000000000000,%rax 将2.0赋值给%rax的这8字节,为什么要从%rax里绕一下呢?这是由于movabs能直接操作64位立即数,但是有一个问题是movabs只能以%rax为目的位置。
0x00000000004007c4 <+28>: mov %rax,0x18(%rbp) 将2.0赋值给0x7fffffffe450 + 0x18的这8字节,其实就是把传递给函数的这个对象的c成员赋值了。
19 return m;
0x00000000004007c8 <+32>: mov 0x10(%rbp),%rax
0x00000000004007cc <+36>: mov %rax,(%rdi) 这两句就是把函数里的m.a以及m.b(这不是真正的m,而是传递给函数的m的拷贝)赋值给n.a和n.b
0x00000000004007cf <+39>: mov 0x18(%rbp),%rax
0x00000000004007d3 <+43>: mov %rax,0x8(%rdi) 把函数里的m.c赋值给n.c
0x00000000004007d7 <+47>: mov 0x20(%rbp),%rax 剩下的就是把数组m.d拷贝到n.d中。
0x00000000004007db <+51>: mov %rax,0x10(%rdi)
0x00000000004007df <+55>: mov 0x28(%rbp),%rax
0x00000000004007e3 <+59>: mov %rax,0x18(%rdi)
0x00000000004007e7 <+63>: mov 0x30(%rbp),%rax
0x00000000004007eb <+67>: mov %rax,0x20(%rdi)
0x00000000004007ef <+71>: mov 0x38(%rbp),%rax
0x00000000004007f3 <+75>: mov %rax,0x28(%rdi)
0x00000000004007f7 <+79>: mov 0x40(%rbp),%rax
0x00000000004007fb <+83>: mov %rax,0x30(%rdi)
20 };
0x00000000004007ff <+87>: mov %rdi,%rax
0x0000000000400802 <+90>: leaveq
0x0000000000400803 <+91>: retq
End of assembler dump.
(gdb) i reg
rax 0x7fffffffe600 140737488348672
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe4e0 140737488348384
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4a0 140737488348320
rbp 0x7fffffffe520 0x7fffffffe520
rsp 0x7fffffffe450 0x7fffffffe450
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x4007a9 0x4007a9 <changeAAABBBCCC(AAABBBCCC)+1>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
18. 继续si
(gdb) disas /m
Dump of assembler code for function main():
23 int main ()
0x0000000000400870 <+0>: push %rbp
0x0000000000400871 <+1>: mov %rsp,%rbp
0x0000000000400874 <+4>: sub $0xc0,%rsp
24 {
25 AAABBBCCC m;
0x000000000040087b <+11>: lea -0x40(%rbp),%rdi
0x000000000040087f <+15>: callq 0x4008ea <AAABBBCCC::AAABBBCCC()>
26 AAABBBCCC n = changeAAABBBCCC(m);
0x0000000000400884 <+20>: lea -0x80(%rbp),%rdi
0x0000000000400888 <+24>: mov -0x40(%rbp),%rax
0x000000000040088c <+28>: mov %rax,(%rsp)
0x0000000000400890 <+32>: mov -0x38(%rbp),%rax
0x0000000000400894 <+36>: mov %rax,0x8(%rsp)
0x0000000000400899 <+41>: mov -0x30(%rbp),%rax
0x000000000040089d <+45>: mov %rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov -0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov %rax,0x18(%rsp)
0x00000000004008ab <+59>: mov -0x20(%rbp),%rax
0x00000000004008af <+63>: mov %rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov -0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov %rax,0x28(%rsp)
0x00000000004008bd <+77>: mov -0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov %rax,0x30(%rsp)
0x00000000004008c6 <+86>: callq 0x4007a8 <changeAAABBBCCC(AAABBBCCC)>
27 cout<<n.b<<endl;
=> 0x00000000004008cb <+91>: mov -0x7c(%rbp),%esi 参数传递先传第二个,将0x7fffffffe4a4后的4字节也就是n.b赋值给%esi,这时候(gdb) p /x $rsi $7 = 0x14 结果就是20,高4字节清0了。
0x00000000004008ce <+94>: mov $0x600e00,%edi 准备第一个参数,cout ??
0x00000000004008d3 <+99>: callq 0x400650 <_ZNSolsEi@plt> "_ZNSolsEi" is "std::ostream::operator<<(int)" 通过步骤2中的nm 和nm -C可以对照找到这两个函数的名字
0x00000000004008d8 <+104>: mov %rax,%rdi
0x00000000004008db <+107>: mov $0x4006b0,%esi
0x00000000004008e0 <+112>: callq 0x4006a0 <_ZNSolsEPFRSoS_E@plt> 调用std::ostream::operator<<(std::ostream& (*)(std::ostream&))
28 return n.a;
0x00000000004008e5 <+117>: mov -0x80(%rbp),%eax 将0x7fffffffe4a0后的4字节也就是n.a赋值给%eax,这时候(gdb) p $rax $1 = 10
Dump of assembler code for function main():
23 int main ()
0x0000000000400870 <+0>: push %rbp
0x0000000000400871 <+1>: mov %rsp,%rbp
0x0000000000400874 <+4>: sub $0xc0,%rsp
24 {
25 AAABBBCCC m;
0x000000000040087b <+11>: lea -0x40(%rbp),%rdi
0x000000000040087f <+15>: callq 0x4008ea <AAABBBCCC::AAABBBCCC()>
26 AAABBBCCC n = changeAAABBBCCC(m);
0x0000000000400884 <+20>: lea -0x80(%rbp),%rdi
0x0000000000400888 <+24>: mov -0x40(%rbp),%rax
0x000000000040088c <+28>: mov %rax,(%rsp)
0x0000000000400890 <+32>: mov -0x38(%rbp),%rax
0x0000000000400894 <+36>: mov %rax,0x8(%rsp)
0x0000000000400899 <+41>: mov -0x30(%rbp),%rax
0x000000000040089d <+45>: mov %rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov -0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov %rax,0x18(%rsp)
0x00000000004008ab <+59>: mov -0x20(%rbp),%rax
0x00000000004008af <+63>: mov %rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov -0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov %rax,0x28(%rsp)
0x00000000004008bd <+77>: mov -0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov %rax,0x30(%rsp)
0x00000000004008c6 <+86>: callq 0x4007a8 <changeAAABBBCCC(AAABBBCCC)>
27 cout<<n.b<<endl;
=> 0x00000000004008cb <+91>: mov -0x7c(%rbp),%esi 参数传递先传第二个,将0x7fffffffe4a4后的4字节也就是n.b赋值给%esi,这时候(gdb) p /x $rsi $7 = 0x14 结果就是20,高4字节清0了。
0x00000000004008ce <+94>: mov $0x600e00,%edi 准备第一个参数,cout ??
0x00000000004008d3 <+99>: callq 0x400650 <_ZNSolsEi@plt> "_ZNSolsEi" is "std::ostream::operator<<(int)" 通过步骤2中的nm 和nm -C可以对照找到这两个函数的名字
0x00000000004008d8 <+104>: mov %rax,%rdi
0x00000000004008db <+107>: mov $0x4006b0,%esi
0x00000000004008e0 <+112>: callq 0x4006a0 <_ZNSolsEPFRSoS_E@plt> 调用std::ostream::operator<<(std::ostream& (*)(std::ostream&))
28 return n.a;
0x00000000004008e5 <+117>: mov -0x80(%rbp),%eax 将0x7fffffffe4a0后的4字节也就是n.a赋值给%eax,这时候(gdb) p $rax $1 = 10
29 }
0x00000000004008e8 <+120>: leaveq
0x00000000004008e9 <+121>: retq
---Type <return> to continue, or q <return> to quit---
End of assembler dump.
(gdb) i reg
rax 0x7fffffffe4a0 140737488348320
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe4e0 140737488348384
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4a0 140737488348320
rbp 0x7fffffffe520 0x7fffffffe520
rsp 0x7fffffffe460 0x7fffffffe460
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x4008cb 0x4008cb <main()+91>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
19. 退出main之前的现场
(gdb) disas /m
Dump of assembler code for function main():
23 int main ()
0x0000000000400870 <+0>: push %rbp
0x0000000000400871 <+1>: mov %rsp,%rbp
0x0000000000400874 <+4>: sub $0xc0,%rsp
24 {
25 AAABBBCCC m;
0x000000000040087b <+11>: lea -0x40(%rbp),%rdi
0x000000000040087f <+15>: callq 0x4008ea <AAABBBCCC::AAABBBCCC()>
26 AAABBBCCC n = changeAAABBBCCC(m);
0x0000000000400884 <+20>: lea -0x80(%rbp),%rdi
0x0000000000400888 <+24>: mov -0x40(%rbp),%rax
0x000000000040088c <+28>: mov %rax,(%rsp)
0x0000000000400890 <+32>: mov -0x38(%rbp),%rax
0x0000000000400894 <+36>: mov %rax,0x8(%rsp)
0x0000000000400899 <+41>: mov -0x30(%rbp),%rax
0x000000000040089d <+45>: mov %rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov -0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov %rax,0x18(%rsp)
0x00000000004008ab <+59>: mov -0x20(%rbp),%rax
0x00000000004008af <+63>: mov %rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov -0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov %rax,0x28(%rsp)
0x00000000004008bd <+77>: mov -0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov %rax,0x30(%rsp)
0x00000000004008c6 <+86>: callq 0x4007a8 <changeAAABBBCCC(AAABBBCCC)>
27 cout<<n.b<<endl;
0x00000000004008cb <+91>: mov -0x7c(%rbp),%esi
0x00000000004008ce <+94>: mov $0x600e00,%edi
0x00000000004008d3 <+99>: callq 0x400650 <_ZNSolsEi@plt>
0x00000000004008d8 <+104>: mov %rax,%rdi
0x00000000004008db <+107>: mov $0x4006b0,%esi
0x00000000004008e0 <+112>: callq 0x4006a0 <_ZNSolsEPFRSoS_E@plt>
28 return n.a;
0x00000000004008e5 <+117>: mov -0x80(%rbp),%eax
29 }
0x00000000004008e8 <+120>: leaveq
=> 0x00000000004008e9 <+121>: retq
---Type <return> to continue, or q <return> to quit---
End of assembler dump.
(gdb)
(gdb) i reg
rax 0xa 10
rbx 0x3650c1bbc0 233283107776
rcx 0x3650ec5f80 233285902208
rdx 0x3651152980 233288575360
rsi 0x0 0
rdi 0x3651151780 233288570752
rbp 0x0 0x0
rsp 0x7fffffffe528 0x7fffffffe528
r8 0x7ffff7de36f0 140737351923440
r9 0x7ffff7de36f0 140737351923440
r10 0x0 0
r11 0x3650e61180 233285489024
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x4008e9 0x4008e9 <main()+121>
eflags 0x202 [ IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
Dump of assembler code for function main():
23 int main ()
0x0000000000400870 <+0>: push %rbp
0x0000000000400871 <+1>: mov %rsp,%rbp
0x0000000000400874 <+4>: sub $0xc0,%rsp
24 {
25 AAABBBCCC m;
0x000000000040087b <+11>: lea -0x40(%rbp),%rdi
0x000000000040087f <+15>: callq 0x4008ea <AAABBBCCC::AAABBBCCC()>
26 AAABBBCCC n = changeAAABBBCCC(m);
0x0000000000400884 <+20>: lea -0x80(%rbp),%rdi
0x0000000000400888 <+24>: mov -0x40(%rbp),%rax
0x000000000040088c <+28>: mov %rax,(%rsp)
0x0000000000400890 <+32>: mov -0x38(%rbp),%rax
0x0000000000400894 <+36>: mov %rax,0x8(%rsp)
0x0000000000400899 <+41>: mov -0x30(%rbp),%rax
0x000000000040089d <+45>: mov %rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov -0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov %rax,0x18(%rsp)
0x00000000004008ab <+59>: mov -0x20(%rbp),%rax
0x00000000004008af <+63>: mov %rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov -0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov %rax,0x28(%rsp)
0x00000000004008bd <+77>: mov -0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov %rax,0x30(%rsp)
0x00000000004008c6 <+86>: callq 0x4007a8 <changeAAABBBCCC(AAABBBCCC)>
27 cout<<n.b<<endl;
0x00000000004008cb <+91>: mov -0x7c(%rbp),%esi
0x00000000004008ce <+94>: mov $0x600e00,%edi
0x00000000004008d3 <+99>: callq 0x400650 <_ZNSolsEi@plt>
0x00000000004008d8 <+104>: mov %rax,%rdi
0x00000000004008db <+107>: mov $0x4006b0,%esi
0x00000000004008e0 <+112>: callq 0x4006a0 <_ZNSolsEPFRSoS_E@plt>
28 return n.a;
0x00000000004008e5 <+117>: mov -0x80(%rbp),%eax
29 }
0x00000000004008e8 <+120>: leaveq
=> 0x00000000004008e9 <+121>: retq
---Type <return> to continue, or q <return> to quit---
End of assembler dump.
(gdb)
(gdb) i reg
rax 0xa 10
rbx 0x3650c1bbc0 233283107776
rcx 0x3650ec5f80 233285902208
rdx 0x3651152980 233288575360
rsi 0x0 0
rdi 0x3651151780 233288570752
rbp 0x0 0x0
rsp 0x7fffffffe528 0x7fffffffe528
r8 0x7ffff7de36f0 140737351923440
r9 0x7ffff7de36f0 140737351923440
r10 0x0 0
r11 0x3650e61180 233285489024
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x4008e9 0x4008e9 <main()+121>
eflags 0x202 [ IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
20. 继续si,就是main函数返回后
(gdb) si
0x0000003650e1d994 in __libc_start_main () from /lib64/libc.so.6 这是调用main函数的那个函数名字,在objdump里,我们已经看到
(gdb) disas /m
Dump of assembler code for function __libc_start_main:
0x0000003650e1d8a0 <+0>: mov %rbp,-0x20(%rsp)
0x0000003650e1d8a5 <+5>: mov %rbx,-0x28(%rsp)
0x0000003650e1d8aa <+10>: mov %rcx,%rbp
0x0000003650e1d8ad <+13>: mov %r12,-0x18(%rsp)
0x0000003650e1d8b2 <+18>: mov %r13,-0x10(%rsp)
0x0000003650e1d8b7 <+23>: mov %r14,-0x8(%rsp)
0x0000003650e1d8bc <+28>: sub $0xb8,%rsp
0x0000003650e1d8c3 <+35>: mov 0x33355e(%rip),%rax # 0x3651150e28 <free+3356352>
0x0000003650e1d8ca <+42>: mov %rdx,0x8(%rsp)
0x0000003650e1d8cf <+47>: xor %edx,%edx
0x0000003650e1d8d1 <+49>: mov %rdi,0x18(%rsp)
0x0000003650e1d8d6 <+54>: mov %esi,0x14(%rsp)
0x0000003650e1d8da <+58>: mov %r9,%rdi
0x0000003650e1d8dd <+61>: test %rax,%rax
0x0000003650e1d8e0 <+64>: jne 0x3650e1d99b <__libc_start_main+251>
0x0000003650e1d8e6 <+70>: mov 0x333693(%rip),%rax # 0x3651150f80 <free+3356696>
0x0000003650e1d8ed <+77>: test %rdi,%rdi
0x0000003650e1d8f0 <+80>: mov %edx,(%rax)
0x0000003650e1d8f2 <+82>: je 0x3650e1d8fd <__libc_start_main+93>
0x0000003650e1d8f4 <+84>: xor %edx,%edx
0x0000003650e1d8f6 <+86>: xor %esi,%esi
0x0000003650e1d8f8 <+88>: callq 0x3650e33560 <__cxa_atexit_internal>
0x0000003650e1d8fd <+93>: mov 0x333594(%rip),%rbx # 0x3651150e98 <free+3356464>
0x0000003650e1d904 <+100>: movslq (%rbx),%rax
0x0000003650e1d907 <+103>: mov %rax,%r12
0x0000003650e1d90a <+106>: and $0x2,%r12d
0x0000003650e1d90e <+110>: jne 0x3650e1da29 <__libc_start_main+393>
0x0000003650e1d914 <+116>: test %rbp,%rbp
0x0000003650e1d917 <+119>: je 0x3650e1d92e <__libc_start_main+142>
0x0000003650e1d919 <+121>: mov 0x333628(%rip),%rax # 0x3651150f48 <free+3356640>
0x0000003650e1d920 <+128>: mov 0x8(%rsp),%rsi
0x0000003650e1d925 <+133>: mov 0x14(%rsp),%edi
0x0000003650e1d929 <+137>: mov (%rax),%rdx
0x0000003650e1d92c <+140>: callq *%rbp
0x0000003650e1d92e <+142>: mov 0x100(%rbx),%ebp
0x0000003650e1d934 <+148>: test %ebp,%ebp
0x0000003650e1d936 <+150>: jne 0x3650e1d9e9 <__libc_start_main+329>
0x0000003650e1d93c <+156>: test %r12,%r12
0x0000003650e1d93f <+159>: jne 0x3650e1d9c6 <__libc_start_main+294>
0x0000003650e1d945 <+165>: lea 0x20(%rsp),%rdi
0x0000003650e1d94a <+170>: callq 0x3650e30080 <_setjmp>
0x0000003650e1d94f <+175>: test %eax,%eax
0x0000003650e1d951 <+177>: jne 0x3650e1d9a8 <__libc_start_main+264>
0x0000003650e1d953 <+179>: mov %fs:0xc0,%rax
0x0000003650e1d95c <+188>: mov %rax,0x68(%rsp)
0x0000003650e1d961 <+193>: mov %fs:0xb8,%rax
0x0000003650e1d96a <+202>: mov %rax,0x70(%rsp)
0x0000003650e1d96f <+207>: lea 0x20(%rsp),%rax
0x0000003650e1d974 <+212>: mov %rax,%fs:0xc0
0x0000003650e1d97d <+221>: mov 0x3335c4(%rip),%rax # 0x3651150f48 <free+3356640>
0x0000003650e1d984 <+228>: mov 0x14(%rsp),%edi
0x0000003650e1d988 <+232>: mov 0x8(%rsp),%rsi
0x0000003650e1d98d <+237>: mov (%rax),%rdx
0x0000003650e1d990 <+240>: callq *0x18(%rsp) 这就是对main函数的调用的地方
=> 0x0000003650e1d994 <+244>: mov %eax,%edi 把main的返回值10作为参数传递给下一个函数调用,
0x0000003650e1d996 <+246>: callq 0x3650e332c0 <exit> 这个函数其实就是exit
0x0000003650e1d99b <+251>: xor %edx,%edx 感兴趣的可以继续step by step
0x0000003650e1d99d <+253>: cmpl $0x0,(%rax)
0x0000003650e1d9a0 <+256>: sete %dl
0x0000003650e1d9a3 <+259>: jmpq 0x3650e1d8e6 <__libc_start_main+70>
0x0000003650e1d9a8 <+264>: callq *0x338562(%rip) # 0x3651155f10 <__libc_pthread_functions+400>
0x0000003650e1d9ae <+270>: mov 0x33854b(%rip),%rax # 0x3651155f00 <__libc_pthread_functions+384>
0x0000003650e1d9b5 <+277>: lock decl (%rax)
0x0000003650e1d9b8 <+280>: sete %dl
0x0000003650e1d9bb <+283>: xor %edi,%edi
0x0000003650e1d9bd <+285>: test %dl,%dl
0x0000003650e1d9bf <+287>: jne 0x3650e1d996 <__libc_start_main+246>
0x0000003650e1d9c1 <+289>: callq 0x3650ec4e90 <__exit_thread>
0x0000003650e1d9c6 <+294>: mov 0x8(%rsp),%rax
0x0000003650e1d9cb <+299>: mov 0x3334c6(%rip),%rdx # 0x3651150e98 <free+3356464>
0x0000003650e1d9d2 <+306>: lea 0x101a25(%rip),%rdi # 0x3650f1f3fe
0x0000003650e1d9d9 <+313>: mov (%rax),%rsi
0x0000003650e1d9dc <+316>: xor %eax,%eax
0x0000003650e1d9de <+318>: callq *0xb8(%rdx)
0x0000003650e1d9e4 <+324>: jmpq 0x3650e1d945 <__libc_start_main+165>
0x0000003650e1d9e9 <+329>: mov 0x3335a8(%rip),%rax # 0x3651150f98 <free+3356720>
0x0000003650e1d9f0 <+336>: mov 0xf8(%rbx),%rbx
0x0000003650e1d9f7 <+343>: xor %r13d,%r13d
0x0000003650e1d9fa <+346>: mov (%rax),%r14
0x0000003650e1d9fd <+349>: mov 0x18(%rbx),%rax
0x0000003650e1da01 <+353>: test %rax,%rax
0x0000003650e1da04 <+356>: je 0x3650e1da17 <__libc_start_main+375>
0x0000003650e1da06 <+358>: mov %r13d,%edi
0x0000003650e1da09 <+361>: shl $0x4,%rdi
0x0000003650e1da0d <+365>: lea 0x468(%rdi,%r14,1),%rdi
0x0000003650e1da15 <+373>: callq *%rax
0x0000003650e1da17 <+375>: add $0x1,%r13d
0x0000003650e1da1b <+379>: mov 0x40(%rbx),%rbx
0x0000003650e1da1f <+383>: cmp %ebp,%r13d
0x0000003650e1da22 <+386>: jne 0x3650e1d9fd <__libc_start_main+349>
0x0000003650e1da24 <+388>: jmpq 0x3650e1d93c <__libc_start_main+156>
0x0000003650e1da29 <+393>: mov 0x8(%rsp),%rax
0x0000003650e1da2e <+398>: lea 0x1019af(%rip),%rdi # 0x3650f1f3e4
0x0000003650e1da35 <+405>: mov (%rax),%rsi
0x0000003650e1da38 <+408>: xor %eax,%eax
0x0000003650e1da3a <+410>: callq *0xb8(%rbx)
0x0000003650e1da40 <+416>: jmpq 0x3650e1d914 <__libc_start_main+116>
End of assembler dump.
(gdb)
(gdb)
(gdb) i reg
rax 0xa 10
rbx 0x3650c1bbc0 233283107776
rcx 0x3650ec5f80 233285902208
rdx 0x3651152980 233288575360
rsi 0x0 0
rdi 0x3651151780 233288570752
rbp 0x0 0x0
rsp 0x7fffffffe530 0x7fffffffe530 刚才的main函数的栈整个都被撤销了,世界终于平静了,
r8 0x7ffff7de36f0 140737351923440
r9 0x7ffff7de36f0 140737351923440
r10 0x0 0
r11 0x3650e61180 233285489024
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x3650e1d994 0x3650e1d994 <__libc_start_main+244>
eflags 0x202 [ IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
0x0000003650e1d994 in __libc_start_main () from /lib64/libc.so.6 这是调用main函数的那个函数名字,在objdump里,我们已经看到
(gdb) disas /m
Dump of assembler code for function __libc_start_main:
0x0000003650e1d8a0 <+0>: mov %rbp,-0x20(%rsp)
0x0000003650e1d8a5 <+5>: mov %rbx,-0x28(%rsp)
0x0000003650e1d8aa <+10>: mov %rcx,%rbp
0x0000003650e1d8ad <+13>: mov %r12,-0x18(%rsp)
0x0000003650e1d8b2 <+18>: mov %r13,-0x10(%rsp)
0x0000003650e1d8b7 <+23>: mov %r14,-0x8(%rsp)
0x0000003650e1d8bc <+28>: sub $0xb8,%rsp
0x0000003650e1d8c3 <+35>: mov 0x33355e(%rip),%rax # 0x3651150e28 <free+3356352>
0x0000003650e1d8ca <+42>: mov %rdx,0x8(%rsp)
0x0000003650e1d8cf <+47>: xor %edx,%edx
0x0000003650e1d8d1 <+49>: mov %rdi,0x18(%rsp)
0x0000003650e1d8d6 <+54>: mov %esi,0x14(%rsp)
0x0000003650e1d8da <+58>: mov %r9,%rdi
0x0000003650e1d8dd <+61>: test %rax,%rax
0x0000003650e1d8e0 <+64>: jne 0x3650e1d99b <__libc_start_main+251>
0x0000003650e1d8e6 <+70>: mov 0x333693(%rip),%rax # 0x3651150f80 <free+3356696>
0x0000003650e1d8ed <+77>: test %rdi,%rdi
0x0000003650e1d8f0 <+80>: mov %edx,(%rax)
0x0000003650e1d8f2 <+82>: je 0x3650e1d8fd <__libc_start_main+93>
0x0000003650e1d8f4 <+84>: xor %edx,%edx
0x0000003650e1d8f6 <+86>: xor %esi,%esi
0x0000003650e1d8f8 <+88>: callq 0x3650e33560 <__cxa_atexit_internal>
0x0000003650e1d8fd <+93>: mov 0x333594(%rip),%rbx # 0x3651150e98 <free+3356464>
0x0000003650e1d904 <+100>: movslq (%rbx),%rax
0x0000003650e1d907 <+103>: mov %rax,%r12
0x0000003650e1d90a <+106>: and $0x2,%r12d
0x0000003650e1d90e <+110>: jne 0x3650e1da29 <__libc_start_main+393>
0x0000003650e1d914 <+116>: test %rbp,%rbp
0x0000003650e1d917 <+119>: je 0x3650e1d92e <__libc_start_main+142>
0x0000003650e1d919 <+121>: mov 0x333628(%rip),%rax # 0x3651150f48 <free+3356640>
0x0000003650e1d920 <+128>: mov 0x8(%rsp),%rsi
0x0000003650e1d925 <+133>: mov 0x14(%rsp),%edi
0x0000003650e1d929 <+137>: mov (%rax),%rdx
0x0000003650e1d92c <+140>: callq *%rbp
0x0000003650e1d92e <+142>: mov 0x100(%rbx),%ebp
0x0000003650e1d934 <+148>: test %ebp,%ebp
0x0000003650e1d936 <+150>: jne 0x3650e1d9e9 <__libc_start_main+329>
0x0000003650e1d93c <+156>: test %r12,%r12
0x0000003650e1d93f <+159>: jne 0x3650e1d9c6 <__libc_start_main+294>
0x0000003650e1d945 <+165>: lea 0x20(%rsp),%rdi
0x0000003650e1d94a <+170>: callq 0x3650e30080 <_setjmp>
0x0000003650e1d94f <+175>: test %eax,%eax
0x0000003650e1d951 <+177>: jne 0x3650e1d9a8 <__libc_start_main+264>
0x0000003650e1d953 <+179>: mov %fs:0xc0,%rax
0x0000003650e1d95c <+188>: mov %rax,0x68(%rsp)
0x0000003650e1d961 <+193>: mov %fs:0xb8,%rax
0x0000003650e1d96a <+202>: mov %rax,0x70(%rsp)
0x0000003650e1d96f <+207>: lea 0x20(%rsp),%rax
0x0000003650e1d974 <+212>: mov %rax,%fs:0xc0
0x0000003650e1d97d <+221>: mov 0x3335c4(%rip),%rax # 0x3651150f48 <free+3356640>
0x0000003650e1d984 <+228>: mov 0x14(%rsp),%edi
0x0000003650e1d988 <+232>: mov 0x8(%rsp),%rsi
0x0000003650e1d98d <+237>: mov (%rax),%rdx
0x0000003650e1d990 <+240>: callq *0x18(%rsp) 这就是对main函数的调用的地方
=> 0x0000003650e1d994 <+244>: mov %eax,%edi 把main的返回值10作为参数传递给下一个函数调用,
0x0000003650e1d996 <+246>: callq 0x3650e332c0 <exit> 这个函数其实就是exit
0x0000003650e1d99b <+251>: xor %edx,%edx 感兴趣的可以继续step by step
0x0000003650e1d99d <+253>: cmpl $0x0,(%rax)
0x0000003650e1d9a0 <+256>: sete %dl
0x0000003650e1d9a3 <+259>: jmpq 0x3650e1d8e6 <__libc_start_main+70>
0x0000003650e1d9a8 <+264>: callq *0x338562(%rip) # 0x3651155f10 <__libc_pthread_functions+400>
0x0000003650e1d9ae <+270>: mov 0x33854b(%rip),%rax # 0x3651155f00 <__libc_pthread_functions+384>
0x0000003650e1d9b5 <+277>: lock decl (%rax)
0x0000003650e1d9b8 <+280>: sete %dl
0x0000003650e1d9bb <+283>: xor %edi,%edi
0x0000003650e1d9bd <+285>: test %dl,%dl
0x0000003650e1d9bf <+287>: jne 0x3650e1d996 <__libc_start_main+246>
0x0000003650e1d9c1 <+289>: callq 0x3650ec4e90 <__exit_thread>
0x0000003650e1d9c6 <+294>: mov 0x8(%rsp),%rax
0x0000003650e1d9cb <+299>: mov 0x3334c6(%rip),%rdx # 0x3651150e98 <free+3356464>
0x0000003650e1d9d2 <+306>: lea 0x101a25(%rip),%rdi # 0x3650f1f3fe
0x0000003650e1d9d9 <+313>: mov (%rax),%rsi
0x0000003650e1d9dc <+316>: xor %eax,%eax
0x0000003650e1d9de <+318>: callq *0xb8(%rdx)
0x0000003650e1d9e4 <+324>: jmpq 0x3650e1d945 <__libc_start_main+165>
0x0000003650e1d9e9 <+329>: mov 0x3335a8(%rip),%rax # 0x3651150f98 <free+3356720>
0x0000003650e1d9f0 <+336>: mov 0xf8(%rbx),%rbx
0x0000003650e1d9f7 <+343>: xor %r13d,%r13d
0x0000003650e1d9fa <+346>: mov (%rax),%r14
0x0000003650e1d9fd <+349>: mov 0x18(%rbx),%rax
0x0000003650e1da01 <+353>: test %rax,%rax
0x0000003650e1da04 <+356>: je 0x3650e1da17 <__libc_start_main+375>
0x0000003650e1da06 <+358>: mov %r13d,%edi
0x0000003650e1da09 <+361>: shl $0x4,%rdi
0x0000003650e1da0d <+365>: lea 0x468(%rdi,%r14,1),%rdi
0x0000003650e1da15 <+373>: callq *%rax
0x0000003650e1da17 <+375>: add $0x1,%r13d
0x0000003650e1da1b <+379>: mov 0x40(%rbx),%rbx
0x0000003650e1da1f <+383>: cmp %ebp,%r13d
0x0000003650e1da22 <+386>: jne 0x3650e1d9fd <__libc_start_main+349>
0x0000003650e1da24 <+388>: jmpq 0x3650e1d93c <__libc_start_main+156>
0x0000003650e1da29 <+393>: mov 0x8(%rsp),%rax
0x0000003650e1da2e <+398>: lea 0x1019af(%rip),%rdi # 0x3650f1f3e4
0x0000003650e1da35 <+405>: mov (%rax),%rsi
0x0000003650e1da38 <+408>: xor %eax,%eax
0x0000003650e1da3a <+410>: callq *0xb8(%rbx)
0x0000003650e1da40 <+416>: jmpq 0x3650e1d914 <__libc_start_main+116>
End of assembler dump.
(gdb)
(gdb)
(gdb) i reg
rax 0xa 10
rbx 0x3650c1bbc0 233283107776
rcx 0x3650ec5f80 233285902208
rdx 0x3651152980 233288575360
rsi 0x0 0
rdi 0x3651151780 233288570752
rbp 0x0 0x0
rsp 0x7fffffffe530 0x7fffffffe530 刚才的main函数的栈整个都被撤销了,世界终于平静了,
r8 0x7ffff7de36f0 140737351923440
r9 0x7ffff7de36f0 140737351923440
r10 0x0 0
r11 0x3650e61180 233285489024
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x3650e1d994 0x3650e1d994 <__libc_start_main+244>
eflags 0x202 [ IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]