I think this is actually a pretty simple problem. I have to reverse engineer this assembly code to c code. I'll also provide what I think is going on so you can hopefully point to where I went wrong and I can learn from my mistakes now.
我认为这实际上是一个非常简单的问题。我必须将此汇编代码反向工程为c代码。我还会提供我认为正在发生的事情,这样你就可以指出我哪里出错了,现在我可以从错误中吸取教训。
.LFBO
pushq %rbp
movq %rsp,%rbp
movl %edi,-4(%rbp)
movl %esi,-8(%rbp)
movl -4(%rbp),%eax
compl -8(%rbp),%eax
jg .L2
movl -8(%rbp),%eax
jmp .L3
.L2:
movl -4(%rbp),%eax
.L3:
popq %rbp
ret
So this is what I think is going on with this: the first two lines after .LFBO:
所以这就是我认为正在发生的事情:.LFBO之后的前两行:
pushq %rbp
movq %rsp,%rbp
are just setting up the stack for the execution that is about to follow.
只是为即将执行的执行设置堆栈。
movl %edi,-4(%rbp)
is grabbing the first variable, call it x
抓住第一个变量,称之为x
movl %esi,-8(%rbp)
is grabbing the second variable call it y
抓住第二个变量称之为y
movl -4(%rbp),%eax
is grabbing x to be compared in the next line
抓住x在下一行进行比较
compl -8(%rbp),%eax
compares the variables x and y by computing x-y
通过计算x-y来比较变量x和y
jg .L2
says jump to .L2 if x > y
如果x> y,跳转到.L2
if x <= y then compute the next lines without jumping to .L2
如果x <= y则计算下一行而不跳转到.L2
movl -8(%rbp),%eax
copy x = y
复制x = y
jmp .L3
jump to .L3
跳到.L3
if x > y at the jg line then you jump to .L2: and complete this line
如果x> y在jg行,那么你跳转到.L2:并完成这一行
movl -4(%rbp),%eax
this is where I realized I was really confused. It looks to me that you're copying x to x then .L3 is completed and I think x is returned
这是我意识到我真的很困惑的地方。它在我看来你正在将x复制到x然后.L3已经完成,我认为x被返回
3 个解决方案
#1
10
Don't overthink it. Just gradually replace the assembly with C. Here is a possible sequence of transformations.
不要过度思考它。只需逐渐用C替换组件。这是一个可能的转换序列。
.LFBO
pushq %rbp
movq %rsp,%rbp
movl %edi,-4(%rbp)
movl %esi,-8(%rbp)
movl -4(%rbp),%eax
compl -8(%rbp),%eax
jg .L2
movl -8(%rbp),%eax
jmp .L3
.L2:
movl -4(%rbp),%eax
.L3:
popq %rbp
ret
----
int LFBO (int edi, int esi)
{
rbp = rsp
[rbp - 4] = edi
[rbp - 8] = esi
eax = [rbp - 4]
if (eax > [rbp - 8]) goto L2
eax = [rbp - 8]
goto L3
L2:
eax = [rbp - 4]
L3:
return eax
}
----
int LFBO (int edi, int esi)
{
int eax;
eax = edi;
if (eax > esi) goto L2;
eax = esi;
goto L3;
L2:
eax = edi;
L3:
return eax;
}
----
int LFBO (int edi, int esi)
{
int eax;
eax = edi;
if (eax <= esi) {
eax = esi;
}
else {
eax = edi;
}
return eax;
}
----
int LFBO (int edi, int esi)
{
if (edi <= esi) {
return esi;
}
else {
return edi;
}
}
----
int LFBO (int x, int y)
{
if (x <= y) {
return y;
}
else {
return x;
}
}
----
int LFBO (int x, int y)
{
return (x > y) ? x : y;
}
You can apply this strategy to any piece of assembly. Here I took the time to detail the various transformations. With practice you can get to the end result a lot quicker.
您可以将此策略应用于任何装配体。在这里,我花时间详细介绍了各种转换。通过练习,您可以更快地获得最终结果。
#2
2
LFB0(int x, int y){
if (x<=y){
x = y;
}else{
x = x;
}
return(x);
}
This is what I think we determined to be correct, with the help of the guys in the comments.
这是我认为我们在评论中的帮助下确定的正确性。
#3
0
.LFBO
pushq %rbp prolog
movq %rsp,%rbp prolog
movl %edi,-4(%rbp) [ebp-4] = edi
movl %esi,-8(%rbp) [ebp-8] = esi
movl -4(%rbp),%eax eax = [ebp-4] ie edi
compl -8(%rbp),%eax cmp eax with [ebp-8] ie esi
jg .L2 ;jg requires <=
movl -8(%rbp),%eax so cutting the junk
jmp .L3 this effectively becomes
.L2:
movl -4(%rbp),%eax ( edi <= esi ) ? { eax = esi } : { eax= edi} ; return;
.L3:
popq %rbp epilog
ret epilog
testing the hypothesis
检验假设
lets compile the code in vc and test should compile unoptimized else
clever compiler will cast away everything do
/O1 push 10 pop eax retn;
/O2 mov eax ,10 ret
int main(void) {
int edi=8,esi=10;
if ( edi <= esi) { return esi; } else { return edi;}
}
disassembling the result
拆解结果
0:000> uf @eip
image00400000+0x1000:
00401000 55 push ebp
00401001 8bec mov ebp,esp
00401003 83ec08 sub esp,8
00401006 c745fc08000000 mov dword ptr [ebp-4],8
0040100d c745f80a000000 mov dword ptr [ebp-8],0Ah
00401014 8b45fc mov eax,dword ptr [ebp-4]
00401017 3b45f8 cmp eax,dword ptr [ebp-8]
0040101a 7f07 jg image00400000+0x1023 (00401023)
image00400000+0x101c:
0040101c 8b45f8 mov eax,dword ptr [ebp-8]
0040101f eb05 jmp image00400000+0x1026 (00401026)
image00400000+0x1023:
00401023 8b45fc mov eax,dword ptr [ebp-4]
image00400000+0x1026:
00401026 8be5 mov esp,ebp
00401028 5d pop ebp
00401029 c3 ret
0:000>
#1
10
Don't overthink it. Just gradually replace the assembly with C. Here is a possible sequence of transformations.
不要过度思考它。只需逐渐用C替换组件。这是一个可能的转换序列。
.LFBO
pushq %rbp
movq %rsp,%rbp
movl %edi,-4(%rbp)
movl %esi,-8(%rbp)
movl -4(%rbp),%eax
compl -8(%rbp),%eax
jg .L2
movl -8(%rbp),%eax
jmp .L3
.L2:
movl -4(%rbp),%eax
.L3:
popq %rbp
ret
----
int LFBO (int edi, int esi)
{
rbp = rsp
[rbp - 4] = edi
[rbp - 8] = esi
eax = [rbp - 4]
if (eax > [rbp - 8]) goto L2
eax = [rbp - 8]
goto L3
L2:
eax = [rbp - 4]
L3:
return eax
}
----
int LFBO (int edi, int esi)
{
int eax;
eax = edi;
if (eax > esi) goto L2;
eax = esi;
goto L3;
L2:
eax = edi;
L3:
return eax;
}
----
int LFBO (int edi, int esi)
{
int eax;
eax = edi;
if (eax <= esi) {
eax = esi;
}
else {
eax = edi;
}
return eax;
}
----
int LFBO (int edi, int esi)
{
if (edi <= esi) {
return esi;
}
else {
return edi;
}
}
----
int LFBO (int x, int y)
{
if (x <= y) {
return y;
}
else {
return x;
}
}
----
int LFBO (int x, int y)
{
return (x > y) ? x : y;
}
You can apply this strategy to any piece of assembly. Here I took the time to detail the various transformations. With practice you can get to the end result a lot quicker.
您可以将此策略应用于任何装配体。在这里,我花时间详细介绍了各种转换。通过练习,您可以更快地获得最终结果。
#2
2
LFB0(int x, int y){
if (x<=y){
x = y;
}else{
x = x;
}
return(x);
}
This is what I think we determined to be correct, with the help of the guys in the comments.
这是我认为我们在评论中的帮助下确定的正确性。
#3
0
.LFBO
pushq %rbp prolog
movq %rsp,%rbp prolog
movl %edi,-4(%rbp) [ebp-4] = edi
movl %esi,-8(%rbp) [ebp-8] = esi
movl -4(%rbp),%eax eax = [ebp-4] ie edi
compl -8(%rbp),%eax cmp eax with [ebp-8] ie esi
jg .L2 ;jg requires <=
movl -8(%rbp),%eax so cutting the junk
jmp .L3 this effectively becomes
.L2:
movl -4(%rbp),%eax ( edi <= esi ) ? { eax = esi } : { eax= edi} ; return;
.L3:
popq %rbp epilog
ret epilog
testing the hypothesis
检验假设
lets compile the code in vc and test should compile unoptimized else
clever compiler will cast away everything do
/O1 push 10 pop eax retn;
/O2 mov eax ,10 ret
int main(void) {
int edi=8,esi=10;
if ( edi <= esi) { return esi; } else { return edi;}
}
disassembling the result
拆解结果
0:000> uf @eip
image00400000+0x1000:
00401000 55 push ebp
00401001 8bec mov ebp,esp
00401003 83ec08 sub esp,8
00401006 c745fc08000000 mov dword ptr [ebp-4],8
0040100d c745f80a000000 mov dword ptr [ebp-8],0Ah
00401014 8b45fc mov eax,dword ptr [ebp-4]
00401017 3b45f8 cmp eax,dword ptr [ebp-8]
0040101a 7f07 jg image00400000+0x1023 (00401023)
image00400000+0x101c:
0040101c 8b45f8 mov eax,dword ptr [ebp-8]
0040101f eb05 jmp image00400000+0x1026 (00401026)
image00400000+0x1023:
00401023 8b45fc mov eax,dword ptr [ebp-4]
image00400000+0x1026:
00401026 8be5 mov esp,ebp
00401028 5d pop ebp
00401029 c3 ret
0:000>