简单c程序汇编代码分析

时间:2022-10-21 19:23:55

c源代码如下:

#include <stdio.h>
#include <stdlib.h>

int test()
{
int arg1 = 3;
int arg2 = 7;

int diff = arg2 - arg1;

return diff;
}

int main()
{
int res;

res = test();

printf("res=%d\n", res);

return 0;
}

首先使用gcc test.c -g对上面的代码进行编译,自动生成目标文件a.out;然后使用objdump -S a.out查看汇编代码,截取片断如下:

int test()
{
80483e4: 55 push %ebp 保存帧指针,帧指针入栈
80483e5: 89 e5 mov %esp,%ebp 使帧指针指向栈指针
80483e7: 83 ec 10 sub $0x10,%esp 申请16字节的栈空间
int arg1 = 3;
80483ea: c7 45 fc 03 00 00 00 movl $0x3,-0x4(%ebp) 把3入栈
int arg2 = 7;
80483f1: c7 45 f8 07 00 00 00 movl $0x7,-0x8(%ebp) 把7入栈

int diff = arg2 - arg1;
80483f8: 8b 45 fc mov -0x4(%ebp),%eax 取出3,放入寄存器%eax
80483fb: 8b 55 f8 mov -0x8(%ebp),%edx 取出7,放入寄存器%edx
80483fe: 89 d1 mov %edx,%ecx 把寄存器%edx的值交给寄存器%ecx
8048400: 29 c1 sub %eax,%ecx 寄存器%ecx的值减去寄存器%eax的值,再放入寄存器%ecx
8048402: 89 c8 mov %ecx,%eax 把寄存器%ecx的值交给寄存器%eax
8048404: 89 45 f4 mov %eax,-0xc(%ebp) 寄存器%eax的值保存在栈上,diff是局部变量,他的值是存储在栈上的

return diff;
8048407: 8b 45 f4 mov -0xc(%ebp),%eax 从栈取出diff,交给寄存器%eax,这样寄存器%eax保存的就是函数返回值了
}
804840a: c9 leave 准备栈,这里应该是恢复到之前的栈,即要恢复%esp和%ebp
804840b: c3 ret 返回到call调用之后的那个地址继续执行,即返回到804841a

0804840c <main>:


int main()
{
804840c: 55 push %ebp
804840d: 89 e5 mov %esp,%ebp
804840f: 83 e4 f0 and $0xfffffff0,%esp
8048412: 83 ec 20 sub $0x20,%esp
int res;

res = caller();
8048415: e8 ca ff ff ff call 80483e4 <test> 调用test函数
804841a: 89 44 24 1c mov %eax,0x1c(%esp) 将返回值入栈

printf("res=%d\n", res);
804841e: b8 00 85 04 08 mov $0x8048500,%eax
8048423: 8b 54 24 1c mov 0x1c(%esp),%edx
8048427: 89 54 24 04 mov %edx,0x4(%esp)
804842b: 89 04 24 mov %eax,(%esp)
804842e: e8 e9 fe ff ff call 804831c <printf@plt>

return 0;
8048433: b8 00 00 00 00 mov $0x0,%eax
}
8048438: c9 leave
8048439: c3 ret
804843a: 90 nop