main() 的地址是多少?它在堆栈上为其帧大小分配了多少字节?

逆向工程 艾达 二元分析 数据库 动态分析 转储
2021-06-22 08:15:56

这是我的objdump -d输出,但我不知道在哪里看。我了解汇编,但试图找出某些点的寄存器值有点令人困惑。如果有人知道如何在 IDA 中做到这一点,我有 IDA 5.0 的免费版本。

root@kali:~/Desktop# objdump -d dbgLab.bin 

dbgLab.bin:     file format elf32-i386


Disassembly of section .init:

08048374 <.init>:
 8048374:   53                      push   %ebx
 8048375:   83 ec 08                sub    $0x8,%esp
 8048378:   e8 00 00 00 00          call   804837d <printf@plt-0x43>
 804837d:   5b                      pop    %ebx
 804837e:   81 c3 77 1c 00 00       add    $0x1c77,%ebx
 8048384:   8b 83 fc ff ff ff       mov    -0x4(%ebx),%eax
 804838a:   85 c0                   test   %eax,%eax
 804838c:   74 05                   je     8048393 <printf@plt-0x2d>
 804838e:   e8 5d 00 00 00          call   80483f0 <__gmon_start__@plt>
 8048393:   e8 48 01 00 00          call   80484e0 <strncmp@plt+0xa0>
 8048398:   e8 13 03 00 00          call   80486b0 <strncmp@plt+0x270>
 804839d:   83 c4 08                add    $0x8,%esp
 80483a0:   5b                      pop    %ebx
 80483a1:   c3                      ret    

Disassembly of section .plt:

080483b0 <printf@plt-0x10>:
 80483b0:   ff 35 f8 9f 04 08       pushl  0x8049ff8
 80483b6:   ff 25 fc 9f 04 08       jmp    *0x8049ffc
 80483bc:   00 00                   add    %al,(%eax)
    ...

080483c0 <printf@plt>:
 80483c0:   ff 25 00 a0 04 08       jmp    *0x804a000
 80483c6:   68 00 00 00 00          push   $0x0
 80483cb:   e9 e0 ff ff ff          jmp    80483b0 <printf@plt-0x10>

080483d0 <malloc@plt>:
 80483d0:   ff 25 04 a0 04 08       jmp    *0x804a004
 80483d6:   68 08 00 00 00          push   $0x8
 80483db:   e9 d0 ff ff ff          jmp    80483b0 <printf@plt-0x10>

080483e0 <puts@plt>:
 80483e0:   ff 25 08 a0 04 08       jmp    *0x804a008
 80483e6:   68 10 00 00 00          push   $0x10
 80483eb:   e9 c0 ff ff ff          jmp    80483b0 <printf@plt-0x10>

080483f0 <__gmon_start__@plt>:
 80483f0:   ff 25 0c a0 04 08       jmp    *0x804a00c
 80483f6:   68 18 00 00 00          push   $0x18
 80483fb:   e9 b0 ff ff ff          jmp    80483b0 <printf@plt-0x10>

08048400 <exit@plt>:
 8048400:   ff 25 10 a0 04 08       jmp    *0x804a010
 8048406:   68 20 00 00 00          push   $0x20
 804840b:   e9 a0 ff ff ff          jmp    80483b0 <printf@plt-0x10>

08048410 <__libc_start_main@plt>:
 8048410:   ff 25 14 a0 04 08       jmp    *0x804a014
 8048416:   68 28 00 00 00          push   $0x28
 804841b:   e9 90 ff ff ff          jmp    80483b0 <printf@plt-0x10>

08048420 <strncpy@plt>:
 8048420:   ff 25 18 a0 04 08       jmp    *0x804a018
 8048426:   68 30 00 00 00          push   $0x30
 804842b:   e9 80 ff ff ff          jmp    80483b0 <printf@plt-0x10>

08048430 <atoi@plt>:
 8048430:   ff 25 1c a0 04 08       jmp    *0x804a01c
 8048436:   68 38 00 00 00          push   $0x38
 804843b:   e9 70 ff ff ff          jmp    80483b0 <printf@plt-0x10>

08048440 <strncmp@plt>:
 8048440:   ff 25 20 a0 04 08       jmp    *0x804a020
 8048446:   68 40 00 00 00          push   $0x40
 804844b:   e9 60 ff ff ff          jmp    80483b0 <printf@plt-0x10>

Disassembly of section .text:

08048450 <.text>:
 8048450:   31 ed                   xor    %ebp,%ebp
 8048452:   5e                      pop    %esi
 8048453:   89 e1                   mov    %esp,%ecx
 8048455:   83 e4 f0                and    $0xfffffff0,%esp
 8048458:   50                      push   %eax
 8048459:   54                      push   %esp
 804845a:   52                      push   %edx
 804845b:   68 a0 86 04 08          push   $0x80486a0
 8048460:   68 30 86 04 08          push   $0x8048630
 8048465:   51                      push   %ecx
 8048466:   56                      push   %esi
 8048467:   68 3e 85 04 08          push   $0x804853e
 804846c:   e8 9f ff ff ff          call   8048410 <__libc_start_main@plt>
 8048471:   f4                      hlt    
 8048472:   90                      nop
 8048473:   90                      nop
 8048474:   90                      nop
 8048475:   90                      nop
 8048476:   90                      nop
 8048477:   90                      nop
 8048478:   90                      nop
 8048479:   90                      nop
 804847a:   90                      nop
 804847b:   90                      nop
 804847c:   90                      nop
 804847d:   90                      nop
 804847e:   90                      nop
 804847f:   90                      nop
 8048480:   55                      push   %ebp
 8048481:   89 e5                   mov    %esp,%ebp
 8048483:   53                      push   %ebx
 8048484:   83 ec 04                sub    $0x4,%esp
 8048487:   80 3d 44 a0 04 08 00    cmpb   $0x0,0x804a044
 804848e:   75 3f                   jne    80484cf <strncmp@plt+0x8f>
 8048490:   a1 48 a0 04 08          mov    0x804a048,%eax
 8048495:   bb 20 9f 04 08          mov    $0x8049f20,%ebx
 804849a:   81 eb 1c 9f 04 08       sub    $0x8049f1c,%ebx
 80484a0:   c1 fb 02                sar    $0x2,%ebx
 80484a3:   83 eb 01                sub    $0x1,%ebx
 80484a6:   39 d8                   cmp    %ebx,%eax
 80484a8:   73 1e                   jae    80484c8 <strncmp@plt+0x88>
 80484aa:   8d b6 00 00 00 00       lea    0x0(%esi),%esi
 80484b0:   83 c0 01                add    $0x1,%eax
 80484b3:   a3 48 a0 04 08          mov    %eax,0x804a048
 80484b8:   ff 14 85 1c 9f 04 08    call   *0x8049f1c(,%eax,4)
 80484bf:   a1 48 a0 04 08          mov    0x804a048,%eax
 80484c4:   39 d8                   cmp    %ebx,%eax
 80484c6:   72 e8                   jb     80484b0 <strncmp@plt+0x70>
 80484c8:   c6 05 44 a0 04 08 01    movb   $0x1,0x804a044
 80484cf:   83 c4 04                add    $0x4,%esp
 80484d2:   5b                      pop    %ebx
 80484d3:   5d                      pop    %ebp
 80484d4:   c3                      ret    
 80484d5:   8d 74 26 00             lea    0x0(%esi,%eiz,1),%esi
 80484d9:   8d bc 27 00 00 00 00    lea    0x0(%edi,%eiz,1),%edi
 80484e0:   55                      push   %ebp
 80484e1:   89 e5                   mov    %esp,%ebp
 80484e3:   83 ec 18                sub    $0x18,%esp
 80484e6:   a1 24 9f 04 08          mov    0x8049f24,%eax
 80484eb:   85 c0                   test   %eax,%eax
 80484ed:   74 12                   je     8048501 <strncmp@plt+0xc1>
 80484ef:   b8 00 00 00 00          mov    $0x0,%eax
 80484f4:   85 c0                   test   %eax,%eax
 80484f6:   74 09                   je     8048501 <strncmp@plt+0xc1>
 80484f8:   c7 04 24 24 9f 04 08    movl   $0x8049f24,(%esp)
 80484ff:   ff d0                   call   *%eax
 8048501:   c9                      leave  
 8048502:   c3                      ret    
 8048503:   90                      nop
 8048504:   55                      push   %ebp
 8048505:   89 e5                   mov    %esp,%ebp
 8048507:   83 ec 14                sub    $0x14,%esp
 804850a:   8b 45 08                mov    0x8(%ebp),%eax
 804850d:   88 45 ec                mov    %al,-0x14(%ebp)
 8048510:   c7 45 fc 00 00 00 00    movl   $0x0,-0x4(%ebp)
 8048517:   eb 1b                   jmp    8048534 <strncmp@plt+0xf4>
 8048519:   8b 45 fc                mov    -0x4(%ebp),%eax
 804851c:   03 45 0c                add    0xc(%ebp),%eax
 804851f:   8b 55 fc                mov    -0x4(%ebp),%edx
 8048522:   03 55 0c                add    0xc(%ebp),%edx
 8048525:   0f b6 0a                movzbl (%edx),%ecx
 8048528:   0f b6 55 ec             movzbl -0x14(%ebp),%edx
 804852c:   31 ca                   xor    %ecx,%edx
 804852e:   88 10                   mov    %dl,(%eax)
 8048530:   83 45 fc 01             addl   $0x1,-0x4(%ebp)
 8048534:   8b 45 fc                mov    -0x4(%ebp),%eax
 8048537:   3b 45 10                cmp    0x10(%ebp),%eax
 804853a:   7c dd                   jl     8048519 <strncmp@plt+0xd9>
 804853c:   c9                      leave  
 804853d:   c3                      ret    
 804853e:   55                      push   %ebp
 804853f:   89 e5                   mov    %esp,%ebp
 8048541:   83 e4 f0                and    $0xfffffff0,%esp
 8048544:   83 ec 20                sub    $0x20,%esp
 8048547:   c6 44 24 1f cf          movb   $0xcf,0x1f(%esp)
 804854c:   c7 04 24 0d 00 00 00    movl   $0xd,(%esp)
 8048553:   e8 78 fe ff ff          call   80483d0 <malloc@plt>
 8048558:   89 44 24 18             mov    %eax,0x18(%esp)
 804855c:   83 7d 08 02             cmpl   $0x2,0x8(%ebp)
 8048560:   7f 0c                   jg     804856e <strncmp@plt+0x12e>
 8048562:   c7 04 24 ff ff ff ff    movl   $0xffffffff,(%esp)
 8048569:   e8 92 fe ff ff          call   8048400 <exit@plt>
 804856e:   8b 45 0c                mov    0xc(%ebp),%eax
 8048571:   83 c0 04                add    $0x4,%eax
 8048574:   8b 00                   mov    (%eax),%eax
 8048576:   c7 44 24 08 0d 00 00    movl   $0xd,0x8(%esp)
 804857d:   00 
 804857e:   89 44 24 04             mov    %eax,0x4(%esp)
 8048582:   8b 44 24 18             mov    0x18(%esp),%eax
 8048586:   89 04 24                mov    %eax,(%esp)
 8048589:   e8 92 fe ff ff          call   8048420 <strncpy@plt>
 804858e:   0f b6 44 24 1f          movzbl 0x1f(%esp),%eax
 8048593:   c7 44 24 08 0c 00 00    movl   $0xc,0x8(%esp)
 804859a:   00 
 804859b:   c7 44 24 04 30 a0 04    movl   $0x804a030,0x4(%esp)
 80485a2:   08 
 80485a3:   89 04 24                mov    %eax,(%esp)
 80485a6:   e8 59 ff ff ff          call   8048504 <strncmp@plt+0xc4>
 80485ab:   c7 44 24 08 14 00 00    movl   $0x14,0x8(%esp)
 80485b2:   00 
 80485b3:   8b 44 24 18             mov    0x18(%esp),%eax
 80485b7:   89 44 24 04             mov    %eax,0x4(%esp)
 80485bb:   c7 04 24 30 a0 04 08    movl   $0x804a030,(%esp)
 80485c2:   e8 79 fe ff ff          call   8048440 <strncmp@plt>
 80485c7:   85 c0                   test   %eax,%eax
 80485c9:   74 21                   je     80485ec <strncmp@plt+0x1ac>
 80485cb:   b8 08 87 04 08          mov    $0x8048708,%eax
 80485d0:   c7 44 24 04 30 a0 04    movl   $0x804a030,0x4(%esp)
 80485d7:   08 
 80485d8:   89 04 24                mov    %eax,(%esp)
 80485db:   e8 e0 fd ff ff          call   80483c0 <printf@plt>
 80485e0:   c7 04 24 ff ff ff ff    movl   $0xffffffff,(%esp)
 80485e7:   e8 14 fe ff ff          call   8048400 <exit@plt>
 80485ec:   8b 45 0c                mov    0xc(%ebp),%eax
 80485ef:   83 c0 08                add    $0x8,%eax
 80485f2:   8b 00                   mov    (%eax),%eax
 80485f4:   89 04 24                mov    %eax,(%esp)
 80485f7:   e8 34 fe ff ff          call   8048430 <atoi@plt>
 80485fc:   8b 15 40 a0 04 08       mov    0x804a040,%edx
 8048602:   39 d0                   cmp    %edx,%eax
 8048604:   74 18                   je     804861e <strncmp@plt+0x1de>
 8048606:   c7 04 24 16 87 04 08    movl   $0x8048716,(%esp)
 804860d:   e8 ce fd ff ff          call   80483e0 <puts@plt>
 8048612:   c7 04 24 ff ff ff ff    movl   $0xffffffff,(%esp)
 8048619:   e8 e2 fd ff ff          call   8048400 <exit@plt>
 804861e:   c7 04 24 1b 87 04 08    movl   $0x804871b,(%esp)
 8048625:   e8 b6 fd ff ff          call   80483e0 <puts@plt>
 804862a:   c9                      leave  
 804862b:   c3                      ret    
 804862c:   90                      nop
 804862d:   90                      nop
 804862e:   90                      nop
 804862f:   90                      nop
 8048630:   55                      push   %ebp
 8048631:   57                      push   %edi
 8048632:   56                      push   %esi
 8048633:   53                      push   %ebx
 8048634:   e8 69 00 00 00          call   80486a2 <strncmp@plt+0x262>
 8048639:   81 c3 bb 19 00 00       add    $0x19bb,%ebx
 804863f:   83 ec 1c                sub    $0x1c,%esp
 8048642:   8b 6c 24 30             mov    0x30(%esp),%ebp
 8048646:   8d bb 20 ff ff ff       lea    -0xe0(%ebx),%edi
 804864c:   e8 23 fd ff ff          call   8048374 <printf@plt-0x4c>
 8048651:   8d 83 20 ff ff ff       lea    -0xe0(%ebx),%eax
 8048657:   29 c7                   sub    %eax,%edi
 8048659:   c1 ff 02                sar    $0x2,%edi
 804865c:   85 ff                   test   %edi,%edi
 804865e:   74 29                   je     8048689 <strncmp@plt+0x249>
 8048660:   31 f6                   xor    %esi,%esi
 8048662:   8d b6 00 00 00 00       lea    0x0(%esi),%esi
 8048668:   8b 44 24 38             mov    0x38(%esp),%eax
 804866c:   89 2c 24                mov    %ebp,(%esp)
 804866f:   89 44 24 08             mov    %eax,0x8(%esp)
 8048673:   8b 44 24 34             mov    0x34(%esp),%eax
 8048677:   89 44 24 04             mov    %eax,0x4(%esp)
 804867b:   ff 94 b3 20 ff ff ff    call   *-0xe0(%ebx,%esi,4)
 8048682:   83 c6 01                add    $0x1,%esi
 8048685:   39 fe                   cmp    %edi,%esi
 8048687:   75 df                   jne    8048668 <strncmp@plt+0x228>
 8048689:   83 c4 1c                add    $0x1c,%esp
 804868c:   5b                      pop    %ebx
 804868d:   5e                      pop    %esi
 804868e:   5f                      pop    %edi
 804868f:   5d                      pop    %ebp
 8048690:   c3                      ret    
 8048691:   eb 0d                   jmp    80486a0 <strncmp@plt+0x260>
 8048693:   90                      nop
 8048694:   90                      nop
 8048695:   90                      nop
 8048696:   90                      nop
 8048697:   90                      nop
 8048698:   90                      nop
 8048699:   90                      nop
 804869a:   90                      nop
 804869b:   90                      nop
 804869c:   90                      nop
 804869d:   90                      nop
 804869e:   90                      nop
 804869f:   90                      nop
 80486a0:   f3 c3                   repz ret 
 80486a2:   8b 1c 24                mov    (%esp),%ebx
 80486a5:   c3                      ret    
 80486a6:   90                      nop
 80486a7:   90                      nop
 80486a8:   90                      nop
 80486a9:   90                      nop
 80486aa:   90                      nop
 80486ab:   90                      nop
 80486ac:   90                      nop
 80486ad:   90                      nop
 80486ae:   90                      nop
 80486af:   90                      nop
 80486b0:   55                      push   %ebp
 80486b1:   89 e5                   mov    %esp,%ebp
 80486b3:   53                      push   %ebx
 80486b4:   83 ec 04                sub    $0x4,%esp
 80486b7:   a1 14 9f 04 08          mov    0x8049f14,%eax
 80486bc:   83 f8 ff                cmp    $0xffffffff,%eax
 80486bf:   74 13                   je     80486d4 <strncmp@plt+0x294>
 80486c1:   bb 14 9f 04 08          mov    $0x8049f14,%ebx
 80486c6:   66 90                   xchg   %ax,%ax
 80486c8:   83 eb 04                sub    $0x4,%ebx
 80486cb:   ff d0                   call   *%eax
 80486cd:   8b 03                   mov    (%ebx),%eax
 80486cf:   83 f8 ff                cmp    $0xffffffff,%eax
 80486d2:   75 f4                   jne    80486c8 <strncmp@plt+0x288>
 80486d4:   83 c4 04                add    $0x4,%esp
 80486d7:   5b                      pop    %ebx
 80486d8:   5d                      pop    %ebp
 80486d9:   c3                      ret    
 80486da:   90                      nop
 80486db:   90                      nop

Disassembly of section .fini:

080486dc <.fini>:
 80486dc:   53                      push   %ebx
 80486dd:   83 ec 08                sub    $0x8,%esp
 80486e0:   e8 00 00 00 00          call   80486e5 <strncmp@plt+0x2a5>
 80486e5:   5b                      pop    %ebx
 80486e6:   81 c3 0f 19 00 00       add    $0x190f,%ebx
 80486ec:   e8 8f fd ff ff          call   8048480 <strncmp@plt+0x40>
 80486f1:   83 c4 08                add    $0x8,%esp
 80486f4:   5b                      pop    %ebx
 80486f5:   c3                      ret
2个回答

地址main__libc_start_main函数的第一个参数让我们看一下入口点代码:

 xor    %ebp,%ebp
 pop    %esi
 mov    %esp,%ecx
 and    $0xfffffff0,%esp
 push   %eax
 push   %esp
 push   %edx
 push   $0x80486a0
 push   $0x8048630
 push   %ecx
 push   %esi
 push   $0x804853e
 call   8048410 <__libc_start_main@plt>
 hlt

因为它是 x86 代码,所以它使用 cdecl ABI,这意味着第一个参数最后被压入堆栈。所以地址main0x804853e

好吧,从objdump您提供清单中可以明显看出,该二进制文件已从所有符号中删除。这就是为什么main除了那些源自外部库的符号之外,您将无法找到该符号或任何其他函数的符号。但是,考虑到这个二进制文件是一个 ELF,你可以readelf -h在它上面运行命令并得到Entry point address它肯定会指向.text位于08048450你的二进制objdump列表中地址部分

如果您想了解有关如何找到该main函数的更多信息这篇文章和这篇文章的答案涵盖了您需要了解的大部分内容。

其它你可能感兴趣的问题
上一篇如何在游戏中找到功能 下一篇交叉引用对象字段