본문 바로가기
악성코드 분석/리버싱 팁

어셈블리 코드 해석

by ITPro 2010. 12. 1.
원본 : http://www.daniweb.com/forums/post382693.html#post382693

간단한 C++ 코드의 어셈블리 코드와 해석

-C++ 코드-
int main() {
        short x=6;
        short y=9;
        short z; 
        z = x+y;
        return 0;
}


-어셈블리 코드-

        .file    "CSCILab03-1.cpp"
; This is the input source file.  This will probably make it into the
; assembler output as some kind of debug record for later debugging.
        .text
        .align 2
; .text is a section command (.data and .bss are others). All program
; and constant data typically goes into .text. Global initialised data
; should be in .data, and uninitialised globals should be in .bss 
.globl main
        .type    main, @function
; Declare a global symbol, and set it's type to be a function.
 
main:
; main starts here :) 
 
        leal    4(%esp), %ecx       ; Save the original stack pointer
        andl    $-16, %esp          ; -16 is 0xFFFFFFF0, which clears the bottom
                                ; 4 bits of the stack pointer (esp).  The effect
                                ; of this is to ensure the stack remains 16-byte
                                ; aligned for the most efficient access to any
                                ; data type;
        pushl   -4(%ecx)            ; push the original stack pointer
        ; These first 3 instructions are only something you will see in main()
        ; Put the same code into another function, and it will just begin with
        ; the saving and setting up of ebp.
 
        pushl   %ebp                     ; Save original base pointer (ebp)
        movl    %esp, %ebp          ; Establish a new base pointer where the
                                                         ;stack is now.
        pushl   %ecx                    ; Save it
        subl    $16, %esp              ; Allocate some space for local variables. 
        movw    $6, -10(%ebp)      ; short x=6;
        movw    $9, -8(%ebp)        ; short y=9;
        movzwl  -10(%ebp), %edx ; Move (short)x into edx, and clear the MSW
        movzwl  -8(%ebp), %eax  ; Move (short)y into eax, and clear the MSW
        leal    (%edx,%eax), %eax ; one of many ways of performing an
                                                          ;addition.
        movw    %ax, -6(%ebp)      ; Move (short)ax into z 
        movl    $0, %eax                ; return 0;
                                           ;(well, putting 0 into the return register)
 
        addl    $16, %esp           ; remove the local variables
        popl    %ecx                ; restore a register
        popl    %ebp                ; restore another register
 
        leal    -4(%ecx), %esp      ; restore the original stack pointer
                                ; this is another 'main only' step, see the start
 
        ret                         ; Adiós amigo
 
.LFE2:
        .size    main, .-main
; Some internal symbol which indicates how many bytes the main function
; occupies.
 
.globl __gxx_personality_v0
; gxx_personality is something which g++ emits, for what, I don't know.
 
        .ident    "GCC: (GNU) 4.1.1 20070105 (Red Hat 4.1.1-52)"
; More identification of what generated this assembly code.
 
        .section    .note.GNU-stack,"",@progbit
; Dunno what this is for.
반응형

'악성코드 분석 > 리버싱 팁' 카테고리의 다른 글

mov EDI,EDI (Hot Patching)  (0) 2010.12.21
PE 구조  (0) 2010.12.09

바로가기