汇编那些事
1. 源代码:myEx.cpp
#include<iostream>
using namespace std;
struct AAABBBCCC
{
AAABBBCCC():a(0),b(1),c(1.0){}
int a;
int b;
double c;
int d[10];
};
AAABBBCCC changeAAABBBCCC(AAABBBCCC m)
{
m.a = 10;
m.b = 20;
m.c = 2.0;
return m;
};
int main ()
{
AAABBBCCC m;
AAABBBCCC n = changeAAABBBCCC(m);
cout<<n.b<<endl;
return n.a;
}
2.debug编译 g++ -g myEx.cpp -o myEx
2.1 $nm myEx
0000000000600bd8 d _DYNAMIC
0000000000600da0 d _GLOBAL_OFFSET_TABLE_
0000000000400842 t _GLOBAL__I__Z15changeAAABBBCCC9AAABBBCCC
0000000000400a08 R _IO_stdin_used
w _Jv_RegisterClasses
00000000004007a8 T _Z15changeAAABBBCCC9AAABBBCCC
0000000000400804 t _Z41__static_initialization_and_destruction_0ii
00000000004008ea W _ZN9AAABBBCCCC1Ev
U _ZNSolsEPFRSoS_E@@GLIBCXX_3.4
U _ZNSolsEi@@GLIBCXX_3.4
U _ZNSt8ios_base4InitC1Ev@@GLIBCXX_3.4
U _ZNSt8ios_base4InitD1Ev@@GLIBCXX_3.4
0000000000600e00 B _ZSt4cout@@GLIBCXX_3.4
U _ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_@@GLIBCXX_3.4
0000000000600f1c b _ZSt8__ioinit
0000000000600bb8 d __CTOR_END__
0000000000600ba8 d __CTOR_LIST__
0000000000600bc8 D __DTOR_END__
0000000000600bc0 d __DTOR_LIST__
0000000000400ba0 r __FRAME_END__
0000000000600bd0 d __JCR_END__
0000000000600bd0 d __JCR_LIST__
0000000000600dfc A __bss_start
U __cxa_atexit@@GLIBC_2.2.5
0000000000600df8 D __data_start
00000000004009c0 t __do_global_ctors_aux
0000000000400720 t __do_global_dtors_aux
0000000000400a10 R __dso_handle
0000000000600ba4 d __fini_array_end
0000000000600ba4 d __fini_array_start
w __gmon_start__
U __gxx_personality_v0@@CXXABI_1.3
0000000000600ba4 d __init_array_end
0000000000600ba4 d __init_array_start
0000000000400920 T __libc_csu_fini
0000000000400930 T __libc_csu_init
U __libc_start_main@@GLIBC_2.2.5
0000000000600ba4 d __preinit_array_end
0000000000600ba4 d __preinit_array_start
0000000000400858 t __tcf_0
0000000000600dfc A _edata
0000000000600f20 A _end
00000000004009f8 T _fini
0000000000400628 T _init
00000000004006d0 T _start
00000000004006fc t call_gmon_start
0000000000600f18 b completed.6145
0000000000600df8 W data_start
0000000000600f10 b dtor_idx.6147
0000000000400780 t frame_dummy
0000000000400870 T main
0000000000600bd8 d _DYNAMIC
0000000000600da0 d _GLOBAL_OFFSET_TABLE_
0000000000400842 t _GLOBAL__I__Z15changeAAABBBCCC9AAABBBCCC
0000000000400a08 R _IO_stdin_used
w _Jv_RegisterClasses
00000000004007a8 T _Z15changeAAABBBCCC9AAABBBCCC
0000000000400804 t _Z41__static_initialization_and_destruction_0ii
00000000004008ea W _ZN9AAABBBCCCC1Ev
U _ZNSolsEPFRSoS_E@@GLIBCXX_3.4
U _ZNSolsEi@@GLIBCXX_3.4
U _ZNSt8ios_base4InitC1Ev@@GLIBCXX_3.4
U _ZNSt8ios_base4InitD1Ev@@GLIBCXX_3.4
0000000000600e00 B _ZSt4cout@@GLIBCXX_3.4
U _ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_@@GLIBCXX_3.4
0000000000600f1c b _ZSt8__ioinit
0000000000600bb8 d __CTOR_END__
0000000000600ba8 d __CTOR_LIST__
0000000000600bc8 D __DTOR_END__
0000000000600bc0 d __DTOR_LIST__
0000000000400ba0 r __FRAME_END__
0000000000600bd0 d __JCR_END__
0000000000600bd0 d __JCR_LIST__
0000000000600dfc A __bss_start
U __cxa_atexit@@GLIBC_2.2.5
0000000000600df8 D __data_start
00000000004009c0 t __do_global_ctors_aux
0000000000400720 t __do_global_dtors_aux
0000000000400a10 R __dso_handle
0000000000600ba4 d __fini_array_end
0000000000600ba4 d __fini_array_start
w __gmon_start__
U __gxx_personality_v0@@CXXABI_1.3
0000000000600ba4 d __init_array_end
0000000000600ba4 d __init_array_start
0000000000400920 T __libc_csu_fini
0000000000400930 T __libc_csu_init
U __libc_start_main@@GLIBC_2.2.5
0000000000600ba4 d __preinit_array_end
0000000000600ba4 d __preinit_array_start
0000000000400858 t __tcf_0
0000000000600dfc A _edata
0000000000600f20 A _end
00000000004009f8 T _fini
0000000000400628 T _init
00000000004006d0 T _start
00000000004006fc t call_gmon_start
0000000000600f18 b completed.6145
0000000000600df8 W data_start
0000000000600f10 b dtor_idx.6147
0000000000400780 t frame_dummy
0000000000400870 T main
$nm -C myEx
0000000000600bd8 d _DYNAMIC
0000000000600da0 d _GLOBAL_OFFSET_TABLE_
0000000000400842 t global constructors keyed to _Z15changeAAABBBCCC9AAABBBCCC
0000000000400a08 R _IO_stdin_used
w _Jv_RegisterClasses
00000000004007a8 T changeAAABBBCCC(AAABBBCCC)
0000000000400804 t __static_initialization_and_destruction_0(int, int)
00000000004008ea W AAABBBCCC::AAABBBCCC()
U std::ostream::operator<<(std::ostream& (*)(std::ostream&))@@GLIBCXX_3.4
U std::ostream::operator<<(int)@@GLIBCXX_3.4
U std::ios_base::Init::Init()@@GLIBCXX_3.4
U std::ios_base::Init::~Init()@@GLIBCXX_3.4
0000000000600e00 B std::cout@@GLIBCXX_3.4
U std::basic_ostream<char, std::char_traits<char> >& std::endl<char, std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&)@@GLIBCXX_3.4
0000000000600f1c b std::__ioinit
0000000000600bb8 d __CTOR_END__
0000000000600ba8 d __CTOR_LIST__
0000000000600bc8 D __DTOR_END__
0000000000600bc0 d __DTOR_LIST__
0000000000400ba0 r __FRAME_END__
0000000000600bd0 d __JCR_END__
0000000000600bd0 d __JCR_LIST__
0000000000600dfc A __bss_start
U __cxa_atexit@@GLIBC_2.2.5
0000000000600df8 D __data_start
00000000004009c0 t __do_global_ctors_aux
0000000000400720 t __do_global_dtors_aux
0000000000400a10 R __dso_handle
0000000000600ba4 d __fini_array_end
0000000000600ba4 d __fini_array_start
w __gmon_start__
U __gxx_personality_v0@@CXXABI_1.3
0000000000600ba4 d __init_array_end
0000000000600ba4 d __init_array_start
0000000000400920 T __libc_csu_fini
0000000000400930 T __libc_csu_init
U __libc_start_main@@GLIBC_2.2.5
0000000000600ba4 d __preinit_array_end
0000000000600ba4 d __preinit_array_start
0000000000400858 t __tcf_0
0000000000600dfc A _edata
0000000000600f20 A _end
00000000004009f8 T _fini
0000000000400628 T _init
00000000004006d0 T _start
00000000004006fc t call_gmon_start
0000000000600f18 b completed.6145
0000000000600df8 W data_start
0000000000600f10 b dtor_idx.6147
0000000000400780 t frame_dummy
0000000000400870 T main
0000000000600bd8 d _DYNAMIC
0000000000600da0 d _GLOBAL_OFFSET_TABLE_
0000000000400842 t global constructors keyed to _Z15changeAAABBBCCC9AAABBBCCC
0000000000400a08 R _IO_stdin_used
w _Jv_RegisterClasses
00000000004007a8 T changeAAABBBCCC(AAABBBCCC)
0000000000400804 t __static_initialization_and_destruction_0(int, int)
00000000004008ea W AAABBBCCC::AAABBBCCC()
U std::ostream::operator<<(std::ostream& (*)(std::ostream&))@@GLIBCXX_3.4
U std::ostream::operator<<(int)@@GLIBCXX_3.4
U std::ios_base::Init::Init()@@GLIBCXX_3.4
U std::ios_base::Init::~Init()@@GLIBCXX_3.4
0000000000600e00 B std::cout@@GLIBCXX_3.4
U std::basic_ostream<char, std::char_traits<char> >& std::endl<char, std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&)@@GLIBCXX_3.4
0000000000600f1c b std::__ioinit
0000000000600bb8 d __CTOR_END__
0000000000600ba8 d __CTOR_LIST__
0000000000600bc8 D __DTOR_END__
0000000000600bc0 d __DTOR_LIST__
0000000000400ba0 r __FRAME_END__
0000000000600bd0 d __JCR_END__
0000000000600bd0 d __JCR_LIST__
0000000000600dfc A __bss_start
U __cxa_atexit@@GLIBC_2.2.5
0000000000600df8 D __data_start
00000000004009c0 t __do_global_ctors_aux
0000000000400720 t __do_global_dtors_aux
0000000000400a10 R __dso_handle
0000000000600ba4 d __fini_array_end
0000000000600ba4 d __fini_array_start
w __gmon_start__
U __gxx_personality_v0@@CXXABI_1.3
0000000000600ba4 d __init_array_end
0000000000600ba4 d __init_array_start
0000000000400920 T __libc_csu_fini
0000000000400930 T __libc_csu_init
U __libc_start_main@@GLIBC_2.2.5
0000000000600ba4 d __preinit_array_end
0000000000600ba4 d __preinit_array_start
0000000000400858 t __tcf_0
0000000000600dfc A _edata
0000000000600f20 A _end
00000000004009f8 T _fini
0000000000400628 T _init
00000000004006d0 T _start
00000000004006fc t call_gmon_start
0000000000600f18 b completed.6145
0000000000600df8 W data_start
0000000000600f10 b dtor_idx.6147
0000000000400780 t frame_dummy
0000000000400870 T main
3. objdump 结果
$objdump -d myEx
myEx: file format elf64-x86-64
Disassembly of section .init:
0000000000400628 <_init>:
400628: 48 83 ec 08 sub $0x8,%rsp
40062c: e8 cb 00 00 00 callq 4006fc <call_gmon_start>
400631: e8 4a 01 00 00 callq 400780 <frame_dummy>
400636: e8 85 03 00 00 callq 4009c0 <__do_global_ctors_aux>
40063b: 48 83 c4 08 add $0x8,%rsp
40063f: c3 retq
Disassembly of section .plt:
0000000000400640 <_ZNSolsEi@plt-0x10>:
400640: ff 35 62 07 20 00 pushq 2099042(%rip) # 600da8 <_GLOBAL_OFFSET_TABLE_+0x8>
400646: ff 25 64 07 20 00 jmpq *2099044(%rip) # 600db0 <_GLOBAL_OFFSET_TABLE_+0x10>
40064c: 0f 1f 40 00 nopl 0x0(%rax)
0000000000400650 <_ZNSolsEi@plt>:
400650: ff 25 62 07 20 00 jmpq *2099042(%rip) # 600db8 <_GLOBAL_OFFSET_TABLE_+0x18>
400656: 68 00 00 00 00 pushq $0x0
40065b: e9 e0 ff ff ff jmpq 400640 <_init+0x18>
0000000000400660 <_ZNSt8ios_base4InitC1Ev@plt>:
400660: ff 25 5a 07 20 00 jmpq *2099034(%rip) # 600dc0 <_GLOBAL_OFFSET_TABLE_+0x20>
400666: 68 01 00 00 00 pushq $0x1
40066b: e9 d0 ff ff ff jmpq 400640 <_init+0x18>
0000000000400670 <__libc_start_main@plt>:
400670: ff 25 52 07 20 00 jmpq *2099026(%rip) # 600dc8 <_GLOBAL_OFFSET_TABLE_+0x28>
400676: 68 02 00 00 00 pushq $0x2
40067b: e9 c0 ff ff ff jmpq 400640 <_init+0x18>
0000000000400680 <__cxa_atexit@plt>:
400680: ff 25 4a 07 20 00 jmpq *2099018(%rip) # 600dd0 <_GLOBAL_OFFSET_TABLE_+0x30>
400686: 68 03 00 00 00 pushq $0x3
40068b: e9 b0 ff ff ff jmpq 400640 <_init+0x18>
0000000000400690 <_ZNSt8ios_base4InitD1Ev@plt>:
400690: ff 25 42 07 20 00 jmpq *2099010(%rip) # 600dd8 <_GLOBAL_OFFSET_TABLE_+0x38>
400696: 68 04 00 00 00 pushq $0x4
40069b: e9 a0 ff ff ff jmpq 400640 <_init+0x18>
00000000004006a0 <_ZNSolsEPFRSoS_E@plt>:
4006a0: ff 25 3a 07 20 00 jmpq *2099002(%rip) # 600de0 <_GLOBAL_OFFSET_TABLE_+0x40>
4006a6: 68 05 00 00 00 pushq $0x5
4006ab: e9 90 ff ff ff jmpq 400640 <_init+0x18>
00000000004006b0 <_ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_@plt>:
4006b0: ff 25 32 07 20 00 jmpq *2098994(%rip) # 600de8 <_GLOBAL_OFFSET_TABLE_+0x48>
4006b6: 68 06 00 00 00 pushq $0x6
4006bb: e9 80 ff ff ff jmpq 400640 <_init+0x18>
00000000004006c0 <__gxx_personality_v0@plt>:
4006c0: ff 25 2a 07 20 00 jmpq *2098986(%rip) # 600df0 <_GLOBAL_OFFSET_TABLE_+0x50>
4006c6: 68 07 00 00 00 pushq $0x7
4006cb: e9 70 ff ff ff jmpq 400640 <_init+0x18>
Disassembly of section .text:
00000000004006d0 <_start>:
4006d0: 31 ed xor %ebp,%ebp
4006d2: 49 89 d1 mov %rdx,%r9
4006d5: 5e pop %rsi
4006d6: 48 89 e2 mov %rsp,%rdx
4006d9: 48 83 e4 f0 and $0xfffffffffffffff0,%rsp
4006dd: 50 push %rax
4006de: 54 push %rsp
4006df: 49 c7 c0 20 09 40 00 mov $0x400920,%r8
4006e6: 48 c7 c1 30 09 40 00 mov $0x400930,%rcx
4006ed: 48 c7 c7 70 08 40 00 mov $0x400870,%rdi
4006f4: e8 77 ff ff ff callq 400670 <__libc_start_main@plt>
4006f9: f4 hlt
4006fa: 90 nop
4006fb: 90 nop
00000000004006fc <call_gmon_start>:
4006fc: 48 83 ec 08 sub $0x8,%rsp
400700: 48 8b 05 91 06 20 00 mov 2098833(%rip),%rax # 600d98 <_DYNAMIC+0x1c0>
400707: 48 85 c0 test %rax,%rax
40070a: 74 02 je 40070e <call_gmon_start+0x12>
40070c: ff d0 callq *%rax
40070e: 48 83 c4 08 add $0x8,%rsp
400712: c3 retq
400713: 90 nop
400714: 90 nop
400715: 90 nop
400716: 90 nop
400717: 90 nop
400718: 90 nop
400719: 90 nop
40071a: 90 nop
40071b: 90 nop
40071c: 90 nop
40071d: 90 nop
40071e: 90 nop
40071f: 90 nop
0000000000400720 <__do_global_dtors_aux>:
400720: 55 push %rbp
400721: 48 89 e5 mov %rsp,%rbp
400724: 53 push %rbx
400725: 48 83 ec 08 sub $0x8,%rsp
400729: 80 3d e8 07 20 00 00 cmpb $0x0,2099176(%rip) # 600f18 <completed.6145>
400730: 75 44 jne 400776 <__do_global_dtors_aux+0x56>
400732: b8 c8 0b 60 00 mov $0x600bc8,%eax
400737: 48 2d c0 0b 60 00 sub $0x600bc0,%rax
40073d: 48 c1 f8 03 sar $0x3,%rax
400741: 48 8d 58 ff lea 0xffffffffffffffff(%rax),%rbx
400745: 48 8b 05 c4 07 20 00 mov 2099140(%rip),%rax # 600f10 <dtor_idx.6147>
40074c: 48 39 c3 cmp %rax,%rbx
40074f: 76 1e jbe 40076f <__do_global_dtors_aux+0x4f>
400751: 48 83 c0 01 add $0x1,%rax
400755: 48 89 05 b4 07 20 00 mov %rax,2099124(%rip) # 600f10 <dtor_idx.6147>
40075c: ff 14 c5 c0 0b 60 00 callq *0x600bc0(,%rax,8)
400763: 48 8b 05 a6 07 20 00 mov 2099110(%rip),%rax # 600f10 <dtor_idx.6147>
40076a: 48 39 c3 cmp %rax,%rbx
40076d: 77 e2 ja 400751 <__do_global_dtors_aux+0x31>
40076f: c6 05 a2 07 20 00 01 movb $0x1,2099106(%rip) # 600f18 <completed.6145>
400776: 48 83 c4 08 add $0x8,%rsp
40077a: 5b pop %rbx
40077b: c9 leaveq
40077c: c3 retq
40077d: 0f 1f 00 nopl (%rax)
0000000000400780 <frame_dummy>:
400780: 55 push %rbp
400781: 48 83 3d 47 04 20 00 cmpq $0x0,2098247(%rip) # 600bd0 <__JCR_END__>
400788: 00
400789: 48 89 e5 mov %rsp,%rbp
40078c: 74 16 je 4007a4 <frame_dummy+0x24>
40078e: b8 00 00 00 00 mov $0x0,%eax
400793: 48 85 c0 test %rax,%rax
400796: 74 0c je 4007a4 <frame_dummy+0x24>
400798: bf d0 0b 60 00 mov $0x600bd0,%edi
40079d: 49 89 c3 mov %rax,%r11
4007a0: c9 leaveq
4007a1: 41 ff e3 jmpq *%r11
4007a4: c9 leaveq
4007a5: c3 retq
4007a6: 90 nop
4007a7: 90 nop
00000000004007a8 <_Z15changeAAABBBCCC9AAABBBCCC>:
4007a8: 55 push %rbp
4007a9: 48 89 e5 mov %rsp,%rbp
4007ac: c7 45 10 0a 00 00 00 movl $0xa,0x10(%rbp)
4007b3: c7 45 14 14 00 00 00 movl $0x14,0x14(%rbp)
4007ba: 48 b8 00 00 00 00 00 mov $0x4000000000000000,%rax
4007c1: 00 00 40
4007c4: 48 89 45 18 mov %rax,0x18(%rbp)
4007c8: 48 8b 45 10 mov 0x10(%rbp),%rax
4007cc: 48 89 07 mov %rax,(%rdi)
4007cf: 48 8b 45 18 mov 0x18(%rbp),%rax
4007d3: 48 89 47 08 mov %rax,0x8(%rdi)
4007d7: 48 8b 45 20 mov 0x20(%rbp),%rax
4007db: 48 89 47 10 mov %rax,0x10(%rdi)
4007df: 48 8b 45 28 mov 0x28(%rbp),%rax
4007e3: 48 89 47 18 mov %rax,0x18(%rdi)
4007e7: 48 8b 45 30 mov 0x30(%rbp),%rax
4007eb: 48 89 47 20 mov %rax,0x20(%rdi)
4007ef: 48 8b 45 38 mov 0x38(%rbp),%rax
4007f3: 48 89 47 28 mov %rax,0x28(%rdi)
4007f7: 48 8b 45 40 mov 0x40(%rbp),%rax
4007fb: 48 89 47 30 mov %rax,0x30(%rdi)
4007ff: 48 89 f8 mov %rdi,%rax
400802: c9 leaveq
400803: c3 retq
0000000000400804 <_Z41__static_initialization_and_destruction_0ii>:
400804: 55 push %rbp
400805: 48 89 e5 mov %rsp,%rbp
400808: 48 83 ec 10 sub $0x10,%rsp
40080c: 89 7d fc mov %edi,0xfffffffffffffffc(%rbp)
40080f: 89 75 f8 mov %esi,0xfffffffffffffff8(%rbp)
400812: 83 7d fc 01 cmpl $0x1,0xfffffffffffffffc(%rbp)
400816: 75 27 jne 40083f <_Z41__static_initialization_and_destruction_0ii+0x3b>
400818: 81 7d f8 ff ff 00 00 cmpl $0xffff,0xfffffffffffffff8(%rbp)
40081f: 75 1e jne 40083f <_Z41__static_initialization_and_destruction_0ii+0x3b>
400821: bf 1c 0f 60 00 mov $0x600f1c,%edi
400826: e8 35 fe ff ff callq 400660 <_ZNSt8ios_base4InitC1Ev@plt>
40082b: ba 10 0a 40 00 mov $0x400a10,%edx
400830: be 00 00 00 00 mov $0x0,%esi
400835: bf 58 08 40 00 mov $0x400858,%edi
40083a: e8 41 fe ff ff callq 400680 <__cxa_atexit@plt>
40083f: c9 leaveq
400840: c3 retq
400841: 90 nop
0000000000400842 <_GLOBAL__I__Z15changeAAABBBCCC9AAABBBCCC>:
400842: 55 push %rbp
400843: 48 89 e5 mov %rsp,%rbp
400846: be ff ff 00 00 mov $0xffff,%esi
40084b: bf 01 00 00 00 mov $0x1,%edi
400850: e8 af ff ff ff callq 400804 <_Z41__static_initialization_and_destruction_0ii>
400855: c9 leaveq
400856: c3 retq
400857: 90 nop
0000000000400858 <__tcf_0>:
400858: 55 push %rbp
400859: 48 89 e5 mov %rsp,%rbp
40085c: 48 83 ec 10 sub $0x10,%rsp
400860: 48 89 7d f8 mov %rdi,0xfffffffffffffff8(%rbp)
400864: bf 1c 0f 60 00 mov $0x600f1c,%edi
400869: e8 22 fe ff ff callq 400690 <_ZNSt8ios_base4InitD1Ev@plt>
40086e: c9 leaveq
40086f: c3 retq
0000000000400870 <main>:
400870: 55 push %rbp
400871: 48 89 e5 mov %rsp,%rbp
400874: 48 81 ec c0 00 00 00 sub $0xc0,%rsp
40087b: 48 8d 7d c0 lea 0xffffffffffffffc0(%rbp),%rdi
40087f: e8 66 00 00 00 callq 4008ea <_ZN9AAABBBCCCC1Ev>
400884: 48 8d 7d 80 lea 0xffffffffffffff80(%rbp),%rdi
400888: 48 8b 45 c0 mov 0xffffffffffffffc0(%rbp),%rax
40088c: 48 89 04 24 mov %rax,(%rsp)
400890: 48 8b 45 c8 mov 0xffffffffffffffc8(%rbp),%rax
400894: 48 89 44 24 08 mov %rax,0x8(%rsp)
400899: 48 8b 45 d0 mov 0xffffffffffffffd0(%rbp),%rax
40089d: 48 89 44 24 10 mov %rax,0x10(%rsp)
4008a2: 48 8b 45 d8 mov 0xffffffffffffffd8(%rbp),%rax
4008a6: 48 89 44 24 18 mov %rax,0x18(%rsp)
4008ab: 48 8b 45 e0 mov 0xffffffffffffffe0(%rbp),%rax
4008af: 48 89 44 24 20 mov %rax,0x20(%rsp)
4008b4: 48 8b 45 e8 mov 0xffffffffffffffe8(%rbp),%rax
4008b8: 48 89 44 24 28 mov %rax,0x28(%rsp)
4008bd: 48 8b 45 f0 mov 0xfffffffffffffff0(%rbp),%rax
4008c1: 48 89 44 24 30 mov %rax,0x30(%rsp)
4008c6: e8 dd fe ff ff callq 4007a8 <_Z15changeAAABBBCCC9AAABBBCCC>
4008cb: 8b 75 84 mov 0xffffffffffffff84(%rbp),%esi
4008ce: bf 00 0e 60 00 mov $0x600e00,%edi
4008d3: e8 78 fd ff ff callq 400650 <_ZNSolsEi@plt>
4008d8: 48 89 c7 mov %rax,%rdi
4008db: be b0 06 40 00 mov $0x4006b0,%esi
4008e0: e8 bb fd ff ff callq 4006a0 <_ZNSolsEPFRSoS_E@plt>
4008e5: 8b 45 80 mov 0xffffffffffffff80(%rbp),%eax
4008e8: c9 leaveq
4008e9: c3 retq
00000000004008ea <_ZN9AAABBBCCCC1Ev>:
4008ea: 55 push %rbp
4008eb: 48 89 e5 mov %rsp,%rbp
4008ee: 48 89 7d f8 mov %rdi,0xfffffffffffffff8(%rbp)
4008f2: 48 8b 45 f8 mov 0xfffffffffffffff8(%rbp),%rax
4008f6: c7 00 00 00 00 00 movl $0x0,(%rax)
4008fc: 48 8b 45 f8 mov 0xfffffffffffffff8(%rbp),%rax
400900: c7 40 04 01 00 00 00 movl $0x1,0x4(%rax)
400907: 48 8b 55 f8 mov 0xfffffffffffffff8(%rbp),%rdx
40090b: 48 b8 00 00 00 00 00 mov $0x3ff0000000000000,%rax
400912: 00 f0 3f
400915: 48 89 42 08 mov %rax,0x8(%rdx)
400919: c9 leaveq
40091a: c3 retq
40091b: 90 nop
40091c: 90 nop
40091d: 90 nop
40091e: 90 nop
40091f: 90 nop
0000000000400920 <__libc_csu_fini>:
400920: f3 c3 repz retq
400922: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
400929: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
0000000000400930 <__libc_csu_init>:
400930: 4c 89 64 24 e0 mov %r12,0xffffffffffffffe0(%rsp)
400935: 4c 89 6c 24 e8 mov %r13,0xffffffffffffffe8(%rsp)
40093a: 4c 8d 25 63 02 20 00 lea 2097763(%rip),%r12 # 600ba4 <__fini_array_end>
400941: 4c 89 74 24 f0 mov %r14,0xfffffffffffffff0(%rsp)
400946: 4c 89 7c 24 f8 mov %r15,0xfffffffffffffff8(%rsp)
40094b: 49 89 f6 mov %rsi,%r14
40094e: 48 89 5c 24 d0 mov %rbx,0xffffffffffffffd0(%rsp)
400953: 48 89 6c 24 d8 mov %rbp,0xffffffffffffffd8(%rsp)
400958: 48 83 ec 38 sub $0x38,%rsp
40095c: 41 89 ff mov %edi,%r15d
40095f: 49 89 d5 mov %rdx,%r13
400962: e8 c1 fc ff ff callq 400628 <_init>
400967: 48 8d 05 36 02 20 00 lea 2097718(%rip),%rax # 600ba4 <__fini_array_end>
40096e: 49 29 c4 sub %rax,%r12
400971: 49 c1 fc 03 sar $0x3,%r12
400975: 4d 85 e4 test %r12,%r12
400978: 74 1e je 400998 <__libc_csu_init+0x68>
40097a: 31 ed xor %ebp,%ebp
40097c: 48 89 c3 mov %rax,%rbx
40097f: 90 nop
400980: 48 83 c5 01 add $0x1,%rbp
400984: 4c 89 ea mov %r13,%rdx
400987: 4c 89 f6 mov %r14,%rsi
40098a: 44 89 ff mov %r15d,%edi
40098d: ff 13 callq *(%rbx)
40098f: 48 83 c3 08 add $0x8,%rbx
400993: 49 39 ec cmp %rbp,%r12
400996: 75 e8 jne 400980 <__libc_csu_init+0x50>
400998: 48 8b 5c 24 08 mov 0x8(%rsp),%rbx
40099d: 48 8b 6c 24 10 mov 0x10(%rsp),%rbp
4009a2: 4c 8b 64 24 18 mov 0x18(%rsp),%r12
4009a7: 4c 8b 6c 24 20 mov 0x20(%rsp),%r13
4009ac: 4c 8b 74 24 28 mov 0x28(%rsp),%r14
4009b1: 4c 8b 7c 24 30 mov 0x30(%rsp),%r15
4009b6: 48 83 c4 38 add $0x38,%rsp
4009ba: c3 retq
4009bb: 90 nop
4009bc: 90 nop
4009bd: 90 nop
4009be: 90 nop
4009bf: 90 nop
00000000004009c0 <__do_global_ctors_aux>:
4009c0: 55 push %rbp
4009c1: 48 89 e5 mov %rsp,%rbp
4009c4: 53 push %rbx
4009c5: bb b0 0b 60 00 mov $0x600bb0,%ebx
4009ca: 48 83 ec 08 sub $0x8,%rsp
4009ce: 48 8b 05 db 01 20 00 mov 2097627(%rip),%rax # 600bb0 <__CTOR_LIST__+0x8>
4009d5: 48 83 f8 ff cmp $0xffffffffffffffff,%rax
4009d9: 74 14 je 4009ef <__do_global_ctors_aux+0x2f>
4009db: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
4009e0: 48 83 eb 08 sub $0x8,%rbx
4009e4: ff d0 callq *%rax
4009e6: 48 8b 03 mov (%rbx),%rax
4009e9: 48 83 f8 ff cmp $0xffffffffffffffff,%rax
4009ed: 75 f1 jne 4009e0 <__do_global_ctors_aux+0x20>
4009ef: 48 83 c4 08 add $0x8,%rsp
4009f3: 5b pop %rbx
4009f4: c9 leaveq
4009f5: c3 retq
4009f6: 90 nop
4009f7: 90 nop
Disassembly of section .fini:
00000000004009f8 <_fini>:
4009f8: 48 83 ec 08 sub $0x8,%rsp
4009fc: e8 1f fd ff ff callq 400720 <__do_global_dtors_aux>
400a01: 48 83 c4 08 add $0x8,%rsp
400a05: c3 retq
4. gdb myEx
start
(gdb) disas /m
Dump of assembler code for function main():
23 int main ()
0x0000000000400870 <+0>: push %rbp
0x0000000000400871 <+1>: mov %rsp,%rbp
0x0000000000400874 <+4>: sub $0xc0,%rsp
24 {
25 AAABBBCCC m;
=> 0x000000000040087b <+11>: lea -0x40(%rbp),%rdi
0x000000000040087f <+15>: callq 0x4008ea <AAABBBCCC::AAABBBCCC()>
26 AAABBBCCC n = changeAAABBBCCC(m);
0x0000000000400884 <+20>: lea -0x80(%rbp),%rdi
0x0000000000400888 <+24>: mov -0x40(%rbp),%rax
0x000000000040088c <+28>: mov %rax,(%rsp)
0x0000000000400890 <+32>: mov -0x38(%rbp),%rax
0x0000000000400894 <+36>: mov %rax,0x8(%rsp)
0x0000000000400899 <+41>: mov -0x30(%rbp),%rax
0x000000000040089d <+45>: mov %rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov -0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov %rax,0x18(%rsp)
0x00000000004008ab <+59>: mov -0x20(%rbp),%rax
0x00000000004008af <+63>: mov %rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov -0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov %rax,0x28(%rsp)
0x00000000004008bd <+77>: mov -0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov %rax,0x30(%rsp)
0x00000000004008c6 <+86>: callq 0x4007a8 <changeAAABBBCCC(AAABBBCCC)>
27 cout<<n.b<<endl;
0x00000000004008cb <+91>: mov -0x7c(%rbp),%esi
0x00000000004008ce <+94>: mov $0x600e00,%edi
0x00000000004008d3 <+99>: callq 0x400650 <_ZNSolsEi@plt>
0x00000000004008d8 <+104>: mov %rax,%rdi
0x00000000004008db <+107>: mov $0x4006b0,%esi
0x00000000004008e0 <+112>: callq 0x4006a0 <_ZNSolsEPFRSoS_E@plt>
28 return n.a;
0x00000000004008e5 <+117>: mov -0x80(%rbp),%eax
29 }
0x00000000004008e8 <+120>: leaveq
0x00000000004008e9 <+121>: retq
End of assembler dump.
5. (gdb) i reg
rax 0x3651153a60 233288579680
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe618 140737488348696
rsi 0x7fffffffe608 140737488348680
rdi 0x1 1
rbp 0x7fffffffe520 0x7fffffffe520
rsp 0x7fffffffe460 0x7fffffffe460
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x40087b 0x40087b <main()+11>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
此时箭头指向的是c++代码的第25行,在进入main函数后,执行了三句汇编,也就是第23到24行之间的这三句,
0x0000000000400870 <+0>: push %rbp
0x0000000000400871 <+1>: mov %rsp,%rbp
0x0000000000400874 <+4>: sub $0xc0,%rsp
这三句首先将%rbp寄存器里的值压入栈内,然后把栈指针%rsp所指的地址保存到%rbp寄存器中,最后把堆栈指针往下移
0xC0个字节(请记住,堆栈是由高地址往低地址生长的),这时候从上面的i reg 可以看出,
rbp 0x7fffffffe520
rsp 0x7fffffffe460 (和rbp之间的距离正好是0xC0)
为什么会要留下这段0xC0的空间呢?这12*16字节的内容主要是main函数的栈帧。
接下来执行x,查看从rsp的位置开始往上走的30个8字节地址的内容,如下所示。
(gdb) x /30xg 0x7fffffffe460
0x7fffffffe460: 0x0000000000400858 0x0000003650e33581
0x7fffffffe470: 0x0000000000600ba8 0x00007fffffffe4a0
0x7fffffffe480: 0x0000000000600ba4 0x000000000040083f
0x7fffffffe490: 0x0000000000000000 0x000000010000ffff
0x7fffffffe4a0: 0x00007fffffffe4b0 0x0000000000400855
0x7fffffffe4b0: 0x00007fffffffe4d0 0x00000000004009e6
0x7fffffffe4c0: 0x0000003650e08150 0x0000003650c1bbc0
0x7fffffffe4d0: 0x0000000000400930 0x000000000040063b
0x7fffffffe4e0: 0x00000036548ef100 0x0000000000400967
0x7fffffffe4f0: 0x00000036548e6100 0x0000003650c1bbc0
0x7fffffffe500: 0x0000000000400930 0x0000000000000000
0x7fffffffe510: 0x00007fffffffe600 0x0000000000000000
0x7fffffffe520: 0x0000000000000000 0x0000003650e1d994
0x7fffffffe530: 0x00000000004006d0 0x00007fffffffe608
0x7fffffffe540: 0x0000000100000000 0x0000000000400870
6. 执行si
(gdb) si
0x000000000040087f 25 AAABBBCCC m;
(gdb) disas /m
Dump of assembler code for function main():
23 int main ()
0x0000000000400870 <+0>: push %rbp
0x0000000000400871 <+1>: mov %rsp,%rbp
0x0000000000400874 <+4>: sub $0xc0,%rsp
24 {
25 AAABBBCCC m;
0x000000000040087b <+11>: lea -0x40(%rbp),%rdi
=> 0x000000000040087f <+15>: callq 0x4008ea <AAABBBCCC::AAABBBCCC()>
26 AAABBBCCC n = changeAAABBBCCC(m);
0x0000000000400884 <+20>: lea -0x80(%rbp),%rdi
0x0000000000400888 <+24>: mov -0x40(%rbp),%rax
0x000000000040088c <+28>: mov %rax,(%rsp)
0x0000000000400890 <+32>: mov -0x38(%rbp),%rax
0x0000000000400894 <+36>: mov %rax,0x8(%rsp)
0x0000000000400899 <+41>: mov -0x30(%rbp),%rax
0x000000000040089d <+45>: mov %rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov -0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov %rax,0x18(%rsp)
0x00000000004008ab <+59>: mov -0x20(%rbp),%rax
0x00000000004008af <+63>: mov %rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov -0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov %rax,0x28(%rsp)
0x00000000004008bd <+77>: mov -0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov %rax,0x30(%rsp)
0x00000000004008c6 <+86>: callq 0x4007a8 <changeAAABBBCCC(AAABBBCCC)>
27 cout<<n.b<<endl;
0x00000000004008cb <+91>: mov -0x7c(%rbp),%esi
0x00000000004008ce <+94>: mov $0x600e00,%edi
0x00000000004008d3 <+99>: callq 0x400650 <_ZNSolsEi@plt>
0x00000000004008d8 <+104>: mov %rax,%rdi
0x00000000004008db <+107>: mov $0x4006b0,%esi
0x00000000004008e0 <+112>: callq 0x4006a0 <_ZNSolsEPFRSoS_E@plt>
28 return n.a;
0x00000000004008e5 <+117>: mov -0x80(%rbp),%eax
29 }
0x00000000004008e8 <+120>: leaveq
0x00000000004008e9 <+121>: retq
---Type <return> to continue, or q <return> to quit---
End of assembler dump.
(gdb) i reg
rax 0x3651153a60 233288579680
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe618 140737488348696
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4e0 140737488348384
rbp 0x7fffffffe520 0x7fffffffe520
rsp 0x7fffffffe460 0x7fffffffe460
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x40087f 0x40087f <main()+15>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
可以看到rdi的值被赋为 0x7fffffffe4e0,这是 lea -0x40(%rbp),%rdi执行的结果,将寄存器rbp所指的地址值向下移动0x40字节所得的地址赋给rdi寄存器。
这是为调用AAABBBCCC的构造函数做准备,构造函数真实的第一个参数其实是this指针,也就是这里%rdi的地址值,C++就是在栈上从这个地址开始了对一个AAABBBCCC对象,也就是m的构造,(不信的可以写一个带参数的构造函数,调用的时候,我们代码里的第一个参数,其实是传递给rsi或者esi寄存器的),
可以看出sizeof(AAABBBCCC) = 56,而栈上预留了64字节的空间,这可能是编译器为了方便内存管理而故意留了8字节的空洞,后面我们可以进一步验证这个猜想。
7. 继续si往下走-------------------------------------------------------------------------------------------------------------------------------------------------------------------
(gdb) si
AAABBBCCC::AAABBBCCC (this=0x3) at myEx.cpp:6
6 AAABBBCCC():a(0),b(1),c(1.0){}
(gdb) disas /m
Dump of assembler code for function AAABBBCCC::AAABBBCCC():
6 AAABBBCCC():a(0),b(1),c(1.0){}
=> 0x00000000004008ea <+0>: push %rbp
0x00000000004008eb <+1>: mov %rsp,%rbp
0x00000000004008ee <+4>: mov %rdi,-0x8(%rbp)
0x00000000004008f2 <+8>: mov -0x8(%rbp),%rax
0x00000000004008f6 <+12>: movl $0x0,(%rax)
0x00000000004008fc <+18>: mov -0x8(%rbp),%rax
0x0000000000400900 <+22>: movl $0x1,0x4(%rax)
0x0000000000400907 <+29>: mov -0x8(%rbp),%rdx
0x000000000040090b <+33>: movabs $0x3ff0000000000000,%rax
0x0000000000400915 <+43>: mov %rax,0x8(%rdx)
0x0000000000400919 <+47>: leaveq
0x000000000040091a <+48>: retq
End of assembler dump.
(gdb) i reg
rax 0x3651153a60 233288579680
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe618 140737488348696
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4e0 140737488348384
rbp 0x7fffffffe520 0x7fffffffe520
rsp 0x7fffffffe458 0x7fffffffe458
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x4008ea 0x4008ea <AAABBBCCC::AAABBBCCC()>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
(gdb) x /30xg 0x7fffffffe458
0x7fffffffe458: 0x0000000000400884 0x0000000000400858
0x7fffffffe468: 0x0000003650e33581 0x0000000000600ba8
0x7fffffffe478: 0x00007fffffffe4a0 0x0000000000600ba4
0x7fffffffe488: 0x000000000040083f 0x0000000000000000
0x7fffffffe498: 0x000000010000ffff 0x00007fffffffe4b0
0x7fffffffe4a8: 0x0000000000400855 0x00007fffffffe4d0
0x7fffffffe4b8: 0x00000000004009e6 0x0000003650e08150
0x7fffffffe4c8: 0x0000003650c1bbc0 0x0000000000400930
0x7fffffffe4d8: 0x000000000040063b 0x00000036548ef100
0x7fffffffe4e8: 0x0000000000400967 0x00000036548e6100
0x7fffffffe4f8: 0x0000003650c1bbc0 0x0000000000400930
0x7fffffffe508: 0x0000000000000000 0x00007fffffffe600
0x7fffffffe518: 0x0000000000000000 0x0000000000000000
0x7fffffffe528: 0x0000003650e1d994 0x00000000004006d0
0x7fffffffe538: 0x00007fffffffe608 0x0000000100000000
这时候已经正式进入到AAABBBCCC的构造函数里来了,发现rsp已经变为0x7fffffffe458了,没进入之前是0x7fffffffe460,究竟是什么占据了这8字节呢?
猜测可能是个地址,但是是什么地址呢?用x看一下,发现是0x0000000000400884,对照一下objdump的输出,发现是构造函数完成后的下一条指令的地址,
400884: 48 8d 7d 80 lea 0xffffffffffffff80(%rbp),%rdi
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
8. 继续si
(gdb) si
0x00000000004008eb 6 AAABBBCCC():a(0),b(1),c(1.0){}
(gdb) disas /m
Dump of assembler code for function AAABBBCCC::AAABBBCCC():
6 AAABBBCCC():a(0),b(1),c(1.0){}
0x00000000004008ea <+0>: push %rbp
=> 0x00000000004008eb <+1>: mov %rsp,%rbp
0x00000000004008ee <+4>: mov %rdi,-0x8(%rbp)
0x00000000004008f2 <+8>: mov -0x8(%rbp),%rax
0x00000000004008f6 <+12>: movl $0x0,(%rax)
0x00000000004008fc <+18>: mov -0x8(%rbp),%rax
0x0000000000400900 <+22>: movl $0x1,0x4(%rax)
0x0000000000400907 <+29>: mov -0x8(%rbp),%rdx
0x000000000040090b <+33>: movabs $0x3ff0000000000000,%rax
0x0000000000400915 <+43>: mov %rax,0x8(%rdx)
0x0000000000400919 <+47>: leaveq
0x000000000040091a <+48>: retq
End of assembler dump.
(gdb) i reg
rax 0x3651153a60 233288579680
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe618 140737488348696
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4e0 140737488348384
rbp 0x7fffffffe520 0x7fffffffe520
rsp 0x7fffffffe450 0x7fffffffe450
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x4008eb 0x4008eb <AAABBBCCC::AAABBBCCC()+1>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
rbp入栈了,rsp=0x7fffffffe450了
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
9. 继续si
(gdb) si
0x00000000004008ee 6 AAABBBCCC():a(0),b(1),c(1.0){}
(gdb) disas /m
Dump of assembler code for function AAABBBCCC::AAABBBCCC():
6 AAABBBCCC():a(0),b(1),c(1.0){}
0x00000000004008ea <+0>: push %rbp
0x00000000004008eb <+1>: mov %rsp,%rbp
=> 0x00000000004008ee <+4>: mov %rdi,-0x8(%rbp)
0x00000000004008f2 <+8>: mov -0x8(%rbp),%rax
0x00000000004008f6 <+12>: movl $0x0,(%rax)
0x00000000004008fc <+18>: mov -0x8(%rbp),%rax
0x0000000000400900 <+22>: movl $0x1,0x4(%rax)
0x0000000000400907 <+29>: mov -0x8(%rbp),%rdx
0x000000000040090b <+33>: movabs $0x3ff0000000000000,%rax
0x0000000000400915 <+43>: mov %rax,0x8(%rdx)
0x0000000000400919 <+47>: leaveq
0x000000000040091a <+48>: retq
End of assembler dump.
(gdb) i reg
rax 0x3651153a60 233288579680
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe618 140737488348696
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4e0 140737488348384
rbp 0x7fffffffe450 0x7fffffffe450
rsp 0x7fffffffe450 0x7fffffffe450
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x4008ee 0x4008ee <AAABBBCCC::AAABBBCCC()+4>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
rbp = rsp = 0x7fffffffe450
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
10. 继续si
(gdb) si
0x00000000004008ee 6 AAABBBCCC():a(0),b(1),c(1.0){}
(gdb) disas /m
Dump of assembler code for function AAABBBCCC::AAABBBCCC():
6 AAABBBCCC():a(0),b(1),c(1.0){}
0x00000000004008ea <+0>: push %rbp
0x00000000004008eb <+1>: mov %rsp,%rbp
=> 0x00000000004008ee <+4>: mov %rdi,-0x8(%rbp)
0x00000000004008f2 <+8>: mov -0x8(%rbp),%rax
0x00000000004008f6 <+12>: movl $0x0,(%rax)
0x00000000004008fc <+18>: mov -0x8(%rbp),%rax
0x0000000000400900 <+22>: movl $0x1,0x4(%rax)
0x0000000000400907 <+29>: mov -0x8(%rbp),%rdx
0x000000000040090b <+33>: movabs $0x3ff0000000000000,%rax
0x0000000000400915 <+43>: mov %rax,0x8(%rdx)
0x0000000000400919 <+47>: leaveq
0x000000000040091a <+48>: retq
End of assembler dump.
(gdb) i reg
rax 0x3651153a60 233288579680
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe618 140737488348696
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4e0 140737488348384
rbp 0x7fffffffe450 0x7fffffffe450
rsp 0x7fffffffe450 0x7fffffffe450
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x4008ee 0x4008ee <AAABBBCCC::AAABBBCCC()+4>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
(gdb) x /16xg 0x7fffffffe448
0x7fffffffe448: 0x00007fffffffe4e0 0x00007fffffffe520
0x7fffffffe458: 0x0000000000400884 0x0000000000400858
0x7fffffffe468: 0x0000003650e33581 0x0000000000600ba8
0x7fffffffe478: 0x00007fffffffe4a0 0x0000000000600ba4
0x7fffffffe488: 0x000000000040083f 0x0000000000000000
0x7fffffffe498: 0x000000010000ffff 0x00007fffffffe4b0
0x7fffffffe4a8: 0x0000000000400855 0x00007fffffffe4d0
0x7fffffffe4b8: 0x00000000004009e6 0x0000003650e08150
内存448的位置存放了rdi的内容,也就是4e0。
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
11. 继续si
(gdb) si
0x00000000004008f6 6 AAABBBCCC():a(0),b(1),c(1.0){}
(gdb) i reg
rax 0x7fffffffe4e0 140737488348384
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe618 140737488348696
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4e0 140737488348384
rbp 0x7fffffffe450 0x7fffffffe450
rsp 0x7fffffffe450 0x7fffffffe450
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x4008f6 0x4008f6 <AAABBBCCC::AAABBBCCC()+12>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
(gdb) disas /m
Dump of assembler code for function AAABBBCCC::AAABBBCCC():
6 AAABBBCCC():a(0),b(1),c(1.0){}
0x00000000004008ea <+0>: push %rbp
0x00000000004008eb <+1>: mov %rsp,%rbp
0x00000000004008ee <+4>: mov %rdi,-0x8(%rbp)
0x00000000004008f2 <+8>: mov -0x8(%rbp),%rax
=> 0x00000000004008f6 <+12>: movl $0x0,(%rax)
0x00000000004008fc <+18>: mov -0x8(%rbp),%rax
0x0000000000400900 <+22>: movl $0x1,0x4(%rax)
0x0000000000400907 <+29>: mov -0x8(%rbp),%rdx
0x000000000040090b <+33>: movabs $0x3ff0000000000000,%rax
0x0000000000400915 <+43>: mov %rax,0x8(%rdx)
0x0000000000400919 <+47>: leaveq
0x000000000040091a <+48>: retq
End of assembler dump.
执行完后,%rax的值是448内存中的地址值0x7fffffffe4e0,rax一般是用来做函数返回值的寄存器,这里我们调用的是构造函数,当然也算。
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
12. 继续si
继续si
(gdb) si
0x00000000004008fc 6 AAABBBCCC():a(0),b(1),c(1.0){}
(gdb) i reg
rax 0x7fffffffe4e0 140737488348384
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe618 140737488348696
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4e0 140737488348384
rbp 0x7fffffffe450 0x7fffffffe450
rsp 0x7fffffffe450 0x7fffffffe450
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x4008fc 0x4008fc <AAABBBCCC::AAABBBCCC()+18>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
(gdb) disas /m
Dump of assembler code for function AAABBBCCC::AAABBBCCC():
6 AAABBBCCC():a(0),b(1),c(1.0){}
0x00000000004008ea <+0>: push %rbp
0x00000000004008eb <+1>: mov %rsp,%rbp
0x00000000004008ee <+4>: mov %rdi,-0x8(%rbp)
0x00000000004008f2 <+8>: mov -0x8(%rbp),%rax
0x00000000004008f6 <+12>: movl $0x0,(%rax)
=> 0x00000000004008fc <+18>: mov -0x8(%rbp),%rax
0x0000000000400900 <+22>: movl $0x1,0x4(%rax)
0x0000000000400907 <+29>: mov -0x8(%rbp),%rdx
0x000000000040090b <+33>: movabs $0x3ff0000000000000,%rax
0x0000000000400915 <+43>: mov %rax,0x8(%rdx)
0x0000000000400919 <+47>: leaveq
0x000000000040091a <+48>: retq
End of assembler dump.
(gdb) x /4xg 0x7fffffffe4e0
0x7fffffffe4e0: 0x0000003600000000 0x0000000000400967
0x7fffffffe4f0: 0x00000036548e6100 0x0000003650c1bbc0
4e0位置的低4字节已经被置为0了,也就是说m.a已经被赋值,接着看看这条指令的上下文,发现是先给m.a赋值,接着给m.b赋值,m.b=1,接着是在地址4e8的位置赋值浮点数2.0,然后返回。
这里leaveq相当于:
movq %rbp, %rsp
popq %rbp
retq相当于:
popq %rip
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
13. 一直si,执行完构造函数,
(gdb) disas /m
Dump of assembler code for function main():
23 int main ()
0x0000000000400870 <+0>: push %rbp
0x0000000000400871 <+1>: mov %rsp,%rbp
0x0000000000400874 <+4>: sub $0xc0,%rsp
24 {
25 AAABBBCCC m;
0x000000000040087b <+11>: lea -0x40(%rbp),%rdi
0x000000000040087f <+15>: callq 0x4008ea <AAABBBCCC::AAABBBCCC()>
26 AAABBBCCC n = changeAAABBBCCC(m);
=> 0x0000000000400884 <+20>: lea -0x80(%rbp),%rdi
0x0000000000400888 <+24>: mov -0x40(%rbp),%rax
0x000000000040088c <+28>: mov %rax,(%rsp)
0x0000000000400890 <+32>: mov -0x38(%rbp),%rax
0x0000000000400894 <+36>: mov %rax,0x8(%rsp)
0x0000000000400899 <+41>: mov -0x30(%rbp),%rax
0x000000000040089d <+45>: mov %rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov -0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov %rax,0x18(%rsp)
0x00000000004008ab <+59>: mov -0x20(%rbp),%rax
0x00000000004008af <+63>: mov %rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov -0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov %rax,0x28(%rsp)
0x00000000004008bd <+77>: mov -0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov %rax,0x30(%rsp)
0x00000000004008c6 <+86>: callq 0x4007a8 <changeAAABBBCCC(AAABBBCCC)>
27 cout<<n.b<<endl;
0x00000000004008cb <+91>: mov -0x7c(%rbp),%esi
0x00000000004008ce <+94>: mov $0x600e00,%edi
0x00000000004008d3 <+99>: callq 0x400650 <_ZNSolsEi@plt>
0x00000000004008d8 <+104>: mov %rax,%rdi
0x00000000004008db <+107>: mov $0x4006b0,%esi
0x00000000004008e0 <+112>: callq 0x4006a0 <_ZNSolsEPFRSoS_E@plt>
28 return n.a;
0x00000000004008e5 <+117>: mov -0x80(%rbp),%eax
29 }
0x00000000004008e8 <+120>: leaveq
0x00000000004008e9 <+121>: retq
---Type <return> to continue, or q <return> to quit---
End of assembler dump.
(gdb) i reg
rax 0x3ff0000000000000 4607182418800017408
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe4e0 140737488348384
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4e0 140737488348384
rbp 0x7fffffffe520 0x7fffffffe520
rsp 0x7fffffffe460 0x7fffffffe460
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x400884 0x400884 <main()+20>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
Dump of assembler code for function main():
23 int main ()
0x0000000000400870 <+0>: push %rbp
0x0000000000400871 <+1>: mov %rsp,%rbp
0x0000000000400874 <+4>: sub $0xc0,%rsp
24 {
25 AAABBBCCC m;
0x000000000040087b <+11>: lea -0x40(%rbp),%rdi
0x000000000040087f <+15>: callq 0x4008ea <AAABBBCCC::AAABBBCCC()>
26 AAABBBCCC n = changeAAABBBCCC(m);
=> 0x0000000000400884 <+20>: lea -0x80(%rbp),%rdi
0x0000000000400888 <+24>: mov -0x40(%rbp),%rax
0x000000000040088c <+28>: mov %rax,(%rsp)
0x0000000000400890 <+32>: mov -0x38(%rbp),%rax
0x0000000000400894 <+36>: mov %rax,0x8(%rsp)
0x0000000000400899 <+41>: mov -0x30(%rbp),%rax
0x000000000040089d <+45>: mov %rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov -0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov %rax,0x18(%rsp)
0x00000000004008ab <+59>: mov -0x20(%rbp),%rax
0x00000000004008af <+63>: mov %rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov -0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov %rax,0x28(%rsp)
0x00000000004008bd <+77>: mov -0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov %rax,0x30(%rsp)
0x00000000004008c6 <+86>: callq 0x4007a8 <changeAAABBBCCC(AAABBBCCC)>
27 cout<<n.b<<endl;
0x00000000004008cb <+91>: mov -0x7c(%rbp),%esi
0x00000000004008ce <+94>: mov $0x600e00,%edi
0x00000000004008d3 <+99>: callq 0x400650 <_ZNSolsEi@plt>
0x00000000004008d8 <+104>: mov %rax,%rdi
0x00000000004008db <+107>: mov $0x4006b0,%esi
0x00000000004008e0 <+112>: callq 0x4006a0 <_ZNSolsEPFRSoS_E@plt>
28 return n.a;
0x00000000004008e5 <+117>: mov -0x80(%rbp),%eax
29 }
0x00000000004008e8 <+120>: leaveq
0x00000000004008e9 <+121>: retq
---Type <return> to continue, or q <return> to quit---
End of assembler dump.
(gdb) i reg
rax 0x3ff0000000000000 4607182418800017408
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe4e0 140737488348384
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4e0 140737488348384
rbp 0x7fffffffe520 0x7fffffffe520
rsp 0x7fffffffe460 0x7fffffffe460
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x400884 0x400884 <main()+20>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
(gdb) x /10xg 0x7fffffffe4e0
0x7fffffffe4e0: 0x0000000100000000 0x3ff0000000000000
0x7fffffffe4f0: 0x00000036548e6100 0x0000003650c1bbc0
0x7fffffffe500: 0x0000000000400930 0x0000000000000000
0x7fffffffe510: 0x00007fffffffe600 0x0000000000000000
0x7fffffffe520: 0x0000000000000000 0x0000003650e1d994
0x7fffffffe4e0: 0x0000000100000000 0x3ff0000000000000
0x7fffffffe4f0: 0x00000036548e6100 0x0000003650c1bbc0
0x7fffffffe500: 0x0000000000400930 0x0000000000000000
0x7fffffffe510: 0x00007fffffffe600 0x0000000000000000
0x7fffffffe520: 0x0000000000000000 0x0000003650e1d994
发现,栈的sp和bp值回归到了步骤6的模样,就像什么事情也没有发生过一样,期间,我们发现,m中的数组d并没有进行任何的赋值,里面的值是乱值,所以这也进一步确定了类里的成员变量的初始值是不确定的,这一点符合C++的语法,但是编译器其实是可以聪明一点的,取决于有没有必要,如果要的话,可能会额外调用一下memset。
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
14. 继续si,接下来对后续的执行情况进行step by step的分析
26 AAABBBCCC n = changeAAABBBCCC(m);
0x0000000000400884 <+20>: lea -0x80(%rbp),%rdi 将rbp地址值(0x7fffffffe520)-0x80,然后赋值给%rdi(存的是0x7fffffffe4a0)
0x0000000000400884 <+20>: lea -0x80(%rbp),%rdi 将rbp地址值(0x7fffffffe520)-0x80,然后赋值给%rdi(存的是0x7fffffffe4a0)
0x0000000000400888 <+24>: mov -0x40(%rbp),%rax 将地址值(0x7fffffffe4e0)处的内容赋值给%rax,%rax=0x100000000
0x000000000040088c <+28>: mov %rax,(%rsp) 将%rax里的值赋值给%rsp所指的地址(0x7fffffffe460), 这个地址现在里面存的是0x100000000
=> 0x0000000000400890 <+32>: mov -0x38(%rbp),%rax 将地址值(0x7fffffffe4e8)处的内容赋值给%rax,%rax=0x3ff0000000000000 (浮点数2.0)
0x0000000000400894 <+36>: mov %rax,0x8(%rsp) 将%rax里的值赋值给%rsp所指的地址(0x7fffffffe468), 这个地址现在里面存的是0x3ff0000000000000
0x0000000000400899 <+41>: mov -0x30(%rbp),%rax 接下来的这10个语句是把5*8个字节,也就是数组m.d,的拷贝,由于没有初始化,所以还是乱值。
0x000000000040089d <+45>: mov %rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov -0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov %rax,0x18(%rsp)
0x00000000004008ab <+59>: mov -0x20(%rbp),%rax
0x00000000004008af <+63>: mov %rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov -0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov %rax,0x28(%rsp)
0x00000000004008bd <+77>: mov -0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov %rax,0x30(%rsp)
0x00000000004008c6 <+86>: callq 0x4007a8 <changeAAABBBCCC(AAABBBCCC)> 调用changeAAABBBCCC函数,
0x000000000040088c <+28>: mov %rax,(%rsp) 将%rax里的值赋值给%rsp所指的地址(0x7fffffffe460), 这个地址现在里面存的是0x100000000
=> 0x0000000000400890 <+32>: mov -0x38(%rbp),%rax 将地址值(0x7fffffffe4e8)处的内容赋值给%rax,%rax=0x3ff0000000000000 (浮点数2.0)
0x0000000000400894 <+36>: mov %rax,0x8(%rsp) 将%rax里的值赋值给%rsp所指的地址(0x7fffffffe468), 这个地址现在里面存的是0x3ff0000000000000
0x0000000000400899 <+41>: mov -0x30(%rbp),%rax 接下来的这10个语句是把5*8个字节,也就是数组m.d,的拷贝,由于没有初始化,所以还是乱值。
0x000000000040089d <+45>: mov %rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov -0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov %rax,0x18(%rsp)
0x00000000004008ab <+59>: mov -0x20(%rbp),%rax
0x00000000004008af <+63>: mov %rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov -0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov %rax,0x28(%rsp)
0x00000000004008bd <+77>: mov -0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov %rax,0x30(%rsp)
0x00000000004008c6 <+86>: callq 0x4007a8 <changeAAABBBCCC(AAABBBCCC)> 调用changeAAABBBCCC函数,
到达这一步,内存分布如下所示:
15. 继续si,调用changeAAABBBCCC之前的现场如下:
(gdb) i reg
rax 0x7fffffffe600 140737488348672
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe4e0 140737488348384
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4a0 140737488348320
rbp 0x7fffffffe520 0x7fffffffe520
rsp 0x7fffffffe460 0x7fffffffe460
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x4008c6 0x4008c6 <main()+86>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
(gdb) disas /m
Dump of assembler code for function main():
23 int main ()
0x0000000000400870 <+0>: push %rbp
0x0000000000400871 <+1>: mov %rsp,%rbp
0x0000000000400874 <+4>: sub $0xc0,%rsp
24 {
25 AAABBBCCC m;
0x000000000040087b <+11>: lea -0x40(%rbp),%rdi
0x000000000040087f <+15>: callq 0x4008ea <AAABBBCCC::AAABBBCCC()>
26 AAABBBCCC n = changeAAABBBCCC(m);
0x0000000000400884 <+20>: lea -0x80(%rbp),%rdi
0x0000000000400888 <+24>: mov -0x40(%rbp),%rax
0x000000000040088c <+28>: mov %rax,(%rsp)
0x0000000000400890 <+32>: mov -0x38(%rbp),%rax
0x0000000000400894 <+36>: mov %rax,0x8(%rsp)
0x0000000000400899 <+41>: mov -0x30(%rbp),%rax
0x000000000040089d <+45>: mov %rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov -0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov %rax,0x18(%rsp)
0x00000000004008ab <+59>: mov -0x20(%rbp),%rax
0x00000000004008af <+63>: mov %rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov -0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov %rax,0x28(%rsp)
0x00000000004008bd <+77>: mov -0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov %rax,0x30(%rsp)
=> 0x00000000004008c6 <+86>: callq 0x4007a8 <changeAAABBBCCC(AAABBBCCC)>
27 cout<<n.b<<endl;
0x00000000004008cb <+91>: mov -0x7c(%rbp),%esi
0x00000000004008ce <+94>: mov $0x600e00,%edi
0x00000000004008d3 <+99>: callq 0x400650 <_ZNSolsEi@plt>
0x00000000004008d8 <+104>: mov %rax,%rdi
0x00000000004008db <+107>: mov $0x4006b0,%esi
0x00000000004008e0 <+112>: callq 0x4006a0 <_ZNSolsEPFRSoS_E@plt>
28 return n.a;
0x00000000004008e5 <+117>: mov -0x80(%rbp),%eax
29 }
0x00000000004008e8 <+120>: leaveq
0x00000000004008e9 <+121>: retq
End of assembler dump.
rax 0x7fffffffe600 140737488348672
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe4e0 140737488348384
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4a0 140737488348320
rbp 0x7fffffffe520 0x7fffffffe520
rsp 0x7fffffffe460 0x7fffffffe460
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x4008c6 0x4008c6 <main()+86>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
(gdb) disas /m
Dump of assembler code for function main():
23 int main ()
0x0000000000400870 <+0>: push %rbp
0x0000000000400871 <+1>: mov %rsp,%rbp
0x0000000000400874 <+4>: sub $0xc0,%rsp
24 {
25 AAABBBCCC m;
0x000000000040087b <+11>: lea -0x40(%rbp),%rdi
0x000000000040087f <+15>: callq 0x4008ea <AAABBBCCC::AAABBBCCC()>
26 AAABBBCCC n = changeAAABBBCCC(m);
0x0000000000400884 <+20>: lea -0x80(%rbp),%rdi
0x0000000000400888 <+24>: mov -0x40(%rbp),%rax
0x000000000040088c <+28>: mov %rax,(%rsp)
0x0000000000400890 <+32>: mov -0x38(%rbp),%rax
0x0000000000400894 <+36>: mov %rax,0x8(%rsp)
0x0000000000400899 <+41>: mov -0x30(%rbp),%rax
0x000000000040089d <+45>: mov %rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov -0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov %rax,0x18(%rsp)
0x00000000004008ab <+59>: mov -0x20(%rbp),%rax
0x00000000004008af <+63>: mov %rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov -0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov %rax,0x28(%rsp)
0x00000000004008bd <+77>: mov -0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov %rax,0x30(%rsp)
=> 0x00000000004008c6 <+86>: callq 0x4007a8 <changeAAABBBCCC(AAABBBCCC)>
27 cout<<n.b<<endl;
0x00000000004008cb <+91>: mov -0x7c(%rbp),%esi
0x00000000004008ce <+94>: mov $0x600e00,%edi
0x00000000004008d3 <+99>: callq 0x400650 <_ZNSolsEi@plt>
0x00000000004008d8 <+104>: mov %rax,%rdi
0x00000000004008db <+107>: mov $0x4006b0,%esi
0x00000000004008e0 <+112>: callq 0x4006a0 <_ZNSolsEPFRSoS_E@plt>
28 return n.a;
0x00000000004008e5 <+117>: mov -0x80(%rbp),%eax
29 }
0x00000000004008e8 <+120>: leaveq
0x00000000004008e9 <+121>: retq
End of assembler dump.
16. 继续 si,进入函数
changeAAABBBCCC (m=...) at myEx.cpp:1414 AAABBBCCC changeAAABBBCCC(AAABBBCCC m)
(gdb) disas /m
Dump of assembler code for function changeAAABBBCCC(AAABBBCCC):
14 AAABBBCCC changeA
AABBBCCC(AAABBBCCC m)
=> 0x00000000004007a8 <+0>: push %rbp 在这之前会先将函数返回后的下一条指令进行入栈操作,然后再保护rbp,rsp
0x00000000004007a9 <+1>: mov %rsp,%rbp
15 {
16 m.a = 10;
0x00000000004007ac <+4>: movl $0xa,0x10(%rbp) 这是将10赋值给地址0x7fffffffe460,此时%rbp + 0x10,由于这个函数使用的是传值调用,
=> 0x00000000004007a8 <+0>: push %rbp 在这之前会先将函数返回后的下一条指令进行入栈操作,然后再保护rbp,rsp
0x00000000004007a9 <+1>: mov %rsp,%rbp
15 {
16 m.a = 10;
0x00000000004007ac <+4>: movl $0xa,0x10(%rbp) 这是将10赋值给地址0x7fffffffe460,此时%rbp + 0x10,由于这个函数使用的是传值调用,
前面在函数调用的时候,没有像常规那样把第一个参数传递给%rdi,因为这是个结构体,大于8字节,所以用堆栈来实现参数的传递,对于传引用的话,以后有机会再给个小例子。
17 m.b = 20;
0x00000000004007b3 <+11>: movl $0x14,0x14(%rbp)
18 m.c = 2.0;
0x00000000004007ba <+18>: movabs $0x4000000000000000,%rax
0x00000000004007c4 <+28>: mov %rax,0x18(%rbp)
19 return m;
0x00000000004007c8 <+32>: mov 0x10(%rbp),%rax
0x00000000004007cc <+36>: mov %rax,(%rdi)
0x00000000004007cf <+39>: mov 0x18(%rbp),%rax
0x00000000004007d3 <+43>: mov %rax,0x8(%rdi)
0x00000000004007d7 <+47>: mov 0x20(%rbp),%rax
0x00000000004007db <+51>: mov %rax,0x10(%rdi)
0x00000000004007df <+55>: mov 0x28(%rbp),%rax
0x00000000004007e3 <+59>: mov %rax,0x18(%rdi)
0x00000000004007e7 <+63>: mov 0x30(%rbp),%rax
0x00000000004007eb <+67>: mov %rax,0x20(%rdi)
0x00000000004007ef <+71>: mov 0x38(%rbp),%rax
0x00000000004007f3 <+75>: mov %rax,0x28(%rdi)
0x00000000004007f7 <+79>: mov 0x40(%rbp),%rax
0x00000000004007fb <+83>: mov %rax,0x30(%rdi)
20 };
0x00000000004007ff <+87>: mov %rdi,%rax
0x0000000000400802 <+90>: leaveq
0x0000000000400803 <+91>: retq
End of assembler dump.
(gdb) i reg
rax 0x7fffffffe600 140737488348672
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe4e0 140737488348384
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4a0 140737488348320
rbp 0x7fffffffe520 0x7fffffffe520
rsp 0x7fffffffe458 0x7fffffffe458
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x4007a8 0x4007a8 <changeAAABBBCCC(AAABBBCCC)>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
17 m.b = 20;
0x00000000004007b3 <+11>: movl $0x14,0x14(%rbp)
18 m.c = 2.0;
0x00000000004007ba <+18>: movabs $0x4000000000000000,%rax
0x00000000004007c4 <+28>: mov %rax,0x18(%rbp)
19 return m;
0x00000000004007c8 <+32>: mov 0x10(%rbp),%rax
0x00000000004007cc <+36>: mov %rax,(%rdi)
0x00000000004007cf <+39>: mov 0x18(%rbp),%rax
0x00000000004007d3 <+43>: mov %rax,0x8(%rdi)
0x00000000004007d7 <+47>: mov 0x20(%rbp),%rax
0x00000000004007db <+51>: mov %rax,0x10(%rdi)
0x00000000004007df <+55>: mov 0x28(%rbp),%rax
0x00000000004007e3 <+59>: mov %rax,0x18(%rdi)
0x00000000004007e7 <+63>: mov 0x30(%rbp),%rax
0x00000000004007eb <+67>: mov %rax,0x20(%rdi)
0x00000000004007ef <+71>: mov 0x38(%rbp),%rax
0x00000000004007f3 <+75>: mov %rax,0x28(%rdi)
0x00000000004007f7 <+79>: mov 0x40(%rbp),%rax
0x00000000004007fb <+83>: mov %rax,0x30(%rdi)
20 };
0x00000000004007ff <+87>: mov %rdi,%rax
0x0000000000400802 <+90>: leaveq
0x0000000000400803 <+91>: retq
End of assembler dump.
(gdb) i reg
rax 0x7fffffffe600 140737488348672
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe4e0 140737488348384
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4a0 140737488348320
rbp 0x7fffffffe520 0x7fffffffe520
rsp 0x7fffffffe458 0x7fffffffe458
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x4007a8 0x4007a8 <changeAAABBBCCC(AAABBBCCC)>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
17. 继续si
(gdb) disas /m
Dump of assembler code for function changeAAABBBCCC(AAABBBCCC):
14 AAABBBCCC changeAAABBBCCC(AAABBBCCC m)
0x00000000004007a8 <+0>: push %rbp
=> 0x00000000004007a9 <+1>: mov %rsp,%rbp 把0x7fffffffe450,赋值给rbp
15 {
16 m.a = 10;
0x00000000004007ac <+4>: movl $0xa,0x10(%rbp) 将10赋值给0x7fffffffe450 + 0x10的这4字节,其实就是把传递给函数的这个对象的a成员赋值了。
17 m.b = 20;
0x00000000004007b3 <+11>: movl $0x14,0x14(%rbp) 将20赋值给0x7fffffffe450 + 0x14的这4字节,其实就是把传递给函数的这个对象的b成员赋值了。
18 m.c = 2.0;
0x00000000004007ba <+18>: movabs $0x4000000000000000,%rax 将2.0赋值给%rax的这8字节,为什么要从%rax里绕一下呢?这是由于movabs能直接操作64位立即数,但是有一个问题是movabs只能以%rax为目的位置。
0x00000000004007c4 <+28>: mov %rax,0x18(%rbp) 将2.0赋值给0x7fffffffe450 + 0x18的这8字节,其实就是把传递给函数的这个对象的c成员赋值了。
Dump of assembler code for function changeAAABBBCCC(AAABBBCCC):
14 AAABBBCCC changeAAABBBCCC(AAABBBCCC m)
0x00000000004007a8 <+0>: push %rbp
=> 0x00000000004007a9 <+1>: mov %rsp,%rbp 把0x7fffffffe450,赋值给rbp
15 {
16 m.a = 10;
0x00000000004007ac <+4>: movl $0xa,0x10(%rbp) 将10赋值给0x7fffffffe450 + 0x10的这4字节,其实就是把传递给函数的这个对象的a成员赋值了。
17 m.b = 20;
0x00000000004007b3 <+11>: movl $0x14,0x14(%rbp) 将20赋值给0x7fffffffe450 + 0x14的这4字节,其实就是把传递给函数的这个对象的b成员赋值了。
18 m.c = 2.0;
0x00000000004007ba <+18>: movabs $0x4000000000000000,%rax 将2.0赋值给%rax的这8字节,为什么要从%rax里绕一下呢?这是由于movabs能直接操作64位立即数,但是有一个问题是movabs只能以%rax为目的位置。
0x00000000004007c4 <+28>: mov %rax,0x18(%rbp) 将2.0赋值给0x7fffffffe450 + 0x18的这8字节,其实就是把传递给函数的这个对象的c成员赋值了。
19 return m;
0x00000000004007c8 <+32>: mov 0x10(%rbp),%rax
0x00000000004007cc <+36>: mov %rax,(%rdi) 这两句就是把函数里的m.a以及m.b(这不是真正的m,而是传递给函数的m的拷贝)赋值给n.a和n.b
0x00000000004007cf <+39>: mov 0x18(%rbp),%rax
0x00000000004007d3 <+43>: mov %rax,0x8(%rdi) 把函数里的m.c赋值给n.c
0x00000000004007d7 <+47>: mov 0x20(%rbp),%rax 剩下的就是把数组m.d拷贝到n.d中。
0x00000000004007db <+51>: mov %rax,0x10(%rdi)
0x00000000004007df <+55>: mov 0x28(%rbp),%rax
0x00000000004007e3 <+59>: mov %rax,0x18(%rdi)
0x00000000004007e7 <+63>: mov 0x30(%rbp),%rax
0x00000000004007eb <+67>: mov %rax,0x20(%rdi)
0x00000000004007ef <+71>: mov 0x38(%rbp),%rax
0x00000000004007f3 <+75>: mov %rax,0x28(%rdi)
0x00000000004007f7 <+79>: mov 0x40(%rbp),%rax
0x00000000004007fb <+83>: mov %rax,0x30(%rdi)
20 };
0x00000000004007ff <+87>: mov %rdi,%rax
0x0000000000400802 <+90>: leaveq
0x0000000000400803 <+91>: retq
End of assembler dump.
(gdb) i reg
rax 0x7fffffffe600 140737488348672
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe4e0 140737488348384
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4a0 140737488348320
rbp 0x7fffffffe520 0x7fffffffe520
rsp 0x7fffffffe450 0x7fffffffe450
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x4007a9 0x4007a9 <changeAAABBBCCC(AAABBBCCC)+1>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
18. 继续si
(gdb) disas /m
Dump of assembler code for function main():
23 int main ()
0x0000000000400870 <+0>: push %rbp
0x0000000000400871 <+1>: mov %rsp,%rbp
0x0000000000400874 <+4>: sub $0xc0,%rsp
24 {
25 AAABBBCCC m;
0x000000000040087b <+11>: lea -0x40(%rbp),%rdi
0x000000000040087f <+15>: callq 0x4008ea <AAABBBCCC::AAABBBCCC()>
26 AAABBBCCC n = changeAAABBBCCC(m);
0x0000000000400884 <+20>: lea -0x80(%rbp),%rdi
0x0000000000400888 <+24>: mov -0x40(%rbp),%rax
0x000000000040088c <+28>: mov %rax,(%rsp)
0x0000000000400890 <+32>: mov -0x38(%rbp),%rax
0x0000000000400894 <+36>: mov %rax,0x8(%rsp)
0x0000000000400899 <+41>: mov -0x30(%rbp),%rax
0x000000000040089d <+45>: mov %rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov -0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov %rax,0x18(%rsp)
0x00000000004008ab <+59>: mov -0x20(%rbp),%rax
0x00000000004008af <+63>: mov %rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov -0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov %rax,0x28(%rsp)
0x00000000004008bd <+77>: mov -0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov %rax,0x30(%rsp)
0x00000000004008c6 <+86>: callq 0x4007a8 <changeAAABBBCCC(AAABBBCCC)>
27 cout<<n.b<<endl;
=> 0x00000000004008cb <+91>: mov -0x7c(%rbp),%esi 参数传递先传第二个,将0x7fffffffe4a4后的4字节也就是n.b赋值给%esi,这时候(gdb) p /x $rsi $7 = 0x14 结果就是20,高4字节清0了。
0x00000000004008ce <+94>: mov $0x600e00,%edi 准备第一个参数,cout ??
0x00000000004008d3 <+99>: callq 0x400650 <_ZNSolsEi@plt> "_ZNSolsEi" is "std::ostream::operator<<(int)" 通过步骤2中的nm 和nm -C可以对照找到这两个函数的名字
0x00000000004008d8 <+104>: mov %rax,%rdi
0x00000000004008db <+107>: mov $0x4006b0,%esi
0x00000000004008e0 <+112>: callq 0x4006a0 <_ZNSolsEPFRSoS_E@plt> 调用std::ostream::operator<<(std::ostream& (*)(std::ostream&))
28 return n.a;
0x00000000004008e5 <+117>: mov -0x80(%rbp),%eax 将0x7fffffffe4a0后的4字节也就是n.a赋值给%eax,这时候(gdb) p $rax $1 = 10
Dump of assembler code for function main():
23 int main ()
0x0000000000400870 <+0>: push %rbp
0x0000000000400871 <+1>: mov %rsp,%rbp
0x0000000000400874 <+4>: sub $0xc0,%rsp
24 {
25 AAABBBCCC m;
0x000000000040087b <+11>: lea -0x40(%rbp),%rdi
0x000000000040087f <+15>: callq 0x4008ea <AAABBBCCC::AAABBBCCC()>
26 AAABBBCCC n = changeAAABBBCCC(m);
0x0000000000400884 <+20>: lea -0x80(%rbp),%rdi
0x0000000000400888 <+24>: mov -0x40(%rbp),%rax
0x000000000040088c <+28>: mov %rax,(%rsp)
0x0000000000400890 <+32>: mov -0x38(%rbp),%rax
0x0000000000400894 <+36>: mov %rax,0x8(%rsp)
0x0000000000400899 <+41>: mov -0x30(%rbp),%rax
0x000000000040089d <+45>: mov %rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov -0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov %rax,0x18(%rsp)
0x00000000004008ab <+59>: mov -0x20(%rbp),%rax
0x00000000004008af <+63>: mov %rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov -0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov %rax,0x28(%rsp)
0x00000000004008bd <+77>: mov -0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov %rax,0x30(%rsp)
0x00000000004008c6 <+86>: callq 0x4007a8 <changeAAABBBCCC(AAABBBCCC)>
27 cout<<n.b<<endl;
=> 0x00000000004008cb <+91>: mov -0x7c(%rbp),%esi 参数传递先传第二个,将0x7fffffffe4a4后的4字节也就是n.b赋值给%esi,这时候(gdb) p /x $rsi $7 = 0x14 结果就是20,高4字节清0了。
0x00000000004008ce <+94>: mov $0x600e00,%edi 准备第一个参数,cout ??
0x00000000004008d3 <+99>: callq 0x400650 <_ZNSolsEi@plt> "_ZNSolsEi" is "std::ostream::operator<<(int)" 通过步骤2中的nm 和nm -C可以对照找到这两个函数的名字
0x00000000004008d8 <+104>: mov %rax,%rdi
0x00000000004008db <+107>: mov $0x4006b0,%esi
0x00000000004008e0 <+112>: callq 0x4006a0 <_ZNSolsEPFRSoS_E@plt> 调用std::ostream::operator<<(std::ostream& (*)(std::ostream&))
28 return n.a;
0x00000000004008e5 <+117>: mov -0x80(%rbp),%eax 将0x7fffffffe4a0后的4字节也就是n.a赋值给%eax,这时候(gdb) p $rax $1 = 10
29 }
0x00000000004008e8 <+120>: leaveq
0x00000000004008e9 <+121>: retq
---Type <return> to continue, or q <return> to quit---
End of assembler dump.
(gdb) i reg
rax 0x7fffffffe4a0 140737488348320
rbx 0x3650c1bbc0 233283107776
rcx 0x4 4
rdx 0x7fffffffe4e0 140737488348384
rsi 0x7fffffffe608 140737488348680
rdi 0x7fffffffe4a0 140737488348320
rbp 0x7fffffffe520 0x7fffffffe520
rsp 0x7fffffffe460 0x7fffffffe460
r8 0x3651152370 233288573808
r9 0x3650a0d620 233280951840
r10 0x0 0
r11 0x3650e33560 233285301600
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x4008cb 0x4008cb <main()+91>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
19. 退出main之前的现场
(gdb) disas /m
Dump of assembler code for function main():
23 int main ()
0x0000000000400870 <+0>: push %rbp
0x0000000000400871 <+1>: mov %rsp,%rbp
0x0000000000400874 <+4>: sub $0xc0,%rsp
24 {
25 AAABBBCCC m;
0x000000000040087b <+11>: lea -0x40(%rbp),%rdi
0x000000000040087f <+15>: callq 0x4008ea <AAABBBCCC::AAABBBCCC()>
26 AAABBBCCC n = changeAAABBBCCC(m);
0x0000000000400884 <+20>: lea -0x80(%rbp),%rdi
0x0000000000400888 <+24>: mov -0x40(%rbp),%rax
0x000000000040088c <+28>: mov %rax,(%rsp)
0x0000000000400890 <+32>: mov -0x38(%rbp),%rax
0x0000000000400894 <+36>: mov %rax,0x8(%rsp)
0x0000000000400899 <+41>: mov -0x30(%rbp),%rax
0x000000000040089d <+45>: mov %rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov -0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov %rax,0x18(%rsp)
0x00000000004008ab <+59>: mov -0x20(%rbp),%rax
0x00000000004008af <+63>: mov %rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov -0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov %rax,0x28(%rsp)
0x00000000004008bd <+77>: mov -0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov %rax,0x30(%rsp)
0x00000000004008c6 <+86>: callq 0x4007a8 <changeAAABBBCCC(AAABBBCCC)>
27 cout<<n.b<<endl;
0x00000000004008cb <+91>: mov -0x7c(%rbp),%esi
0x00000000004008ce <+94>: mov $0x600e00,%edi
0x00000000004008d3 <+99>: callq 0x400650 <_ZNSolsEi@plt>
0x00000000004008d8 <+104>: mov %rax,%rdi
0x00000000004008db <+107>: mov $0x4006b0,%esi
0x00000000004008e0 <+112>: callq 0x4006a0 <_ZNSolsEPFRSoS_E@plt>
28 return n.a;
0x00000000004008e5 <+117>: mov -0x80(%rbp),%eax
29 }
0x00000000004008e8 <+120>: leaveq
=> 0x00000000004008e9 <+121>: retq
---Type <return> to continue, or q <return> to quit---
End of assembler dump.
(gdb)
(gdb) i reg
rax 0xa 10
rbx 0x3650c1bbc0 233283107776
rcx 0x3650ec5f80 233285902208
rdx 0x3651152980 233288575360
rsi 0x0 0
rdi 0x3651151780 233288570752
rbp 0x0 0x0
rsp 0x7fffffffe528 0x7fffffffe528
r8 0x7ffff7de36f0 140737351923440
r9 0x7ffff7de36f0 140737351923440
r10 0x0 0
r11 0x3650e61180 233285489024
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x4008e9 0x4008e9 <main()+121>
eflags 0x202 [ IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
Dump of assembler code for function main():
23 int main ()
0x0000000000400870 <+0>: push %rbp
0x0000000000400871 <+1>: mov %rsp,%rbp
0x0000000000400874 <+4>: sub $0xc0,%rsp
24 {
25 AAABBBCCC m;
0x000000000040087b <+11>: lea -0x40(%rbp),%rdi
0x000000000040087f <+15>: callq 0x4008ea <AAABBBCCC::AAABBBCCC()>
26 AAABBBCCC n = changeAAABBBCCC(m);
0x0000000000400884 <+20>: lea -0x80(%rbp),%rdi
0x0000000000400888 <+24>: mov -0x40(%rbp),%rax
0x000000000040088c <+28>: mov %rax,(%rsp)
0x0000000000400890 <+32>: mov -0x38(%rbp),%rax
0x0000000000400894 <+36>: mov %rax,0x8(%rsp)
0x0000000000400899 <+41>: mov -0x30(%rbp),%rax
0x000000000040089d <+45>: mov %rax,0x10(%rsp)
0x00000000004008a2 <+50>: mov -0x28(%rbp),%rax
0x00000000004008a6 <+54>: mov %rax,0x18(%rsp)
0x00000000004008ab <+59>: mov -0x20(%rbp),%rax
0x00000000004008af <+63>: mov %rax,0x20(%rsp)
0x00000000004008b4 <+68>: mov -0x18(%rbp),%rax
0x00000000004008b8 <+72>: mov %rax,0x28(%rsp)
0x00000000004008bd <+77>: mov -0x10(%rbp),%rax
0x00000000004008c1 <+81>: mov %rax,0x30(%rsp)
0x00000000004008c6 <+86>: callq 0x4007a8 <changeAAABBBCCC(AAABBBCCC)>
27 cout<<n.b<<endl;
0x00000000004008cb <+91>: mov -0x7c(%rbp),%esi
0x00000000004008ce <+94>: mov $0x600e00,%edi
0x00000000004008d3 <+99>: callq 0x400650 <_ZNSolsEi@plt>
0x00000000004008d8 <+104>: mov %rax,%rdi
0x00000000004008db <+107>: mov $0x4006b0,%esi
0x00000000004008e0 <+112>: callq 0x4006a0 <_ZNSolsEPFRSoS_E@plt>
28 return n.a;
0x00000000004008e5 <+117>: mov -0x80(%rbp),%eax
29 }
0x00000000004008e8 <+120>: leaveq
=> 0x00000000004008e9 <+121>: retq
---Type <return> to continue, or q <return> to quit---
End of assembler dump.
(gdb)
(gdb) i reg
rax 0xa 10
rbx 0x3650c1bbc0 233283107776
rcx 0x3650ec5f80 233285902208
rdx 0x3651152980 233288575360
rsi 0x0 0
rdi 0x3651151780 233288570752
rbp 0x0 0x0
rsp 0x7fffffffe528 0x7fffffffe528
r8 0x7ffff7de36f0 140737351923440
r9 0x7ffff7de36f0 140737351923440
r10 0x0 0
r11 0x3650e61180 233285489024
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x4008e9 0x4008e9 <main()+121>
eflags 0x202 [ IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
20. 继续si,就是main函数返回后
(gdb) si
0x0000003650e1d994 in __libc_start_main () from /lib64/libc.so.6 这是调用main函数的那个函数名字,在objdump里,我们已经看到
(gdb) disas /m
Dump of assembler code for function __libc_start_main:
0x0000003650e1d8a0 <+0>: mov %rbp,-0x20(%rsp)
0x0000003650e1d8a5 <+5>: mov %rbx,-0x28(%rsp)
0x0000003650e1d8aa <+10>: mov %rcx,%rbp
0x0000003650e1d8ad <+13>: mov %r12,-0x18(%rsp)
0x0000003650e1d8b2 <+18>: mov %r13,-0x10(%rsp)
0x0000003650e1d8b7 <+23>: mov %r14,-0x8(%rsp)
0x0000003650e1d8bc <+28>: sub $0xb8,%rsp
0x0000003650e1d8c3 <+35>: mov 0x33355e(%rip),%rax # 0x3651150e28 <free+3356352>
0x0000003650e1d8ca <+42>: mov %rdx,0x8(%rsp)
0x0000003650e1d8cf <+47>: xor %edx,%edx
0x0000003650e1d8d1 <+49>: mov %rdi,0x18(%rsp)
0x0000003650e1d8d6 <+54>: mov %esi,0x14(%rsp)
0x0000003650e1d8da <+58>: mov %r9,%rdi
0x0000003650e1d8dd <+61>: test %rax,%rax
0x0000003650e1d8e0 <+64>: jne 0x3650e1d99b <__libc_start_main+251>
0x0000003650e1d8e6 <+70>: mov 0x333693(%rip),%rax # 0x3651150f80 <free+3356696>
0x0000003650e1d8ed <+77>: test %rdi,%rdi
0x0000003650e1d8f0 <+80>: mov %edx,(%rax)
0x0000003650e1d8f2 <+82>: je 0x3650e1d8fd <__libc_start_main+93>
0x0000003650e1d8f4 <+84>: xor %edx,%edx
0x0000003650e1d8f6 <+86>: xor %esi,%esi
0x0000003650e1d8f8 <+88>: callq 0x3650e33560 <__cxa_atexit_internal>
0x0000003650e1d8fd <+93>: mov 0x333594(%rip),%rbx # 0x3651150e98 <free+3356464>
0x0000003650e1d904 <+100>: movslq (%rbx),%rax
0x0000003650e1d907 <+103>: mov %rax,%r12
0x0000003650e1d90a <+106>: and $0x2,%r12d
0x0000003650e1d90e <+110>: jne 0x3650e1da29 <__libc_start_main+393>
0x0000003650e1d914 <+116>: test %rbp,%rbp
0x0000003650e1d917 <+119>: je 0x3650e1d92e <__libc_start_main+142>
0x0000003650e1d919 <+121>: mov 0x333628(%rip),%rax # 0x3651150f48 <free+3356640>
0x0000003650e1d920 <+128>: mov 0x8(%rsp),%rsi
0x0000003650e1d925 <+133>: mov 0x14(%rsp),%edi
0x0000003650e1d929 <+137>: mov (%rax),%rdx
0x0000003650e1d92c <+140>: callq *%rbp
0x0000003650e1d92e <+142>: mov 0x100(%rbx),%ebp
0x0000003650e1d934 <+148>: test %ebp,%ebp
0x0000003650e1d936 <+150>: jne 0x3650e1d9e9 <__libc_start_main+329>
0x0000003650e1d93c <+156>: test %r12,%r12
0x0000003650e1d93f <+159>: jne 0x3650e1d9c6 <__libc_start_main+294>
0x0000003650e1d945 <+165>: lea 0x20(%rsp),%rdi
0x0000003650e1d94a <+170>: callq 0x3650e30080 <_setjmp>
0x0000003650e1d94f <+175>: test %eax,%eax
0x0000003650e1d951 <+177>: jne 0x3650e1d9a8 <__libc_start_main+264>
0x0000003650e1d953 <+179>: mov %fs:0xc0,%rax
0x0000003650e1d95c <+188>: mov %rax,0x68(%rsp)
0x0000003650e1d961 <+193>: mov %fs:0xb8,%rax
0x0000003650e1d96a <+202>: mov %rax,0x70(%rsp)
0x0000003650e1d96f <+207>: lea 0x20(%rsp),%rax
0x0000003650e1d974 <+212>: mov %rax,%fs:0xc0
0x0000003650e1d97d <+221>: mov 0x3335c4(%rip),%rax # 0x3651150f48 <free+3356640>
0x0000003650e1d984 <+228>: mov 0x14(%rsp),%edi
0x0000003650e1d988 <+232>: mov 0x8(%rsp),%rsi
0x0000003650e1d98d <+237>: mov (%rax),%rdx
0x0000003650e1d990 <+240>: callq *0x18(%rsp) 这就是对main函数的调用的地方
=> 0x0000003650e1d994 <+244>: mov %eax,%edi 把main的返回值10作为参数传递给下一个函数调用,
0x0000003650e1d996 <+246>: callq 0x3650e332c0 <exit> 这个函数其实就是exit
0x0000003650e1d99b <+251>: xor %edx,%edx 感兴趣的可以继续step by step
0x0000003650e1d99d <+253>: cmpl $0x0,(%rax)
0x0000003650e1d9a0 <+256>: sete %dl
0x0000003650e1d9a3 <+259>: jmpq 0x3650e1d8e6 <__libc_start_main+70>
0x0000003650e1d9a8 <+264>: callq *0x338562(%rip) # 0x3651155f10 <__libc_pthread_functions+400>
0x0000003650e1d9ae <+270>: mov 0x33854b(%rip),%rax # 0x3651155f00 <__libc_pthread_functions+384>
0x0000003650e1d9b5 <+277>: lock decl (%rax)
0x0000003650e1d9b8 <+280>: sete %dl
0x0000003650e1d9bb <+283>: xor %edi,%edi
0x0000003650e1d9bd <+285>: test %dl,%dl
0x0000003650e1d9bf <+287>: jne 0x3650e1d996 <__libc_start_main+246>
0x0000003650e1d9c1 <+289>: callq 0x3650ec4e90 <__exit_thread>
0x0000003650e1d9c6 <+294>: mov 0x8(%rsp),%rax
0x0000003650e1d9cb <+299>: mov 0x3334c6(%rip),%rdx # 0x3651150e98 <free+3356464>
0x0000003650e1d9d2 <+306>: lea 0x101a25(%rip),%rdi # 0x3650f1f3fe
0x0000003650e1d9d9 <+313>: mov (%rax),%rsi
0x0000003650e1d9dc <+316>: xor %eax,%eax
0x0000003650e1d9de <+318>: callq *0xb8(%rdx)
0x0000003650e1d9e4 <+324>: jmpq 0x3650e1d945 <__libc_start_main+165>
0x0000003650e1d9e9 <+329>: mov 0x3335a8(%rip),%rax # 0x3651150f98 <free+3356720>
0x0000003650e1d9f0 <+336>: mov 0xf8(%rbx),%rbx
0x0000003650e1d9f7 <+343>: xor %r13d,%r13d
0x0000003650e1d9fa <+346>: mov (%rax),%r14
0x0000003650e1d9fd <+349>: mov 0x18(%rbx),%rax
0x0000003650e1da01 <+353>: test %rax,%rax
0x0000003650e1da04 <+356>: je 0x3650e1da17 <__libc_start_main+375>
0x0000003650e1da06 <+358>: mov %r13d,%edi
0x0000003650e1da09 <+361>: shl $0x4,%rdi
0x0000003650e1da0d <+365>: lea 0x468(%rdi,%r14,1),%rdi
0x0000003650e1da15 <+373>: callq *%rax
0x0000003650e1da17 <+375>: add $0x1,%r13d
0x0000003650e1da1b <+379>: mov 0x40(%rbx),%rbx
0x0000003650e1da1f <+383>: cmp %ebp,%r13d
0x0000003650e1da22 <+386>: jne 0x3650e1d9fd <__libc_start_main+349>
0x0000003650e1da24 <+388>: jmpq 0x3650e1d93c <__libc_start_main+156>
0x0000003650e1da29 <+393>: mov 0x8(%rsp),%rax
0x0000003650e1da2e <+398>: lea 0x1019af(%rip),%rdi # 0x3650f1f3e4
0x0000003650e1da35 <+405>: mov (%rax),%rsi
0x0000003650e1da38 <+408>: xor %eax,%eax
0x0000003650e1da3a <+410>: callq *0xb8(%rbx)
0x0000003650e1da40 <+416>: jmpq 0x3650e1d914 <__libc_start_main+116>
End of assembler dump.
(gdb)
(gdb)
(gdb) i reg
rax 0xa 10
rbx 0x3650c1bbc0 233283107776
rcx 0x3650ec5f80 233285902208
rdx 0x3651152980 233288575360
rsi 0x0 0
rdi 0x3651151780 233288570752
rbp 0x0 0x0
rsp 0x7fffffffe530 0x7fffffffe530 刚才的main函数的栈整个都被撤销了,世界终于平静了,
r8 0x7ffff7de36f0 140737351923440
r9 0x7ffff7de36f0 140737351923440
r10 0x0 0
r11 0x3650e61180 233285489024
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x3650e1d994 0x3650e1d994 <__libc_start_main+244>
eflags 0x202 [ IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
0x0000003650e1d994 in __libc_start_main () from /lib64/libc.so.6 这是调用main函数的那个函数名字,在objdump里,我们已经看到
(gdb) disas /m
Dump of assembler code for function __libc_start_main:
0x0000003650e1d8a0 <+0>: mov %rbp,-0x20(%rsp)
0x0000003650e1d8a5 <+5>: mov %rbx,-0x28(%rsp)
0x0000003650e1d8aa <+10>: mov %rcx,%rbp
0x0000003650e1d8ad <+13>: mov %r12,-0x18(%rsp)
0x0000003650e1d8b2 <+18>: mov %r13,-0x10(%rsp)
0x0000003650e1d8b7 <+23>: mov %r14,-0x8(%rsp)
0x0000003650e1d8bc <+28>: sub $0xb8,%rsp
0x0000003650e1d8c3 <+35>: mov 0x33355e(%rip),%rax # 0x3651150e28 <free+3356352>
0x0000003650e1d8ca <+42>: mov %rdx,0x8(%rsp)
0x0000003650e1d8cf <+47>: xor %edx,%edx
0x0000003650e1d8d1 <+49>: mov %rdi,0x18(%rsp)
0x0000003650e1d8d6 <+54>: mov %esi,0x14(%rsp)
0x0000003650e1d8da <+58>: mov %r9,%rdi
0x0000003650e1d8dd <+61>: test %rax,%rax
0x0000003650e1d8e0 <+64>: jne 0x3650e1d99b <__libc_start_main+251>
0x0000003650e1d8e6 <+70>: mov 0x333693(%rip),%rax # 0x3651150f80 <free+3356696>
0x0000003650e1d8ed <+77>: test %rdi,%rdi
0x0000003650e1d8f0 <+80>: mov %edx,(%rax)
0x0000003650e1d8f2 <+82>: je 0x3650e1d8fd <__libc_start_main+93>
0x0000003650e1d8f4 <+84>: xor %edx,%edx
0x0000003650e1d8f6 <+86>: xor %esi,%esi
0x0000003650e1d8f8 <+88>: callq 0x3650e33560 <__cxa_atexit_internal>
0x0000003650e1d8fd <+93>: mov 0x333594(%rip),%rbx # 0x3651150e98 <free+3356464>
0x0000003650e1d904 <+100>: movslq (%rbx),%rax
0x0000003650e1d907 <+103>: mov %rax,%r12
0x0000003650e1d90a <+106>: and $0x2,%r12d
0x0000003650e1d90e <+110>: jne 0x3650e1da29 <__libc_start_main+393>
0x0000003650e1d914 <+116>: test %rbp,%rbp
0x0000003650e1d917 <+119>: je 0x3650e1d92e <__libc_start_main+142>
0x0000003650e1d919 <+121>: mov 0x333628(%rip),%rax # 0x3651150f48 <free+3356640>
0x0000003650e1d920 <+128>: mov 0x8(%rsp),%rsi
0x0000003650e1d925 <+133>: mov 0x14(%rsp),%edi
0x0000003650e1d929 <+137>: mov (%rax),%rdx
0x0000003650e1d92c <+140>: callq *%rbp
0x0000003650e1d92e <+142>: mov 0x100(%rbx),%ebp
0x0000003650e1d934 <+148>: test %ebp,%ebp
0x0000003650e1d936 <+150>: jne 0x3650e1d9e9 <__libc_start_main+329>
0x0000003650e1d93c <+156>: test %r12,%r12
0x0000003650e1d93f <+159>: jne 0x3650e1d9c6 <__libc_start_main+294>
0x0000003650e1d945 <+165>: lea 0x20(%rsp),%rdi
0x0000003650e1d94a <+170>: callq 0x3650e30080 <_setjmp>
0x0000003650e1d94f <+175>: test %eax,%eax
0x0000003650e1d951 <+177>: jne 0x3650e1d9a8 <__libc_start_main+264>
0x0000003650e1d953 <+179>: mov %fs:0xc0,%rax
0x0000003650e1d95c <+188>: mov %rax,0x68(%rsp)
0x0000003650e1d961 <+193>: mov %fs:0xb8,%rax
0x0000003650e1d96a <+202>: mov %rax,0x70(%rsp)
0x0000003650e1d96f <+207>: lea 0x20(%rsp),%rax
0x0000003650e1d974 <+212>: mov %rax,%fs:0xc0
0x0000003650e1d97d <+221>: mov 0x3335c4(%rip),%rax # 0x3651150f48 <free+3356640>
0x0000003650e1d984 <+228>: mov 0x14(%rsp),%edi
0x0000003650e1d988 <+232>: mov 0x8(%rsp),%rsi
0x0000003650e1d98d <+237>: mov (%rax),%rdx
0x0000003650e1d990 <+240>: callq *0x18(%rsp) 这就是对main函数的调用的地方
=> 0x0000003650e1d994 <+244>: mov %eax,%edi 把main的返回值10作为参数传递给下一个函数调用,
0x0000003650e1d996 <+246>: callq 0x3650e332c0 <exit> 这个函数其实就是exit
0x0000003650e1d99b <+251>: xor %edx,%edx 感兴趣的可以继续step by step
0x0000003650e1d99d <+253>: cmpl $0x0,(%rax)
0x0000003650e1d9a0 <+256>: sete %dl
0x0000003650e1d9a3 <+259>: jmpq 0x3650e1d8e6 <__libc_start_main+70>
0x0000003650e1d9a8 <+264>: callq *0x338562(%rip) # 0x3651155f10 <__libc_pthread_functions+400>
0x0000003650e1d9ae <+270>: mov 0x33854b(%rip),%rax # 0x3651155f00 <__libc_pthread_functions+384>
0x0000003650e1d9b5 <+277>: lock decl (%rax)
0x0000003650e1d9b8 <+280>: sete %dl
0x0000003650e1d9bb <+283>: xor %edi,%edi
0x0000003650e1d9bd <+285>: test %dl,%dl
0x0000003650e1d9bf <+287>: jne 0x3650e1d996 <__libc_start_main+246>
0x0000003650e1d9c1 <+289>: callq 0x3650ec4e90 <__exit_thread>
0x0000003650e1d9c6 <+294>: mov 0x8(%rsp),%rax
0x0000003650e1d9cb <+299>: mov 0x3334c6(%rip),%rdx # 0x3651150e98 <free+3356464>
0x0000003650e1d9d2 <+306>: lea 0x101a25(%rip),%rdi # 0x3650f1f3fe
0x0000003650e1d9d9 <+313>: mov (%rax),%rsi
0x0000003650e1d9dc <+316>: xor %eax,%eax
0x0000003650e1d9de <+318>: callq *0xb8(%rdx)
0x0000003650e1d9e4 <+324>: jmpq 0x3650e1d945 <__libc_start_main+165>
0x0000003650e1d9e9 <+329>: mov 0x3335a8(%rip),%rax # 0x3651150f98 <free+3356720>
0x0000003650e1d9f0 <+336>: mov 0xf8(%rbx),%rbx
0x0000003650e1d9f7 <+343>: xor %r13d,%r13d
0x0000003650e1d9fa <+346>: mov (%rax),%r14
0x0000003650e1d9fd <+349>: mov 0x18(%rbx),%rax
0x0000003650e1da01 <+353>: test %rax,%rax
0x0000003650e1da04 <+356>: je 0x3650e1da17 <__libc_start_main+375>
0x0000003650e1da06 <+358>: mov %r13d,%edi
0x0000003650e1da09 <+361>: shl $0x4,%rdi
0x0000003650e1da0d <+365>: lea 0x468(%rdi,%r14,1),%rdi
0x0000003650e1da15 <+373>: callq *%rax
0x0000003650e1da17 <+375>: add $0x1,%r13d
0x0000003650e1da1b <+379>: mov 0x40(%rbx),%rbx
0x0000003650e1da1f <+383>: cmp %ebp,%r13d
0x0000003650e1da22 <+386>: jne 0x3650e1d9fd <__libc_start_main+349>
0x0000003650e1da24 <+388>: jmpq 0x3650e1d93c <__libc_start_main+156>
0x0000003650e1da29 <+393>: mov 0x8(%rsp),%rax
0x0000003650e1da2e <+398>: lea 0x1019af(%rip),%rdi # 0x3650f1f3e4
0x0000003650e1da35 <+405>: mov (%rax),%rsi
0x0000003650e1da38 <+408>: xor %eax,%eax
0x0000003650e1da3a <+410>: callq *0xb8(%rbx)
0x0000003650e1da40 <+416>: jmpq 0x3650e1d914 <__libc_start_main+116>
End of assembler dump.
(gdb)
(gdb)
(gdb) i reg
rax 0xa 10
rbx 0x3650c1bbc0 233283107776
rcx 0x3650ec5f80 233285902208
rdx 0x3651152980 233288575360
rsi 0x0 0
rdi 0x3651151780 233288570752
rbp 0x0 0x0
rsp 0x7fffffffe530 0x7fffffffe530 刚才的main函数的栈整个都被撤销了,世界终于平静了,
r8 0x7ffff7de36f0 140737351923440
r9 0x7ffff7de36f0 140737351923440
r10 0x0 0
r11 0x3650e61180 233285489024
r12 0x0 0
r13 0x7fffffffe600 140737488348672
r14 0x0 0
r15 0x0 0
rip 0x3650e1d994 0x3650e1d994 <__libc_start_main+244>
eflags 0x202 [ IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
