x86笔记
问题一:
下面这条指令跳转到哪里?
0x0000000000400f75 <+50>: jmpq *0x402470(,%rax,8)
正解:
这条指令以0x402470(,%rax,8)指向的内存的值作为地址,又有
(gdb) p $rax
$1 = 7
所以0x402470+7x8=0x4024a8,查询0x4024a8
(gdb) x 0x4024a8
0x4024a8: 0x00400fa6
得到跳转地址为0x00400fa6
问题二:
pushl Src
的用途?
正解:
- Fetch value from Src
- Decrement %esp by 4
- Store value at address given by %esp
问题三:
popl Src的用途?
正解:
- Load value from address %esp
- Write value to Dest
- Incremnet %esp by 4
问题四:
call label //Push return address on stack; Jump to label ret //Pop return address from stack; Jump to address的机制的详细描述?
正解:
先将下一条指令的地址放到%rip,再push on stack;再将callee的第一条指令的地址放到%rip,执行指令;执行ret时将pop caller’s frame,将其内含的下一条指令的地址加载到%rip中
问题五:
Frame Pointer: %ebp指向栈底
问题六:
leave instruction等价于
mov %ebp, %esp pop %ebp问题七:
x86 32-bit Registers
- Caller-Save Temporaries: %eax, %edx, %ecx
- Callee-Save Temporaries: %ebx, %esi, %edi
- Special: %esp, %ebp
问题八:
x86-64 64-bit Registers
- %rax Return value
- %rbx Callee saved
- %rcx Arg4
- %rdx Arg3
- %rsi Arg2
- %rdi Arg1
- %rsp Stack pointer
- %rbp Callee saved
- %r8 Arg5
- %r9 Arg6
- %r10 Caller saved
- %r11 Caller saved
- %r12 Callee saved
- %r13 Callee saved
- %r14 Callee saved
- %r15 Callee saved
问题九:X86-64 procedure call highlights
No frame pointer
All references to stack frame made relative to %rsp;eliminates need to update %ebp/%rbp, which is now available for general-purpose use
Function
Functions can access memory up to 128 bytes beyond %rsp: the “red zone”. Can store some temps on stack without altering %rsp
问题十:
cltqsign-extends EAX into RAX.
问题十一:
- Heavy use of registers(faster than using stack in memory)
- Parameter passing
- More temporaries since more registers
- Minimal use of stack
- Sometimes none
- When needed, allocate/deallocate entire frame at once
- No more frame pointer:address relative to stack pointer
- More room for compiler optimizations
- Prefer to store data in registers rather than memory
- Minimize modifications to stack pointer
问题十二:
- 如何使用tui模式?
gdb -tui layout asm layout regs
问题十三:
ret instruction等价于 pop pc-counter
问题十四
For most cases, the mov instruction will only update the specific register bytes or memory locations indicated by the destination operand. The only exception is that when movl has a register as its destination, it will also set the high-order 4bytes of the register to 0.