标签:
[root@localhost log]# cat -n /root/xx.c 1 2 3 #include <stdio.h> 4 5 void func(char *p) 6 { 7 *p = ‘p‘; 8 } 9 10 int main(int argc, char *argv[]) 11 { 12 char *p=NULL; 13 func(p); 14 15 return 0; 16 }
[root@localhost log]# /root/xx
[root@localhost log]# dmesg
xx[8226]: segfault at 0 ip 0000000000400454 sp 00007fffcb8b6360 error 6 in xx[400000+1000]
[root@localhost log]# objdump -d /root/xx /root/xx: file format elf64-x86-64 Disassembly of section .init: 0000000000400338 <_init>: 400338: 48 83 ec 08 sub $0x8,%rsp 40033c: e8 5b 00 00 00 callq 40039c <call_gmon_start> 400341: e8 da 00 00 00 callq 400420 <frame_dummy> 400346: e8 d5 01 00 00 callq 400520 <__do_global_ctors_aux> 40034b: 48 83 c4 08 add $0x8,%rsp 40034f: c3 retq Disassembly of section .plt: 0000000000400350 <__libc_start_main@plt-0x10>: 400350: ff 35 d2 04 20 00 pushq 2098386(%rip) # 600828 <_GLOBAL_OFFSET_TABLE_+0x8> 400356: ff 25 d4 04 20 00 jmpq *2098388(%rip) # 600830 <_GLOBAL_OFFSET_TABLE_+0x10> 40035c: 0f 1f 40 00 nopl 0x0(%rax) 0000000000400360 <__libc_start_main@plt>: 400360: ff 25 d2 04 20 00 jmpq *2098386(%rip) # 600838 <_GLOBAL_OFFSET_TABLE_+0x18> 400366: 68 00 00 00 00 pushq $0x0 40036b: e9 e0 ff ff ff jmpq 400350 <_init+0x18> Disassembly of section .text: 0000000000400370 <_start>: 400370: 31 ed xor %ebp,%ebp 400372: 49 89 d1 mov %rdx,%r9 400375: 5e pop %rsi 400376: 48 89 e2 mov %rsp,%rdx 400379: 48 83 e4 f0 and $0xfffffffffffffff0,%rsp 40037d: 50 push %rax 40037e: 54 push %rsp 40037f: 49 c7 c0 80 04 40 00 mov $0x400480,%r8 400386: 48 c7 c1 90 04 40 00 mov $0x400490,%rcx 40038d: 48 c7 c7 59 04 40 00 mov $0x400459,%rdi 400394: e8 c7 ff ff ff callq 400360 <__libc_start_main@plt> 400399: f4 hlt 40039a: 90 nop 40039b: 90 nop 000000000040039c <call_gmon_start>: 40039c: 48 83 ec 08 sub $0x8,%rsp 4003a0: 48 8b 05 71 04 20 00 mov 2098289(%rip),%rax # 600818 <_DYNAMIC+0x190> 4003a7: 48 85 c0 test %rax,%rax 4003aa: 74 02 je 4003ae <call_gmon_start+0x12> 4003ac: ff d0 callq *%rax 4003ae: 48 83 c4 08 add $0x8,%rsp 4003b2: c3 retq 4003b3: 90 nop 4003b4: 90 nop 4003b5: 90 nop 4003b6: 90 nop 4003b7: 90 nop 4003b8: 90 nop 4003b9: 90 nop 4003ba: 90 nop 4003bb: 90 nop 4003bc: 90 nop 4003bd: 90 nop 4003be: 90 nop 4003bf: 90 nop 00000000004003c0 <__do_global_dtors_aux>: 4003c0: 55 push %rbp 4003c1: 48 89 e5 mov %rsp,%rbp 4003c4: 53 push %rbx 4003c5: 48 83 ec 08 sub $0x8,%rsp 4003c9: 80 3d 80 04 20 00 00 cmpb $0x0,2098304(%rip) # 600850 <completed.6145> 4003d0: 75 44 jne 400416 <__do_global_dtors_aux+0x56> 4003d2: b8 78 06 60 00 mov $0x600678,%eax 4003d7: 48 2d 70 06 60 00 sub $0x600670,%rax 4003dd: 48 c1 f8 03 sar $0x3,%rax 4003e1: 48 8d 58 ff lea 0xffffffffffffffff(%rax),%rbx 4003e5: 48 8b 05 5c 04 20 00 mov 2098268(%rip),%rax # 600848 <dtor_idx.6147> 4003ec: 48 39 c3 cmp %rax,%rbx 4003ef: 76 1e jbe 40040f <__do_global_dtors_aux+0x4f> 4003f1: 48 83 c0 01 add $0x1,%rax 4003f5: 48 89 05 4c 04 20 00 mov %rax,2098252(%rip) # 600848 <dtor_idx.6147> 4003fc: ff 14 c5 70 06 60 00 callq *0x600670(,%rax,8) 400403: 48 8b 05 3e 04 20 00 mov 2098238(%rip),%rax # 600848 <dtor_idx.6147> 40040a: 48 39 c3 cmp %rax,%rbx 40040d: 77 e2 ja 4003f1 <__do_global_dtors_aux+0x31> 40040f: c6 05 3a 04 20 00 01 movb $0x1,2098234(%rip) # 600850 <completed.6145> 400416: 48 83 c4 08 add $0x8,%rsp 40041a: 5b pop %rbx 40041b: c9 leaveq 40041c: c3 retq 40041d: 0f 1f 00 nopl (%rax) 0000000000400420 <frame_dummy>: 400420: 55 push %rbp 400421: 48 83 3d 57 02 20 00 cmpq $0x0,2097751(%rip) # 600680 <__JCR_END__> 400428: 00 400429: 48 89 e5 mov %rsp,%rbp 40042c: 74 16 je 400444 <frame_dummy+0x24> 40042e: b8 00 00 00 00 mov $0x0,%eax 400433: 48 85 c0 test %rax,%rax 400436: 74 0c je 400444 <frame_dummy+0x24> 400438: bf 80 06 60 00 mov $0x600680,%edi 40043d: 49 89 c3 mov %rax,%r11 400440: c9 leaveq 400441: 41 ff e3 jmpq *%r11 400444: c9 leaveq 400445: c3 retq 400446: 90 nop 400447: 90 nop 0000000000400448 <func>: 400448: 55 push %rbp 400449: 48 89 e5 mov %rsp,%rbp 40044c: 48 89 7d f8 mov %rdi,0xfffffffffffffff8(%rbp) 400450: 48 8b 45 f8 mov 0xfffffffffffffff8(%rbp),%rax 400454: c6 00 70 movb $0x70,(%rax) 400457: c9 leaveq 400458: c3 retq 0000000000400459 <main>: 400459: 55 push %rbp 40045a: 48 89 e5 mov %rsp,%rbp 40045d: 48 83 ec 20 sub $0x20,%rsp 400461: 89 7d ec mov %edi,0xffffffffffffffec(%rbp) 400464: 48 89 75 e0 mov %rsi,0xffffffffffffffe0(%rbp) 400468: 48 c7 45 f8 00 00 00 movq $0x0,0xfffffffffffffff8(%rbp) 40046f: 00 400470: 48 8b 7d f8 mov 0xfffffffffffffff8(%rbp),%rdi 400474: e8 cf ff ff ff callq 400448 <func> 400479: b8 00 00 00 00 mov $0x0,%eax 40047e: c9 leaveq 40047f: c3 retq 0000000000400480 <__libc_csu_fini>: 400480: f3 c3 repz retq 400482: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 400489: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 0000000000400490 <__libc_csu_init>: 400490: 4c 89 64 24 e0 mov %r12,0xffffffffffffffe0(%rsp) 400495: 4c 89 6c 24 e8 mov %r13,0xffffffffffffffe8(%rsp) 40049a: 4c 8d 25 bb 01 20 00 lea 2097595(%rip),%r12 # 60065c <__fini_array_end> 4004a1: 4c 89 74 24 f0 mov %r14,0xfffffffffffffff0(%rsp) 4004a6: 4c 89 7c 24 f8 mov %r15,0xfffffffffffffff8(%rsp) 4004ab: 49 89 f6 mov %rsi,%r14 4004ae: 48 89 5c 24 d0 mov %rbx,0xffffffffffffffd0(%rsp) 4004b3: 48 89 6c 24 d8 mov %rbp,0xffffffffffffffd8(%rsp) 4004b8: 48 83 ec 38 sub $0x38,%rsp 4004bc: 41 89 ff mov %edi,%r15d 4004bf: 49 89 d5 mov %rdx,%r13 4004c2: e8 71 fe ff ff callq 400338 <_init> 4004c7: 48 8d 05 8e 01 20 00 lea 2097550(%rip),%rax # 60065c <__fini_array_end> 4004ce: 49 29 c4 sub %rax,%r12 4004d1: 49 c1 fc 03 sar $0x3,%r12 4004d5: 4d 85 e4 test %r12,%r12 4004d8: 74 1e je 4004f8 <__libc_csu_init+0x68> 4004da: 31 ed xor %ebp,%ebp 4004dc: 48 89 c3 mov %rax,%rbx 4004df: 90 nop 4004e0: 48 83 c5 01 add $0x1,%rbp 4004e4: 4c 89 ea mov %r13,%rdx 4004e7: 4c 89 f6 mov %r14,%rsi 4004ea: 44 89 ff mov %r15d,%edi 4004ed: ff 13 callq *(%rbx) 4004ef: 48 83 c3 08 add $0x8,%rbx 4004f3: 49 39 ec cmp %rbp,%r12 4004f6: 75 e8 jne 4004e0 <__libc_csu_init+0x50> 4004f8: 48 8b 5c 24 08 mov 0x8(%rsp),%rbx 4004fd: 48 8b 6c 24 10 mov 0x10(%rsp),%rbp 400502: 4c 8b 64 24 18 mov 0x18(%rsp),%r12 400507: 4c 8b 6c 24 20 mov 0x20(%rsp),%r13 40050c: 4c 8b 74 24 28 mov 0x28(%rsp),%r14 400511: 4c 8b 7c 24 30 mov 0x30(%rsp),%r15 400516: 48 83 c4 38 add $0x38,%rsp 40051a: c3 retq 40051b: 90 nop 40051c: 90 nop 40051d: 90 nop 40051e: 90 nop 40051f: 90 nop 0000000000400520 <__do_global_ctors_aux>: 400520: 55 push %rbp 400521: 48 89 e5 mov %rsp,%rbp 400524: 53 push %rbx 400525: bb 60 06 60 00 mov $0x600660,%ebx 40052a: 48 83 ec 08 sub $0x8,%rsp 40052e: 48 8b 05 2b 01 20 00 mov 2097451(%rip),%rax # 600660 <__CTOR_LIST__> 400535: 48 83 f8 ff cmp $0xffffffffffffffff,%rax 400539: 74 14 je 40054f <__do_global_ctors_aux+0x2f> 40053b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 400540: 48 83 eb 08 sub $0x8,%rbx 400544: ff d0 callq *%rax 400546: 48 8b 03 mov (%rbx),%rax 400549: 48 83 f8 ff cmp $0xffffffffffffffff,%rax 40054d: 75 f1 jne 400540 <__do_global_ctors_aux+0x20> 40054f: 48 83 c4 08 add $0x8,%rsp 400553: 5b pop %rbx 400554: c9 leaveq 400555: c3 retq 400556: 90 nop 400557: 90 nop Disassembly of section .fini: 0000000000400558 <_fini>: 400558: 48 83 ec 08 sub $0x8,%rsp 40055c: e8 5f fe ff ff callq 4003c0 <__do_global_dtors_aux> 400561: 48 83 c4 08 add $0x8,%rsp 400565: c3 retq
[root@localhost log]# objdump -d /root/xx |grep -C5 400454 0000000000400448 <func>: 400448: 55 push %rbp 400449: 48 89 e5 mov %rsp,%rbp 40044c: 48 89 7d f8 mov %rdi,0xfffffffffffffff8(%rbp) 400450: 48 8b 45 f8 mov 0xfffffffffffffff8(%rbp),%rax 400454: c6 00 70 movb $0x70,(%rax) 400457: c9 leaveq 400458: c3 retq 0000000000400459 <main>: 400459: 55 push %rbp
Usage: addr2line [option(s)] [addr(s)] Convert addresses into line number/file name pairs. If no addresses are specified on the command line, they will be read from stdin The options are: @<file> Read options from <file> -b --target=<bfdname> Set the binary file format -e --exe=<executable> Set the input file name (default is a.out) -i --inlines Unwind inlined functions -j --section=<name> Read section-relative offsets instead of addresses -s --basenames Strip directory names -f --functions Show function names -C --demangle[=style] Demangle function names -h --help Display this information -v --version Display the program‘s version [root@localhost log]# addr2line -e /root/xx 0x400454 /root/xx.c:7
gdb调试:
[root@localhost ~]# gdb ./xx GNU gdb (GDB) 7.7 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-unknown-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from ./xx...done. (gdb) disas 0x400454 Dump of assembler code for function func: 0x0000000000400448 <+0>: push %rbp 0x0000000000400449 <+1>: mov %rsp,%rbp 0x000000000040044c <+4>: mov %rdi,-0x8(%rbp) 0x0000000000400450 <+8>: mov -0x8(%rbp),%rax 0x0000000000400454 <+12>: movb $0x70,(%rax) 0x0000000000400457 <+15>: leaveq 0x0000000000400458 <+16>: retq End of assembler dump.
(gdb) list func 1 2 3 #include <stdio.h> 4 5 void func(char *p) 6 { 7 *p = ‘p‘; 8 } 9 10 int main(int argc, char *argv[])
标签:
原文地址:http://www.cnblogs.com/zengkefu/p/5539294.html
