133 _fp_hw: .long 3 134 .size _fp_hw, 4 135 .type _fp_hw,@object 136 137 /** Define a symbol for the first piece of initialized data. */ 138 .data 139 .globl data_start 140 data_start: 141 .long 0 142 .weak data_start 143 data_start = __data_start 下面我们大概清楚了_start 为程序的最外部函数,现在我们开始研究_start 中 call libc_start_main,这个是什么函数,都作了什么。我们可以 text view,看下其反编译代 码,我们可以看到在 IDA 中是无法看到他的,指向了.plt 表,如下表所示: .plt:080482E4 .plt:080482E4 _libc_start_main proc near ; CODE XREF: _start+1C p .plt:080482E4 jmp ds:off_804A004 .plt:080482E4 libc_start_main endp .plt:080482E4 我们可以 gdb 动态调试或 IDA 动态调试再 disas libc_strat_main,代码如下所示: (gdb) disassemble libc_start_main Dump of assembler code for function __libc_start_main: 0xb7e11690 < libc_start_main+0>: push %ebp 0xb7e11691 < libc_start_main+1>: xor %edx,%edx 0xb7e11693 < libc_start_main+3>: mov %esp,%ebp 0xb7e11695 < libc_start_main+5>: push %edi 0xb7e11696 < libc_start_main+6>: push %esi 0xb7e11697 < libc_start_main+7>: push %ebx 0xb7e11698 < libc_start_main+8>: call 0xb7e115af <_Unwind_Find_FDE@plt+111> 0xb7e1169d < libc_start_main+13>: add $0x148957,%ebx 0xb7e116a3 < libc_start_main+19>: sub $0x4c,%esp 0xb7e116a6 < libc_start_main+22>: mov 0x14(%ebp),%esi 0xb7e116a9 < libc_start_main+25>: mov 0x1c(%ebp),%ecx 0xb7e116ac < libc_start_main+28>: mov -0x100(%ebx),%eax 0xb7e116b2 < libc_start_main+34>: test %eax,%eax 0xb7e116b4 < libc_start_main+36>: jne 0xb7e1177d < libc_start_main+237> 0xb7e116ba < libc_start_main+42>: mov -0x3c(%ebx),%eax 0xb7e116c0 < libc_start_main+48>: test %ecx,%ecx 0xb7e116c2 < libc_start_main+50>: mov %edx,(%eax) 0xb7e116c4 < libc_start_main+52>: je 0xb7e116de < libc_start_main+78> 0xb7e116c6 < libc_start_main+54>: movl $0x0,0x8(%esp) ---Type <return> to continue, or q <return> to quit--- 0xb7e116ce < libc_start_main+62>: movl $0x0,0x4(%esp) 0xb7e116d6 < libc_start_main+70>: mov %ecx,(%esp) 0xb7e116d9 < libc_start_main+73>: call 0xb7e29e10 < cxa_atexit> 0xb7e116de < libc_start_main+78>: mov -0xc4(%ebx),%edx 0xb7e116e4 < libc_start_main+84>: testb $0x2,(%edx) 0xb7e116e7 < libc_start_main+87>: jne 0xb7e1182e |
