C++嵌入Assembler(汇编)汇编内出错?
.important { color:red; }

我在C++中插入了汇编代码,但汇编代码老报错,不知什么原因。求各位大神帮助!

代码:

#include <iostream>
using namespace std; 
int main(int argc,char *argv[]) {
 volatile int a[3] = {0,0,0};
 for (int i = 0;i < 3;i ++)
  cout << a[i] << ends;
 cout << endl;
 asm ("inc [esp + 2]");//Assembler:inc [esp + 2]   (++ a[1];)
 for (int i = 0;i < 3;i ++)
  cout << a[i] << ends;
 cout << endl;
 return 0;
}

报错信息:

(File(C:\Users\ADMINI~1\AppData\Local\Temp\ccR9LmJd.s)) Assembler messages:
(Line(42)) (File(C:\Users\ADMINI~1\AppData\Local\Temp\ccR9LmJd.s)) Error: invalid char '[' beginning operand 1 `[esp+2]'

之后我想是不是这个汇编器不支持Intel,就把那一行汇编改成了AT&T格式的:

asm ("inc [esp + 2]");//Assembler:inc [esp + 2]   (++ a[1];)

| |

\/

asm ("inc 2(%esp)");//Assembler:inc 2(%esp)   (++ a[1];)

但还是报错了:

(File(C:\Users\ADMINI~1\AppData\Local\Temp\ccEzueAV.s)) Assembler messages:
(Line(42)) (File(C:\Users\ADMINI~1\AppData\Local\Temp\ccEzueAV.s)) Error: no instruction mnemonic suffix given and no register operands; can't size instruction

本人对AT&T不熟悉,麻烦大家看看哪错了,致以感谢!

caozhy
贵阳老马马善福专业维修游泳池堵漏防水工程 之前问题解决的话,请采纳,采纳后回答新问题
5 个月之前 回复

1个回答

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
其他相关推荐
C++嵌入Assembler(汇编)汇编内出错?

<style> .important { color:red; } </style> <!--blog--> <h4><b>我在C++中插入了汇编代码,但汇编代码老报错,不知什么原因。求各位大神帮助!</b></h4> 代码: ```C++ #include <iostream> using namespace std; int main(int argc,char *argv[]) { volatile int a[3] = {0,0,0}; for (int i = 0;i < 3;i ++) cout << a[i] << ends; cout << endl; asm ("inc [esp + 2]");//Assembler:inc [esp + 2] (++ a[1];) for (int i = 0;i < 3;i ++) cout << a[i] << ends; cout << endl; return 0; } ``` 报错信息: ```Message (File(C:\Users\ADMINI~1\AppData\Local\Temp\ccR9LmJd.s)) Assembler messages: (Line(42)) (File(C:\Users\ADMINI~1\AppData\Local\Temp\ccR9LmJd.s)) Error: invalid char '[' beginning operand 1 `[esp+2]' ``` 之后我想是不是这个汇编器不支持<c class="important">Intel</c>,就把那一行汇编改成了<c class="important">AT&T</c>格式的: ``` asm ("inc [esp + 2]");//Assembler:inc [esp + 2] (++ a[1];) ``` | | \/ ``` asm ("inc 2(%esp)");//Assembler:inc 2(%esp) (++ a[1];) ``` 但还是报错了: ``` (File(C:\Users\ADMINI~1\AppData\Local\Temp\ccEzueAV.s)) Assembler messages: (Line(42)) (File(C:\Users\ADMINI~1\AppData\Local\Temp\ccEzueAV.s)) Error: no instruction mnemonic suffix given and no register operands; can't size instruction ``` </h6><b><c style="color:green">本人对<cc class="important">AT&T</cc>不熟悉,麻烦大家看看哪错了,致以感谢!</c></b></h6>

vs2017学习汇编,配置出错,我的计算机64位,能否给出详细步骤,具体点,谢谢大佬

------ 已启动生成: 项目: Project2, 配置: Debug x64 ------ 1>Assembling hello.asm... 1>hello.asm(1): error A2008: syntax error : cs 1>C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\IDE\VC\VCTargets\BuildCustomizations\masm.targets(50,5): error MSB3721: 命令“ml64.exe /c /nologo /Zi /Fo"x64\Debug\hello.obj" /W3 /errorReport:prompt /Tahello.asm”已退出,返回代码为 1。 1>已完成生成项目“Project2.vcxproj”的操作 - 失败。 ========== 生成: 成功 0 个,失败 1 个,最新 0 个,跳过 0 个 ==========

求解,gcc内联汇编标号编译报错

``` unsigned long strcpy0(char* dst,const char* src) { __asm__ __volatile__ ( ".intel_syntax noprefix\n" "POS2:\n" "lodsb\n" "stosb\n" "test al,al\n" "jnz POS2\n" : : :"rax","bl" ); } ``` 上面代码使用gcc编译的时候报错,请问该怎么解决: gcc -masm=intel -O3 -c -o test.o test.c test.c: Assembler messages: test.c:7: Error: symbol `POS2' is already defined test.c:7: Error: symbol `POS2' is already defined test.c:7: Error: symbol `POS2' is already defined

使用内联汇编程序用C调用golang函数时,对于'mov'的内存引用过多

<div class="post-text" itemprop="text"> <p>I'm trying to call a golang function from my C code. Golang does not use the standard x86_64 calling convention, so I have to resort to implementing the transition myself. As gcc does not want to mix cdecl with the x86_64 convention, I'm trying to call the function using inline assembly:</p> <pre><code>void go_func(struct go_String filename, void* key, int error){ void* f_address = (void*)SAVEECDSA; asm volatile(" sub rsp, 0xe0; \t \ mov [rsp+0xe0], rbp; \t \ mov [rsp], %0; \t \ mov [rsp+0x8], %1; \t \ mov [rsp+0x18], %2; \t \ call %3; \t \ mov rbp, [rsp+0xe0]; \t \ add rsp, 0xe0;" : : "g"(filename.str), "g"(filename.len), "g"(key), "g"(f_address) : ); return; } </code></pre> <p>Sadly the compiler always throws an error at me that I dont understand:</p> <pre><code>./code.c:241: Error: too many memory references for `mov' </code></pre> <p>This corresponds to this line: <code>mov [rsp+0x18], %2; \t \</code> If I delete it, the compilation works. I don't understand what my mistake is...</p> <p>I'm compiling with the -masm=intel flag so I use Intel syntax. Can someone please help me?</p> </div>

Go的汇编程序的条件跳转指令是什么?

<div class="post-text" itemprop="text"> <p>Go's 6a assembler has conditional jump instructions:</p> <pre><code>JCC JCS JCXZL JEQ JGE JGT JHI JLE JLS JLT JMI JNE JOC JOS JPC JPL JPS </code></pre> <p>But how do they map to x86 conditional jumps?</p> </div>

如何在Golang中使用在汇编代码中定义的函数?

<div class="post-text" itemprop="text"> <p>In golangs AES crypto package <a href="https://golang.org/src/crypto/aes/cipher_amd64.go" rel="nofollow noreferrer">cipher_amd64.go</a> makes use of functions that are defined in assembler code (<a href="https://golang.org/src/crypto/aes/asm_amd64.s" rel="nofollow noreferrer">asm_amd64.s</a>). In the mentioned go file only the function headers are defined:</p> <pre><code>// defined in asm_amd64.s func encryptBlockAsm(nr int, xk *uint32, dst, src *byte) func decryptBlockAsm(nr int, xk *uint32, dst, src *byte) func expandKeyAsm(nr int, key *byte, enc *uint32, dec *uint32) </code></pre> <p>How can I use these functions in my own code? Just declaring the headers and importing "crypto/aes" as in the mentioned .go file does not work (<code>undefined: expandKeyAsm</code>).</p> <p>Thank you very much!</p> </div>

Bomb Lab问题,求分析代码,汇编看不懂。

Dump of assembler code for function phase_2: => 0x0000000000401107 <+0>: mov %rbx,-0x18(%rsp) 0x000000000040110c <+5>: mov %rbp,-0x10(%rsp) 0x0000000000401111 <+10>: mov %r12,-0x8(%rsp) 0x0000000000401116 <+15>: sub $0x38,%rsp 0x000000000040111a <+19>: mov %rsp,%rsi 0x000000000040111d <+22>: callq 0x401294 <read_six_numbers> 0x0000000000401122 <+27>: mov %rsp,%rbx 0x0000000000401125 <+30>: lea 0xc(%rsp),%r12 0x000000000040112a <+35>: mov $0x0,%ebp 0x000000000040112f <+40>: mov (%rbx),%eax 0x0000000000401131 <+42>: cmp 0xc(%rbx),%eax 0x0000000000401134 <+45>: je 0x40113b <phase_2+52> 0x0000000000401136 <+47>: callq 0x401272 <explode_bomb> 0x000000000040113b <+52>: add (%rbx),%ebp 0x000000000040113d <+54>: add $0x4,%rbx 0x0000000000401141 <+58>: cmp %r12,%rbx 0x0000000000401144 <+61>: jne 0x40112f <phase_2+40> 0x0000000000401146 <+63>: test %ebp,%ebp 0x0000000000401148 <+65>: jne 0x40114f <phase_2+72> 0x000000000040114a <+67>: callq 0x401272 <explode_bomb> 0x000000000040114f <+72>: mov 0x20(%rsp),%rbx 0x0000000000401154 <+77>: mov 0x28(%rsp),%rbp ---Type <return> to continue, or q <return> to quit---return 0x0000000000401159 <+82>: mov 0x30(%rsp),%r12 0x000000000040115e <+87>: add $0x38,%rsp 0x0000000000401162 <+91>: retq

汇编程序在CCS中运行时出现4个错,请问该如何修改?

``` ;---------------------------------------------------------------; ;输入参数: ; ;ar0 -->指向输入缓冲起始地址的指针,也就是待交织的数据的首地址 ; ;ar1 -->指向交织表起始地址的指针 ; ;ar2 -->指向输出缓冲起始地址的指针,也就是交织完的数据的地址 ; ;ar3 -->待交织数据的长度,以比特表示 ; ;---------------------------------------------------------------- ;uninter_word -->待交织的数据的长度,以字表示 ; ;inter_bit -->交织数据的比特位置 ; ;loc_bit -->待交织数据的比特位置 ; ;loc_word -->待交织数据的字的位置 ; ;---------------------------------------------------------------; .def inter_R inter_R: ldm ar3,a ;待交织数据的长度 sftl a,-4 ;长度/16 得到待交织数据所占的字数 stl a,uninter_word ;存储待交织数据的长度(字的个数) stm #15,BRC ;循环的次数为 16 outstart: st #0000h,inter_bit ;字内比特起始位置为 0 inerstart: rptb i_inner-1 ;循环开始 ld *ar1,-4,a ;由交织表的数据得到此输出比特在待交织数据中的 WORD 位置 stl a,loc_word ;将此 WORD 位置保存起来 ld #15,b ;由交织表的数据得到此输出比特在待交织数据 and *ar1+,b ;中的 BIT 位置 stl b,loc_bit ;将此 BIT 位置保存起来 ld #1,a rsbx c ;清 C rpt loc_bit rol a ;将 1<<loc_bit+1 ror a stlm a,ar4 ;保存 A 中的数据 ldm ar0,b ;保存 AR0 中的数据 ldm ar0,a ;在输入缓冲区中寻找要交织的 BIT 的字的位置 add loc_word,a ;ar0+loc_word stlm a,ar0 ldm ar4,a and *ar0,a ;a 中的第 loc_bit 个比特就是需要交织到此比特位置的数据 stlm b,ar0 rsbx c rpt loc_bit ror a ;数据右移到 A 的最低位中 rol a rsbx c rpt inter_bit rol a ;A<<inter_bit,inter_bit 是输出缓冲当前字中 ror a ;要处理的比特位置 ssbx c ;置 C ld #0ffffh,16,b or #0fffeh,b rpt inter_bit rol b ror b and *ar2,b ;清除输出缓冲此比特位置原有的数据 or a,b ;将 A 中的数据通过“或”操作写入输出 B 中 stl b,*ar2 ;将 B 中的数据写入输出缓冲区中 addm #0001h,inter_bit ;输出缓冲中待操作的比特位置加 1 nop i_inner mar *ar2+ ;输出缓冲中待操作的字位置加 1 ld uninter_word,a sub #1,a ;待交织数据的字的长度减 1 stl a,uninter_word and #0ffffh,a ;判断整字的待交织数据是否交织完 bc outstart,aneq ;没有交织完则继续交织,否则去判断剩下的数据够不够一个字 ldm ar3,a ;如果待交织数据长度除以 16 所得余不为 0 and #15,a ;的话,还要继续处理最后一个字的数据 bc endprog,aeq sub #1,a stlm a,brc stm #0000h,ar3 B inerstart endprog: ret ``` ![图片说明](https://img-ask.csdn.net/upload/201605/20/1463724097_621672.png) 不知道图片能否上传,再把错误陈列下: ``` "c:\ti\c5500\cgtools\bin\cl55" -g -q -fr"C:/ti/tutorial/jiaozhi2/Debug" -d"_DEBUG" -@"Debug.lkf" "jiaozhi.asm" "jiaozhi.asm", ERROR! at line 13: [E9999] Syntax Error .def inter_R ^ "jiaozhi.asm", ERROR! at line 13: [E9999] Invalid mnemonic specified .def inter_R ^ "jiaozhi.asm", REMARK at line 55: [R5571] This instruction may corrupt the carry bit if the M40 bit is set (see the C55x silicon exceptions errata; Advisory CPU_41) addm #0001h,inter_bit ;输出缓冲中待操作的比特位置加 1 "jiaozhi.asm", REMARK at line 57: [R5573] Any BKxx and BSAxx updates are not pipline protected against MAR operations within 5 cycles (see line 55) (see the C55x silicon exceptions errata; Advisory CPU_43) i_inner mar *ar2+ ;输出缓冲中待操作的字位置加 1 "jiaozhi.asm", ERROR! at EOF: [E0300] The following symbols are undefined: 3 Assembly Errors, No Assembly Warnings uninter_word loc_word loc_bit inter_bit Errors in Source - Assembler Aborted Compile Complete, 4 Errors, 0 Warnings, 2 Remarks. ```

使用cgo和不使用cgo进行编译时,golang使用的汇编程序

<div class="post-text" itemprop="text"> <p>Let's say I have a golang package, which contains some assembly code:</p> <pre><code> demopkg/ source1.go source2.go asm_amd64.s </code></pre> <p>If I try to build it using <code>go build</code>, toolchain will use <code>go tool asm</code> to assemble the *.s files.</p> <p>But if I add Cgo to the mixture, by putting a single <code>import "C"</code> into any of the sources, go will switch to gcc assembler.</p> <p>I can see it by executing <code>go build -n</code>. Calls to the <code>/usr/local/go/pkg/tool/linux_amd64/asm</code> from the first case get replaced by calls to <code>gcc</code>. Besides that, it starts complaining about broken syntax.</p> <p>Is this behaviour documented, so I can rely on it for the maintaining of my package? Can I force <code>go build</code> to use one exact assembler?</p> </div>

什么时候装配比 c 快?

<div class="post-text" itemprop="text"> <p>One of the stated reasons for knowing assembler is that, on occasion, it can be employed to write code that will be more performant than writing that code in a higher-level language, C in particular. However, I've also heard it stated many times that although that's not entirely false, the cases where assembler can <strong>actually</strong> be used to generate more performant code are both extremely rare and require expert knowledge of and experience with assembly. </p> <p>This question doesn't even get into the fact that assembler instructions will be machine-specific and non-portable, or any of the other aspects of assembler. There are plenty of good reasons for knowing assembly besides this one, of course, but this is meant to be a specific question soliciting examples and data, not an extended discourse on assembler versus higher-level languages.</p> <p>Can anyone provide some <strong>specific examples</strong> of cases where assembly will be faster than well-written C code using a modern compiler, and can you support that claim with profiling evidence? I am pretty confident these cases exist, but I really want to know exactly how esoteric these cases are, since it seems to be a point of some contention.</p> </div> <p>转载于:https://stackoverflow.com/questions/577554/when-is-assembly-faster-than-c</p>

将Go汇编程序翻译为NASM

<div class="post-text" itemprop="text"> <p>I came across the following Go code:</p> <pre><code>type Element [12]uint64 //go:noescape func CSwap(x, y *Element, choice uint8) //go:noescape func Add(z, x, y *Element) </code></pre> <p>where the <code>CSwap</code> and <code>Add</code> functions are basically coming from an assembly, and look like the following:</p> <pre><code>TEXT ·CSwap(SB), NOSPLIT, $0-17 MOVQ x+0(FP), REG_P1 MOVQ y+8(FP), REG_P2 MOVB choice+16(FP), AL // AL = 0 or 1 MOVBLZX AL, AX // AX = 0 or 1 NEGQ AX // RAX = 0x00..00 or 0xff..ff MOVQ (0*8)(REG_P1), BX MOVQ (0*8)(REG_P2), CX // Rest removed for brevity TEXT ·Add(SB), NOSPLIT, $0-24 MOVQ z+0(FP), REG_P3 MOVQ x+8(FP), REG_P1 MOVQ y+16(FP), REG_P2 MOVQ (REG_P1), R8 MOVQ (8)(REG_P1), R9 MOVQ (16)(REG_P1), R10 MOVQ (24)(REG_P1), R11 // Rest removed for brevity </code></pre> <p>What I try to do is that translate the assembly to a syntax that is more familiar to me (I think mine is more like NASM), while the above syntax is Go assembler. Regarding the <code>Add</code> method I didn't have much problem, and translated it correctly (according to test results). It looks like this in my case:</p> <pre><code>.text .global add_asm add_asm: push r12 push r13 push r14 push r15 mov r8, [reg_p1] mov r9, [reg_p1+8] mov r10, [reg_p1+16] mov r11, [reg_p1+24] // Rest removed for brevity </code></pre> <p>But, I have a problem when translating the <code>CSwap</code> function, I have something like this:</p> <pre><code>.text .global cswap_asm cswap_asm: push r12 push r13 push r14 mov al, 16 mov rax, al neg rax mov rbx, [reg_p1+(0*8)] mov rcx, [reg_p2+(0*8)] </code></pre> <p>But this doesn't seem to be quite correct, as I get error when compiling it. Any ideas how to translate the above <code>CSwap</code> assembly part to something like NASM?</p> <p><strong>EDIT (SOLUTION):</strong></p> <p>Okay, after the two answers below, and some testing and digging, I found out that the code uses the following three registers for parameter passing:</p> <pre><code>#define reg_p1 rdi #define reg_p2 rsi #define reg_p3 rdx </code></pre> <p>Accordingly, <code>rdx</code> has the value of the <code>choice</code> parameter. So, all that I had to do was use this:</p> <pre><code>movzx rax, dl // Get the lower 8 bits of rdx (reg_p3) neg rax </code></pre> <p>Using <code>byte [rdx]</code> or <code>byte [reg_3]</code> was giving an error, but using <code>dl</code> seems to work fine for me.</p> </div>

Link Go与任意目标文件(汇编)?

<div class="post-text" itemprop="text"> <p>I would like to make functions written in assembly available to my Go code. I have seen <a href="https://stackoverflow.com/questions/25460967/go-isnt-linking-my-assembly-undefined-external-function">methods for linking functions written in Go assembler's syntax</a> or <a href="https://stackoverflow.com/questions/2951028/is-it-possible-to-include-inline-assembly-in-google-go-code">linking object files using the gccgo toolchain</a>.</p> <p>However, ideally, I would like to be able to use NASM and the "gc" toolchain. I have been messing around with cgo/6g/6l, but had no luck so far.</p> </div>

什么时候组装速度比 c 快?

<div class="post-text" itemprop="text"> <p>One of the stated reasons for knowing assembler is that, on occasion, it can be employed to write code that will be more performant than writing that code in a higher-level language, C in particular. However, I've also heard it stated many times that although that's not entirely false, the cases where assembler can <strong>actually</strong> be used to generate more performant code are both extremely rare and require expert knowledge of and experience with assembly. </p> <p>This question doesn't even get into the fact that assembler instructions will be machine-specific and non-portable, or any of the other aspects of assembler. There are plenty of good reasons for knowing assembly besides this one, of course, but this is meant to be a specific question soliciting examples and data, not an extended discourse on assembler versus higher-level languages.</p> <p>Can anyone provide some <strong>specific examples</strong> of cases where assembly will be faster than well-written C code using a modern compiler, and can you support that claim with profiling evidence? I am pretty confident these cases exist, but I really want to know exactly how esoteric these cases are, since it seems to be a point of some contention.</p> </div> <p>转载于:https://stackoverflow.com/questions/577554/when-is-assembly-faster-than-c</p>

在CentOS6.5装redis时候报错,是不是gcc问题,的错误困扰我好久啦?

make[2]: Leaving directory `/usr/local/redis-3.2.3/deps' CC adlist.o CC quicklist.o CC ae.o In file included from ae.c:53: ae_epoll.c: 在函数‘aeApiAddEvent’中: ae_epoll.c:75: 警告:缺少初始值设定 ae_epoll.c:75: 警告:(在‘ee.data’的初始化附近) ae_epoll.c: 在函数‘aeApiDelEvent’中: ae_epoll.c:92: 警告:缺少初始值设定 ae_epoll.c:92: 警告:(在‘ee.data’的初始化附近) CC anet.o anet.c: 在函数‘anetSockName’中: anet.c:640: 警告:dereferencing pointer ‘s’ does break strict-aliasing rules anet.c:638: 附注:initialized from here anet.c:644: 警告:dereferencing pointer ‘s’ does break strict-aliasing rules anet.c:642: 附注:initialized from here anet.c: 在函数‘anetPeerToString’中: anet.c:584: 警告:dereferencing pointer ‘s’ does break strict-aliasing rules anet.c:582: 附注:initialized from here anet.c:588: 警告:dereferencing pointer ‘s’ does break strict-aliasing rules anet.c:586: 附注:initialized from here anet.c: 在函数‘anetTcpAccept’中: anet.c:555: 警告:dereferencing pointer ‘s’ does break strict-aliasing rules anet.c:553: 附注:initialized from here anet.c:559: 警告:dereferencing pointer ‘s’ does break strict-aliasing rules anet.c:557: 附注:initialized from here /tmp/ccMyxAR8.s: Assembler messages: /tmp/ccMyxAR8.s:3732: Error: symbol `fstatat64' is already defined /tmp/ccMyxAR8.s:3755: Error: symbol `fstat64' is already defined /tmp/ccMyxAR8.s:3774: Error: symbol `lstat64' is already defined /tmp/ccMyxAR8.s:3793: Error: symbol `stat64' is already defined make[1]: *** [anet.o] 错误 1

linux2.6.32编译报错!

CHK include/linux/version.h CHK include/linux/utsrelease.h SYMLINK include/asm -> include/asm-x86 CALL scripts/checksyscalls.sh CHK include/linux/compile.h AS arch/x86/kernel/entry_64.o /tmp/ccIgBHIH.s: Assembler messages: /tmp/ccIgBHIH.s: Error: .size expression for do_hypervisor_callback does not evaluate to a constant make[2]: *** [arch/x86/kernel/entry_64.o] 错误 1 make[1]: *** [arch/x86/kernel] 错误 2 make: *** [arch/x86] 错误 2 joker@Ghost:~/local/linux-2.6.

Benny's Compiler

These days Benny has designed a new compiler for C programming language. His compilation system provides a compiler driver that invokes the language preprocessor, compiler, assembler and linker. C source file (with .C suffix) is translated to relocatable object module first, and then all modules are linked together to generate an executable object file. The translator (preprocessor, compiler and assembler) works perfectly and can generate well optimized assembler code from C source file. But the linker has a serious bug -- it cannot resolve global symbols when there are circular references. To be more specific, if file 1 references variables defined in file 2, file 2 references variables defined in file 3, ... file n-1 references variables defined in file n and file n references variables defined in file 1, then Benny's linker walks out because it doesn't know which file should be processed first. Your job is to determine whether a source file can be compiled successfully by Benny's compiler. Input There are multiple test cases! In each test case, the first line contains one integer N, and then N lines follow. In each of these lines there are two integers Ai and Bi, meaning that file Ai references variables defined in file Bi (1 <= i <= N). The last line of the case contains one integer E, which is the file we want to compile. A negative N denotes the end of input. Else you can assume 0 < N, Ai, Bi, E <= 100. Output There is just one line of output for each test case. If file E can be compiled successfully output "Yes", else output "No". Sample Input 4 1 2 2 3 3 1 3 4 1 4 1 2 2 3 3 1 3 4 4 -1 Sample Output No Yes

cs app缓冲区溢出攻击

Level 0: Candle (10 pts) The function getbuf is called within BUFBOMB by a function test having the following C code: 1 void test() 2 { 3 int val; 4 volatile int local = 0xdeadbeef; 5 entry_check(3); /* Make sure entered this function properly */ 6 val = getbuf(); 7 /* Check for corrupted stack */ 8 if (local != 0xdeadbeef) { 9 printf("Sabotaged!: the stack has been corrupted\n"); 10 } 11 else if (val == cookie) { 12 printf("Boom!: getbuf returned 0x%x\n", val); 13 validate(3); 14 } 15 else { 16 printf("Dud: getbuf returned 0x%x\n", val); 17 } 18 } When getbuf executes its return statement (line 5 of getbuf), the program ordinarily resumes execution within function test (at line 8 of this function). Within the file bufbomb, there is a function smoke having the following C code: void smoke() { entry_check(0); /* Make sure entered this function properly */ printf("Smoke!: You called smoke()\n"); validate(0); exit(0); } Your task is to get BUFBOMB to execute the code for smoke when getbuf executes its return statement, rather than returning to test. You can do this by supplying an exploit string that overwrites the stored return pointer in the stack frame for getbuf with the address of the first instruction in smoke. Note that your exploit string may also corrupt other parts of the stack state, but this will not cause a problem, since smoke causes the program to exit directly. Some Advice: All the information you need to devise your exploit string for this level can be determined by examining a diassembled version of BUFBOMB. Be careful about byte ordering. You might want to use GDB to step the program through the last few instructions of getbuf to make sure it is doing the right thing. The placement of buf within the stack frame for getbuf depends on which version of GCC was used to compile bufbomb. You will need to pad the beginning of your exploit string with the proper number of bytes to overwrite the return pointer. The values of these bytes can be arbitrary. 可以看到:Your task is to get BUFBOMB to execute the code for smoke when getbuf executes its return statement, rather than returning to test. 任务是把getbuf函数返回的地址改为smoke的地址。 getbuf函数的反汇编代码: [cpp] view plain copy 0x08048ad0 <+0>: push %ebp 0x08048ad1 <+1>: mov %esp,%ebp 0x08048ad3 <+3>: sub $0x28,%esp 0x08048ad6 <+6>: lea -0x18(%ebp),%eax 0x08048ad9 <+9>: mov %eax,(%esp) 0x08048adc <+12>: call 0x80489c0 <Gets> 0x08048ae1 <+17>: leave 0x08048ae2 <+18>: mov $0x1,%eax 0x08048ae7 <+23>: ret 可以看到buff存放在返回地址的4+0x18=0x1c处,其十进制是28则要在输入填充28个数,后接smoke的地址 smoke反汇编: Dump of assembler code for function smoke: 0x08048eb0 <+0>: push %ebp 0x08048eb1 <+1>: mov %esp,%ebp 0x08048eb3 <+3>: sub $0x8,%esp 0x08048eb6 <+6>: movl $0x80495f7,(%esp) 0x08048ebd <+13>: call 0x8048758 <puts@plt> 0x08048ec2 <+18>: movl $0x0,(%esp) 0x08048ec9 <+25>: call 0x8048af0 <validate> 0x08048ece <+30>: movl $0x0,(%esp) 0x08048ed5 <+37>: call 0x80487e8 <exit@plt> smoke地址08048eb0,因为是小端机器 所以填入 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 8e 04 08 然而怎么都不对,输出 run -t wu<text.txt Starting program: /home/zawdcxs/Desktop/bufbomb -t wu<text.txt Team: wu Cookie: 0x706f2ba4 Program received signal SIGSEGV, Segmentation fault. 0x30302030 in ?? () 我试验,输入12个字符,就是刚超出buf长度也提示上面这个。按理论上面先pad28个字符是没毛病啊

有人可以建议为什么从源(1.4)进行Go构建会由于GCC编译错误而失败,即使CGO_ENABLED = 0

<div class="post-text" itemprop="text"> <p>In the file make.bat found in go/src (after unzipping tar), there is a gcc compile command even before a check for CGO_ENABLED ever is used. This messes up the bootstrap tool build.</p> <p>For security reasons I cannot install GCC on Windows via cygwin or ming. However, the compiles are for various .c files which makes me unsure about what to do next.</p> <p>I've tinkered about with the source code and the environment variables, especially CGO_ENABLED, which should have been all I needed. However, the make.bat haas that irritating little c compile that seems to be throwing me off.</p> <p>This is the make.bat file and the compile that's throwing me off:</p> <pre><code>:: CGO_ENABLED: Controls cgo usage during the build. Set it to 1 :: to include all cgo related files, .c and .go file with "cgo" :: build directive, in the build. Set it to 0 to ignore them. @echo off :: Keep environment variables within this script :: unless invoked with --no-local. if x%1==x--no-local goto nolocal if x%2==x--no-local goto nolocal setlocal :nolocal set GOBUILDFAIL=0 if exist make.bat goto ok echo Must run make.bat from Go src directory. goto fail :ok :: Clean old generated file that will cause problems in the build. del /F ".\pkg untime untime_defs.go" 2&gt;NUL :: Grab default GOROOT_FINAL and set GOROOT for build. :: The expression %VAR:\=\\% means to take %VAR% :: and apply the substitution \ = \\, escaping the :: backslashes. Then we wrap that in quotes to create :: a C string. cd .. set GOROOT=%CD% cd src if "x%GOROOT_FINAL%"=="x" set GOROOT_FINAL=%GOROOT% set DEFGOROOT=-DGOROOT_FINAL="\"%GOROOT_FINAL:\=\\%\"" echo # Building C bootstrap tool. echo cmd/dist/*.c if not exist ..\bin\tool mkdir ..\bin\tool :: Windows has no glob expansion, so spell out cmd/dist/*.c. gcc -O2 -Wall -Werror -o cmd/dist/dist.exe -Icmd/dist %DEFGOROOT% cmd/dist/buf.c cmd/dist/build.c cmd/dist/buildgc.c cmd/dist/buildgo.c cmd/dist/buildruntime.c cmd/dist/main.c cmd/dist/windows.c cmd/dist/arm.c if errorlevel 1 goto fail .\cmd\dist\dist env -wp &gt;env.bat if errorlevel 1 goto fail call env.bat del env.bat echo. </code></pre> <p>The final result is just a standard gcc error : </p> <p>Building C bootstrap tool.</p> <p>cmd/dist/*.c</p> <p>"gcc" is not recognized as...</p> </div>

CentOS安装gcc-c++出现错误

在Centos中安装gcc gcc-c++总是出现Connot find a valid baseurl for repo : base的错误,怎样解决?

YOLOv3目标检测实战:训练自己的数据集

YOLOv3目标检测实战:训练自己的数据集

150讲轻松搞定Python网络爬虫

150讲轻松搞定Python网络爬虫

实用主义学Python(小白也容易上手的Python实用案例)

实用主义学Python(小白也容易上手的Python实用案例)

我说我不会算法,阿里把我挂了。

不说了,字节跳动也反手把我挂了。

立方体线框模型透视投影 (计算机图形学实验)

计算机图形学实验 立方体线框模型透视投影 的可执行文件,亲测可运行,若需报告可以联系我,期待和各位交流

2019 AI开发者大会

2019 AI开发者大会

组成原理课程设计(实现机器数的真值还原等功能)

实现机器数的真值还原(定点小数)、定点小数的单符号位补码加减运算、定点小数的补码乘法运算和浮点数的加减运算。

C/C++跨平台研发从基础到高阶实战系列套餐

一 专题从基础的C语言核心到c++ 和stl完成基础强化; 二 再到数据结构,设计模式完成专业计算机技能强化; 三 通过跨平台网络编程,linux编程,qt界面编程,mfc编程,windows编程,c++与lua联合编程来完成应用强化 四 最后通过基于ffmpeg的音视频播放器,直播推流,屏幕录像,

MFC一站式终极全套课程包

该套餐共包含从C小白到C++到MFC的全部课程,整套学下来绝对成为一名C++大牛!!!

软件测试2小时入门

软件测试2小时入门

三个项目玩转深度学习(附1G源码)

三个项目玩转深度学习(附1G源码)

计算机图形学-球的光照模型课程设计

计算机图形学-球的光照模型,有代码完美运行,有课程设计书

Linux常用命令大全(非常全!!!)

Linux常用命令大全(非常全!!!) 最近都在和Linux打交道,感觉还不错。我觉得Linux相比windows比较麻烦的就是很多东西都要用命令来控制,当然,这也是很多人喜欢linux的原因,比较短小但却功能强大。我将我了解到的命令列举一下,仅供大家参考: 系统信息 arch 显示机器的处理器架构 uname -m 显示机器的处理器架构 uname -r 显示正在使用的内核版本 d...

因为看了这些书,我大二就拿了华为Offer

四年了,四年,你知道大学这四年我怎么过的么?

深度学习原理+项目实战+算法详解+主流框架(套餐)

深度学习系列课程从深度学习基础知识点开始讲解一步步进入神经网络的世界再到卷积和递归神经网络,详解各大经典网络架构。实战部分选择当下最火爆深度学习框架PyTorch与Tensorflow/Keras,全程实战演示框架核心使用与建模方法。项目实战部分选择计算机视觉与自然语言处理领域经典项目,从零开始详解算法原理,debug模式逐行代码解读。适合准备就业和转行的同学们加入学习! 建议按照下列课程顺序来进行学习 (1)掌握深度学习必备经典网络架构 (2)深度框架实战方法 (3)计算机视觉与自然语言处理项目实战。(按照课程排列顺序即可)

fakeLocation13.5.1.zip

fakeLocation13.5.1 虚拟定位 ios13.5.1的最新驱动下载,iPhone/iPad免越狱虚拟定位工具Location-cleaned驱动已更新

UnityLicence

UnityLicence

Python可以这样学(第一季:Python内功修炼)

Python可以这样学(第一季:Python内功修炼)

Python+OpenCV计算机视觉

Python+OpenCV计算机视觉

土豆浏览器

土豆浏览器可以用来看各种搞笑、电影、电视剧视频

【数据结构与算法综合实验】欢乐连连看(C++ & MFC)案例

这是武汉理工大学计算机学院数据结构与算法综合实验课程的第三次项目:欢乐连连看(C++ & MFC)迭代开发代码。运行环境:VS2017。已经实现功能:开始游戏、消子、判断胜负、提示、重排、计时、帮助。

php+mysql学生成绩管理系统

学生成绩管理系统,分三个模块:学生,教师和管理员。 管理员模块:负责学生、老师信息的增删改;发布课程信息的增删改,以便让学生选课;审核老师提交的学生成绩并且打印成绩存档;按照课号查询每个课号的学生成绩

多功能数字钟.zip

利用数字电子计数知识设计并制作的数字电子钟(含multisim仿真),该数字钟具有显示星期、24小时制时间、闹铃、整点报时、时间校准功能

推荐24个国外黄色网站欣赏

在中国清朝,明黄色的衣服只有皇子才有资格穿,慢慢的黄色在中国就成了高贵的颜色。在人们的色彩印象中,黄色也表现为暂停。所以当你的网页设计采用黄色的时候,会让人们在你的网页前停留。 黄色,就像橙色和红色,黄色也是一个暖色。它有大自然、阳光、春天的涵义,而且通常被认为是一个快乐和有希望的色彩。黄色是所有色相中最能发光的颜色,给人轻快,透明,辉煌,充满希望的色彩印象。 黄色是一个高可见的色...

u-boot-2015.07.tar.bz2

uboot-2015-07最新代码,喜欢的朋友请拿去

一学即懂的计算机视觉(第一季)

一学即懂的计算机视觉(第一季)

学生成绩管理系统(PHP + MYSQL)

做的是数据库课程设计,使用的php + MySQL,本来是黄金搭配也就没啥说的,推荐使用wamp服务器,里面有详细的使用说明,带有界面的啊!呵呵 不行的话,可以给我留言!

Windows版YOLOv4目标检测实战:训练自己的数据集

Windows版YOLOv4目标检测实战:训练自己的数据集

C++语言基础视频教程

C++语言基础视频教程

玩转Python-Python3基础入门

玩转Python-Python3基础入门

2019校招硬件乐鑫+比特大陆笔试题

楼主水硕一枚,参加了2019年的秋招。自己总结了下乐鑫的笔试题目(现场笔试)以及网上考试的比特大陆的题目

相关热词 c#怎么获得线程名 c# usb 采集器 c# sort() c#面对对象的三大特性 c# 打印 等比缩放 c#弹出右键菜单 c# 系统托盘图标 c# 键值对 键可以重复 c# 鼠标移上去提示 c#结构体定义
立即提问