逆向-beginners之指针变量

#include <stdio.h>

int f(int *a, int *b, int *c)

{

printf("%d %d %d\n", *a, *b, *c); // 1 2 3

*a = 7;

*b = 8;

*c = 9;

printf("%d %d %d\n", *a, *b, *c); // 7 8 9

return 0;

}

int main()

{

int a = 1, b = 2, c = 3;

printf("%d %d %d\n", a, b, c); // 1 2 3

f(&a, &b, &c);

printf("%d %d %d\n", a, b, c); // 7 8 9

return 0;

}

#if 0

note : 传递地址到函数的基本上都是指针

#endif

#if 0

/*

* intel

*/

0000000000001169 <f>:

1169: f3 0f 1e fa endbr64

116d: 55 push %rbp

116e: 48 89 e5 mov %rsp,%rbp

1171: 48 83 ec 20 sub $0x20,%rsp

1175: 48 89 7d f8 mov %rdi,-0x8(%rbp)

1179: 48 89 75 f0 mov %rsi,-0x10(%rbp)

117d: 48 89 55 e8 mov %rdx,-0x18(%rbp)

1181: 48 8b 45 e8 mov -0x18(%rbp),%rax

1185: 8b 08 mov (%rax),%ecx

1187: 48 8b 45 f0 mov -0x10(%rbp),%rax

118b: 8b 10 mov (%rax),%edx

118d: 48 8b 45 f8 mov -0x8(%rbp),%rax

1191: 8b 00 mov (%rax),%eax

1193: 89 c6 mov %eax,%esi

1195: 48 8d 3d 68 0e 00 00 lea 0xe68(%rip),%rdi # 2004 <_IO_stdin_used+0x4>

119c: b8 00 00 00 00 mov $0x0,%eax

11a1: e8 ca fe ff ff callq 1070 <printf@plt>

11a6: 48 8b 45 f8 mov -0x8(%rbp),%rax

11aa: c7 00 07 00 00 00 movl $0x7,(%rax)

11b0: 48 8b 45 f0 mov -0x10(%rbp),%rax

11b4: c7 00 08 00 00 00 movl $0x8,(%rax)

11ba: 48 8b 45 e8 mov -0x18(%rbp),%rax

11be: c7 00 09 00 00 00 movl $0x9,(%rax)

11c4: 48 8b 45 e8 mov -0x18(%rbp),%rax

11c8: 8b 08 mov (%rax),%ecx

11ca: 48 8b 45 f0 mov -0x10(%rbp),%rax

11ce: 8b 10 mov (%rax),%edx

11d0: 48 8b 45 f8 mov -0x8(%rbp),%rax

11d4: 8b 00 mov (%rax),%eax

11d6: 89 c6 mov %eax,%esi

11d8: 48 8d 3d 25 0e 00 00 lea 0xe25(%rip),%rdi # 2004 <_IO_stdin_used+0x4>

11df: b8 00 00 00 00 mov $0x0,%eax

11e4: e8 87 fe ff ff callq 1070 <printf@plt>

11e9: b8 00 00 00 00 mov $0x0,%eax

11ee: c9 leaveq

11ef: c3 retq

00000000000011f0 <main>:

11f0: f3 0f 1e fa endbr64

11f4: 55 push %rbp

11f5: 48 89 e5 mov %rsp,%rbp

11f8: 48 83 ec 20 sub $0x20,%rsp

11fc: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax

1203: 00 00

1205: 48 89 45 f8 mov %rax,-0x8(%rbp)

1209: 31 c0 xor %eax,%eax

120b: c7 45 ec 01 00 00 00 movl $0x1,-0x14(%rbp)

1212: c7 45 f0 02 00 00 00 movl $0x2,-0x10(%rbp)

1219: c7 45 f4 03 00 00 00 movl $0x3,-0xc(%rbp)

1220: 8b 4d f4 mov -0xc(%rbp),%ecx

1223: 8b 55 f0 mov -0x10(%rbp),%edx

1226: 8b 45 ec mov -0x14(%rbp),%eax

1229: 89 c6 mov %eax,%esi

122b: 48 8d 3d d2 0d 00 00 lea 0xdd2(%rip),%rdi # 2004 <_IO_stdin_used+0x4>

1232: b8 00 00 00 00 mov $0x0,%eax

1237: e8 34 fe ff ff callq 1070 <printf@plt>

123c: 48 8d 55 f4 lea -0xc(%rbp),%rdx

1240: 48 8d 4d f0 lea -0x10(%rbp),%rcx

1244: 48 8d 45 ec lea -0x14(%rbp),%rax

1248: 48 89 ce mov %rcx,%rsi

124b: 48 89 c7 mov %rax,%rdi

124e: e8 16 ff ff ff callq 1169 <f>

1253: 8b 4d f4 mov -0xc(%rbp),%ecx

1256: 8b 55 f0 mov -0x10(%rbp),%edx

1259: 8b 45 ec mov -0x14(%rbp),%eax

125c: 89 c6 mov %eax,%esi

125e: 48 8d 3d 9f 0d 00 00 lea 0xd9f(%rip),%rdi # 2004 <_IO_stdin_used+0x4>

1265: b8 00 00 00 00 mov $0x0,%eax

126a: e8 01 fe ff ff callq 1070 <printf@plt>

126f: b8 00 00 00 00 mov $0x0,%eax

1274: 48 8b 75 f8 mov -0x8(%rbp),%rsi

1278: 64 48 33 34 25 28 00 xor %fs:0x28,%rsi

127f: 00 00

1281: 74 05 je 1288 <main+0x98>

1283: e8 d8 fd ff ff callq 1060 <__stack_chk_fail@plt>

1288: c9 leaveq

1289: c3 retq

128a: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)

/*

* arm

*/

000000000040055c <f>:

40055c: a9bd7bfd stp x29, x30, [sp, #-48]!

400560: 910003fd mov x29, sp

400564: f90017a0 str x0, [x29, #40]

400568: f90013a1 str x1, [x29, #32]

40056c: f9000fa2 str x2, [x29, #24]

400570: f94017a0 ldr x0, [x29, #40]

400574: b9400001 ldr w1, [x0]

400578: f94013a0 ldr x0, [x29, #32]

40057c: b9400002 ldr w2, [x0]

400580: f9400fa0 ldr x0, [x29, #24]

400584: b9400003 ldr w3, [x0]

400588: 90000000 adrp x0, 400000 <_init-0x3e8>

40058c: 911c2000 add x0, x0, #0x708

400590: 97ffffb0 bl 400450 <printf@plt>

400594: f94017a0 ldr x0, [x29, #40]

400598: 528000e1 mov w1, #0x7 // #7

40059c: b9000001 str w1, [x0]

4005a0: f94013a0 ldr x0, [x29, #32]

4005a4: 52800101 mov w1, #0x8 // #8

4005a8: b9000001 str w1, [x0]

4005ac: f9400fa0 ldr x0, [x29, #24]

4005b0: 52800121 mov w1, #0x9 // #9

4005b4: b9000001 str w1, [x0]

4005b8: f94017a0 ldr x0, [x29, #40]

4005bc: b9400001 ldr w1, [x0]

4005c0: f94013a0 ldr x0, [x29, #32]

4005c4: b9400002 ldr w2, [x0]

4005c8: f9400fa0 ldr x0, [x29, #24]

4005cc: b9400003 ldr w3, [x0]

4005d0: 90000000 adrp x0, 400000 <_init-0x3e8>

4005d4: 911c2000 add x0, x0, #0x708

4005d8: 97ffff9e bl 400450 <printf@plt>

4005dc: 52800000 mov w0, #0x0 // #0

4005e0: a8c37bfd ldp x29, x30, [sp], #48

4005e4: d65f03c0 ret

00000000004005e8 <main>:

4005e8: a9be7bfd stp x29, x30, [sp, #-32]!

4005ec: 910003fd mov x29, sp

4005f0: 52800020 mov w0, #0x1 // #1

4005f4: b9001fa0 str w0, [x29, #28]

4005f8: 52800040 mov w0, #0x2 // #2

4005fc: b9001ba0 str w0, [x29, #24]

400600: 52800060 mov w0, #0x3 // #3

400604: b90017a0 str w0, [x29, #20]

400608: b9401fa1 ldr w1, [x29, #28]

40060c: b9401ba2 ldr w2, [x29, #24]

400610: b94017a3 ldr w3, [x29, #20]

400614: 90000000 adrp x0, 400000 <_init-0x3e8>

400618: 911c2000 add x0, x0, #0x708

40061c: 97ffff8d bl 400450 <printf@plt>

400620: 910053a2 add x2, x29, #0x14

400624: 910063a1 add x1, x29, #0x18

400628: 910073a0 add x0, x29, #0x1c

40062c: 97ffffcc bl 40055c <f>

400630: b9401fa1 ldr w1, [x29, #28]

400634: b9401ba2 ldr w2, [x29, #24]

400638: b94017a3 ldr w3, [x29, #20]

40063c: 90000000 adrp x0, 400000 <_init-0x3e8>

400640: 911c2000 add x0, x0, #0x708

400644: 97ffff83 bl 400450 <printf@plt>

400648: 52800000 mov w0, #0x0 // #0

40064c: a8c27bfd ldp x29, x30, [sp], #32

400650: d65f03c0 ret

400654: 00000000 .inst 0x00000000 ; undefined

#endif