首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. 软件逆向
    3. 发新帖
[求助]R10怎么全变0了
发表于: 2015-5-28 16:47 4608

[求助]R10怎么全变0了

saga 活跃值
2
2015-5-28 16:47
4608
上代码,希望懂的朋友指点下!!拜谢

(lldb) ni
Process 13409 stopped
* thread #1: tid = 0xe7225, 0x00007fff958920dd libobjc.A.dylib`objc_msgSend + 29, queue = 'com.apple.main-thread', stop reason = instruction step over
    frame #0: 0x00007fff958920dd libobjc.A.dylib`objc_msgSend + 29
libobjc.A.dylib`objc_msgSend:
->  0x7fff958920dd <+29>: andl   0x18(%r11), %r10d   //这句代码执行后 r10就全零了 不懂??
    0x7fff958920e1 <+33>: shlq   $0x4, %r10
    0x7fff958920e5 <+37>: addq   0x10(%r11), %r10
    0x7fff958920e9 <+41>: cmpq   (%r10), %rsi
(lldb) re read rdi rsi r11 r10
     rdi = 0x0000000100201200
     rsi = 0x00007fff965eb509
     r11 = 0x00007fff5fbffa40
     r10 = 0x00007fff965eb509  //之前的值
(lldb) ni
Process 13409 stopped
* thread #1: tid = 0xe7225, 0x00007fff958920e1 libobjc.A.dylib`objc_msgSend + 33, queue = 'com.apple.main-thread', stop reason = instruction step over
    frame #0: 0x00007fff958920e1 libobjc.A.dylib`objc_msgSend + 33
libobjc.A.dylib`objc_msgSend:
->  0x7fff958920e1 <+33>: shlq   $0x4, %r10
    0x7fff958920e5 <+37>: addq   0x10(%r11), %r10
    0x7fff958920e9 <+41>: cmpq   (%r10), %rsi
    0x7fff958920ec <+44>: jne    0x7fff958920f2            ; <+50>
(lldb) re read rdi rsi r11 r10
     rdi = 0x0000000100201200
     rsi = 0x00007fff965eb509
     r11 = 0x00007fff5fbffa40
     r10 = 0x0000000000000000 //全零了
(lldb) x 0x00007fff5fbffa40    //%r11
0x7fff5fbffa40: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc  ????????????????
0x7fff5fbffa50: f0 ff 6f 00 01 00 00 00 00 00 00 08 00 00 00 00  ??o.............
(lldb) x 0x00007fff5fbffa58    //0x18(%r11)
0x7fff5fbffa58: 00 00 00 08 00 00 00 00 20 ab 08 10 96 e3 00 04  ........ ?...?..
0x7fff5fbffa68: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 0
支持
分享
最新回复 (4)
wssbwpp
雪    币: 218
活跃值: (296)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
2
应该是相当于0x18 & R11->R10
2015-5-28 18:00
0
Vsbat
雪    币: 859
活跃值: (309)
能力值: ( LV11,RANK:180 )
在线值:
发帖
回帖
粉丝
私信
3
When in 64-bit mode, operand size determines the number of valid bits in the destination general-purpose register:
• 64-bit operands generate a 64-bit result in the destination general-purpose register.
32-bit operands generate a 32-bit result, zero-extended to a 64-bit result in the destination general-purpose
register.
• 8-bit and 16-bit operands generate an 8-bit or 16-bit result. The upper 56 bits or 48 bits (respectively) of the
destination general-purpose register are not modified by the operation. If the result of an 8-bit or 16-bit
operation is intended for 64-bit address calculation, explicitly sign-extend the register to the full 64-bits.

来自intel manual的一段文字。
32位操作产生32位结果,目的寄存器高32位清零。
2015-5-29 09:48
0
saga
雪    币: 224
活跃值: (10)
能力值: ( LV6,RANK:90 )
在线值:
发帖
回帖
粉丝
私信
4
你这个间接寻址还没有学好,还需要复习下
2015-5-29 11:30
0
saga
雪    币: 224
活跃值: (10)
能力值: ( LV6,RANK:90 )
在线值:
发帖
回帖
粉丝
私信
5
应该是正解  十分感谢!!
2015-5-29 11:31
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//