¾Ý˵ÊÇÃÀ¹ú×î¡°¹Ö¡±C³ÌÐò´óÈüµÄ»ñ½±³ÌÐò
int main()
{
printf(&unix["\021%six\012\0"], (unix)["have"] + "fun" - 0x60);
}
gcc -S±àÒë³É»ã±à´úÂëÈçÏÂ:
.file "test.c"
.section .rodata
.LC0:
.string "fun"
.LC1:
.string "\021%six\n"
.string ""
.text
.globl main
.type main,@function
main:
pushl %ebp
movl %esp, %ebp
subl $8, %esp
andl $-16, %esp
movl $0, %eax
subl %eax, %esp
subl $8, %esp
movl $.LC0, %eax
subl $96, %eax
addl $97, %eax
pushl %eax
pushl $.LC1+1
call printf
addl $16, %esp
leave
ret
.Lfe1:
.size main,.Lfe1-main
.section .note.GNU-stack,"",@progbits
&n
Ïà¹ØÎĵµ£º
ÔÚCÓïÑÔÖУ¬staticµÄ×ÖÃæÒâ˼ºÜÈÝÒ×°ÑÎÒÃǵ¼ÈëÆç;£¬ÆäʵËüµÄ×÷ÓÃÓÐÈýÌõ¡£
£¨1£©ÏÈÀ´½éÉÜËüµÄµÚÒ»ÌõÒ²ÊÇ×îÖØÒªµÄÒ»Ìõ£ºÒþ²Ø¡£
µ±ÎÒÃÇͬʱ±àÒë¶à¸öÎļþʱ£¬ËùÓÐδ¼Óstaticǰ׺µÄÈ«¾Ö±äÁ¿ºÍº¯Êý¶¼¾ßÓÐÈ«¾Ö¿É¼ûÐÔ¡£ÎªÀí½âÕâ¾ä»°£¬ÎÒ¾ÙÀýÀ´ËµÃ÷¡£ÎÒÃÇҪͬʱ±àÒëÁ½¸öÔ´Îļþ£¬Ò»¸öÊÇa.c£¬ÁíÒ»¸öÊÇmain.c¡£
ÏÂÃæÊÇa.cµÄÄÚÈÝ
ch ......
ÎÊÌâÃèÊö£ºÒ»Ë³ÐòÎļþÖÐÖÁ¶à´æÔÚ10000000¸ö¼Ç¼£¬Ã¿Ìõ¼Ç¼¶¼ÊÇÒ»¸ö7λÕûÊý£¬Çë¶Ô´ËÎļþÖÐÊý¾Ý½øÐÐÅÅÐò¡£
ÒªÇó£º1.³ÌÐò¿ÉʹÓÃÄÚ´æÖ»ÓÐ1MB¡£2.³ÌÐòÔËÐÐʱ¼ä¾¡¿ÉÄܵĶ̡£
²¹³ä˵Ã÷£ºÃ¿¸ö¼Ç¼¶¼ÊÇÒ»¸ö7λÕýÕûÊý£¬²¢ÇÒûÓÐÆäËûµÄ¹ØÁªÊý¾Ý£¬Ã¿¸öÕûÊýÖÁ¶àÖ»ÄܳöÏÖÒ»´Î¡£
ʵÏÖ¸ÙÒª£º
ÔÚÏÖʵÖУ¬Î»Í¼ºÍλÏòÁ¿ºÜ³£¼û£¬ÎÒÃÇ¿ÉÒÔÊ¹Ó ......
ÔÎĵØÖ·£ºhttp://westsoftware.blog.163.com/blog/static/2609410920091953456841/
×î½üÒ»Ö±ÔÚ¿´Andrew KoeningдµÄÊé¼®£¬¿ÉÒÔ˵ѧϰC/C++»òÕß´ÓÊÂÕâ·½ÃæµÄ¿ª·¢µÄÈËÔ±·Ç³£ÖµµÃÒ»¿´µÄÊé¼®£¬ÕâÀïÎÒÍƼö¿´¿´¡¶CÏÝÚåÓëȱÏÝ¡·Ó롶C/C++³Á˼¼¡·¡£
ÕâÀïÏÈÀ´¿´¿ ......
