我敢肯定,在命令行中输入参数应该是一个字符串,但是当我到达“呼叫__isoc99_sscanf”,EAX寄存器保存的值0。我真的不知道该怎么“呼__isoc99_sscanf”是应该工作,但是我不知道堆栈指针的排序如下所示:
.L1 |欧洲联盟
.LC1是“输入:%s”和EAX“呼叫__isoc99_sscanf”是33之前并保持在存储器中的字符串。在任何情况下,什么时候__isoc99_sscanf导致1的电话吗?
.code32
.file "mystery.c"
.text
.LCO:
.string "Incorrect number of command line arguments given"
.LC1:
.string "Input:%s"
.align 4
.LC2:
.string "Incorrect format for command line argument"
.LC3:
.string "Output: \"%s\"\n"
.text
.globl main
.type main, @function
main:
pushl %ebp
movl %esp, %ebp
andl $-16, %esp
subl $32, %esp
cmpl $2, 8(%ebp)
je .L18
movl $.LC0, (%esp)
call puts
movl $1, %eax
jmp .L19
.L18:
movl 12(%ebp), %eax
addl $4, %eax
movl (%eax), %eax
movl %eax, (%esp)
call strlen
movl %eax, %edx
movl %edx, %eax
sall $2, %eax
addl %edx, %eax
movl %eax, (%esp)
call malloc
movl %eax, 28(%esp)
movl $.LC1, %edx
movl 12(%ebp), %eax
addl $4, %eax
movl (%eax), %eax
movl 28(%esp), %ecx
movl %ecx, 8(%esp)
movl %edx, 4(%esp)
movl %eax, (%esp)
call __isoc99_sscanf
cmpl $1, %eax
je .L20
movl $.LC2, (%esp)
call puts
movl $1, %eax
jmp .L19
.L20:
movl 28(%esp), %eax
movl %eax, (%esp)
call foo
movl $.LC3, %eax
movl 28(%esp), %edx
movl %edx, 4(%esp)
movl %eax, (%esp)
call printf
movl 28(%esp), %eax
movl %eax, (%esp)
call free
jmp .L17
.L19:
.L17:
leave
ret
.size main, .-main
.ident "GCC: (GNU) 4.4.7 20120313 (Red Hat 4.4.7-4)"
.section .note.GNU-stack,"",@progbits
我认为这有助于:
man scanf:
These functions return the number of input items successfully matched
and assigned, which can be fewer than provided for, or even zero in the
event of an early matching failure.
基本上,它返回刚才输入到计算机中的总输入量。如果你把两个数字中的“1 4”,那就%RAX设置为2。