in intel x86 instruction set, "jmp $" means jump to this instruction location, thus falling into an infinite loop.

https://defuse.ca/online-x86-assembler.htm#disassembly

the instruction is "0xfeeb".

Based on this instruction, we can create possibly the shortest C program that can compile and run successfully on x86 platform.

main=0xfeeb;

1, the variable main has no type here, and will be defaulted to integer (int). this reminds us of the good old K&R days. This is still allowed by latest C standards (i.e. C99). therefore it's actually

int main=0xfeeb;

2, the variable main is a global variable, therefore the symbol "main" will be exported in this compilation unit. for example, if the file is named "shortest_c_program.c" and we execute the following commands:

$ gcc -std=c99 shortest_c_program.c -c

shortest_c_program.c::: warning: data definition has no type or storage class [enabled by default]

shortest_c_program.c::: warning: type defaults to ‘int’ in declaration of ‘main’ [enabled by default]

$ objdump --syms shortest_c_program.o

shortest_c_program.o:     file format pe-i386

SYMBOL TABLE:

[  ](sec -)(fl 0x00)(ty   )(scl ) (nx ) 0x00000000 shortest_c_program.c

File

[  ](sec  )(fl 0x00)(ty   )(scl   ) (nx ) 0x00000000 .text

AUX scnlen 0x0 nreloc  nlnno

[  ](sec  )(fl 0x00)(ty   )(scl   ) (nx ) 0x00000000 .data

AUX scnlen 0x4 nreloc  nlnno

[  ](sec  )(fl 0x00)(ty   )(scl   ) (nx ) 0x00000000 .bss

AUX scnlen 0x0 nreloc  nlnno

[  ](sec  )(fl 0x00)(ty   )(scl   ) (nx ) 0x00000000 _main

it's confirmed that the symbol "_main" is exported.

3, when this object file is linked against the compiler attached crt stub (part of the library e.g. glibc), by default the entry point is the symbol "_start". the symbol "_start" points to some code that will call a symbol "_main". typically the symbol _main points to the main function which is the compiled version of C main function. In this case, main actually points to a location where the value of the main variable is stored.

http://ftp.gnu.org/pub/old-gnu/Manuals/ld-2.9.1/html_node/ld_24.html

4, when _start calls _main, the cpu actually takes 0xfeeb as an instruction which is "jmp $" on x86, therefore it executes the instruction again and again.

another point, what's the shortest legitimate C program? i.e. which can compile successfully (but might not run successfully)

Answer:

main;

because main is a global variable, it's initialised to 0, therefore the program will crash on segfault (null pointer dereference).

jmp $的更多相关文章

  1. 汇编指令mov、add、sub、jmp

    mov:寄存器,数据 mov:寄存器,寄存器 mov:寄存器,内存单元 mov:段寄存器,内存单元 mov:内存单元,寄存器 mov:内存单元,段寄存器 mov:段寄存器,寄存器 mov:寄存器,段寄 ...

  2. jmp使用

    jps -l jmap 36429 jmap -heap 36429 jmap -histo:live 36429 jmap -clstats 36429 jmap  -finalizerinfo 3 ...

  3. Hack Programming

    计算机由ROM(instruction memory).RAM(data memory).CPU组成,其关系如下图 在计算中存在3种寄存器:D.A.M.其中D是data register,A是addr ...

随机推荐

  1. Android发送验证码的倒计时button

    1 直接上图 2 原理 原理非常easy,就是把对应的倒计时逻辑等封装到一个控件中,并向外部提供接口. 3 代码 import java.util.Timer; import java.util.Ti ...

  2. 【BZOJ4976】宝石镶嵌 DP

    [BZOJ4976]宝石镶嵌 Description 魔法师小Q拥有n个宝石,每个宝石的魔力依次为w_1,w_2,...,w_n.他想把这些宝石镶嵌到自己的法杖上,来提升法杖的威力.不幸的是,小Q的法 ...

  3. Refused to set unsafe header

    Refused to set unsafe header Refused to set unsafe header "Host"waitServerDeal @ tGet.html ...

  4. 项目log4j日志管理详解

    项目log4j日志管理详解 log4j日志系统在项目中重要性在这里就不再累述,我们在平时使用时如果没有特定要求,只需在log4j.properties文件中顶入输出级别就行了.如果要自定义输出文件,对 ...

  5. ubuntu mysql 配置(远程访问&&字符集设置&&忽略大小写)

    1.安装 参考http://www.cnblogs.com/wuhou/archive/2008/09/28/1301071.html sudo apt-get install mysql-serve ...

  6. java语言中Object对象的hashCode()取值的底层算法是怎样实现的

    Java语言中,Object对象有个特殊的方法:hashcode(), hashcode()表示的是JVM虚拟机为这个Object对象分配的一个int类型的数值,JVM会使用对象的hashcode值来 ...

  7. Vim设置括号自动补全和快速跳出

    一.设置括号自动补全 inoremap ' ''<ESC>i inoremap " ""<ESC>i inoremap ( ()<ESC&g ...

  8. SecureCRT连接Ubuntu失败(远程系统拒绝访问)

    SecureCRT连接Ubuntu失败,长时间的重新连接,连接不了. Ubuntu默认未安装ssh远程加密连接服务. 使用命令,安装即可. sudo apt-get install openssh-s ...

  9. MysqL的root用户不允许远程连接,只能通过PHPMYADMIN

    解决方法:1.改表法 可能是你的帐号不允许从远程登陆,只能在localhost.这个时候只要在localhost的那台电脑,登入mysql后,更改 "mysql" 数据库里的 &q ...

  10. 如何用命令行删除EasyBCD开机选择项?

    用硬盘安装Ubuntu方法的windows双系统电脑上面,很多人都是用EasyBCD设置的开机启动选择.所以当我们不需要双系统的时候,或者已经删除双系统后,或者安装双系统失败的情况下,发现电脑的开机启 ...