in intel x86 instruction set, "jmp $" means jump to this instruction location, thus falling into an infinite loop.

https://defuse.ca/online-x86-assembler.htm#disassembly

the instruction is "0xfeeb".

Based on this instruction, we can create possibly the shortest C program that can compile and run successfully on x86 platform.

main=0xfeeb;

1, the variable main has no type here, and will be defaulted to integer (int). this reminds us of the good old K&R days. This is still allowed by latest C standards (i.e. C99). therefore it's actually

int main=0xfeeb;

2, the variable main is a global variable, therefore the symbol "main" will be exported in this compilation unit. for example, if the file is named "shortest_c_program.c" and we execute the following commands:

$ gcc -std=c99 shortest_c_program.c -c

shortest_c_program.c::: warning: data definition has no type or storage class [enabled by default]

shortest_c_program.c::: warning: type defaults to ‘int’ in declaration of ‘main’ [enabled by default]

$ objdump --syms shortest_c_program.o

shortest_c_program.o:     file format pe-i386

SYMBOL TABLE:

[  ](sec -)(fl 0x00)(ty   )(scl ) (nx ) 0x00000000 shortest_c_program.c

File

[  ](sec  )(fl 0x00)(ty   )(scl   ) (nx ) 0x00000000 .text

AUX scnlen 0x0 nreloc  nlnno

[  ](sec  )(fl 0x00)(ty   )(scl   ) (nx ) 0x00000000 .data

AUX scnlen 0x4 nreloc  nlnno

[  ](sec  )(fl 0x00)(ty   )(scl   ) (nx ) 0x00000000 .bss

AUX scnlen 0x0 nreloc  nlnno

[  ](sec  )(fl 0x00)(ty   )(scl   ) (nx ) 0x00000000 _main

it's confirmed that the symbol "_main" is exported.

3, when this object file is linked against the compiler attached crt stub (part of the library e.g. glibc), by default the entry point is the symbol "_start". the symbol "_start" points to some code that will call a symbol "_main". typically the symbol _main points to the main function which is the compiled version of C main function. In this case, main actually points to a location where the value of the main variable is stored.

http://ftp.gnu.org/pub/old-gnu/Manuals/ld-2.9.1/html_node/ld_24.html

4, when _start calls _main, the cpu actually takes 0xfeeb as an instruction which is "jmp $" on x86, therefore it executes the instruction again and again.

another point, what's the shortest legitimate C program? i.e. which can compile successfully (but might not run successfully)

Answer:

main;

because main is a global variable, it's initialised to 0, therefore the program will crash on segfault (null pointer dereference).

jmp $的更多相关文章

  1. 汇编指令mov、add、sub、jmp

    mov:寄存器,数据 mov:寄存器,寄存器 mov:寄存器,内存单元 mov:段寄存器,内存单元 mov:内存单元,寄存器 mov:内存单元,段寄存器 mov:段寄存器,寄存器 mov:寄存器,段寄 ...

  2. jmp使用

    jps -l jmap 36429 jmap -heap 36429 jmap -histo:live 36429 jmap -clstats 36429 jmap  -finalizerinfo 3 ...

  3. Hack Programming

    计算机由ROM(instruction memory).RAM(data memory).CPU组成,其关系如下图 在计算中存在3种寄存器:D.A.M.其中D是data register,A是addr ...

随机推荐

  1. Linux 开启端口,操作防火墙

    命令行方式:    添加10002端口方法 1.vi etc/sysconfig/iptables 2. 开放端口命令:-A INPUT -p tcp -m state --state NEW -m ...

  2. testVC.modalPresentationStyle = UIModalPresentationFormSheet; 更改 VC大小

    本文转载至 http://www.cocoachina.com/bbs/simple/?t31199.html TestViewController *testVC = [[TestViewContr ...

  3. python 基础 5.0 python类一般形式

    一. 类的一般形式 创建类我们一般使用class 关键字来创建一个类,class 后面跟类型名字,可以自定义,最后以冒号结尾,如下所示:   #/usr/bin/python #coding=utf- ...

  4. Java 学习 day06

    01-面向对象(Static关键字) package myFirstCode; /* 静态:static. 用法:是一个修饰符,用于修饰成员(成员变量,成员函数) 当成员被静态修饰后,就多了一个调用方 ...

  5. EasyRTMP Android安卓手机直播推流摄像头偏暗的问题解决

    在我们测试EasyRTMP Android安卓手机推流的过程中发现有些设备预览时,明显偏暗!在稍微暗点的环境中几乎很难看清东西-额,这是怎么回事呢?又是安卓设备的兼容性问题,头疼! !!!好吧,停止抱 ...

  6. Ajax的跨域问题

    •跨域问题概述 •出于安全考虑,浏览器不允许ajax跨域获取数据 •可以通过script的src加载js的方式传递数据 fn({"a":"1","b& ...

  7. framemarker的使用

    1 什么是framemarker framemarker是网页模版和数据模型的结合体.装载网页的时候,framemarker自动从数据模型中提取数据并生成html页面. 2 framemarker怎么 ...

  8. 3行代码 多元线性方程组 rank=4 多元-一元 降元

    对于线性方程组Ax=b 对A和b执行同样的一串行初等运算, 那么该方程组的解集不发生变化. [未知-已知   高阶--低阶] http://mathworld.wolfram.com/CramersR ...

  9. Nested Classes

    http://docs.oracle.com/javase/tutorial/java/javaOO/nested.html package priceton; /* * Copyright (c) ...

  10. Python爬虫-- PyQuery库

    PyQuery库 PyQuery库也是一个非常强大又灵活的网页解析库,PyQuery 是 Python 仿照 jQuery 的严格实现.语法与 jQuery 几乎完全相同,所以不用再去费心去记一些奇怪 ...