in intel x86 instruction set, "jmp $" means jump to this instruction location, thus falling into an infinite loop.

https://defuse.ca/online-x86-assembler.htm#disassembly

the instruction is "0xfeeb".

Based on this instruction, we can create possibly the shortest C program that can compile and run successfully on x86 platform.

main=0xfeeb;

1, the variable main has no type here, and will be defaulted to integer (int). this reminds us of the good old K&R days. This is still allowed by latest C standards (i.e. C99). therefore it's actually

int main=0xfeeb;

2, the variable main is a global variable, therefore the symbol "main" will be exported in this compilation unit. for example, if the file is named "shortest_c_program.c" and we execute the following commands:

$ gcc -std=c99 shortest_c_program.c -c

shortest_c_program.c::: warning: data definition has no type or storage class [enabled by default]

shortest_c_program.c::: warning: type defaults to ‘int’ in declaration of ‘main’ [enabled by default]

$ objdump --syms shortest_c_program.o

shortest_c_program.o:     file format pe-i386

SYMBOL TABLE:

[  ](sec -)(fl 0x00)(ty   )(scl ) (nx ) 0x00000000 shortest_c_program.c

File

[  ](sec  )(fl 0x00)(ty   )(scl   ) (nx ) 0x00000000 .text

AUX scnlen 0x0 nreloc  nlnno

[  ](sec  )(fl 0x00)(ty   )(scl   ) (nx ) 0x00000000 .data

AUX scnlen 0x4 nreloc  nlnno

[  ](sec  )(fl 0x00)(ty   )(scl   ) (nx ) 0x00000000 .bss

AUX scnlen 0x0 nreloc  nlnno

[  ](sec  )(fl 0x00)(ty   )(scl   ) (nx ) 0x00000000 _main

it's confirmed that the symbol "_main" is exported.

3, when this object file is linked against the compiler attached crt stub (part of the library e.g. glibc), by default the entry point is the symbol "_start". the symbol "_start" points to some code that will call a symbol "_main". typically the symbol _main points to the main function which is the compiled version of C main function. In this case, main actually points to a location where the value of the main variable is stored.

http://ftp.gnu.org/pub/old-gnu/Manuals/ld-2.9.1/html_node/ld_24.html

4, when _start calls _main, the cpu actually takes 0xfeeb as an instruction which is "jmp $" on x86, therefore it executes the instruction again and again.

another point, what's the shortest legitimate C program? i.e. which can compile successfully (but might not run successfully)

Answer:

main;

because main is a global variable, it's initialised to 0, therefore the program will crash on segfault (null pointer dereference).

jmp $的更多相关文章

  1. 汇编指令mov、add、sub、jmp

    mov:寄存器,数据 mov:寄存器,寄存器 mov:寄存器,内存单元 mov:段寄存器,内存单元 mov:内存单元,寄存器 mov:内存单元,段寄存器 mov:段寄存器,寄存器 mov:寄存器,段寄 ...

  2. jmp使用

    jps -l jmap 36429 jmap -heap 36429 jmap -histo:live 36429 jmap -clstats 36429 jmap  -finalizerinfo 3 ...

  3. Hack Programming

    计算机由ROM(instruction memory).RAM(data memory).CPU组成,其关系如下图 在计算中存在3种寄存器:D.A.M.其中D是data register,A是addr ...

随机推荐

  1. Python中文编码过程中遇到的一些问题

    首先,要明确encode()和decode()的差别 encode()的作用是将Unicode编码的字符串转换为其它编码格式. 比如:st1.encode("utf-8")  这句 ...

  2. python 基础 5.3 类的重写

    一. 类的重写 只需要重新定义类的属性(变量),就是累的重写了 示例:重新定义类grandson的 name属性   #/usr/bin/python #coding=utf-8 #@Time :20 ...

  3. EasyDarwin在做拉模式转发海康RTSP摄像机视频流的过程中出现花屏问题的解决方案

    问题描述 在3年前我当时基于EasyDarwin为用户开发了一款RTSP拉模式转发的程序,也发布了一篇博客<用Darwin开发RTSP级联服务器(拉模式转发)>,当时考虑的很简单,只要将R ...

  4. (转)三层和mvc

    先说下两者出现的目的:三层是一种为了Project间解除耦合所提出来的简单的分层方式但MVC其实并不是基于Project的分层方式,而是一种解除展示模板与主要访问控制依赖的设计模式(其实全部都是基于U ...

  5. Java for LeetCode 116 Populating Next Right Pointers in Each Node

    Given a binary tree struct TreeLinkNode { TreeLinkNode *left; TreeLinkNode *right; TreeLinkNode *nex ...

  6. ZOJ - 3865 Superbot 【BFS】

    题目链接 http://acm.zju.edu.cn/onlinejudge/showProblem.do?problemCode=3865 思路 一个迷宫题 但是每次的操作数和普通的迷宫题不一样 0 ...

  7. linux 常用shell脚本语句

    最近老大让写一个shell脚本,每天从一个固定IP中取到相应文件,所以想写一个简单的shell脚本命令,供大家学习交流.先做一个简单的例子,先看效果吧, 代码如下: #!/bin/sh #定义一个变量 ...

  8. WINFROM中自定义控件之绑定数据即时更新

    相信在WINFROM中写自定义控件或者用户控件,很多人都多多少少用过点 最近发现一个用户控件,绑定的数据源没办法自动更新,其实以前处理过这类的问题,可是这次遇到又花了1个多小时,所以决定记下来 在用户 ...

  9. jQuery(expression, [context])

    jQuery(expression, [context])         返回值:jQuery 概述 这个函数接收一个包含 CSS 选择器的字符串,然后用这个字符串去匹配一组元素. jQuery 的 ...

  10. EOF的使用

    1.我疑惑了 char a[20]; while(scanf("%s",a)!=EOF){ cout<<"hello"<<endl; } ...