in intel x86 instruction set, "jmp $" means jump to this instruction location, thus falling into an infinite loop.

https://defuse.ca/online-x86-assembler.htm#disassembly

the instruction is "0xfeeb".

Based on this instruction, we can create possibly the shortest C program that can compile and run successfully on x86 platform.

main=0xfeeb;

1, the variable main has no type here, and will be defaulted to integer (int). this reminds us of the good old K&R days. This is still allowed by latest C standards (i.e. C99). therefore it's actually

int main=0xfeeb;

2, the variable main is a global variable, therefore the symbol "main" will be exported in this compilation unit. for example, if the file is named "shortest_c_program.c" and we execute the following commands:

$ gcc -std=c99 shortest_c_program.c -c

shortest_c_program.c::: warning: data definition has no type or storage class [enabled by default]

shortest_c_program.c::: warning: type defaults to ‘int’ in declaration of ‘main’ [enabled by default]

$ objdump --syms shortest_c_program.o

shortest_c_program.o:     file format pe-i386

SYMBOL TABLE:

[  ](sec -)(fl 0x00)(ty   )(scl ) (nx ) 0x00000000 shortest_c_program.c

File

[  ](sec  )(fl 0x00)(ty   )(scl   ) (nx ) 0x00000000 .text

AUX scnlen 0x0 nreloc  nlnno

[  ](sec  )(fl 0x00)(ty   )(scl   ) (nx ) 0x00000000 .data

AUX scnlen 0x4 nreloc  nlnno

[  ](sec  )(fl 0x00)(ty   )(scl   ) (nx ) 0x00000000 .bss

AUX scnlen 0x0 nreloc  nlnno

[  ](sec  )(fl 0x00)(ty   )(scl   ) (nx ) 0x00000000 _main

it's confirmed that the symbol "_main" is exported.

3, when this object file is linked against the compiler attached crt stub (part of the library e.g. glibc), by default the entry point is the symbol "_start". the symbol "_start" points to some code that will call a symbol "_main". typically the symbol _main points to the main function which is the compiled version of C main function. In this case, main actually points to a location where the value of the main variable is stored.

http://ftp.gnu.org/pub/old-gnu/Manuals/ld-2.9.1/html_node/ld_24.html

4, when _start calls _main, the cpu actually takes 0xfeeb as an instruction which is "jmp $" on x86, therefore it executes the instruction again and again.

another point, what's the shortest legitimate C program? i.e. which can compile successfully (but might not run successfully)

Answer:

main;

because main is a global variable, it's initialised to 0, therefore the program will crash on segfault (null pointer dereference).

jmp $的更多相关文章

  1. 汇编指令mov、add、sub、jmp

    mov:寄存器,数据 mov:寄存器,寄存器 mov:寄存器,内存单元 mov:段寄存器,内存单元 mov:内存单元,寄存器 mov:内存单元,段寄存器 mov:段寄存器,寄存器 mov:寄存器,段寄 ...

  2. jmp使用

    jps -l jmap 36429 jmap -heap 36429 jmap -histo:live 36429 jmap -clstats 36429 jmap  -finalizerinfo 3 ...

  3. Hack Programming

    计算机由ROM(instruction memory).RAM(data memory).CPU组成,其关系如下图 在计算中存在3种寄存器:D.A.M.其中D是data register,A是addr ...

随机推荐

  1. ASP.NET动态网站制作(5)-- 标签语义化及知识补充

    前言:这节课主要是讲标签语义化及一些知识点的补充 内容:参考老师的博文:http://www.cnblogs.com/ruanmou/p/4821894.html

  2. 整合Settings.bundle显示版本信息

    本文转载至 http://www.cocoachina.com/ios/20141103/10112.html iOS开发XCode版本管理Debug开发Tips   现在你有一个App,你同事的iP ...

  3. VI带行号查看

        :set nu         带行号查看,并不改变文件内容 :set nonu     取消带行号查看 在每个用户的主目录下,都有一个 vi 的配置文件".vimrc"或 ...

  4. 常用sql集锦

    1.从数据库A中把表tableA导入到数据库B中 --如果主键是自增,则必须列出具体字段.-- select * into tableA from A..tableA 2.批量更改表中某列中的某个字符 ...

  5. iOS 设置字体样式

    1.iOS设置字体样式   label.font = [UIFont fontWithName:@"Arial-BoldItalicMT" size:24];   字体名如下: F ...

  6. SASL mechanism

    <property> <name>hive.spark.client.rpc.sasl.mechanisms</name> <value>DIGEST- ...

  7. JavaScript 四种显示数据方式

    <!doctype html> <html lang="en"> <head> <meta charset="UTF-8&quo ...

  8. HDU - 1241 Oil Deposits 【DFS】

    题目链接 https://cn.vjudge.net/contest/65959#problem/L 题意 @表示油田 如果 @@是连在一起的 可以八个方向相连 那么它们就是 一块油田 要找出 一共有 ...

  9. Java对象 的创建与构造方法

    一.创建对象的四种方法: a. new语句: b. 利用反射,调用描述类的Class对象的newInstance()实例方法: c. 调用对象的clone(): d. 反序列化: 其中new 和 ne ...

  10. ES索引瘦身 禁用_source后需要设置field store才能获取数据 否则无法显示搜索结果

    在默认情况下,开启_all和_source 这样索引下来,占用空间很大. 根据我们单位的情况,我觉得可以将需要的字段保存在_all中,然后使用IK分词以备查询,其余的字段,则不存储. 并且禁用_sou ...