strcmp 和 __strcmp_sse2_unaligned 之间的区别
difference between strcmp and __strcmp_sse2_unaligned
我得到一个二进制文件,发现 strcmp got 没有链接到 libc strcmp,而是链接到 __strcmp_sse2_unaligned,我想知道它们之间的区别。
pwndbg> p strcmp
= {<text gnu-indirect-function variable, no debug info>} 0x7fcc5e5fbcd0 <strcmp>
pwndbg> got
GOT protection: Partial RELRO | GOT functions: 44
[0x6260e0] strcmp@GLIBC_2.2.5 -> 0x7fcc5e611570 (__strcmp_sse2_unaligned) ◂— mov eax, edi
pwndbg> disass 0x7fcc5e5fbcd0
Dump of assembler code for function strcmp:
0x00007fcc5e5fbcd0 <+0>: mov rdx,QWORD PTR [rip+0x33a199] # 0x7fcc5e935e70
0x00007fcc5e5fbcd7 <+7>: lea rax,[rip+0x15892] # 0x7fcc5e611570 <__strcmp_sse2_unaligned>
0x00007fcc5e5fbcde <+14>: test DWORD PTR [rdx+0xb0],0x10
0x00007fcc5e5fbce8 <+24>: jne 0x7fcc5e5fbd04 <strcmp+52>
0x00007fcc5e5fbcea <+26>: lea rax,[rip+0xc48df] # 0x7fcc5e6c05d0 <__strcmp_ssse3>
0x00007fcc5e5fbcf1 <+33>: test DWORD PTR [rdx+0x80],0x200
0x00007fcc5e5fbcfb <+43>: jne 0x7fcc5e5fbd04 <strcmp+52>
0x00007fcc5e5fbcfd <+45>: lea rax,[rip+0xc] # 0x7fcc5e5fbd10 <__strcmp_sse2>
0x00007fcc5e5fbd04 <+52>: ret
End of assembler dump.
据我了解,strcmp 是所谓的 间接函数之一 (这是 GNU 扩展),请参阅 GCC documentation on function attributes,关于 ifunc。当加载 libc.so 时,链接器看到标记为间接函数的 strcmp 符号:
$ nm -D /lib/x86_64-linux-gnu/libc-2.26.so | grep strcmp
0000000000093ad0 i strcmp
然后它调用解析器函数并将strcmp符号解析为解析器返回的值。 在你的机器上,它恰好是一个 SSE2 实现。
我得到一个二进制文件,发现 strcmp got 没有链接到 libc strcmp,而是链接到 __strcmp_sse2_unaligned,我想知道它们之间的区别。
pwndbg> p strcmp
= {<text gnu-indirect-function variable, no debug info>} 0x7fcc5e5fbcd0 <strcmp>
pwndbg> got
GOT protection: Partial RELRO | GOT functions: 44
[0x6260e0] strcmp@GLIBC_2.2.5 -> 0x7fcc5e611570 (__strcmp_sse2_unaligned) ◂— mov eax, edi
pwndbg> disass 0x7fcc5e5fbcd0
Dump of assembler code for function strcmp:
0x00007fcc5e5fbcd0 <+0>: mov rdx,QWORD PTR [rip+0x33a199] # 0x7fcc5e935e70
0x00007fcc5e5fbcd7 <+7>: lea rax,[rip+0x15892] # 0x7fcc5e611570 <__strcmp_sse2_unaligned>
0x00007fcc5e5fbcde <+14>: test DWORD PTR [rdx+0xb0],0x10
0x00007fcc5e5fbce8 <+24>: jne 0x7fcc5e5fbd04 <strcmp+52>
0x00007fcc5e5fbcea <+26>: lea rax,[rip+0xc48df] # 0x7fcc5e6c05d0 <__strcmp_ssse3>
0x00007fcc5e5fbcf1 <+33>: test DWORD PTR [rdx+0x80],0x200
0x00007fcc5e5fbcfb <+43>: jne 0x7fcc5e5fbd04 <strcmp+52>
0x00007fcc5e5fbcfd <+45>: lea rax,[rip+0xc] # 0x7fcc5e5fbd10 <__strcmp_sse2>
0x00007fcc5e5fbd04 <+52>: ret
End of assembler dump.
据我了解,strcmp 是所谓的 间接函数之一 (这是 GNU 扩展),请参阅 GCC documentation on function attributes,关于 ifunc。当加载 libc.so 时,链接器看到标记为间接函数的 strcmp 符号:
$ nm -D /lib/x86_64-linux-gnu/libc-2.26.so | grep strcmp
0000000000093ad0 i strcmp
然后它调用解析器函数并将strcmp符号解析为解析器返回的值。 在你的机器上,它恰好是一个 SSE2 实现。