jmp $

in intel x86 instruction set, "jmp $" means jump to this instruction location, thus falling into an infinite loop.

https://defuse.ca/online-x86-assembler.htm#disassembly

the instruction is "0xfeeb".

 

Based on this instruction, we can create possibly the shortest C program that can compile and run successfully on x86 platform.

main=0xfeeb;

1, the variable main has no type here, and will be defaulted to integer (int). this reminds us of the good old K&R days. This is still allowed by latest C standards (i.e. C99). therefore it's actually

int main=0xfeeb;

2, the variable main is a global variable, therefore the symbol "main" will be exported in this compilation unit. for example, if the file is named "shortest_c_program.c" and we execute the following commands:

$ gcc -std=c99 shortest_c_program.c -c
shortest_c_program.c:1:1: warning: data definition has no type or storage class [enabled by default]
shortest_c_program.c:1:1: warning: type defaults to ‘intin declaration of ‘main’ [enabled by default]

$ objdump --syms shortest_c_program.o

shortest_c_program.o:     file format pe-i386

SYMBOL TABLE:
[  0](sec -2)(fl 0x00)(ty   0)(scl 103) (nx 1) 0x00000000 shortest_c_program.c
File
[  2](sec  1)(fl 0x00)(ty   0)(scl   3) (nx 1) 0x00000000 .text
AUX scnlen 0x0 nreloc 0 nlnno 0
[  4](sec  2)(fl 0x00)(ty   0)(scl   3) (nx 1) 0x00000000 .data
AUX scnlen 0x4 nreloc 0 nlnno 0
[  6](sec  3)(fl 0x00)(ty   0)(scl   3) (nx 1) 0x00000000 .bss
AUX scnlen 0x0 nreloc 0 nlnno 0
[  8](sec  2)(fl 0x00)(ty   0)(scl   2) (nx 0) 0x00000000 _main

it's confirmed that the symbol "_main" is exported.

 

3, when this object file is linked against the compiler attached crt stub (part of the library e.g. glibc), by default the entry point is the symbol "_start". the symbol "_start" points to some code that will call a symbol "_main". typically the symbol _main points to the main function which is the compiled version of C main function. In this case, main actually points to a location where the value of the main variable is stored.

http://ftp.gnu.org/pub/old-gnu/Manuals/ld-2.9.1/html_node/ld_24.html

4, when _start calls _main, the cpu actually takes 0xfeeb as an instruction which is "jmp $" on x86, therefore it executes the instruction again and again.

 

another point, what's the shortest legitimate C program? i.e. which can compile successfully (but might not run successfully)

Answer:

main;

because main is a global variable, it's initialised to 0, therefore the program will crash on segfault (null pointer dereference).

 

posted @ 2013-10-13 21:14  qsort  阅读(1048)  评论(0编辑  收藏  举报