DEBUG on 文艺技术笔记 https://wenyiblog.top/tags/debug/ Recent content in DEBUG on 文艺技术笔记 Hugo -- gohugo.io zh 文艺技术笔记 | 软件工程师文艺 Sat, 13 Jun 2026 12:00:00 +0800 汇编语言调试技巧:Debug 工具与逆向分析基础 https://wenyiblog.top/2026/06/asm-19-debugging/ Sat, 13 Jun 2026 12:00:00 +0800 https://wenyiblog.top/2026/06/asm-19-debugging/ <h2 id="debugexe-基础"><a href="#debugexe-%e5%9f%ba%e7%a1%80" class="header-anchor"></a>DEBUG.exe 基础 </h2><p>DOS 自带的调试工具,支持单步执行、寄存器查看、内存修改。</p> <h3 id="启动"><a href="#%e5%90%af%e5%8a%a8" class="header-anchor"></a>启动 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">debug program.exe </span></span></code></pre></td></tr></table> </div> </div><h3 id="常用命令"><a href="#%e5%b8%b8%e7%94%a8%e5%91%bd%e4%bb%a4" class="header-anchor"></a>常用命令 </h3><table> <thead> <tr> <th style="text-align:left">命令</th> <th style="text-align:left">功能</th> <th style="text-align:left">示例</th> </tr> </thead> <tbody> <tr> <td style="text-align:left"><strong>r</strong></td> <td style="text-align:left">查看/修改寄存器</td> <td style="text-align:left"><code>r ax</code></td> </tr> <tr> <td style="text-align:left"><strong>d</strong></td> <td style="text-align:left">查看内存</td> <td style="text-align:left"><code>d ds:0100</code></td> </tr> <tr> <td style="text-align:left"><strong>e</strong></td> <td style="text-align:left">修改内存</td> <td style="text-align:left"><code>e ds:0100 90 90</code></td> </tr> <tr> <td style="text-align:left"><strong>t</strong></td> <td style="text-align:left">单步执行</td> <td style="text-align:left"><code>t</code></td> </tr> <tr> <td style="text-align:left"><strong>g</strong></td> <td style="text-align:left">运行到断点</td> <td style="text-align:left"><code>g 0100</code></td> </tr> <tr> <td style="text-align:left"><strong>u</strong></td> <td style="text-align:left">反汇编</td> <td style="text-align:left"><code>u cs:0100</code></td> </tr> <tr> <td style="text-align:left"><strong>a</strong></td> <td style="text-align:left">汇编</td> <td style="text-align:left"><code>a cs:0100</code></td> </tr> </tbody> </table> <h2 id="单步调试示例"><a href="#%e5%8d%95%e6%ad%a5%e8%b0%83%e8%af%95%e7%a4%ba%e4%be%8b" class="header-anchor"></a>单步调试示例 </h2><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">-debug hello.exe </span></span><span class="line"><span class="cl">-r ; 查看寄存器 </span></span><span class="line"><span class="cl">-t ; 执行一条指令 </span></span><span class="line"><span class="cl">-r ax ; 查看 AX 变化 </span></span><span class="line"><span class="cl">-d ds:0000 ; 查看数据段 </span></span><span class="line"><span class="cl">-q ; 退出 </span></span></code></pre></td></tr></table> </div> </div><h2 id="turbo-debugger-td"><a href="#turbo-debugger-td" class="header-anchor"></a>Turbo Debugger (TD) </h2><p>图形化调试器,支持:</p> <ul> <li>源码/反汇编窗口</li> <li>断点设置</li> <li>变量监视</li> <li>调用栈查看</li> </ul> <h2 id="gdb-调试32-位-linux"><a href="#gdb-%e8%b0%83%e8%af%9532-%e4%bd%8d-linux" class="header-anchor"></a>GDB 调试(32 位 Linux) </h2><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">nasm -f elf32 prog.asm -o prog.o </span></span><span class="line"><span class="cl">ld -m elf_i386 prog.o -o prog </span></span><span class="line"><span class="cl">gdb ./prog </span></span></code></pre></td></tr></table> </div> </div><p>GDB 命令:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">(gdb) break main </span></span><span class="line"><span class="cl">(gdb) run </span></span><span class="line"><span class="cl">(gdb) info registers </span></span><span class="line"><span class="cl">(gdb) stepi </span></span><span class="line"><span class="cl">(gdb) x/10xw $esp </span></span></code></pre></td></tr></table> </div> </div><h2 id="逆向分析基础"><a href="#%e9%80%86%e5%90%91%e5%88%86%e6%9e%90%e5%9f%ba%e7%a1%80" class="header-anchor"></a>逆向分析基础 </h2><h3 id="静态分析"><a href="#%e9%9d%99%e6%80%81%e5%88%86%e6%9e%90" class="header-anchor"></a>静态分析 </h3><ol> <li>使用 <code>objdump</code> 或 <code>IDA</code> 查看反汇编</li> <li>识别函数边界(PUSH BP / MOV BP,SP &hellip; POP BP / RET)</li> <li>追踪数据流</li> </ol> <h3 id="动态分析"><a href="#%e5%8a%a8%e6%80%81%e5%88%86%e6%9e%90" class="header-anchor"></a>动态分析 </h3><ol> <li>设置断点</li> <li>观察寄存器变化</li> <li>修改内存测试边界条件</li> </ol> <h2 id="常见调试技巧"><a href="#%e5%b8%b8%e8%a7%81%e8%b0%83%e8%af%95%e6%8a%80%e5%b7%a7" class="header-anchor"></a>常见调试技巧 </h2><table> <thead> <tr> <th style="text-align:left">问题</th> <th style="text-align:left">调试方法</th> </tr> </thead> <tbody> <tr> <td style="text-align:left">程序崩溃</td> <td style="text-align:left">检查栈平衡(PUSH/POP 是否配对)</td> </tr> <tr> <td style="text-align:left">结果错误</td> <td style="text-align:left">单步执行,逐条检查寄存器</td> </tr> <tr> <td style="text-align:left">死循环</td> <td style="text-align:left">检查 CX 是否正确递减</td> </tr> <tr> <td style="text-align:left">内存越界</td> <td style="text-align:left">检查 DS/ES 段地址</td> </tr> </tbody> </table> <h2 id="总结"><a href="#%e6%80%bb%e7%bb%93" class="header-anchor"></a>总结 </h2><p>调试是汇编开发的必备技能。掌握 DEBUG/GDB,你就能定位任何底层 Bug。</p> <blockquote> <p>下一篇:《汇编在现代系统中的位置:从 Bootloader 到逆向工程》</p> </blockquote>