strcmp与__strcmp_sse2_unaligned的差异

Question

我得到了一个二进制文件，发现strcmp got不是链接到libc strcmp，而是__strcmp_sse2_unaligned，我想知道它们之间的区别。

pwndbg> p strcmp
$2 = {<text gnu-indirect-function variable, no debug info>} 0x7fcc5e5fbcd0 <strcmp>
pwndbg> got

GOT protection: Partial RELRO | GOT functions: 44

[0x6260e0] strcmp@GLIBC_2.2.5 -> 0x7fcc5e611570 (__strcmp_sse2_unaligned) ◂— mov    eax, edi


pwndbg> disass 0x7fcc5e5fbcd0
Dump of assembler code for function strcmp:
   0x00007fcc5e5fbcd0 <+0>: mov    rdx,QWORD PTR [rip+0x33a199]        # 0x7fcc5e935e70
   0x00007fcc5e5fbcd7 <+7>: lea    rax,[rip+0x15892]        # 0x7fcc5e611570 <__strcmp_sse2_unaligned>
   0x00007fcc5e5fbcde <+14>:    test   DWORD PTR [rdx+0xb0],0x10
   0x00007fcc5e5fbce8 <+24>:    jne    0x7fcc5e5fbd04 <strcmp+52>
   0x00007fcc5e5fbcea <+26>:    lea    rax,[rip+0xc48df]        # 0x7fcc5e6c05d0 <__strcmp_ssse3>
   0x00007fcc5e5fbcf1 <+33>:    test   DWORD PTR [rdx+0x80],0x200
   0x00007fcc5e5fbcfb <+43>:    jne    0x7fcc5e5fbd04 <strcmp+52>
   0x00007fcc5e5fbcfd <+45>:    lea    rax,[rip+0xc]        # 0x7fcc5e5fbd10 <__strcmp_sse2>
   0x00007fcc5e5fbd04 <+52>:    ret    
End of assembler dump.

Answer 1

据我所知，strcmp是所谓的间接函数之一(这是一个GNU扩展)，参见GCC函数属性文档，关于ifunc的一节。当加载libc.so时，链接器会看到标记为间接函数的strcmp符号：

$ nm -D /lib/x86_64-linux-gnu/libc-2.26.so | grep strcmp
0000000000093ad0 i strcmp

然后调用解析器函数，将strcmp符号解析为解析器返回的值。在您的机器上，它碰巧是一个SSE2实现。