Is $0x1a a register here?

Dump of assembler code for function read@plt:
0x0000000000402458 <read@plt+0>:    jmpq 开发者_C百科  *0x2b4f72(%rip)        # 0x6b73d0 <_GLOBAL_OFFSET_TABLE_+232>
0x000000000040245e <read@plt+6>:    pushq  $0x1a
0x0000000000402463 <read@plt+11>:   jmpq   0x4022a8

Anyone knows?

BTW,how does read knows he comes to the end of file?

No, it's a immediate value. pushq pushes a value onto the stack, which may be a register, but you'll find they're denoted by operands like %rbx.

The $0x1a is an immediate value - you can tell this also by the length of that instruction (five bytes, from x+6 to x+10). The pushq instruction is capable of pushing a register, a memory content (64 bits) or a 32-bit immediate value (sign extended to 64 bits).

In this case, the five bytes are the opcode 0x68 along with the 32-bit value to push. If you were to examine the memory, it would probably look like 0x68 0x1a 0x00 0x00 0x00.

And don't be fooled by that code, it's not the "real" read call at all. It's a stub used to fix up references at runtime where code sections may be shared amongst processors, even at different base addresses.

The PLT is a small-footprint per-process stub which jumps to the real shared code the first time, fixing itself up in the process, so as to jump directly there in future. See here for an explanation of this process.

Registers do not (ordinarily) have a memory location, they are a CPU register.

Not mentioned yet, but the leading $ sign denotes a constant. Simple as that when looking at assembly dumps.

One easy pitfall: when looking a dumps of unlinked binaries, don't be fooled by 0x00000000 all over the place. Without the leading $, those are linker relocations, not constant 0 values.