<In-depth understanding of computer systems> machine-level representation of programs to understand function stacks

C source code:

void swap(int *a,int *b){   int c;   c = *a;    *a = *b;   *b = c;}int main(void){   int a ;   int b ;   int ret;   a =16;   b = 64;   ret = 0;   swap(&a,&b);   ret = a - b;   return ret;}

Compile:

gcc -g func_stack.c -o a.outobjdump -dS a.out > main.dump

The disassembly assembly program main. Dump has the corresponding C program, as shown below:

A. out: the file format elf32-i386Disassembly of section. init: 08048294 <_ init>: 8048294: 53 push % EBX 8048295: 83 EC 08 Sub $0x8, % ESP 8048298: e8 83 00 00 00 call 8048320 <__ x86.get _ pc_thunk.bx> 804829d: 81 C3 63 1D 00 00 add $0x1d63, % EBX 80482a3: 8b 83 fc ff mov-0x4 (% EBX), % eax 80482a9: 85 C0 test % eax, % eax 80482ab: 74 05 je 80482b2 <_ init + 0x1e> 80482ad: E8 1E 00 00 00 call 80482d0 <[email protected]> 80482b2: 83 C4 08 add $0x8, % ESP 80482b5: 5B pop % EBX 80482b6: C3 RET disassembly of section. PLT: 080482c0 <[email protected]>: 80482c0: FF 35 04 A0 04 08 pushl 0x804a004 80482c6: FF 25 08 A0 04 08 JMP * 0x804a008 80482cc: 00 00 add % Al, (% eax )... 080482d0 <[email protected]>: 80482d0: FF 25 0C A0 04 08 JMP * 0x804a00c 80482d6: 68 00 00 00 00 push $0x0 80482db: e9 E0 ff jmp 80482c0 <_ init + 0x2c> 080482e0 <[email protected]>: 80482e0: FF 25 10 A0 04 08 JMP * 0x804a010 80482e6: 68 08 00 00 00 push $0x8 80482eb: E9 D0 ff jmp 80482c0 <_ init + 0x2c> disassembly of section. text: 080482f0 <_ Start>: 80482f0: 31 ed XOR % EBP, % EBP 80482f2: 5E pop % ESI 80482f3: 89 E1 mov % ESP, % ECx 80482f5: 83 E4 F0 and $0xfffffff0, % ESP 80482f8: 50 push % eax 80482f9: 54 push % ESP 80482fa: 52 push % edX 80482fb: 68 C0 84 04 08 push $0x80484c0 8048300: 68 50 84 04 08 push $0x8048450 8048305: 51 push % ECx 8048306: 56 push % ESI 8048307: 68 0f 84 04 08 push $ 0x804840f 804830c: e8 cf ff call 80482e0 <[email protected]> 8048311: F4 hlt 8048312: 66 90 xchg % ax, % ax 8048314: 66 90 xchg % ax, % ax 8048316: 66 90 xchg % ax, % ax 8048318: 66 90 xchg % ax, % ax 804831a: 66 90 xchg % ax, % ax 804831c: 66 90 xchg % ax, % ax 804831e: 66 90 xchg % ax, % ax08048320 <__ x86.get _ pc_thunk.bx>: 8048320: 8B 1C 24 mov (% ESP), % EBX 8048323: C3 RET 8048324: 66 90 xchg % ax, % ax 8048326: 66 90 xchg % ax, % ax 8048328: 66 90 xchg % ax, % ax 804832a: 66 90 xchg % ax, % ax 804832c: 66 90 xchg % ax, % ax 804832e: 66 90 xchg % ax, % ax08048330 <deregister_tm_clones>: 8048330: B8 1f A0 04 08 mov $ 0x804a01f, % eax 8048335: 2D 1C A0 04 08 Sub $ 0x804a01c, % eax 804833a: 83 F8 06 CMP $0x6, % eax 804833d: 77 01 ja 8048340 <deregister_tm_clones + 0x10> 804833f: C3 RET 8048340: b8 00 00 00 00 mov $0x0, % eax 8048345: 85 C0 test % eax, % eax 8048347: 74 F6 je 804833f <deregister_tm_clones + 0xf> 8048349: 55 push % EBP 804834a: 89 E5 mov % ESP, % EBP 804834c: 83 EC 18 sub $0x18, % ESP 804834f: C7 04 24 1C A0 04 08 movl $ 0x804a01c, (% ESP) 8048356: FF D0 call * % eax 8048358: C9 leave 8048359: C3 RET 804835a: 8d B6 00 00 00 00 Lea 0x0 (% Esi ), % esi08048360 <register_tm_clones >:8048360: B8 1C A0 04 08 mov $ 0x804a01c, % eax 8048365: 2D 1C A0 04 08 Sub $ 0x804a01c, % eax 804836a: c1 F8 02 SAR $0x2, % eax 804836d: 89 C2 mov % eax, % edX 804836f: C1 EA 1f SHR $ 0x1f, % edX 8048372: 01 D0 add % edX, % eax 8048374: d1 F8 SAR % eax 8048376: 75 01 JNE 8048379 <register_tm_clones + 0x19> 8048378: C3 RET 8048379: BA 00 00 00 00 mov $0x0, % edX 804837e: 85 D2 test % edX, % edX 8048380: 74 F6 je 8048378 <register_tm_clones + 0x18> 8048382: 55 push % EBP 8048383: 89 E5 mov % ESP, % eback 8048385: 83 EC 18 sub $0x18, % ESP 8048388: 89 44 24 04 mov % eax, 0x4 (% ESP) 804838c: c7 04 24 1C A0 04 08 movl $ 0x804a01c, (% ESP) 8048393: FF D2 call * % edX 8048395: C9 leave 8048396: C3 RET 8048397: 89 F6 mov % ESI, % ESI 8048399: 8d BC 27 00 00 00 00 Lea 0x0 (% EDI, % eiz, 1), % edi080483a0 <__ do_global_dtors_aux>: 80483a0: 80 3D 1C A0 04 08 00 cmpb $0x0, 0x804a01c 80483a7: 75 13 JNE 80483bc <__do_global_dtors_aux + 0x1c> 80483a9: 55 push % EBP 80483aa: 89 E5 mov % ESP, % EBP 80483ac: 83 EC 08 Sub $0x8, % ESP 80483af: E8 7C FF call 8048330 <deregister_tm_clones> 80483b4: c6 05 1C A0 04 08 01 movb $0x1, 0x804a01c 80483bb: C9 leave 80483bc: F3 C3 repz RET 80483be: 66 90 xchg % ax, % ax080483c0 <frame_dummy>: 80483c0: a1 10 9f 04 08 mov 0x8049f10, % eax 80483c5: 85 C0 test % eax, % eax 80483c7: 74 1f je 80483e8 <frame_dummy + 0x28> 80483c9: b8 00 00 00 00 mov $0x0, % eax 80483ce: 85 C0 test % eax, % eax 80483d0: 74 16 je 80483e8 <frame_dummy + 0x28> 80483d2: 55 push % EBP 80483d3: 89 E5 mov % ESP, % EBP 80483d5: 83 EC 18 sub $0x18, % ESP 80483d8: C7 04 24 10 9f 04 08 movl $0x8049f10, (% ESP) 80483df: FF D0 call * % eax 80483e1: C9 leave 80483e2: E9 79 ff jmp 8048360 <register_tm_clones> 80483e7: 90 NOP 80483e8: e9 73 ff jmp 8048360 <register_tm_clones> 080483ed <swap>:/* Main. C code: */void swap (int * a, int * B) {80483ed: 55 push % EBP 80483ee: 89 E5 mov % ESP, % EBP 80483f0: 83 EC 10 sub $0x10, % ESP int C; C = * A; 80483f3: 8B 45 08 mov 0x8 (% EBP), % eax 80483f6: 8b 00 mov (% eax), % eax 80483f8: 89 45 FC mov % eax,-0x4 (% EBP) * A = * B; 80483fb: 8b 45 0C mov 0xc (% EBP), % eax 80483fe: 8B 10 mov (% eax), % edX 8048400: 8B 45 08 mov 0x8 (% EBP ), % eax 8048403: 89 10 mov % edX, (% eax) * B = C; 8048405: 8B 45 0C mov 0xc (% EBP), % eax 8048408: 8b 55 FC mov-0x4 (% EBP), % edX 804840b: 89 10 mov % edX, (% eax)} 804840d: C9 leave 804840e: c3 RET 0804840f <main>: int main (void) {804840f: 55 push % EBP 8048410: 89 E5 mov % ESP, % EBP 8048412: 83 EC 18 sub $0x18, % ESP int A; int B; int ret; A = 16; 8048415: C7 45 F4 10 00 00 00 movl $0x10,-0xc (% EBP) B = 64; 804841c: C7 45 F8 40 00 00 00 movl $0x40,-0x8 (% EBP) ret = 0; 8048423: c7 45 FC 00 00 00 00 movl $0x0,-0x4 (% EBP) Swap (& A, & B); 804842a: 8d 45 F8 lea-0x8 (% EBP), % eax 804842d: 89 44 24 04 mov % eax, 0x4 (% ESP) 8048431: 8d 45 F4 lea-0xc (% EBP), % eax 8048434: 89 04 24 mov % eax, (% ESP) 8048437: e8 B1 FF call 80483ed <swap> ret = A-B; 804843c: 8B 55 F4 mov-0xc (% EBP), % edX 804843f: 8b 45 F8 mov-0x8 (% EBP), % eax 8048442: 29 C2 sub % eax, % edX 8048444: 89 D0 mov % edX, % eax 8048446: 89 45 FC mov % eax,-0x4 (% EBP) return ret; 8048449: 8B 45 FC mov-0x4 (% EBP), % eax} 804844c: c9 leave 804844d: C3 RET 804844e: 66 90 xchg % ax, % ax08048450 <__libc_csu_init>: 8048450: 55 push % EBP 8048451: 57 push % EDI 8048452: 31 ff XOR % EDI, % EDI 8048454: 56 push % ESI 8048455: 53 push % EBX 8048456: E8 C5 Fe FF call 8048320 <__ x86.get _ pc_thunk.bx> 804845b: 81 C3 A5 1B 00 00 add $0x1ba5, % EBX 8048461: 83 EC 1C sub $ 0x1c, % ESP 8048464: 8B 6C 24 30 mov 0x30 (% ESP ), % EBP 8048468: 8d B3 0C FF lea-0xf4 (% EBX), % ESI 804846e: E8 21 Fe FF call 8048294 <_ init> 8048473: 8d 83 08 FF lea-0xf8 (% EBX), % eax 8048479: 29 C6 sub % eax, % ESI 804847b: C1 Fe 02 SAR $0x2, % ESI 804847e: 85 F6 test % ESI, % ESI 8048480: 74 27 je 80484a9 <__libc_csu_init + 0x59> 8048482: 8d B6 00 00 00 00 Lea 0x0 (% Esi), % ESI 8048488: 8B 44 24 38 mov 0x38 (% ESP), % eax 804848c: 89 2C 24 mov % EBP, (% ESP) 804848f: 89 44 24 08 mov % eax, 0x8 (% ESP) 8048493: 8b 44 24 34 mov 0x34 (% ESP), % eax 8048497: 89 44 24 04 mov % eax, 0x4 (% ESP) 804849b: FF 94 BB 08 FF call *-0xf8 (% EBX, % EDI, 4) 80484a2: 83 C7 01 add $0x1, % EDI 80484a5: 39 F7 CMP % ESI, % EDI 80484a7: 75 df jne 8048488 <__ libc_csu_init + 0x38> 80484a9: 83 C4 1C add $ 0x1c, % ESP 80484ac: 5B pop % EBX 80484ad: 5E pop % ESI 80484ae: 5f pop % EDI 80484af: 5D pop % EBP 80484b0: C3 RET 80484b1: EB 0d JMP 80484c0 <__133> 80484b3: 90 NOP records: 90 NOP 80484b5: 90 NOP 80484b6: 90 NOP 80484b7: 90 NOP records: 90 NOP records: 90 NOP 80484ba: 90 NOP 80484bb: 90 NOP 80484bc: 90 NOP records: 90 NOP 80484be: 90 NOP 80484bf: 90 nop080484c0 <__ libc_csu_fini>: 80484c0: F3 C3 repz RET disassembly of section. fini: 080484c4 <_ fini>: 80484c4: 53 push % EBX 80484c5: 83 EC 08 Sub $0x8, % ESP 80484c8: e8 53 Fe FF call 8048320 <__ x86.get _ pc_thunk.bx> 80484cd: 81 C3 33 1B 00 add $0x1b33, % EBX 80484d3: 83 C4 08 add $0x8, % ESP 80484d6: 5B pop % EBX 80484d7: C3 RET

The following describes the corresponding assembly code based on main/SWAP/start to understand how the system function stack is called.

------- To be continued ---------------------

Refer:

Click Open Link

Click Open Link

<In-depth understanding of computer systems> machine-level representation of programs to understand function stacks