2

I'm trying to uderstand the assembly code for my c program that I got from gdb disassemble, can you please help me.

my c code :

#include <unistd.h>



int main(int argc, char *argv[])

{

char buff[100];

/*if no argument…*/

if(argc <2)

{

   printf("Syntax: %s <input string>\n", argv[0]);

   exit (0);

     }

  strcpy(buff, argv[1]);

  return 0;

}

and the assembly code for my main function is:

Dump of assembler code for function main:

    0x08048424 <+0>:    push   %ebp
    0x08048425 <+1>:    mov    %esp,%ebp
    0x08048427 <+3>:    and    $0xfffffff0,%esp
    0x0804842a <+6>:    add    $0xffffff80,%esp
    0x0804842d <+9>:    cmpl   $0x1,0x8(%ebp)
    0x08048431 <+13>:    jg     0x8048454 <main+48>
    0x08048433 <+15>:    mov    0xc(%ebp),%eax
    0x08048436 <+18>:    mov    (%eax),%eax
    0x08048438 <+20>:    mov    %eax,0x4(%esp)
    0x0804843c <+24>:    movl   $0x8048544,(%esp)
    0x08048443 <+31>:    call   0x8048344 <printf@plt>
    0x08048448 <+36>:    movl   $0x0,(%esp)
    0x0804844f <+43>:    call   0x8048354 <exit@plt>
    0x08048454 <+48>:    mov    0xc(%ebp),%eax
    0x08048457 <+51>:    add    $0x4,%eax
    0x0804845a <+54>:    mov    (%eax),%eax
    0x0804845c <+56>:    mov    %eax,0x4(%esp)
    0x08048460 <+60>:    lea    0x1c(%esp),%eax

where is the part the allocates the buff[100] size?

Zuzu JH
  • 607
  • 2
  • 10
  • 22

3 Answers3

4

Here:

add    $0xffffff80,%esp

This substracts 128 bytes (add -128) to ESP (stack pointer register).

ouah
  • 142,963
  • 15
  • 272
  • 331
4

The following code

int main(int argc, char *argv[])
{

char buff[100];

requests the creation of a char[100] buffer on the stack. Here is what's actually happening:

;// 1. pushing the base pointer register on the stack
0x08048424 <+0>:    push   %ebp

;// 2. Creating the stack frame. Copying the stack pointer register to the base pointer 
;// register creates a stack frame: an area on the stack where a subroutine
;// can store local data.  
0x08048425 <+1>:    mov    %esp,%ebp

;// 3. Making sure that the stack is aligned to 16 bytes.
0x08048427 <+3>:    and    $0xfffffff0,%esp

;// 4. Making room for 128 bytes (100 as requested would throw off the alignment).
;// 128 is compatible with your requests and is optimized.
0x0804842a <+6>:    add    $0xffffff80,%esp

So, here is your buffer being created, on a 16-bytes aligned stack. You asked for 100, the compiler gives you at least 100, while optimizing for speed.

Jean
  • 7,623
  • 6
  • 43
  • 58
  • Thank you , it helped a lot. I have tried to insert different inputs and I get segmentation fault when the string length is 112 byte (`perl -e 'print "A"x112'`), not 128 byte, why is that? – Zuzu JH Apr 14 '13 at 05:02
  • @ZainabJH If you declare a `char buff[100];` and you try to write a 112 characters-long string in it, you will overflow your buffer and erase whatever is after. And since your buffer is on the stack… Two facts: 1. Were your buffer alone, the compiler would only needed to allocate 112 bytes (7*16). So there are other stuffs along with it (maybe). 2. The stack goes downward on your architecture (see: [this article on SO](http://stackoverflow.com/questions/4560720/why-stack-address-goes-in-decreasing-memory-address)) so you may be overwriting important stuff (like `ebp`, the return address)… – Jean Apr 14 '13 at 18:56
3

I guess it's this one add $0xffffff80,%esp. Moving the stack pointer to make space available inside the function.

Bo Persson
  • 90,663
  • 31
  • 146
  • 203