0

I am trying to learn about how the stack works so I wrote a pretty simple C program to run through GDB and examine the stack:

int main(int argc, char **argv)
{
    char buf[100];
    strcpy(buf, argv[1]);
}

I compiled the program and set a breakpoint in GDB for the beginning of the main() function. My expectation of how the stack should look at this point in execution is:

lower memory addresses... | ebp = esp = stack frame pointer | return address | argv | arc | ...higher memory addresses

As the program progresses, the stack would increase in the direction of the lower memory addresses (allocating 100 bytes for the bur local variable)

Looking at GDB, that does not seem to be the case.

  • The stack frame appears to be at 0xbffff048
  • The return address appears to be a 0xbffff04c
  • But it looks like argc (value of 2) is at 0xbffff050

Where is argv? Can anyone take a look at my screenshot and help me make heads or tails of this?

Thank you!

Screenshot of GDB running

thomasdclark
  • 464
  • 1
  • 6
  • 22
  • my assembly certainly is rusty but how are you compiling this? If you're not seeing what you're expecting to see, my first thought is the compiler is optimizing it out since it can see you're not using the data. Perhaps add a `printf` to force it to use `buf`, or input a number, convert `argv[1]` to an `int`, and add it to a constant. `return 0;` as well. `gcc -O0` should turn optimizations off. – yano Sep 18 '17 at 16:35
  • past the 5 min edit window ... actually `printf("%s\n", buf);` wouldn't force it to use `buf` either, since it could just print `argv[1]` and bypass the `strcpy` altogether. Perhaps doing a `strcat` with a constant string and `argv[1]` into `buf` would force it to use `buf`. – yano Sep 18 '17 at 16:42
  • Don't guess, use `p &argc` and `p &argv` – o11c Sep 18 '17 at 18:11
  • https://stackoverflow.com/questions/4031488/function-arguments-push-order –  Sep 18 '17 at 18:50

0 Answers0