0

recently im trying to inspect the asm files of my compiled c++ codes to understand whats going on behind the scene better. (im using g++ -c to compile. on a windows 10 + wsl.)

imagine this code:

int main()
{
     static int c{12345};
}

and when i check the asm code i see its mentioned as

.data:0000000000000080 ; ===========================================================================
.data:0000000000000080
.data:0000000000000080 ; Segment type: Pure data
.data:0000000000000080 ; Segment permissions: Read/Write
.data:0000000000000080 _data           segment dword public 'DATA' use64
.data:0000000000000080                 assume cs:_data
.data:0000000000000080                 ;org 80h
.data:0000000000000080 ; int main::c
.data:0000000000000080 _ZZ4mainE1c     dd 3039h                ; DATA XREF: main+1E↑r
.data:0000000000000080 _data           ends

and its called like this in the main()...

.text:000000000000004B                 mov     eax, cs:_ZZ4mainE1c ; main::c

Im curious about this cs: part. can you explain whats that? thanks

Daniel A. White
  • 187,200
  • 47
  • 362
  • 445
shiyon sufa
  • 179
  • 3
  • 7
  • 1
    `cs` I think means the code segment register – Daniel A. White Jul 15 '22 at 13:59
  • 3
    You can ignore that since windows (and most common OSes) use flat memory model. In fact I doubt the `cs` override is even there in the code, I think it's an artefact of your disassembler. If it's 64bit code as it seems to be, then you can definitely ignore the `cs` override. – Jester Jul 15 '22 at 14:01
  • 1
    If you are interested in assembly generated by C++ then you probably like this site : https://godbolt.org/z/3GK5xzcTW (compiler explorer by Matt Godbolt) – Pepijn Kramer Jul 15 '22 at 14:07
  • interesting. thanks alot @PepijnKramer – shiyon sufa Jul 15 '22 at 14:07
  • 1
    And this video : [The bit between the bits. How we get to main()](https://www.youtube.com/watch?v=dOfucXtyEsU) – Pepijn Kramer Jul 15 '22 at 14:08
  • 2
    The important thing to understand is that `mov eax, cs:xxx` *dereferences memory* even though there are no square brackets (like e.g. in `mov eax, [xxx]`). – Marco Bonelli Jul 15 '22 at 16:16
  • 1
    MASM (or whatever equivalent you are using) is probably not a great choice as a disassembler for reverse engineering. Its output, as you see, is very cluttered with directives that serve no purpose except to make you wonder what they mean. You might try nasm's ndisasm instead. Or gnu's objdump with `-Mintel`. – Nate Eldredge Jul 15 '22 at 16:51
  • 1
    Is this 64-bit code? If so, IDA disassembly misuses `cs:` to indicate RIP-relative addressing, which is what you'd expect for loading a `static` variable. [CS: override on access to global variables in IDA output, like mov eax, cs:x?](https://stackoverflow.com/q/68702174) . I assume you're using IDA, or some other disassembler that uses its syntax, because that's not the syntax GCC itself would use in its asm source output, if you look at that instead of disassembling a binary (`gcc -S`; see [How to remove "noise" from GCC/clang assembly output?](https://stackoverflow.com/q/38552116)) – Peter Cordes Jul 15 '22 at 16:57

0 Answers0