0

I have this question in a practice quesiton from my school and it completely boggles my mind.

In the following excerpts from a disassembled binary, some of the information has been replaced by Xs. Answer the following questions about these instructions. (You do not need to know anything about the callq instruction here.)

Part B

What is the target of the je instruction below?

40042f: 74 F4 je XXXXXX

400431: 5D pop %rbp

ANSWER:

Select one: a. 0x40043D b. 0x400425 c. 0x400525 d. 0x40041F

I tried asking chatgpt but that didnt give me any leads. I have no clue what "40042f: 74 F4" and "400431: 5D" means as well, as just starting learning assembly one or two weeks ago(classes just started).

Michael Petch
  • 46,082
  • 8
  • 107
  • 198
Raikon
  • 9
  • 1
  • 1
    The encoding is for x88-64. The `jcc` instruction encodings are here https://www.felixcloutier.com/x86/jcc . `0x74` is a `JE rel8` instruction. Rel8 is a relative jump from the start of the beginning of the next instruction. Rel8 is a signed byte. 0xF4 is -0x0c. So it will jump back 0x0c bytes from the address of the next instruction which is 0x400431. 0x400431-0xc=0x400425 – Michael Petch Jan 17 '23 at 06:46
  • 3
    Thanks! I finally get it now! took me a while to realise that 0xF4 converts to -0x0c becaused it is signed 2's complement as well! – Raikon Jan 17 '23 at 07:11
  • That is correct it is 2s complement. – Michael Petch Jan 17 '23 at 07:12
  • The `5D` is the encoding for `pop %rbp`. If you were to replace all instances of `pop %rbp` in your source code with `.byte 0x5D` your program would be unchanged (well, it would be harder to read for no benefit so don't do it.) I wouldn't bother memorizing the actual opcodes for the assembly instructions, it's not really needed for the most part. If you really need them print out a chart and refer to that. – puppydrum64 Jan 18 '23 at 11:16

1 Answers1

-4

Did you attend the class, or skip straight to the homework?

This is the output of the program objdump. It shows the contents of a binary file alongside assembly instructions.

The first column 40042f is the address that is being displayed. Next is the binary contents: 74 fe are bytes located at that address. You are expected to decode these bytes yourself to find out what the value of XXXXX is. It will be a nearby address, probably like 400???.

You can decode the bytes by knowing the target architecture and finding an instruction set reference for it. This will be a document which explains how instructions are packed into bytes.

Tom V
  • 4,827
  • 2
  • 5
  • 22
  • 2
    All of the multiple-choice answers are nearby addresses, so the only new information you're providing is "read the manual". That's true, and there are existing duplicates, but the right approach is to close as a duplicate or just downvote questions like this. Well I guess you're correctly answering the part about how to read disassembly output (address and machine code bytes), but there are duplicates for that, too. Posting answers like this isn't very helpful. – Peter Cordes Jan 17 '23 at 07:24