Accessing a *next pointer to a struct using GNU Assembly

Question

I'm using GNU Assembly try to iterate through a C struct Linked Listed and find a certain value from one of the structs values. I'm wondering how I get to the *next pointer of the struct to move to the next node and check the value. Below is some sample C code I wrote up to try and learn.

struct node{
   struct node *next;
   int id;
  };

struct node *root;

void functionToBuildLinkList(){
   //Code to malloc and link 4 nodes
 }

int main(int argc, char *argv[]){

   functionToBuildLinkList();

   int valueOne;

   rootPtr = rootPtr->next;
   valueOne = rootPtr->id;
   printf("The valueOne is: %i\n", valueOne);

   return 0;
}

To try and help myself figure it out I took a look at the objdump of the main.

mov    0x804a024,%eax   //Moving the rootPtr->next address into eax
mov    0x4(%eax),%eax   //Offset 4 bytes for id
mov    %eax,0x804a024   //Compiler nonsense?
mov    0x804a024,%eax   //Compiler nonsense?
mov    (%eax),%eax      //Moving the contents of EAX into EAX or more nonsense?
mov    %eax,0x1c(%esp)  //Moving id into the stack
mov    $0x804861c,%eax  //What address is being moved into EAX?
mov    0x1c(%esp),%edx  //Moving id into edx
mov    %edx,0x4(%esp)   //Moving edx (id) into the stack
mov    %eax,(%esp)      //What's the address in EAX? The top of stack - ESP?
call   8048340 <printf@plt>
mov    $0x0,%eax        //Returning O

I'm kind of thrown off because it looks like the compiler is supplying hard coded memory addresses. How would I know what memory address of the next or where certain nodes are at? When I created the list by allocating memory on the heap is it in sequencial order so I could try and calculate it out that way? How would I work my way through the list? Also with the *next pointer being the first member variable would there be no offset to it (to access it) when I do get the memory address to the beginning of the struct? Any help is appreciated.

Thanks all for the help! So to iterate through the list using the global pointer root from the sample code would be:

movl root, %eax   //Move root into EAX
movl (%eax), %eax //eax = eax->next

Answer 1

Let's annotate this properly...

mov    0x804a024,%eax   // eax = rootPtr (global variable)
mov    0x4(%eax),%eax   // eax = eax->next (offset 4)
mov    %eax,0x804a024   // rootPtr = eax

mov    0x804a024,%eax   // eax = rootPtr
mov    (%eax),%eax      // eax = eax->id (offset 0)
mov    %eax,0x1c(%esp)  // valueOne = eax (local variable, on stack)
mov    $0x804861c,%eax  // eax = "The valueOne is: %i\n" (static string)
mov    0x1c(%esp),%edx  // edx = valueOne
mov    %edx,0x4(%esp)   // put edx on argument stack (position 1, offset 4)
mov    %eax,(%esp)      // put eax on argument stack (position 0, offset 0)
call   8048340 <printf@plt> // call printf(eax, edx) (= printf(string, valueOne))
mov    $0x0,%eax        // return 0

There's a lot of useless moves in this example. If you compile on a light optimization mode (e.g. -O) you can usually get simpler code. On high levels like -O3, the code can get very hard to understand due to tricky optimizations.

Note that the assembly code you write won't use "hard-coded" addresses; if you need to refer to a global, put a label on it and refer to it through the label. Note that accessing ->next, for instance, is simply a matter of accessing 0x4(%eax) (assuming the node pointer is in eax); this is because the next pointer is 4 bytes from the start of the struct.

Answer 2

There are two different addressing modes used:

mov    0x804a024,%eax   //Moving the rootPtr (content) into eax
mov    [%eax], %ebx     //access tmp=rootPtr->next

add    0x4, %ebx        // increment tmp by 4 to get the address of &tmp->id

mov    $0x804861c,%eax  // Moving an address to eax

The first line is often written as

mov.l  [0x804a024], %eax

The first "nonsense" corresponds to the left side of the assignment

rootPtr = rootPtr->next;

While the next line could be optimized away.