Need help in identifying assembly code

Question

I have this small C code:

#include<stdio.h>
#include<stdlib.h>
int main(int argc , char *argv[])
{
    char buff[64];
    if(argc<2)
    {  
        printf("No args passed\n");
        return(1);
    }    
    strcpy(buff,argv[1]);
    return(0);
} 

I opened it in Immunity Debugger, Now I am not able to understand where is the Main starting from. I learnt AT&T syntax assembly language last year but this is totally different. I am pasting Immunity code also. There is alot of code used before loading the C code and after finishing also, so I am not pasting that code due to space limitation (Only the part of code which I am guessing might have started before Main & some assembly code after C code.) Plz help me identifying the code

0040128A     90             NOP
0040128B     90             NOP
0040128C     90             NOP
0040128D     90             NOP
0040128E     90             NOP
0040128F     90             NOP
00401290  /$ 55             PUSH EBP            ;SAVING EBP
00401291  |. 89E5           MOV EBP,ESP         ;STORING STACK IN EBP
00401293  |. 83EC 78        SUB ESP,78          ;CREATING SOME SPACE
00401296  |. 83E4 F0        AND ESP,FFFFFFF0
00401299  |. B8 00000000    MOV EAX,0        ;
0040129E  |. 83C0 0F        ADD EAX,0F       ;
004012A1  |. 83C0 0F        ADD EAX,0F       ;;;WHAT IS THE REASON FOR ALL THESE??
004012A4  |. C1E8 04        SHR EAX,4        ;
004012A7  |. C1E0 04        SHL EAX,4        ;
004012AA  |. 8945 A4        MOV DWORD PTR SS:[EBP-5C],EAX  ; WHAT ARE THESE MEANT FOR ?
004012AD  |. 8B45 A4        MOV EAX,DWORD PTR SS:[EBP-5C]  ;/
004012B0  |. E8 8B040000    CALL buff.00401740            ; WHAT ARE 2 CALLS DOING ?
004012B5  |. E8 26010000    CALL buff.004013E0            ;/
004012BA  |. 837D 08 01     CMP DWORD PTR SS:[EBP+8],1    ;COMPARE ARGC WITH 1(WHY NOT 2)
004012BE  |. 7F 15          JG SHORT buff.004012D5        ;JUMP IF GREATER
004012C0  |. C70424 0030400>MOV DWORD PTR SS:[ESP],buff.00403000 ; PRINT ERROR
004012C7  |. E8 74050000    CALL <JMP.&msvcrt.printf>            ;/
004012CC  |. C745 B4 010000>MOV DWORD PTR SS:[EBP-4C],1
004012D3  |. EB 1E          JMP SHORT buff.004012F3
004012D5  |> 8B45 0C        MOV EAX,DWORD PTR SS:[EBP+C]             ; |
004012D8  |. 83C0 04        ADD EAX,4                                ; |
004012DB  |. 8B00           MOV EAX,DWORD PTR DS:[EAX]               ; |
004012DD  |. 894424 04      MOV DWORD PTR SS:[ESP+4],EAX             ; |
004012E1  |. 8D45 B8        LEA EAX,DWORD PTR SS:[EBP-48]            ; |
004012E4  |. 890424         MOV DWORD PTR SS:[ESP],EAX               ; |
004012E7  |. E8 44050000    CALL <JMP.&msvcrt.strcpy>                ; \strcpy
004012EC  |. C745 B4 000000>MOV DWORD PTR SS:[EBP-4C],0
004012F3  |> 8B45 B4        MOV EAX,DWORD PTR SS:[EBP-4C]
004012F6  |. C9             LEAVE
004012F7  \. C3             RETN
004012F8     90             NOP
004012F9     90             NOP
004012FA     90             NOP
004012FB     90             NOP
004012FC     90             NOP
004012FD     90             NOP
004012FE     90             NOP
004012FF     90             NOP
00401300  /$ 55             PUSH EBP
00401301  |. B9 F0304000    MOV ECX,buff.004030F0
00401306  |. 89E5           MOV EBP,ESP
00401308  |. EB 14          JMP SHORT buff.0040131E
0040130A  |  8DB6 00000000  LEA ESI,DWORD PTR DS:[ESI]
00401310  |> 8B51 04        MOV EDX,DWORD PTR DS:[ECX+4]
00401313  |. 8B01           MOV EAX,DWORD PTR DS:[ECX]
00401315  |. 83C1 08        ADD ECX,8
00401318  |. 0182 00004000  ADD DWORD PTR DS:[EDX+400000],EAX
0040131E  |> 81F9 F0304000  CMP ECX,buff.004030F0
00401324  |.^72 EA          JB SHORT buff.00401310
00401326  |. 5D             POP EBP
00401327  \. C3             RETN
00401328     90             NOP
00401329     90             NOP
0040132A     90             NOP
0040132B     90             NOP
0040132C     90             NOP

Here I tried to comment whatever I could understand, I could not make out where to place a breakpoint to monitor the effect of input. I want to monitor the call and return calls. Thanks in advance...Kriss

Answer 1

As long as you don't tell us more about which compiler you're using, compiler flags, libraries etc., it's hard to tell what exactly is happening between 00401299 and 004012ba. I'd assume you're using some options to profile your program, or check stack/heap/whatever integrity, that make the compiler add calls to some internal functions at the start of each of your functions.

"Compare argc with 1, why not 2" is just the way the compiler chooses to optimize the assembly code. What's happening is

compare argc with 1
if it's greater than 1, jump to else
    -- Getting to here means argc was not greater than one, so its less than 2
    push the address of the error message (buff.00403000) on the stack
    call the print function (print error message)
    set returncode to 1 (ss:[ebp-4c])
    jump to end
else:
    put the addresses of the buffer, and argv[1], on the stack
    call the strcpy function
    set returncode to 0
end:
retrieve the returncode from the temporary variable (ss:[ebp-4c])
fix the stack and return from the function

Returning function results in EAX is a convention that all 80x86 compilers (that i know of) use.

If you want to debug, set your first breakpoint to 004012BA, to see the effect of argc. Set breakpoints at 4012c7 and 4012e7, this is where the other functions get called. Function arguments are normally passed on the stack, so look at ss:[esp] for the first argument, ss:[esp+4] for the second one, and so on (note that this applies to 4-byte-values only, structures, float/double numbers etc. will probably be different). After returning from the functions (place your breakpoints at 4012cc and 4012ec), EAX holds the function's return value. Your C program ignores them, that's why the content of EAX is ignored in the assembly as well.