CODEWITHSUNDEEP
cgdb
Gary
Gary

Reputation: 916

Find what unknown function does in C using gdb

I have a function m(int i, char c) which takes and returns a char between "-abc...xyz" and also takes an integer i.

Basically I have no way to see the source code of the function but can call it and get the return value. Using gdb/C, what's the best way to decipher what the function actually does? I've tried looking for patterns using consecutive chars and integer inputs but have come up with nothing yet.

If it helps, here are some results of testing the return values, with the first two bits being the arguments and the last bit being the return value:

0 a    i
0 b    l
0 c    t
0 d    x
0 e    f
0 f    v

1 a    q
1 b    i
1 c    y
1 d    e

2 a    a
2 b    y
2 c    f
2 d    n

disassembly provides the following:

0x00014354 <m+0>:    save  %sp, -144, %sp
0x00014358 <m+4>:    st  %i0, [ %fp + 0x44 ]
0x0001435c <m+8>:    mov  %i1, %g1
0x00014360 <m+12>:   stb  %g1, [ %fp + 0x48 ]
0x00014364 <m+16>:   st  %sp, [ %fp + -40 ]
0x00014368 <m+20>:   mov  0x1b, %g1
0x0001436c <m+24>:   stb  %g1, [ %fp + -17 ]
0x00014370 <m+28>:   clr  [ %fp + -24 ]
0x00014374 <m+32>:   ldub  [ %fp + -17 ], %g1
0x00014378 <m+36>:   sll  %g1, 0x18, %g1
0x0001437c <m+40>:   sra  %g1, 0x18, %g1
0x00014380 <m+44>:   add  %g1, 7, %g1
0x00014384 <m+48>:   srl  %g1, 3, %g1
0x00014388 <m+52>:   sll  %g1, 3, %g1
0x0001438c <m+56>:   sub  %sp, %g1, %sp
0x00014390 <m+60>:   add  %sp, 0x5c, %g1
0x00014394 <m+64>:   add  %g1, 7, %g1
0x00014398 <m+68>:   srl  %g1, 3, %g1
0x0001439c <m+72>:   sll  %g1, 3, %g1
0x000143a0 <m+76>:   st  %g1, [ %fp + -44 ]
0x000143a4 <m+80>:   mov  0x2d, %g1
0x000143a8 <m+84>:   ld  [ %fp + -44 ], %o4
0x000143ac <m+88>:   stb  %g1, [ %o4 ]
0x000143b0 <m+92>:   mov  1, %g1
0x000143b4 <m+96>:   st  %g1, [ %fp + -28 ]
0x000143b8 <m+100>:  ldub  [ %fp + -17 ], %g1
0x000143bc <m+104>:  sll  %g1, 0x18, %g1
0x000143c0 <m+108>:  sra  %g1, 0x18, %o5
0x000143c4 <m+112>:  ld  [ %fp + -28 ], %g1
0x000143c8 <m+116>:  cmp  %o5, %g1
0x000143cc <m+120>:  ble  0x14400 <m+172>
0x000143d0 <m+124>:  nop 
0x000143d4 <m+128>:  ld  [ %fp + -28 ], %g1
0x000143d8 <m+132>:  ld  [ %fp + -44 ], %o4
0x000143dc <m+136>:  add  %o4, %g1, %o5
0x000143e0 <m+140>:  ld  [ %fp + -28 ], %g1
0x000143e4 <m+144>:  add  %g1, 0x60, %g1
0x000143e8 <m+148>:  stb  %g1, [ %o5 ]
0x000143ec <m+152>:  ld  [ %fp + -28 ], %g1
0x000143f0 <m+156>:  inc  %g1
0x000143f4 <m+160>:  st  %g1, [ %fp + -28 ]
0x000143f8 <m+164>:  b  0x143b8 <m+100>
0x000143fc <m+168>:  nop 
0x00014400 <m+172>:  ldub  [ %fp + -17 ], %g1
0x00014404 <m+176>:  sll  %g1, 0x18, %g1
0x00014408 <m+180>:  sra  %g1, 0x18, %o5
0x0001440c <m+184>:  ld  [ %fp + 0x44 ], %g1
0x00014410 <m+188>:  mov  %g1, %o0
0x00014414 <m+192>:  mov  %o5, %o1
0x00014418 <m+196>:  call  0x2727c <.rem@plt>
0x0001441c <m+200>:  nop 
0x00014420 <m+204>:  mov  %o0, %g1
0x00014424 <m+208>:  st  %g1, [ %fp + 0x44 ]
0x00014428 <m+212>:  ldub  [ %fp + 0x48 ], %g1
0x0001442c <m+216>:  sll  %g1, 0x18, %g1
0x00014430 <m+220>:  sra  %g1, 0x18, %g1
0x00014434 <m+224>:  cmp  %g1, 0x2d
0x00014438 <m+228>:  be  0x1449c <m+328>
0x0001443c <m+232>:  nop 
0x00014440 <m+236>:  ldub  [ %fp + 0x48 ], %g1
0x00014444 <m+240>:  sll  %g1, 0x18, %g1
0x00014448 <m+244>:  sra  %g1, 0x18, %g1
0x0001444c <m+248>:  cmp  %g1, 0x60
0x00014450 <m+252>:  bg  0x14464 <m+272>
0x00014454 <m+256>:  nop 
0x00014458 <m+260>:  clr  [ %fp + -24 ]
0x0001445c <m+264>:  b  0x1449c <m+328>
0x00014460 <m+268>:  nop 
0x00014464 <m+272>:  ldub  [ %fp + 0x48 ], %g1
0x00014468 <m+276>:  sll  %g1, 0x18, %g1
0x0001446c <m+280>:  sra  %g1, 0x18, %g1
0x00014470 <m+284>:  cmp  %g1, 0x7a
0x00014474 <m+288>:  ble  0x14488 <m+308>
0x00014478 <m+292>:  nop 
0x0001447c <m+296>:  clr  [ %fp + -24 ]
0x00014480 <m+300>:  b  0x1449c <m+328>
0x00014484 <m+304>:  nop 
0x00014488 <m+308>:  ldub  [ %fp + 0x48 ], %g1
0x0001448c <m+312>:  sll  %g1, 0x18, %g1
0x00014490 <m+316>:  sra  %g1, 0x18, %g1
0x00014494 <m+320>:  add  %g1, -96, %g1
0x00014498 <m+324>:  st  %g1, [ %fp + -24 ]
0x0001449c <m+328>:  clr  [ %fp + -28 ]
0x000144a0 <m+332>:  ldub  [ %fp + -17 ], %g1
0x000144a4 <m+336>:  sll  %g1, 0x18, %g1
0x000144a8 <m+340>:  sra  %g1, 0x18, %o5
0x000144ac <m+344>:  ld  [ %fp + -28 ], %g1
0x000144b0 <m+348>:  cmp  %o5, %g1
0x000144b4 <m+352>:  ble  0x14568 <m+532>
0x000144b8 <m+356>:  nop 
0x000144bc <m+360>:  ld  [ %fp + 0x44 ], %g1
0x000144c0 <m+364>:  sll  %g1, 3, %l0
0x000144c4 <m+368>:  ld  [ %fp + -28 ], %o0
0x000144c8 <m+372>:  ld  [ %fp + -28 ], %o1
0x000144cc <m+376>:  call  0x272ac <.umul@plt>
0x000144d0 <m+380>:  nop 
0x000144d4 <m+384>:  mov  %o0, %g1
0x000144d8 <m+388>:  add  %l0, %g1, %g1
0x000144dc <m+392>:  add  %g1, 8, %o5
0x000144e0 <m+396>:  ldub  [ %fp + -17 ], %g1
0x000144e4 <m+400>:  sll  %g1, 0x18, %g1
0x000144e8 <m+404>:  sra  %g1, 0x18, %g1
0x000144ec <m+408>:  mov  %o5, %o0
0x000144f0 <m+412>:  mov  %g1, %o1
0x000144f4 <m+416>:  call  0x2727c <.rem@plt>
0x000144f8 <m+420>:  nop 
0x000144fc <m+424>:  mov  %o0, %g1
0x00014500 <m+428>:  st  %g1, [ %fp + -32 ]
0x00014504 <m+432>:  ld  [ %fp + -32 ], %g1
0x00014508 <m+436>:  ld  [ %fp + -44 ], %o5
0x0001450c <m+440>:  add  %o5, %g1, %g1
0x00014510 <m+444>:  ldub  [ %g1 ], %g1
0x00014514 <m+448>:  sll  %g1, 0x18, %g1
0x00014518 <m+452>:  sra  %g1, 0x18, %g1
0x0001451c <m+456>:  st  %g1, [ %fp + -36 ]
0x00014520 <m+460>:  ld  [ %fp + -32 ], %g1
0x00014524 <m+464>:  ld  [ %fp + -44 ], %o4
0x00014528 <m+468>:  add  %o4, %g1, %o5
0x0001452c <m+472>:  ld  [ %fp + -28 ], %g1
0x00014530 <m+476>:  ld  [ %fp + -44 ], %o4
0x00014534 <m+480>:  add  %o4, %g1, %g1
0x00014538 <m+484>:  ldub  [ %g1 ], %g1
0x0001453c <m+488>:  stb  %g1, [ %o5 ]
0x00014540 <m+492>:  ld  [ %fp + -28 ], %g1
0x00014544 <m+496>:  ld  [ %fp + -44 ], %o4
0x00014548 <m+500>:  add  %o4, %g1, %o5
0x0001454c <m+504>:  ld  [ %fp + -36 ], %g1
0x00014550 <m+508>:  stb  %g1, [ %o5 ]
0x00014554 <m+512>:  ld  [ %fp + -28 ], %g1
0x00014558 <m+516>:  inc  %g1
0x0001455c <m+520>:  st  %g1, [ %fp + -28 ]
0x00014560 <m+524>:  b  0x144a0 <m+332>
0x00014564 <m+528>:  nop 
0x00014568 <m+532>:  ld  [ %fp + -24 ], %g1
0x0001456c <m+536>:  ld  [ %fp + -44 ], %o5
0x00014570 <m+540>:  add  %o5, %g1, %g1
0x00014574 <m+544>:  ldub  [ %g1 ], %g1
0x00014578 <m+548>:  sll  %g1, 0x18, %g1
0x0001457c <m+552>:  sra  %g1, 0x18, %g1
0x00014580 <m+556>:  ld  [ %fp + -40 ], %sp
0x00014584 <m+560>:  mov  %g1, %i0
0x00014588 <m+564>:  ret 
0x0001458c <m+568>:  restore

Upvotes: 0

Views: 615

Answers (1)

sisis
sisis

Reputation: 956

Look at the disassembly:

gdb ./prog
b FUNCTION_NAME_HERE
r
disassemble

Edit:

The disassembly looks like SPARC. You may want to start by checking out the stack lay-out of the SPARC architecture:

http://www.sics.se/~psm/sparcstack.html

%fp sounds like the framepointer. There are not that many load instructions using %fp. My guess would be that

0x000143d4 <m+128>:  ld  [ %fp + -28 ], %g1
0x000143d8 <m+132>:  ld  [ %fp + -44 ], %o4

are the function's arguments.

Upvotes: 1

Related Questions