CODEWITHSUNDEEP
assemblyx86objdump
devwannabe
devwannabe

Reputation: 3210

Understanding this dump created by objdump

I'm very new to assembly language. I've been studying it for 2 weeks now. Here is a dump generated by objdump. objdump -Mintel -d stack

00000560 <function>:
    560:    55                      push   ebp
    561:    89 e5                   mov    ebp,esp
    563:    83 ec 10                sub    esp,0x10
    566:    e8 26 00 00 00          call   591 <__x86.get_pc_thunk.ax>
    56b:    05 95 1a 00 00          add    eax,0x1a95
    570:    90                      nop
    571:    c9                      leave
    572:    c3                      ret

00000573 <main>:
    573:    55                      push   ebp
    574:    89 e5                   mov    ebp,esp
    576:    e8 16 00 00 00          call   591 <__x86.get_pc_thunk.ax>
    57b:    05 85 1a 00 00          add    eax,0x1a85
    580:    6a 03                   push   0x3
    582:    6a 02                   push   0x2
    584:    6a 01                   push   0x1
    586:    e8 d5 ff ff ff          call   560 <function>
    58b:    83 c4 0c                add    esp,0xc
    58e:    90                      nop
    58f:    c9                      leave
    590:    c3                      ret

I'm currently study stack. I'm not sure if prolog is only applicable to functions. I don't see sub on the third line of main function. Not sure if prolog always uses that pattern.

I'm also confused at <__x86.get_pc_thunk.ax> Not sure what it is.

I'm also wondering why it's adding 0x1a95 to eax and I'm not sure why it picked that number. In the main, the value that was added to eax was 0x1a85.

Here's the c that I compiled with gcc. I used gcc -m32 -ggdb stack.c -o stack

void function(int a, int b, int c) {
  char buffer1[5];
  char buffer2[10];
}

void main() {
  function(1, 2,3 );
}

Now I'm trying to find buffer1 and buffer2 in the disassembled code. The buffer1[5] I guess would be 0x05 and buffer2[10] would be 0x0a. I can't find it in the disassembled code.

Upvotes: 0

Views: 357

Answers (1)

Martin Wanvik
Martin Wanvik

Reputation: 131

The arrays buffer1 and buffer2 are allocated on the stack, using the instruction 

sub esp, 0x10

What this does is subtract 0x10 or 16 from the current value of the stack pointer, i.e. esp, which grows the stack space in your function by 16 bytes (a char is a single byte, and there is 5 of them in buffer1 and 10 of them in buffer2, and the result gets rounded up to 16 bytes for alignment reasons, AFAIK). There is no such instruction in main() because it has no local variables and hence needs no stack space.

(This is explained in far more detail in chapter 4 of this book: http://pacman128.github.io/pcasm/)

Upvotes: 2

Related Questions