I have disassembled some C code (below) with gcb. I am familiar with some of the instructions but not with others.
The original C code is below. Any hints on what I have got wrong would be appreciated. This is a little different from the assembler I have seen before and I am not even great with that.Code:; I am guessing these lines have something to do with ; argv** and argc but I am not entirely sure. 0x08048586 <main+0>: lea 0x4(%esp),%ecx 0x0804858a <main+4>: and $0xfffffff0,%esp 0x0804858d <main+7>: pushl 0xfffffffc(%ecx) ; Do they do something with the frame pointer??? :confused: ; Why are three registers involved? 0x08048590 <main+10>: push %ebp 0x08048591 <main+11>: mov %esp,%ebp 0x08048593 <main+13>: push %ecx ; I assume this is where space it left on the stack for the buffer 0x08048594 <main+14>: sub $0x34,%esp ; now this must be moving argv and argc on to the stack 0x08048597 <main+17>: mov 0x4(%ecx),%eax 0x0804859a <main+20>: mov %eax,0x4(%esp) 0x0804859e <main+24>: mov (%ecx),%eax 0x080485a0 <main+26>: mov %eax,(%esp) ; quite self explanatory I guess 0x080485a3 <main+29>: call 0x80484e5 <checkName> ; clearly the if statement but why is it testing two registers of the ; same name? 0x080485a8 <main+34>: test %eax,%eax 0x080485aa <main+36>: jne 0x80485b5 <main+47> ; this must be carrying out the true part of the if statement ; the movl must be puttting the return value of zero onto the stack?? 0x080485ac <main+38>: movl $0x0,0xffffffd8(%ebp) 0x080485b3 <main+45>: jmp 0x80485e7 <main+97> ; this must be the end of the if statement ; and the call to printf i am assuming $0x804872d is the address ; of the string "\nPlease enter password: " 0x080485b5 <main+47>: movl $0x804872d,(%esp) 0x080485bc <main+54>: call 0x8048368 <printf@plt> ; this must be the call to gets() ; i am still not sure what lea means but i am asssuming ; 0xffffffde(%ebp) is the address of this buffer ; also why is 0xffffffde used to address an offset? and not 0x000000de(%ebp)?? 0x080485c1 <main+59>: lea 0xffffffde(%ebp),%eax 0x080485c4 <main+62>: mov %eax,(%esp) 0x080485c7 <main+65>: call 0x8048328 <gets@plt> ; now calling the check pass function with the strange offset again :D 0x080485cc <main+70>: lea 0xffffffde(%ebp),%eax 0x080485cf <main+73>: mov %eax,(%esp) 0x080485d2 <main+76>: call 0x8048464 <checkPass> ; the register is testing itself again 0x080485d7 <main+81>: test %eax,%eax 0x080485d9 <main+83>: je 0x80485e0 <main+90> ; calling the secret area function 0x080485db <main+85>: call 0x80484c5 <secretArea> ; this must be the cleanup for main. 0x080485e0 <main+90>: movl $0x0,0xffffffd8(%ebp) 0x080485e7 <main+97>: mov 0xffffffd8(%ebp),%eax 0x080485ea <main+100>: add $0x34,%esp 0x080485ed <main+103>: pop %ecx 0x080485ee <main+104>: pop %ebp 0x080485ef <main+105>: lea 0xfffffffc(%ecx),%esp 0x080485f2 <main+108>: ret
Code:int main (int argc, char **argv) { char Pbuffer [30]; if (!checkName(argc,argv)) {return(0); } printf("\nPlease enter password: "); gets(Pbuffer); if (checkPass(Pbuffer)) { secretArea(); } return 0; }





Reply With Quote