Explaining the Disassemble
I have disassembled some C code (below) with gcb. I am familiar with some of the instructions but not with others.
Code:
; I am guessing these lines have something to do with
; argv** and argc but I am not entirely sure.
0x08048586 <main+0>: lea 0x4(%esp),%ecx
0x0804858a <main+4>: and $0xfffffff0,%esp
0x0804858d <main+7>: pushl 0xfffffffc(%ecx)
; Do they do something with the frame pointer??? :confused:
; Why are three registers involved?
0x08048590 <main+10>: push %ebp
0x08048591 <main+11>: mov %esp,%ebp
0x08048593 <main+13>: push %ecx
; I assume this is where space it left on the stack for the buffer
0x08048594 <main+14>: sub $0x34,%esp
; now this must be moving argv and argc on to the stack
0x08048597 <main+17>: mov 0x4(%ecx),%eax
0x0804859a <main+20>: mov %eax,0x4(%esp)
0x0804859e <main+24>: mov (%ecx),%eax
0x080485a0 <main+26>: mov %eax,(%esp)
; quite self explanatory I guess
0x080485a3 <main+29>: call 0x80484e5 <checkName>
; clearly the if statement but why is it testing two registers of the
; same name?
0x080485a8 <main+34>: test %eax,%eax
0x080485aa <main+36>: jne 0x80485b5 <main+47>
; this must be carrying out the true part of the if statement
; the movl must be puttting the return value of zero onto the stack??
0x080485ac <main+38>: movl $0x0,0xffffffd8(%ebp)
0x080485b3 <main+45>: jmp 0x80485e7 <main+97>
; this must be the end of the if statement
; and the call to printf i am assuming $0x804872d is the address
; of the string "\nPlease enter password: "
0x080485b5 <main+47>: movl $0x804872d,(%esp)
0x080485bc <main+54>: call 0x8048368 <printf@plt>
; this must be the call to gets()
; i am still not sure what lea means but i am asssuming
; 0xffffffde(%ebp) is the address of this buffer
; also why is 0xffffffde used to address an offset? and not 0x000000de(%ebp)??
0x080485c1 <main+59>: lea 0xffffffde(%ebp),%eax
0x080485c4 <main+62>: mov %eax,(%esp)
0x080485c7 <main+65>: call 0x8048328 <gets@plt>
; now calling the check pass function with the strange offset again :D
0x080485cc <main+70>: lea 0xffffffde(%ebp),%eax
0x080485cf <main+73>: mov %eax,(%esp)
0x080485d2 <main+76>: call 0x8048464 <checkPass>
; the register is testing itself again
0x080485d7 <main+81>: test %eax,%eax
0x080485d9 <main+83>: je 0x80485e0 <main+90>
; calling the secret area function
0x080485db <main+85>: call 0x80484c5 <secretArea>
; this must be the cleanup for main.
0x080485e0 <main+90>: movl $0x0,0xffffffd8(%ebp)
0x080485e7 <main+97>: mov 0xffffffd8(%ebp),%eax
0x080485ea <main+100>: add $0x34,%esp
0x080485ed <main+103>: pop %ecx
0x080485ee <main+104>: pop %ebp
0x080485ef <main+105>: lea 0xfffffffc(%ecx),%esp
0x080485f2 <main+108>: ret
The original C code is below. Any hints on what I have got wrong would be appreciated. This is a little different from the assembler I have seen before and I am not even great with that. :wave:
Code:
int main (int argc, char **argv)
{
char Pbuffer [30];
if (!checkName(argc,argv))
{return(0); }
printf("\nPlease enter password: ");
gets(Pbuffer);
if (checkPass(Pbuffer))
{
secretArea();
}
return 0;
}
Re: Explaining the Disassemble
try disassembling something like this it will show you what is goin on at any given step and what your code is doing in both languages:
int main (int argc, char **argv)
{
printf("char Pbuffer [30];");
char Pbuffer [30];
printf("if (!checkName(argc,argv))");
if (!checkName(argc,argv))
{printf("return(0);");
return(0); }
printf("printf(\nPlease enter password:);");
printf("\nPlease enter password: ");
printf("gets(Pbuffer);");
gets(Pbuffer);
printf("if (checkPass(Pbuffer))");
if (checkPass(Pbuffer))
{printf(" secretArea();");
secretArea();
}
printf(" return 0;");
return 0;
}
BTW only IDAPro is worth disassembling code with its hard enough to get a disassembly to reassemble but IDA is not so bad in this respect because its interactive