Re: Assembly Tutorial?

Howard_L · #51 02-Jan-2009, 18:48

Code:

You got it darn good! I'm impressed. Somebody's been paying attention!
I see that you're realizing how the .data storage locations are arranged and
can be accessed from the way you got write to write the 3 bytes beginning at
item1. Great thinking!
Did you think of a block of bytes?
  item .byte 0,0,0,0

That would be an array of bytes.  Then you could access them through indicing.

And that is a good segway into leal... You asked:

  leal item1, %ecx  #still not knowing what is this really

The opcode 'lea' stands for "leave effective address". (the suffix 'l' means 'long' (32 bits))
So it "leaves the effective address" in %ecx as the location for 'write' to
find the begining of the bytes to write to stdout (which is the 1 in %ebx).
leal may be a bit overkill because the same thing can be accomplished with:
  movl $item1, %ecx  

But how about a demo to show what leal is able to do:

CPP / C++ / C Code:

.section .data      # All these declarations seem to work the same
   item: .byte   'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 0x0a, 0
  item2: .string "abcdefghij\0"
  item3: .ascii  "abcdefghij\n\0"
.section .text
.globl _start
_start:             #beg of compiling
  nop
  #get write set up
  movl $4,  %eax
  movl $1,  %ebx
  movl $4,  %edx     #just print 5 byes for this example

  #movl item, %ecx     #gets the 4 bytes: gdb p /x $ecx = 0x64636261  hahaha
  #movl $item, %ecx    #gets the address of 'item' and will work for this
  #movl $item(,%edx, 1), %ecx   #compile error: "junk `(,%edx,1)' after expression"
  #movl item(,%edx, 1), %ecx   #gets 4 bytes: gdb p /x $ecx = 0x68676665
  leal item(,%edx, 1), %ecx    #gets calculated address into %ecx

  int $0x80

  movl $0x00000001,%eax
  movl $0x00000000,%ebx
  int $0x80

Code:

So I noted the results of different things I tried.  
So you can see that "effective address" means address after specified calculations. And here is some gdb output:
18        leal item(,%edx, 1), %ecx
2: /x $ecx = 0x0

(gdb)
_start () at zat-21.s:20
20        int $0x80
2: /x $ecx = 0x80490a0

(gdb) i address item
Symbol "item" is at 0x804909c in a file compiled without debugging.

(gdb) x /8xb 0x804909c
0x804909c <item>:      0x61    0x62    0x63    0x64    0x65  0x66  0x67  0x68
         
 For counting-->  0x804909c      9d      9e      9f      a0    a1    a2    a3

And the printed chars?:
(gdb) s
efgh_start () at zat-21.s:23      <-- see them at the beginning?
23        movl $0x00000001,%eax
2: /x $ecx = 0x80490a0

Anyhow , hope that helps with your understanding of leal.
So very good!!! What's next? Implement your invention into a function??? (yes)
Ready to move into the 'power.s' function example of "Programming From the Ground Up"?

zatora · #52 02-Jan-2009, 22:01

Hi, Howard. Finally all those posts did not go to waiste, first of all thanks for all your support i think this step would not be accomplished without your help.

CPP / C++ / C Code:

That would be an array of bytes.  
Then you could access them through indexing

i was just thinking to look at chap 2 in the book to review that index mode like the array we processed before

CPP / C++ / C Code:

What's next? Implement your invention into a function???

i guess that was an automatic reflex of thinking for programmers i was just saying i am not going to repeat the same stuff over and over so i needed a function, so i cheated a little bit and i took glances at the chap4, but this post is to thank you first and ask some questions about byte data manipulation.

1-what happen if we add two bytes together and the sum is > FF let's say :
item1: .byte 0xff.
add $0x30,item1 ==> item1 = 12f > ff so may be that overflow
but what happen to the first byte in item1 then what will be in item1+1byte.

Howard_L · #53 03-Jan-2009, 11:36

Well first play around with one byte in a register and see how the operators work. Then work with data space.
Try using the next size up just for the incrementing , then gdb-check the bl bh bx and ebx registers for the exciting results!!!.

CPP / C++ / C Code:

.section .data
  item1: .byte 0xff
.section .text
.global _start
_start:
  nop
  xorl %ebx, %ebx
  mov $0xfd, %ebx
  loop1:
    #addb $1, %bl   #will not carry over into bh (thus endless loop)
                    #I presume you have tried this one
                    #I note carry flag set but not overflow
                    #hmm even if I try 0xfffffffe +1 in ebx , no overflow??? Dave?
    #add $1, %bx    #word size, will carry over to bh , works ok
    #incb  %bl      #will not carry over into bh (thus endless loop)
    inc  %bx       #works same as 'add $1, %bx'

    cmp $0x101, %ebx
  jl loop1

  loop2:
    addb $1, item1    #can we expect similar results with dataspace as register???
    cmp $3, item1
  jl loop2

  xorl %eax, %eax
  movl $1, %eax
  int $0x80
/*
as -a -gstabs zat-22.s  -o zat-22.o > zat-22.listing
    ( the '-a' creates a 'listing'  which would go to stdout  except  
      the  '>'  ' redirects'  that output to a file named 'zat-22.listing' 
      take a look at that listing file!!!  Loads of neat stuff to see there )
ld  zat-22.o  -o zat-22
gdb ./zat-22

#### paste this stuff into gdb for starters:
break *_start+1
run
display $eflags
display /x $edx
display /x $ecx
display /x $ebx
display /x $eax
step
#### then just hit return and watch the fun

To check the values in the bytes around 'item1'  first get the address:

(gdb) info address item1
Symbol "item1" is at 0x80490a0 in a file compiled without debugging.

Then xamine starting at one byte before and running one or two past 'item1' with:

(gdb) x /4xb 0x80490a0-1 
0x804909f:      0x00    0xff    0x00    0x00

Btw that x line means:  /show the 4 (in hex please) bytes starting at (address - 1) 
*/

I note that in pftgu (Programming From the Ground Up) it says:

Quote:

C Carry flag. Used in arithmetic to say whether or not the result should be
carried over to an additional byte. If the carry flag is set, that usually
means that the destination register could not hold the full result.
It is up to the programmer to decide on what action to take
(i.e. - propogate the result to another byte, signal an error,
or ignore it entirely).

So this could take many paths depending on what you as "The Programmer" want to accomplish!
As Bill would say, where do you want to go today..... (yeah right, a bigger machine is where , $cha$ching )
Sorry, that's all I've got right now, I gotta go.

zatora · #54 06-Jan-2009, 01:53

Hi all,
Howard, i need some guidance before i start posting some weirdo questions again (lol)
esp :
ebp:
eip:
what is the difference between these registers in terms of which one hold the address pointed by the stack when we pop our stack
i read it through the book i got a little confused so i wanted to have a different perspective i am still digging chap 4 in the book. I have to admit i am kinda afraid of the stack part cause in school they did not coverthat well.
I hope you have a better way to explain the stack operation and these register how they are related to the stack in terms of addressing mode
thank you.

Howard_L · #55 07-Jan-2009, 00:52

I made a small example program and tried to explain the stack pointers and their use.
Compile, link and run in gdb using the gdb display setup lines as I show in the code sample.
Run up to the 'STOP 1' , then step through the program as you read the explaination text which
follows the code.

CPP / C++ / C Code:

.section .bss
   .lcomm buf1, 8          #set aside 8 bytes (zeroed) we can refer to as buf1
.section .data
   num1: .int 0x04030201   #a 4 byte integer
.section .text
.global _start
_start:
  nop
  #Step through all these with gdb and KNOW what is happening in each.

  movl %esp , %ebp   #Get beginning stack location (presently in esp) into ebp.
  pushl $0x11        #Note that esp value (an address) is decremented with each
  pushl $0x2233      #push while ebp's value stays the same
  popl  %eax         #gets the last pushed value into eax
  #### STOP 1 

  movb  (%esp),  %al  #moves only 1 byte to al
  popl  %eax          #same as above 
  #### STOP 2

  movb $0, %bl
  movl $1, %eax
  int $0x80

/*
#### compiling lines:
as -a -gstabs zat-24.s  -o zat-24.o > zat-24.listing
ld  zat-24.o  -o zat-24
gdb ./zat-24

( the -a will print a code listing to the screen.  
  The '>' will redirect that output to the named file.
  I need to talk about the listing file sometime ,  take a look at it anyhow,
  note that the machine code is shown as well as the code address offsets )

#### paste these into the gdb run: ####
break *_start+1
display /x $ebp
display /x $esp
display /x $eax
run
step

#### when ready, get addresses
info address buf1
info address num1

#### and check out storage:
x /8xb <buf1 address>
x /8xb <num1 address>

#### and to examine stack something like:
x /9xb $esp
or
x /9xb $esp-9
*/

Code:

Ok so you've run the code in gdb up to the  STOP 1 using the same gdb display 
lines as I showed in the code above, right?   That means we have done these instructions:

  movl %esp , %ebp   #Get beginning stack location (presently in esp) into ebp.
  pushl $0x11        #Note that esp value (an address) is decremented with each
  pushl $0x2233      #push while ebp's value stays the same
  popl  %eax         #gets the last pushed value into eax

So there, we have pushed two values 'onto the stack'.
So what the heck is the stack???

It's an area of memory in which our process can place and retrieve values.
It's stored in a different area than the .bss or .data and .text sections are.
It is called 'the stack' because we primarily push and pop 4 byte words to and
from it... so a stack of words, you push one onto the stack, and pop one off.

Now, "push X onto the stack' is a tricky expression to use because it implies
that the new value is stored at a higher address we will see that succesive
values are placed at a lower addresses.  So,, the stack is upside down.

We are actually pushing values to the bottom of the stack....
This is an important thing to understand because in practical use of the
stack we will NOT be using variable names , ,  we will be refering to
values at addresses according to their relativity to a known address.

Like if I know the value of the base address, then I can subtract 4 bytes from
that which would give me tha address of where the first push stored a value.

Now for the obligatory illustration of four 4-byte 'words' on the stack:

base item:  base address  0xbfd4eff0   <--ESP start with this value
 1st item:     base -  4  0xbfd4efec      Note 4 byte difference
 2nd item:     base -  8  0xbfd4efe8      in address values
 3rd item:     base - 12  0xbfd4efe4      (also , your address values WILL be different)

There are registers especially for use with 'the stack':
ESP - Stack Pointer -holds address of last location that was pushed to
EBP - Base  Pointer -used to hold the address of a reference point or 'base'
ESI - Stack Index   -utility, to hold address to be accessed or an indice value

We can use these registers in many ways to manipulate the stack data.
But enough chat for now, lets see if I can demonstrate some things.
In gdb with display set up as I show at the bottom of the code section above,
I do first 3 instructions:
( Please play along on your own computer to really get a good feel )

(gdb) run
Starting program: /asm/myex/zat-24
Breakpoint 1, _start () at zat-24.s:11
11        movl %esp , %ebp   #Get beginning stack location into ebp.
4: /x $eax = 0x0
2: /x $esp = 0xbfd4eff0
1: /x $ebp = 0x0

(gdb) step
_start () at zat-24.s:12
12        pushl $0x11        #Note that esp value is decremented with each
4: /x $eax = 0x0
3: /x $ebx = 0x0
2: /x $esp = 0xbfd4eff0
1: /x $ebp = 0xbfd4eff0

(gdb)
_start () at zat-24.s:13
13        pushl $0x2233      #push while ebp's value stays the same
4: /x $eax = 0x0
3: /x $ebx = 0x0
2: /x $esp = 0xbfd4efec
1: /x $ebp = 0xbfd4eff0

(gdb) s
_start () at zat-24.s:16
16        popl  %eax         <--- stop when you see this line queued...
4: /x $eax = 0x0
3: /x $ebx = 0x0
2: /x $esp = 0xbfd4efe8
1: /x $ebp = 0xbfd4eff0

Remember the instruction you see queued up will be executed at the next step.
All the values you see are after the previous step.

You can see that EBP starts out with a 0 , (hey it's a 'NULL' pointer)...
... and ESP starts out with an address loaded.  An interesting address at that.
At that address is the value we in C and C++ know as 'argc'!   (more on this below)
So at the first instruction, I move that address into ebp so that ebp will hold
that 'base address' making it available to use later as a stack reference point
or 'base pointer' as the value in esp will soon change with this first push:
  pushl $0x11

So what about this 'push' thing.  Well, after the first push notice that
esp's value has decremented by 4.
  from: $esp = 0xbfd4eff0    to: $esp = 0xbfd4efec

In hex: f0 - 4 = ec   [ f0 , ef , ee , ed , ec ] see?  (if not study hex NOW)

So a PUSH :
- subtracts 4 from the address held in esp and
- 'writes' the specified  'word' (4 bytes)  of data to that new address.

And now the next push:
  pushl $0x2233

So after two pushes esp holds the address where the last pushed value is stored.
Now lets take a look at the values we have on the stack:
(gdb) x /xw $ebp
0xbfd4eff0:     0x00000001

(gdb) x /xw $ebp - 4          <--- Note the specification: address - 4 bytes
0xbfd4efec:     0x00000011

(gdb) x /xw $ebp - 8          <--- Note the specification: address - 8 bytes
0xbfd4efe8:     0x00002233

Now, esp should be pointing to that same location.  Does it? Of course it does:
(gdb) x /xw $esp
0xbfd4efe8:     0x00002233

Now above you see the value stored at ebp and say "what's with the 0x00000001 ?
That's the argc value!  Meaning that there is 1 command line argument.
That argument is the actual command path used to start the program.
  ( remember in C and C++ argv[0] ???  ,  there it really is! neat huh... )

The pointer to that argument (which is a string) will be at the next item up
on the stack.  I don't want to get into handling command line args at this
point other than to to mention that arg storage and retrieval is another
important function of the stack.  Briefly, as I said the CL arguments are
stored as strings and pointers to these strings are stored on the stack
leading up to the final argc whch we see there in ebp as 1.

Now remeber epb was left with that address loaded.  So I can refer upward in
memory to retrieve those values. xamine works well for that too.
First we need the address and work from that so I look 4 bytes up for that:

(gdb) x /xw $ebp + 4
0xbfd4eff4:     0xbfd4fbbd

Now use  /s format to print the zero terminated string found at that address.

(gdb) x /s  0xbfd4fbbd
0xbfd4fbbd:      "/home/howard/asm/myex/zat-24"

Or we can dereference that stack address:
Remember ebp held 0xbfd4eff0 ?  Well, we can add 4 to that manually and do:

(gdb) x /s *0xbfd4eff4
0xbfd4fbbd:      "/home/howard/asm/myex/zat-24"

Is  that cool? The * means dereference the address found at that address (how C like : )
If there were more command line args you would go up 4 more for each address.
That's enough on CL args... There was a thread not too long ago on that.(in nasm)
Before moving on, we can take a look up over our stack memory byte by byte too:

(gdb) x /16xb $esp
0xbfd4efe8:     0x33    0x22    0x00    0x00    0x11    0x00    0x00    0x00
0xbfd4eff0:     0x01    0x00    0x00    0x00    0xbd    0xfb    0xd4    0xbf

And we can match that up with this:

(gdb) x /4xw $esp
0xbfd4efe8:     0x00002233      0x00000011      0x00000001      0xbfd4fbbd

There are the values we pushed, argc , and argv[0]...
Something to note here is the address shown in argv[0].
We can subtract to see how far away it is located.  Lets see,
(Here is a bonus: math on the Linux shell command line: )

[howard@mybox myex]$ echo $[0x4fbbd - 0x4efe8]
3029

Well that's not very close by... like 3k away. Ok, let's move on...
Where was I... oh yeah beginning to pop values from the stack.
The last steps we took were:

(gdb)
_start () at zat-24.s:13
13        pushl $0x2233         <--- last step executed taken before
4: /x $eax = 0x0
3: /x $ebx = 0x0
2: /x $esp = 0xbfd4efec
1: /x $ebp = 0xbfd4eff0

(gdb) s
_start () at zat-24.s:16
16        popl  %eax
4: /x $eax = 0x0
3: /x $ebx = 0x0
2: /x $esp = 0xbfd4efe8        <--- esp incremented by pushl
1: /x $ebp = 0xbfd4eff0

(gdb) s
_start () at zat-24.s:17
17        movb  (%esp),  %al
4: /x $eax = 0x2233            <--- the popped value is in eax
3: /x $ebx = 0x0
2: /x $esp = 0xbfd4efec        <--- esp decremented by popl
1: /x $ebp = 0xbfd4eff0

(gdb)
18        popl  %eax
4: /x $eax = 0x2211            <--- note how movb effected only the al byte
3: /x $ebx = 0x0
2: /x $esp = 0xbfd4efec        <--- esp NOT decremented by movl
1: /x $ebp = 0xbfd4eff0

(gdb)
_start () at zat-24.s:21
21        movb $0, %bl
4: /x $eax = 0x11              <--- the final popl overwrote a all bits of eax
3: /x $ebx = 0x0
2: /x $esp = 0xbfd4eff0        <--- esp is back to original value
1: /x $ebp = 0xbfd4eff0

Ok, now I tried to note the points of interest with <--- comments above.
If you can follow along you see how the value of esp is back to where we began.
It is important to note that while the pointer is back the values placed out
in our stack 'frame' are still there.  Let's see:

(gdb) x /4xw $esp - 8
0xbfd4efe8:     0x00002233      0x00000011      0x00000001      0xbfd4fbbd

Yes they are , and will remain there until overwritten by subsequent pushes.
I'm not sure about how much of a security issue this could is to the pros.
I suppose you could push and pop zeros if you needed to be sure...
Note that I had to start the xamine print at esp - 8.  Know why!
I know it's confusing, but it's important to understand.
The more I play around with the stack the more I feel more comfortable

Ok so that's yer basic stack.  Hope it helps...
Now, as you move  into the 'power.s' function example keep in mind how I moved
esp value to ebp and used it as a base pointer and how the command line
argument was placed on the stack immediatly before that original esp address.
That is very similar to the C calling convention he demonstrates in power.s.

I'd recommend you experiment with this program until you are comfortable with
the pushes and pops , and then move to the power function and step through it
very slowly displaying all the register values concerned.  Make sure you understand each step before you move to the next one... etc.
Give it some time to soak in , you'll get it...

Code:

The EIP register (Instruction Pointer) holds the address of the next
instruction to be executed. It can be manipulated as you will see in the
power.s function example.  But if you want to view it in this example just use:
p $eip
or
display $eip    To dislplay it at every step.

For example: 
(gdb) step
_start () at zat-24.s:12
12        pushl $0x11        #Note that esp value (an address) is decremented with each
3: /x $eax = 0x0
2: /x $esp = 0xbfcac750
1: /x $ebp = 0xbfcac750
(gdb) p $eip
$1 = (void (*)()) 0x8048077 <_start+3>

You can use this to display the address for each instruciton of the entire code:

(gdb) disassemble
Dump of assembler code for function _start:
0x08048074 <_start+0>:  nop
0x08048075 <_start+1>:  mov    %esp,%ebp
0x08048077 <_start+3>:  push   $0x11
0x08048079 <_start+5>:  push   $0x2233
0x0804807e <_start+10>: pop    %eax
0x0804807f <_start+11>: mov    (%esp),%al
0x08048082 <_start+14>: pop    %eax
0x08048083 <_start+15>: mov    $0x0,%bl
0x08048085 <_start+17>: mov    $0x1,%eax
0x0804808a <_start+22>: int    $0x80
End of assembler dump.

You will also see the offset values like <_start+3>.
Now, if you used the compiling line with the -a  and  > zat-24.listing  it
should have produced a file by that name: zat-24.listing
That file will show some related interesting things as well. Mine looks like this:
----------
GAS LISTING zat-24.s                    page 1
   1                    .section .bss
   2                       .lcomm buf1, 8          #set aside 8 bytes
   3                    .section .data
   4 0000 01020304         num1: .int 0x04030201   #a 4 byte integer
   5                    .section .text
   6                    .global _start
   7                    _start:
   8 0000 90              nop
   9                      #Step through all these with gdb
  10
  11 0001 89E5            movl %esp , %ebp   #Get beginning stack location to ebp.
  12 0003 6A11            pushl $0x11        #esp value  decremented with each
  13 0005 68332200        pushl $0x2233      #push while ebp's value stays same
  13      00
  14 000a 58              popl  %eax         #gets the last pushed value into eax
  15                      #### STOP 1
  16
  17 000b 8A0424          movb  (%esp),  %al  #moves only 1 byte to al
  18 000e 58              popl  %eax          #same as above
  19                      #### STOP 2
  20
  21 000f B300            movb $0, %bl
  22 0011 B8010000        movl $1, %eax
  22      00
  23 0016 CD80            int $0x80
----------

So in that see column 1 is line number, column 2 is the offset, column 3 is the actual machine code to accomplish the human instruction which follows. nifty...
Note that these offset values are the same as the disassembly output.


Now what else did I want to say...  Oh yeah, storage areas and addresses...
I pointed out that the argv[0] address was in a certain area of memory.
I think it is interesting to imagine how the whole program exsists in memory.
I'm not sure how to get a dump on that but I can definitely  see some other
addresses and get a general picture by lining them up.

You may have noted that I declared some .bss and .data  data space in the prog.
.section .bss
   .lcomm buf1, 8          #set aside 8 bytes (zeroed) we can refer to as buf1
.section .data
   num1: .int 0x04030201   #a 4 byte integer

We can look at those addresses too , and along with that we can see the
address the code runs from and to as well. So I'll get some of them:
(gdb)    info address buf1
Symbol "buf1" is at 0x8049090 in a file compiled without debugging.
(gdb)    info address num1
Symbol "num1" is at 0x804908c in a file compiled without debugging.
(gdb) info address _start
Symbol "_start" is at 0x8048074 in a file compiled without debugging.
(gdb) info address _end
Symbol "_end" is at 0x8049098 in a file compiled without debugging.

So lining up some of those values I start to get a picture:
0xbfd4eff0    the stack base
3k gap
0xbfd4fbbd    argv[0]
  big-A gap
0x08048074     _start and first instruction
0x0804808a     last instruction  (as seen in dissassembly output)
0x0804908c     .data data num1 (4 bytes)
0x08049090     .bss  data buf1 (8 bytes)
0x08049098     _end    (hey I declared no _end... but it fits right in)

So I think you will agree , I need a life,,, NO I mean that is interesting. 

And finally in that vein... 
In case you weren't aware of it, these addresses we see are NOT the ACTUAL
memory addresses.  They are 'virtual addresses'.
The operating system assigns us a value and our code offsets are added to that.
Those are the values we see.  The reason for this is that it wants to keep the
real address a secret... (I kid , well maybe partially) but really, it is so the OS can move our program around. It can be plopped at one place of memory ,
swapped out to the hard drive to create space for some web crap, and swapped
back in after we finally kill that process and get our machine back!!!
At least thatis what I think... something like that.
Of course, this is ALL conjecture on my part...

good night

zatora · #56 12-Jan-2009, 12:25

Quote:

Originally Posted by Howard_L

You can see that EBP starts out with a 0 , (hey it's a 'NULL' pointer)...
... and ESP starts out with an address loaded. An interesting address at that.
At that address is the value we in C and C++ know as 'argc'!

Now above you see the value stored at ebp and say "what's with the 0x00000001 ?
That's the argc value! Meaning that there is 1 command line argument.
That argument is the actual command path used to start the program.
( remember in C and C++ argv[0] ??? , there it really is! neat huh... )
good night

Here you touched a gray zone in my c ++ ?
because i don't really get What is a pointer and that the NULL pointer ? is the null pointer a pointer initialized to zero

Also the arg[c] arg[v] i saw that in c but what is arg[c] anyway ?
i know a function like : double example_function(arg 1, arg 2, ......arg n)
but when it comes to something like main(arg[v]. arg[c]) i don't even know what is that

also i saw this and i did not get it
$1 = (void (*)()) 0x8048077 <_start+3>
i did obtain the same result when i did use gdb to examine the decimal value in ebp and eip and esp
so what is the start in void it is a pointer

Other than that i am following your last post and also i am working at the power function in chap 4

Howard_L · #57 12-Jan-2009, 14:16

Quote:

is the null pointer a pointer initialized to zero?

Yes ,, NULL is a defined constant, you can also assign 'NULL' to a pointer.
See what value prints for 'NULL' in C or C++.

Quote:

when it comes to something like main(arg[v]. arg[c]) i don't even know what is that

What do they teach you guys???
It's for getting user input from the command line and it's:

CPP / C++ / C Code:

int main( int argc, char * argv[])
{  ...

The value of argc is the number of command line arguments the user gave.
argv is a pointer to an array of pointers zero terminated strings.
Learn it NOW:
gidforums.com/t-14554.html?highlight=command+line+args

Quote:

also i saw this and i did not get it
$1 = (void (*)()) 0x8048077 <_start+3>

so what is the start in void it is a pointer

You left off the preceding command it's like this:

Code:

(gdb) p $eip
$1 = (void (*)()) 0x8048077 <_start+3>

'p' is short for the gdp print command. (use the gdb 'help' directive wor inline help)

It is saying that the value in (void*)eip is 0x8048077
and that that address is at <_start+3> (3 bytes up from _start)

Keep going over the function until you 'get it'

zatora · #58 13-Jan-2009, 01:16

I am so sorry i did not realize that i typed start intead of star
so i want to define a pionter first than why we see a void in the stack related registers we don't see values like what is void( *) i saw even functions written this way int func1(void())and this is what i wanted to say.
thank you ( i am reading the argc , argv[]) by the way you said what they teach us in school well listen tothis
1 - my first c++ class when we started functions i asked the teacher what is the difference between void and a non void function the answer was " the first does not return value and we can use to return more than one value) but the non void return only one value
2-my second class in c++ i goes what is the void type anyway and what is argc and argv[] the answer was:
well "it is a void type that does not return any value and he said don't worry too much about argc , argv[] for now.
but they charge 800$ per class to tell you that (LOL)
(lol : it said maybe it is not that funny after all)
bye for now

Howard_L · #59 13-Jan-2009, 13:12

Quote:

800$ per class to tell you that (LOL)

cha ching! , really , haha... NOT
But I guess they are teaching you something you seem to be doing pretty well.
I don't know why they try to start at the top...
Lack of basic understanding leaves you with way too many question marks. Yes?
Is your textbook any good? Do you use it???
Get yourself a K&R Second Eddition for C basics.

No offense but could you Capitalize the first letter of a sentence and end it
with a period for clarity. I'm getting old and it is hard to pick up where
you end one thought and begin the next.
Are you allowed to turn in work like that?

Think of 'void' as a datatype just like char, int etc..
The wierd thing though is that void means 'no datatype'. Strange huh.

So when we see:
void myfunction(void) { blah }

we are saying:
'no retun data' myfunction('no argument data')

These things need to be known so that the compiler can make code to handle
(or not for void) argument dataspace in the stack and/or retrieve return values.
I C when we declare a pointer we also associate a datatype with to like this:
char * cptr

The * indicates you want a pointer (an int size spce to hold an address),
and char indicates we intend to use it to point to char size data (1byte)
When we increment or derement the pointer it adjusts by sizeof char (1 byte).
If it were pointer to short it would be two, pointer to int: four, etc.
Now, we can also declare:
void * vptr;

vptr would have NO size associated with it.
So data size is a VERY big deal and people are interested to know... espeially when debugging!
gdb takes this into consideration with it's report:

Code:

gdb) p $eip
$1 = (void (*)()) 0x8048077 <_start+3>

...it is letting you know that EIP is a void pointer: A pointer to data of unknown size.

In assembly we have to handle size issues ourselves with things like movb, mov, movl, movq.
So it's not really of too much interest to us BUT gdb is for C and C++ too.
If you were debugging either of them it might be real handy to see that in
the printout in order to solve a problem. It could very well be the key!

Get too know these two references to know more about C in general and here is a primer (the pointer section):
Programming in C: A Tutorial Brian W. Kernighan lysator.liu.se/c/bwk-tutor.html#pointers

...and this is EXCELLENT:
A TUTORIAL ON POINTERS AND ARRAYS IN C by Ted Jensen
home.netcom.com/~tjensen/ptr/pointers.htm

zatora · #60 17-Jan-2009, 02:40

Hi, all
i was trying to follow the power function in chapter 4 where this is the source code.

CPP / C++ / C Code:

.section .data
.section .text
.globl _start
_start:
pushl $3 #push second argument
pushl $2 #push first argument
call power #call the function
addl $8, %esp #move the stack pointer back
pushl %eax #save the first answer before
#calling the next function
pushl $2 #push second argument
pushl $5 #push first argument
call power #call the function
addl $8, %esp #move the stack pointer back
popl %ebx #The second answer is already
#in %eax. We saved the
#first answer onto the stack,
#so now we can just pop it
#out into %ebx
addl %eax, %ebx #add them together
#the result is in %ebx
movl $1, %eax #exit (%ebx is returned)
int $0x80

.type power, @function
power:
pushl %ebp #save old base pointer
movl %esp, %ebp #make stack pointer the base pointer
subl $4, %esp #get room for our local storage
movl 8(%ebp), %ebx #put first argument in %eax
movl 12(%ebp), %ecx #put second argument in %ecx
movl %ebx, -4(%ebp) #store current result
power_loop_start:
cmpl $1, %ecx #if the power is 1, we are done
je end_power
movl -4(%ebp), %eax #move the current result into %eax
imull %ebx, %eax #multiply the current result by
#the base number
movl %eax, -4(%ebp) #store the current result
decl %ecx #decrease the power
jmp power_loop_start #run for the next power
end_power:
movl -4(%ebp), %eax #return value goes in %eax
movl %ebp, %esp #restore the stack pointer
popl %ebp #restore the base pointer
ret

well here is the problem ?
we pushed 3 on the stack so 3 is at esp-4
we pushed 2 on the stack so 2 is at esp-8
then we are calling power.
we pushed ebp on the stack so ebp is at esp-12
we copied the esp into ebp so ebp =esp-12
subl $4, %esp so our stack is at esp-16 (not sure here)
movl 8(ebp),%ebx so we are at the value 2 cuz ebp =esp-12
so if we add 8(ebp) then we are at the argument =2
movl 12(ebp), %ecx we are moving 12(ebp) =12(esp-12) which equal to 3
movl %ebx, -4(%ebp) so this is going back to where the esp were wich esp-16 or ebp-4 so we are moving the first arg=2 from ebx to ebp-4

if i am following it right till here then i am going into the right way other wise i need some intervention from your side.
(btw i had to this from work my pc is down and i am trying to fix so i can't use gdb )

on a different topic i am taking java class in school i googled some java compiler and i fount netbeans......(your comments here are needed please!!!)
also i am pround that i don't do Windows Anymore i just hate it i can believe 400$ for an OS (vista ultimate ) does it have 24k gold inside or what ???
thanks as always.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Rate This Thread
Rate This Thread:

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Mixing C and assembly in x86 - Makefile nuances	aijazbaig1	Assembly Language	3	23-Apr-2008 09:29
Tutorial: How to Make a Web 2.0-Style Logo	PhotoshopTrend	Graphics Forum	0	20-Sep-2007 06:57
Assemblers & assembly language	BlueFireCO.	Assembly Language	2	26-Mar-2007 10:56
Photoshop Tutorial: Make An Inspirational/Mystical Picture	ToddSAFM	Graphics Forum	9	09-Aug-2005 21:32