Graphics Programs Reference
In-Depth Information
Notice the two lines shown in bold on page 131. At this point, the EAX
register contains a pointer to the first command-line argument. This is also the
argument to
check_authentication()
. This first assembly instruction writes EAX
to where ESP is pointing (the top of the stack). This starts the stack frame for
check_authentication()
with the function argument. The second instruction
is the actual call. This instruction pushes the address of the next instruction
to the stack and moves the execution pointer register (EIP) to the start of the
check_authentication()
function. The address pushed to the stack is the return
address for the stack frame. In this case, the address of the next instruction is
0x080484bb
, so that is the return address.
(gdb) disass check_authentication
Dump of assembler code for function check_authentication:
0x08048414 <check_authentication+0>: push ebp
0x08048415 <check_authentication+1>: mov ebp,esp
0x08048417 <check_authentication+3>: sub esp,0x38
...
0x08048472 <check_authentication+94>: leave
0x08048473 <check_authentication+95>: ret
End of assembler dump.
(gdb) p 0x38
$3 = 56
(gdb) p 0x38 + 4 + 4
$4 = 64
(gdb)
Execution will continue into the
check_authentication()
function as EIP is
changed, and the first few instructions (shown in bold above) finish saving
memory for the stack frame. These instructions are known as the function
prologue. The first two instructions are for the saved frame pointer, and the
third instruction subtracts
0x38
from ESP. This saves 56 bytes for the local
variables of the function. The return address and the saved frame pointer
are already pushed to the stack and account for the additional 8 bytes of
the 64-byte stack frame.
When the function finishes, the
leave
and
ret
instructions remove the
stack frame and set the execution pointer register (EIP) to the saved return
address in the stack frame (
). This brings the program execution back to
the next instruction in
main()
after the function call at
0x080484bb
. This process
happens every time a function is called in any program.
(gdb) x/32xw $esp
0xbffff7a0: 0x00000000
0x08049744 0xbffff7b8 0x080482d9
0xbffff7b0:
0xb7f9f729 0xb7fd6ff4 0xbffff7e8 0x00000000
0xbffff7c0:
0xb7fd6ff4 0xbffff880 0xbffff7e8 0xb7fd6ff4
0xbffff7d0:
0xb7ff47b0 0x08048510 0xbffff7e8
0x080484bb
0xbffff7e0:
0xbffff9b7
0x08048510 0xbffff848 0xb7eafebc
0xbffff7f0: 0x00000002 0xbffff874 0xbffff880 0xb8001898
0xbffff800: 0x00000000 0x00000001 0x00000001 0x00000000
0xbffff810: 0xb7fd6ff4 0xb8000ce0 0x00000000 0xbffff848
