Graphics Programs Reference
In-Depth Information
(gdb) x/10i $eip
0x804838b <main+23>: cmp DWORD PTR [ebp-4],0x9
0x804838f <main+27>: jle 0x8048393 <main+31>
0x8048391 <main+29>: jmp 0x80483a6 <main+50>
0x8048393 <main+31>: mov DWORD PTR [esp],0x8048484
0x804839a <main+38>: call 0x80482a0 <printf@plt>
0x804839f <main+43>: lea eax,[ebp-4]
0x80483a2 <main+46>: inc DWORD PTR [eax]
0x80483a4 <main+48>: jmp 0x804838b <main+23>
0x80483a6 <main+50>: leave
0x80483a7 <main+51>: ret
(gdb)
The first instruction,
cmp
, is a compare instruction, which will compare
the memory used by the C variable
i
with the value 9. The next instruction,
jle
stands for
jump if less than or equal to
. It uses the results of the previous
comparison (which are actually stored in the EFLAGS register) to jump EIP
to point to a different part of the code if the destination of the previous
comparison operation is less than or equal to the source. In this case the
instruction says to jump to the address
0x8048393
if the value stored in memory
for the C variable
i
is less than or equal to the value 9. If this isn't the case,
the EIP will continue to the next instruction, which is an unconditional jump
instruction. This will cause the EIP to jump to the address
0x80483a6
. These
three instructions combine to create an if-then-else control structure:
If the
i
is less than or equal to 9, then go to the instruction at address
0x8048393
; otherwise,
go to the instruction at address
0x80483a6
. The first address of
0x8048393
(shown in
bold) is simply the instruction found after the fixed jump instruction, and
the second address of
0x80483a6
(shown in italics) is located at the end of the
function.
Since we know the value 0 is stored in the memory location being com-
pared with the value 9, and we know that 0 is less than or equal to 9, EIP
should be at
0x8048393
after executing the next two instructions.
(gdb) nexti
0x0804838f 6 for(i=0; i < 10; i++)
(gdb) x/i $eip
0x804838f <main+27>: jle 0x8048393 <main+31>
(gdb) nexti
8 printf("Hello, world!\n");
(gdb) i r eip
eip 0x8048393 0x8048393 <main+31>
(gdb) x/2i $eip
0x8048393 <main+31>: mov DWORD PTR [esp],0x8048484
0x804839a <main+38>: call 0x80482a0 <printf@plt>
(gdb)
As expected, the previous two instructions let the program execution
flow down to
0x8048393
, which brings us to the next two instructions. The
