Graphics Programs Reference
In-Depth Information
End of assembler dump
(gdb) disass test_function()
Dump of assembler code for function test_function:
0x08048344 <test_function+0>: push ebp
0x08048345 <test_function+1>: mov ebp,esp
0x08048347 <test_function+3>: sub esp,0x28
0x0804834a <test_function+6>: mov DWORD PTR [ebp-12],0x7a69
0x08048351 <test_function+13>: mov BYTE PTR [ebp-40],0x41
0x08048355 <test_function+17>: leave
0x08048356 <test_function+18>: ret
End of assembler dump
(gdb)
When the program is run, the
main()
function is called, which simply calls
test_function()
.
When the
test_function()
is called from the
main()
function, the various
values are pushed to the stack to create the start of the stack frame as follows.
When
test_function()
is called, the function arguments are pushed onto the
stack in reverse order (since it's FILO). The arguments for the function are
1, 2, 3, and 4, so the subsequent push instructions push 4, 3, 2, and finally 1
onto the stack. These values correspond to the variables
d
,
c
,
b
, and
a
in the
function. The instructions that put these values on the stack are shown in
bold in the
main()
function's disassembly below.
(gdb) disass main
Dump of assembler code for function main:
0x08048357 <main+0>: push ebp
0x08048358 <main+1>: mov ebp,esp
0x0804835a <main+3>: sub esp,0x18
0x0804835d <main+6>: and esp,0xfffffff0
0x08048360 <main+9>: mov eax,0x0
0x08048365 <main+14>: sub esp,eax
0x08048367 <main+16>: mov DWORD PTR [esp+12],0x4
0x0804836f <main+24>: mov DWORD PTR [esp+8],0x3
0x08048377 <main+32>: mov DWORD PTR [esp+4],0x2
0x0804837f <main+40>: mov DWORD PTR [esp],0x1
0x08048386 <main+47>: call 0x8048344 <test_function>
0x0804838b <main+52>: leave
0x0804838c <main+53>: ret
End of assembler dump
(gdb)
Next, when the assembly call instruction is executed, the return
address is pushed onto the stack and the execution flow jumps to the start of
test_function()
at
0x08048344
. The return address value will be the location
of the instruction following the current EIP—specifically, the value stored
during step 3 of the previously mentioned execution loop. In this case, the
return address would point to the leave instruction in
main()
at
0x0804838b
.
The call instruction both stores the return address on the stack and jumps
EIP to the beginning of
test_function()
, so
test_function()
's procedure pro-
logue instructions finish building the stack frame. In this step, the current
value of EBP is pushed to the stack. This value is called the saved frame
