Assembler school task

[durus]

I have got a task to solve, it's a program (bomb) that i have to debug to see witch strings it needs to defuse the bomb.
The problem is that we haven't programed any assembler before and there for i want to ask if i do understand the code right. We are using dbg to debug the code. You can see the code herehttp://www.csc.kth.se/~yvari/phase_2

So to my questions, can you tell me if i understands the code right and answer my questions
You do see some comments i have done to the code here http://www.csc.kth.se/~yvari/phase_2commented

I also want to know the difference between push and pushl, lea and leal. I know that the xxxl is for 4 bytes, but how many bytes does push and lea work with ?

My book says that leal "loads effective adress" what does that mean ?

thank you for helping me

[supirman]

In AT&T syntax, which you're using, the operand size is specified as the suffix of the instruction name -- b is for byte, w is word, l is long. If you don't specify one of these, then the assembler will try to guess from the operands provided (%eax is 32 bits, %al would be 8, and so on). If it can't decide, it defaults to 32 bits.

For the line

Code:

lea    0xffffffd8(%ebp),%eax

look at http://www.cs.princeton.edu/courses/...chitecture.pdf
page 23.

It's been a while since I've fiddled with AT&T style IA-32 assembly, but I think it's basically adding 0xffffffd8 (which is really -40) to whatever is in ebp, and storing it in eax. Also note that 40 decimal is the same as 28 hex (look at the line a few above it, with sub 0x28,esp). It looks like it's just putting the address of esp into eax.

Again, it's been quite a while since I've looked at assembly, so this is likely not 100% accurate.

[rplantz]

Your comments are pretty close. Please allow me to modify them:

Code:

push   %ebp			save caller's frame pointer
mov    %esp,%ebp			New frame pointer = stack pointer
push   %esi			save %esi
push   %ebx			save %ebx
sub    $0x28,%esp			allocate space for local variables
mov    $0x0,%esi			%esi = 4bytes zeros
lea    0xffffffd8(%ebp),%eax		get address of beginning of local variable area
push   %eax			arg 2 for read_six_numbers
pushl  0x8(%ebp)			arg 1 for read six_numbers (the arg for this function wich is 4 bytes)
call   8048c59 <read_six_numbers>	calls function

If you draw a picture, you will see that the frame pointer, ebp, is pointing to the saved value of the caller's frame pointer, esi and ebx are stored next on the stack, and the code has reserved 40 bytes on the stack for local variables. The stack pointer, esp, can still be used for pushing and popping without worrying about trashing the local variable area. (This statement assumes that you observe proper stack protocol.)

The previous poster is correct. lea means "load effective address". lea 0xffffffd8(%ebp),%eax places the value of 0xffffffd8 added to whatever is in ebp in eax. movl 0xffffffd8(%ebp) would perform the same address computation (0xffffffd8 + whatever is in ebp), but it would copy the 32-bit value at this address into eax.

My remarks about reserving space on the stack for local variables does not take into account various manipulations that might be done to achieve specific address values in esp. Take a look at what gcc does to a simple C function. If you use the -S option (that's upper-case S), it will generate foo.s from foo.c, which contains the assembly language generated by the compiler.

I've taught this material since 1999 and have even written a book on it. I still have not figured out all the things that the compiler does with esp at the beginning of a function. Some of them are intended to keep the stack at certain address boundaries. And it's getting much more complex with newer versions of gcc. I think this has to do with designing gcc to handle the x86-64 architecture, which tends to pass arguements in registers instead of on the stack. I'm still learning about this.

Finally, I am writing all this to help you in your assignment because it's clear that you have made a good attempt at understanding it before asking for help. I enjoy helping people who want to learn.

[Lux Perpetua]

I've taught this material since 1999 and have even written a book on it. I still have not figured out all the things that the compiler does with esp at the beginning of a function. Some of them are intended to keep the stack at certain address boundaries. And it's getting much more complex with newer versions of gcc.

That makes me feel somewhat better, because this kind of thing makes me say WTF:

Code:

        pushl   %ebp
        movl    %esp, %ebp
        subl    $24, %esp
        andl    $-16, %esp
        movl    $0, %eax
        addl    $15, %eax
        addl    $15, %eax
        shrl    $4, %eax
        sall    $4, %eax
        subl    %eax, %esp

The green code makes sense to me: saving the frame pointer, reserving stack space, and aligning the stack pointer, but why the fancy footwork afterward?