StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PODissassembling a C function in GDB. Clarification on GAS Assembly instructions
primarykey
Id
18965631
data
AcceptedAnswerId
18967461
AnswerCount
3
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2013-09-23T17:47:43.120
FavoriteCount
0
LastActivityDate
2013-09-23T19:40:52.637
LastEditDate
2013-09-23T18:05:33.783
LastEditorUserId
409263
OwnerUserId
409263
ParentId
0
PostTypeId
1
Score
2
ViewCount
902
LastEditorDisplayName
text
Body
I have a C function written here ( It does have a buffer overflow vulnerability ) <pre><code>void func(char *str) { char buffer[12]; int a=9; strcpy(buffer,str); } </code></pre> Its assembly in gdb translates to <pre><code>|0x4005b4 <func> push %rbp |0x4005b5 <func+1> mov %rsp,%rbp |0x4005b8 <func+4> sub $0x40,%rsp |0x4005bc <func+8> mov %rdi,-0x38(%rbp) |0x4005c0 <func+12> mov %fs:0x28,%rax |0x4005c9 <func+21> mov %rax,-0x8(%rbp) |0x4005cd <func+25> xor %eax,%eax |0x4005cf <func+27> movl $0x9,-0x24(%rbp) |0x4005d6 <func+34> mov -0x38(%rbp),%rdx |0x4005da <func+38> lea -0x20(%rbp),%rax |0x4005de <func+42> mov %rdx,%rsi |0x4005e1 <func+45> mov %rax,%rdi |0x4005e4 <func+48> callq 0x400490 <strcpy@plt> |0x4005e9 <func+53> mov -0x8(%rbp),%rax |0x4005ed <func+57> xor %fs:0x28,%rax |0x4005f6 <func+66> je 0x4005fd <func+73> |0x4005f8 <func+68> callq 0x4004a0 <__stack_chk_fail@plt> |0x4005fd <func+73> leaveq |0x4005fe <func+74> retq </code></pre> <code>rdi</code> contains the address of the original character array passed to the function. 1.In <code>func+8</code>, is moving this rdi value to -0x38(rbp) to save the value in local variable str of the function or does it have any other implications? 2.What does the instruction at <code>func+8</code> accomplish? Is there anyway in gdb or in linux to view the contents of the <code>fs segment</code>? 3.What do the instructions <code>func+12</code> to <code>func+25</code> do? EDIT: I compiled this in gcc 4.6.3 with -O0 
Tags
<c><linux><assembly><gdb><gas>
Title
Dissassembling a C function in GDB. Clarification on GAS Assembly instructions
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USwoodstok
UserOwnerUserId
1. USwoodstok
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
3. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PODissassembling a C function in GDB. Clarification on GAS Assembly instructions
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.