Skip to content

Latest commit

 

History

History
57 lines (38 loc) · 2.48 KB

c-in-asm.md

File metadata and controls

57 lines (38 loc) · 2.48 KB
Raw

Notes made about how some of the features in C looks in the disassembly.

Note: The following notes have been made while watching the binary hacking series by LiveOverflow.

  • Values for the variables are first pushed on to the stack and for variables with data-type such as uint64_t in 32 bit assembly are shifted twice because of the size restriction.

Moving value to variable -> mov DWORD PTR [ebp-0xcc],0x1234

Moving 64bit value in 32bit arch -> mov DWORD PTR [ebp-0x98],0x1234 , mov DWORD PTR [ebp-0x94],0x0

  • In binary negative numbers are passed in hex format for eg. -0x1234 is passed as DWORD PTR [ebp-0xc0],0xffffedcc.

  • When assigning something to an array such as uint32_t m[10] = {0x0, 0x1, 0x22, 0x333, 0x4444}; the values are first pushed onto the stack and then later pushed into the original location in the array.

0x5655561a <+205>:	mov    DWORD PTR [ebp-0x40],0x1  //  Pushing the data on the stack

0x56555636 <+233>:	mov    eax,DWORD PTR [ebp-0x44]  // Moving data from the stack to
0x56555639 <+236>:	mov    DWORD PTR [ebp-0x6c],eax  // the original location in the array
  • Accessing particular key from the array such as a = m[2] looks something like the following in asm.
   0x56555673 <+294>:	mov    eax,DWORD PTR [ebp-0x64] //ebp-0x64 refers to m[2]
   0x56555676 <+297>:	mov    DWORD PTR [ebp-0xac],eax // assigning m[2] to a
  • Pointer variable usually stores the location in the memory and usually first the location of the value is loaded in the eax register and then moved to the location of the variable in the memory.

Eg: volatile const char *p = "AAAA";

ASM:

 0x5655568d <+320>:	lea    eax,[edx-0x17f8] // edx-0x17f8 holds the string AAAA and lea instruction just pushes the location into the eax register.
 0x56555693 <+326>:	mov    DWORD PTR [ebp-0xa8],eax // eax value is moved to the location ebp-0xa8 on the stack.

  • Return values are handled via EAX registers.

  • Arguments to the functions are pushed onto the stack mov eax,DWORD PTR [ebp-0x10] , push eax and later while returning the stack is shrinked to reset the stack pointer add esp,0x4.

  • Arguments are pushed to the stack in reverse order.

  • For 64-bit binaries, function arguments are first passed in certain registers:

1 - RDI
2 - RSI
3 - RDX
4 - RCX
5 - R8
6 - R9
  • popal “pops” values from the stack into all registers in the order EDI, ESI, EBP, EBX, EDX, ECX, and EAX.

---Will be kept updated everytime I encounter something new---