Assembly Language Series: 0x02

Today I will be continuing the topic which I published in the last article of the Assembly Language Series.

Assembly Language Series: 0x02

First let’s recall what I have done till now. In the last article, I have discussed different types of useful registers like EBP, ESP, EIP and we tried to understand some of the instructions using gdb and according to the last article this is the scenario we have right now. If you have not read that article yet, I recommend reading it first here.

By using the command nexti I am going to execute the instruction pointed by EIP.

[ebp-0xc ] => 0x00

EIP => 0x565561d5

Okay, So let’s try to understand this instruction first:

EIP: 0x565561d5 (<main+60>:   cmp    DWORD PTR [ebp-0xc],0x9)

Here cmp is used, this means that gdb is going to compare two values present at these two addresses. The value present at [ebp-0xc] is 0x9, and from the previous article we know that value at [ebp-0xc] is 0x00. So it will compare the value 0x00 and 0x9.

These two values was compared and now the EIP points to the next instruction:

EIP: 0x565561d9 (<main+64>:   jle    0x565561bf <main+38>)

Here jle means, If the value present at [ebp-0xc] is less than equal to 0x9 then jump to the address 0x565561bf, and we already know that condition is true. Therefore the program flow will be redirected to the specified address, let’s check it by using the command nexti.

Umm this means we are going in the right direction and after that, some instructions don’t look to be useful for us. Still let me explain to you what is lea here.

lea stands for load effective address and there is a small difference between lea and mov instruction that is, unlike the mov instruction, lea instruction stores the address directly to the destination instead of storing the value contained in that address.

Address stored in EAX register before executing the lea instruction is 0xf7fad808. Now lets execute the next instruction and then we will check the address at EAX again.

Now we can see that the address stored at EAX is 0x56557008, now in the next instruction this address will be pushed at the top of the stack.

In the next instruction, the program is calling puts function and one of my friends told me that printf() is not visible in the disassembly. Instead, it’s being replaced by the puts() in line <main+11> The reason why this happens is because puts() is faster than printf() as it doesn’t parse the string passed to it. So, due to compiler optimization, the compiler automatically replaces the printf() call with a constant string as argument with puts() call.

This is how “Hello world” is printed on the display and in the next instruction program is adding 1 in the value present at address [ebp-0xc].

0x565561d1 <main+56>: add    DWORD PTR [ebp-0xc],0x1

Now the value 0x01 will be compared to the value 0x9 and again the condition is true. Therefore a jump will be taken and program flow will be redirected to the address 0x565561bf.

This cycle will be repeated till the value is less than equal to 0x9 and “Hello world” will be printed 10 times before the program exits. So we can predict that program is something like this:

#include <stdio.h>
int main()
    {
        int i;<br>
        for(i=0;i<10;i++)
        {
            printf("Hello world\n");
        }
    }

Thanks for reading , I hope you like my explanation. If you find any mistakes or have any query, then please let me know, you can send an email to yashsaxena986@gmail.com.

NOTE: The awesome artwork used in this article was created by Paul Sirmon.