Hey Everyone, I am Vikram Salunke
and welcome to x86 Assembly
So, this is a video no 27
and this is a part 2 of Local Variables and
Arguments Passing
In this video we will execute our C Program
and we will analyse execution of assembly instructions
in Visual Studio, so let's get started
this is our C program
we already Built the program in a last video
so if you want to know what happens when
we click on Build or
when we click on Debug
then please watch my last video
now we want to Debug it
but before that we will set a Breakpoint here
then we will click on Debug
we will Right Click here and click on
Go to Disassembly
this is our Assembly code
these are our Registers
and this is our Stack
we will start the execution from main()
now currently ESP is pointing at
0012FF6C and that has value 00401328
that value is a return address of a function
who called main()
which is beyond our scope of program
so we will not go detail into that
as we saw in a previous video
EBP contains the stack frame pointer of that function
currently, EBP contains the stack frame pointer
of a function who called main()
and now that function called main()
so we will start execution from main()
now the first instruction in main()
is at 00401030 the first two lines
are responsible to setup a stack for a main()
for that we will push the old function's stack frame
onto the stack
after that we will move ESP into the EBP
and from that point the main()'s stack frame will begin
and main()'s all the local variables, arguments which
they are passing to another function will get stored
onto that stack frame
that's why the stack frame is very important
each function has it's own stack frame onto the stack
that stack frame contains that function's
local variables, registers and arguments that
needs to pass to another function
so, in this program the main() will have it's own stack frame
and the function() will have it's own stack frame
and main() will contain it's local variables,
it's registers, and the arguments which needs to
pass to the function()
and when we will execute from function()
the function() will contain it's own
local variables, it's registers etc.
first instruction is push ebp
EBP 0012FFB8
will get push onto the stack
let's Step Into that
EBP got pushed
after that esp will get move into ebp
esp is 0012FF68 that will get move into EBP
let's step into that
now ESP is into the EBP
and from this point
it will be main()'s stack frame onto the stack
as we saw earlier main() has 3 variables
int a, int b and int value
now the loader will allocate space
space for those variables onto the stack
int data types has 4 byte size
that' why for each variable
4 bytes will be allocated onto the stack
next instruction is subtract 0C from the ESP
now main() has 3 variables
each variable will have 4 bytes
so, the total space will be required
is 12 bytes
and 0C in hexadecimal represents 12
so, we will subtract 12 from the ESP
and using that instruction
the space will be allocated for 3 variables onto the stack
currently ESP is 0012FF68
let's step into that
as we can see we have subtracted 12 bytes from the ESP
and ESP is currently pointing at 0012FF5C
we have made space to store
3 local variables of main() onto the stack
next instruction is move 1 into the
pointer of a
now double word represents 32 bits
as we saw earlier for 3 variables
the space got allocated
and each space has it's own pointer
for variable 'a' the pointer will be ptr a
for variable 'b' the pointer will be ptr b
and for variable 'value' the pointer will be ptr value
now we will move 1 into the memory
where ptr a is pointing
let's step into that
as we can see
00000001 got moved onto the stack
and this was a location for ptr a
next we are moving 00000002 into
the memory allocated by ptr b
let's execute that
ok, 00000002 moved onto the stack
next C statement is we are calling function()
and passing 2 arguments 'a' and 'b'
now as we have seen in a cdecl video
when one function calls another function
and pass some arguments
those arguments will get push onto the stack
from right to left
in the right there is variable 'b'
in the left there is variable 'a'
so, 'b' will get push first
after that 'a' will get push
next instruction is
we are moving value pointed by ptr b into eax
step into that
as we can see
the value was pointed by pointer b was 00000002
and that got moved into EAX
next instruction is we will push that EAX
onto the stack
step into that
that got pushed onto the stack
next instruction is
we are moving value pointed by
ptr a into ECX
step into that
so, the value pointed by ptr b was 00000001
and that got moved into ECX
next instruction is we will push
that ECX onto the stack
step into that
0000001 got pushed onto the stack
after that main() is calling function()
when one function calls another function
the next instruction's address will get push
onto the stack
because when that function will finish it's execution
it can return to the calling function
using that return address
so, the next instruction address is 00401051
that will get push onto the stack
and after that EIP will point to 401000
to begin execution from function()
let's step into that
as we can see the return address
got pushed onto the stack
and EIP is now pointing to the 00401000
that's it for this video
the remaining part of this program
we will see in the next video
so, stay tuned
Thank you :)
Không có nhận xét nào:
Đăng nhận xét