{"id":3305,"date":"2022-10-29T05:00:04","date_gmt":"2022-10-28T23:30:04","guid":{"rendered":"https:\/\/cthecosmos.com\/?p=3305"},"modified":"2022-10-29T05:46:53","modified_gmt":"2022-10-29T00:16:53","slug":"peeking-into-the-assembly","status":"publish","type":"post","link":"https:\/\/cthecosmos.com\/?p=3305","title":{"rendered":"Peeking Into The Assembly"},"content":{"rendered":"\n
\n

Assembly is tough. How does the processing of c code takes place in assembly? What are the kinds of instructions that we could see? What is actually happening in this gigantic mesh of lines?

This is my small step to look into the assembly code of a small program\/ replicating a small segment of code that was explained very well by Ben Eater\u2019s Comparing C to Machine Language Yt video (link in the reference section).

Functions involved from the start of execution to the end:
<\/p>\n\n\n\n

<\/p>\n<\/div>\n\n\n\n

\"\"<\/figure>\n\n\n\n

<\/p>\n\n\n\n

The code: <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

<\/p>\n\n\n\n

In assembly: <\/p>\n\n\n\n

<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Before we jump into that, let’s just look at some common instruction sets that we encounter through this blog.

%rbp, %rsp<\/strong> are special purpose registers

%rbp <\/strong>is the base pointer which points to the base of the current stack frame

%rsp<\/strong> is the stack pointer which points to the top of the current stack frame

%rbp<\/strong> always has a higher value than %rsp<\/strong> because the stack starts at high memory address and grows downwards.

%eax, %ecx<\/strong> are general purpose registers

eax<\/strong>= Extended AX register ( a 32 bit register )

AX is 16 bits wide, the high byte can be accessed with Ah and the low byte with AL

RAX  is 64-bit register
<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Now coming to the code\u2026 (Please refer to the image and code parallelly.)

push %rbp
mov %rsp, %rbp<\/em><\/strong>

These are function prologue or preamble.
First, push the old base pointer onto the stack and save it for later.
Then copy the value of the stack pointer to the base pointer.
now %rbp<\/strong> points to the base of the main’s stack frame.

sub $0x10,%rsp<\/em><\/strong>

This instruction allocates space on the stack,

movl  $0x0, -0xc(%rbp)
movl  $0x1, -0x8(%rbp)<\/em><\/strong>

The parentheses indicate the memory address. Here rbp <\/strong>is the base register with -0xc<\/strong> displacement. This simply means %rbp<\/strong>  + -0xc<\/strong> i.e subtracting c(12)<\/strong> from the base pointer which moves to the current stack frame where the value 0<\/strong> is stored. Comparing it with the assembly code, we find that the value of x<\/strong> is 0<\/strong> and the value of y<\/strong> is 1<\/strong>, i.e at %rbp –  0xc<\/strong> the value of x<\/strong> is stored and at %rbp  – 0x8<\/strong> the value of y<\/strong> is stored.

mov -0xc(%rbp),%eax
mov %eax,%esi
lea 0xe95(%rip),%rax
mov %rax %rdi
mov $0x0,%eax
call 0x1050 <printf@plt><\/em><\/strong>


In the first line, we can see that the value stored in 0xc<\/strong> i.e value of x<\/strong> is being brought into eax<\/strong>. Here eax<\/strong> is one of the general-purpose registers.

In the Second Step, esi<\/strong> is a source index pointer that is used for strings and memory array copying. In this case, the memory array of eax<\/strong> is being copied into esi<\/strong>.

In the third line, lea<\/strong> means load effective address<\/strong>. lea<\/strong> moves the contents of the designated memory into the target location. Here the target location is rax<\/strong> i.e it will move the contents of 0xe95(%rip)<\/strong> to rax<\/strong>. Here rip<\/strong> is a special-purpose register and instruction pointer<\/strong>. So this instruction says, take the value stored at 0xe95<\/strong> and load it into rax<\/strong>.

In the fourth line, registers such as %rdi are<\/strong> commonly known as caller-save registers<\/strong> i.e they are not necessarily saved across function calls. %rdi<\/strong> is also used to pass the first six integer or pointer parameters to called functions.  %rax<\/strong> is usually used to store the function return value. These instructions are used to call a function. To call a function the program should place the first six integer or pointer parameters in the register. Here %rdi<\/strong> is doing the job.

In the fifth line, 0<\/strong> is being written into eax<\/strong> register. Here eax<\/strong> is a general-purpose register<\/strong>. The x86 calling convention dictates that a function\u2019s return value is stored in %eax<\/strong>, so the above instruction sets us up to return 0<\/strong> at the end of our function.

In the sixth line, This instruction calls the printf<\/strong> function

mov -0xc(%rbp),%edx
mov -0x8(%rbp),%eax
add %edx,%eax
mov %eax, -0x4(%rbp)<\/em><\/strong>

Now we are doing the z=x+y;<\/strong> operation. Here the values stored in x<\/strong> i.e at -0xc(%rbp)<\/strong> and y<\/strong> at -0x8(%rbp)<\/strong> are copied into edx<\/strong> and eax<\/strong> respectively.

Once that\u2019s done, the next operation adds the values and stores the result in %eax<\/strong>. Once the addition is done, the result that was stored in eax<\/strong> is copied to -0x4(%rbp)<\/strong>.

mov -0x8(%rbp),%eax
mov %eax,-0xc(%rbp)

mov -0x4(%rbp),%eax
mov %eax,-0x8(%rbp)<\/em><\/strong>

In these instructions we are loading the values into eax<\/strong> from respective memory locations and placing them in -0xc(%rbp)<\/strong> and -0x8(%rbp)<\/strong> respectively. They are nothing but the locations of x<\/strong> and y<\/strong>, and hence the following segment of code is being executed.  Here -0x4(%rbp)<\/strong> is where z<\/strong> is stored.

x=y;<\/strong>
y=z;<\/strong><\/em>

Once that\u2019s done, the compiler would be moving to the next step of execution, that is while(x<255);<\/strong> . The assembly instruction for the above line of code is cmpl $0xfe, -0xc(%rbp)<\/em><\/strong>. Here cmpl <\/strong>is an instruction that indicates to comparison of double word.

jle 0x1163 <main+26>
jmp 0x1155 <main+15><\/em><\/strong>

The last 2 instructions are jle<\/strong>, i.e jump if less than or equal and jmp<\/strong> where it jumps to label<\/strong>

So, that was some description on assembly code of a small code. I do agree there are many stones left unturned here. It was a good exploration for me. Hope you find this helpful.

The links in the reference section would definitely help you to dive more deeply.<\/p>\n\n\n\n

Thanks Y’all. Do share your opinion and don’t forget to follow to grab the first notification of my new blog posts.<\/p>\n\n\n\n

References:<\/strong>
1) Ben Eater  –  Comparing C to Machine Language: https:\/\/www.youtube.com\/watch?v=yOyaJXpAYZQ<\/a>
2) x64  cheat sheet – https:\/\/cs.brown.edu\/courses\/cs033\/docs\/guides\/x64_cheatsheet.pdf<\/a>
3) https:\/\/www.recurse.com\/blog\/7-understanding-c-by-learning-assembly<\/a>
4) https:\/\/medium.com\/swlh\/how-does-hello-world-actually-work-73a557be16eb<\/a>
5) https:\/\/cs61.seas.harvard.edu\/site\/2018\/Asm1\/<\/a>
6) A good number of tabs of stack overflow.
<\/p>\n","protected":false},"excerpt":{"rendered":"

Assembly is tough. How does the processing of c code takes place in assembly? What are the kinds of instructions that we could see? What is actually happening in this gigantic mesh of lines? This is my small step to look into the assembly code of a small program\/ replicating a small segment of code […]<\/p>\nRead More Peeking Into The Assembly<\/span><\/a>","protected":false},"author":120055267,"featured_media":3385,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_wpas_customize_per_network":false},"categories":[1342,28627],"tags":[10544,6595,2426,772321195,772321191,320749,12068,756676048,34922710,1727050,34920936,88026196,868553],"class_list":{"0":"post-3305","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","6":"hentry","7":"category-education","8":"category-embedded","9":"tag-analysis","10":"tag-assembly","11":"tag-c","12":"tag-c-programming","13":"tag-embedded","14":"tag-gdb","15":"tag-intel","16":"tag-intel-registers","17":"tag-linux-2","18":"tag-registers","19":"tag-ubuntu-2","20":"tag-ubuntu-app","21":"tag-x86","23":"fallback-thumbnail"},"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cthecosmos.com\/wp-content\/uploads\/2022\/10\/assembly_analysis.png?fit=541%2C510&ssl=1","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8CiEf-Rj","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/cthecosmos.com\/index.php?rest_route=\/wp\/v2\/posts\/3305","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cthecosmos.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cthecosmos.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cthecosmos.com\/index.php?rest_route=\/wp\/v2\/users\/120055267"}],"replies":[{"embeddable":true,"href":"https:\/\/cthecosmos.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3305"}],"version-history":[{"count":24,"href":"https:\/\/cthecosmos.com\/index.php?rest_route=\/wp\/v2\/posts\/3305\/revisions"}],"predecessor-version":[{"id":3387,"href":"https:\/\/cthecosmos.com\/index.php?rest_route=\/wp\/v2\/posts\/3305\/revisions\/3387"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cthecosmos.com\/index.php?rest_route=\/wp\/v2\/media\/3385"}],"wp:attachment":[{"href":"https:\/\/cthecosmos.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3305"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cthecosmos.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3305"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cthecosmos.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3305"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}