-5

I have some questions dealing with reading assembly instruction. I know the basic instruction syntax, but it gets confusing when some of the register comes with some address in front of it, or the question uses any of the strange instruction. Is there any easy to understand set of reference to the assembly instructions?

For example, I have a question to read these instruction:

0x401050    <what>:         push   %ebp
0x401051    <what+1>:       mov    %esp,%ebp
0x401053    <what+3>:       sub    $0xc,%esp
0x401056    <what+6>:       mov    0x8(%ebp),%eax
0x401059    <what+9>:       add    $0x4,%eax
0x40105c    <what+12>:      mov    %eax,0xfffffffc(%ebp)
0x40105f    <what+15>:      mov    0x8(%ebp),%eax
0x401062    <what+18>:      imul   0xc(%ebp),%eax
0x401066    <what+22>:      mov    %eax,0xfffffff8(%ebp)
0x401069    <what+25>:      mov    0xc(%ebp),%edx
0x40106c    <what+28>:      mov    0x8(%ebp),%eax
0x40106f    <what+31>:      sub    %edx,%eax
0x401071    <what+33>:      mov    %eax,0xfffffff4(%ebp)
0x401074    <what+36>:      mov    0xfffffff8(%ebp),%eax
0x401077    <what+39>:      add    0xfffffffc(%ebp),%eax
0x40107a    <what+42>:      add    0xfffffff4(%ebp),%eax
0x40107d    <what+45>:      leave
0x40107e    <what+46>:      ret
0x401089    <main>:         push   %ebp
0x40108a    <main+1>:       mov    %esp,%ebp
0x40108c    <main+3>:       sub    $0x18,%esp
0x40108f    <main+6>:       and    $0xfffffff0,%esp
0x401092    <main+9>:       mov    $0x0,%eax
0x401097    <main+14>:      mov    %eax,0xfffffff0(%ebp)
0x40109a    <main+17>:      mov    0xfffffff0(%ebp),%eax
0x40109d    <main+20>:      call   0x401420 <_alloca>
0x4010a2    <main+25>:      call   0x4014b0 <__main>
0x4010a7    <main+30>:      mov    0xc(%ebp),%eax
0x4010aa    <main+33>:      add    $0x4,%eax
0x4010ad    <main+36>:      mov    (%eax),%eax
0x4010af    <main+38>:      mov    %eax,(%esp)
0x4010b2    <main+41>:      call   0x4014d0 <atoi>
0x4010b7    <main+46>:      mov    %eax,0xfffffffc(%ebp)
0x4010ba    <main+49>:      mov    0xc(%ebp),%eax
0x4010bd    <main+52>:      add    $0x8,%eax
0x4010c0    <main+55>:      mov    (%eax),%eax
0x4010c2    <main+57>:      mov    %eax,(%esp)
0x4010c5    <main+60>:      call   0x4014d0 <atoi>
0x4010ca    <main+65>:      mov    %eax,0xfffffff8(%ebp)
0x4010cd    <main+68>:      mov    0xfffffff8(%ebp),%eax
0x4010d0    <main+71>:      inc    %eax
0x4010d1    <main+72>:      mov    %eax,0x4(%esp)
0x4010d5    <main+76>:      mov    0xfffffffc(%ebp),%eax
0x4010d8    <main+79>:      add    $0x2,%eax
0x4010db    <main+82>:      mov    %eax,(%esp)
0x4010de    <main+85>:      call   0x401050 <what>
0x4010e3    <main+90>:      mov    %eax,0xfffffff4(%ebp)
0x4010e6    <main+93>:      mov    0xfffffff4(%ebp),%eax
0x4010e9    <main+96>:      mov    %eax,0x4(%esp)
0x4010ed    <main+100>:     movl   $0x40107f,(%esp)
0x4010f4    <main+107>:     call   0x4014c0 <printf>
0x4010f9    <main+112>:     mov    $0x0,%eax
0x4010fe    <main+117>:     leave
0x4010ff    <main+118>:     ret

The questions are:

This program is invoked from the command line as shown: ./program 5 7 The procedure named what is called from main, with the following argument(s):

1)  6, 8
2)  7, 8
3)  5, 7
4)  7, 5

The procedure named what is called from main, and returns to main with the value:

1)  11
2)  24
3)  42
4)  66

Could anyone guide me how the instructions in this example works? Any suggestion or help would be appreciated. Thanks.

Uwe Plonus
  • 9,803
  • 4
  • 41
  • 48
shjnlee
  • 221
  • 2
  • 6
  • 20
  • 1
    What kind of help are you expecting? – A.S.H May 24 '15 at 14:56
  • 1
    Is `0xc(%ebp)` a "register with some address in front of it"? (Hint: it is not an "address".) Is the notation `0xfffffff8(%ebp)` confusing? (Hint: it's a negative number.) Please re-read your course notes. – Jongware May 24 '15 at 15:04
  • 1
    (Add.) .. the canonical reference for individual instructions is the Intel® 64 and IA-32 Architectures Software Developer’s Manual ([link to download page](http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html)), although the qualification "easy to understand" is heavily opinion and experience based. – Jongware May 24 '15 at 15:30
  • I think you should first try to learn some assembly basics by a tutorial or course, then much get clearer. Also be aware, that there are 2 different syntaxes for assembly: AT&T-Syntax and Intel-Syntax. Your code now is in AT&T-Syntax, which is uncommon for Intel-Processors. Also helpful would be to know where the assembly comes from (disassembled, from C code, ...) – Uwe Plonus Jul 02 '20 at 07:30

1 Answers1

-3

You should try and loading that binary into IDA. IDA gives you a better view of the structure and its easier to understand what it is you are trying to ask (aside from reading instructions).

Edit: https://www.hex-rays.com/products/ida/

This is for binaries, if it fits your needs, there is a free version of this software on the above page as well. You can use the demo version to do your work as well. I have used IDA Pro (demo) for viewing and editing iOS App Binaries.

To the comments below, you are the worst thing about Stack Exchange - therefore this is the last time I try to help. Reddit it is.

ShakeSpear
  • 27
  • 5