Assembly code involving compare

Question

080484b4 <main>:
 80484b4:   55                      push   %ebp
 80484b5:   89 e5                   mov    %esp,%ebp
 80484b7:   57                      push   %edi
 80484b8:   53                      push   %ebx
 80484b9:   83 e4 f0                and    $0xfffffff0,%esp
 80484bc:   83 ec 40                sub    $0x40,%esp
 80484bf:   65 a1 14 00 00 00       mov    %gs:0x14,%eax
 80484c5:   89 44 24 3c             mov    %eax,0x3c(%esp)
 80484c9:   31 c0                   xor    %eax,%eax
 80484cb:   c7 44 24 20 00 00 00    movl   $0x0,0x20(%esp)
 80484d2:   00 
 80484d3:   b8 70 86 04 08          mov    $0x8048670,%eax
 80484d8:   89 04 24                mov    %eax,(%esp)
 80484db:   e8 c0 fe ff ff          call   80483a0 <printf@plt>
 80484e0:   b8 81 86 04 08          mov    $0x8048681,%eax
 80484e5:   8d 54 24 28             lea    0x28(%esp),%edx
 80484e9:   89 54 24 04             mov    %edx,0x4(%esp)
 80484ed:   89 04 24                mov    %eax,(%esp)
 80484f0:   e8 fb fe ff ff          call   80483f0 <__isoc99_scanf@plt>
 80484f5:   c7 44 24 20 00 00 00    movl   $0x0,0x20(%esp)
 80484fc:   00 
 80484fd:   eb 3f                   jmp    804853e <main+0x8a>
 80484ff:   8b 44 24 20             mov    0x20(%esp),%eax
 8048503:   05 20 a0 04 08          add    $0x804a020,%eax
 8048508:   0f b6 10                movzbl (%eax),%edx
 804850b:   8b 44 24 20             mov    0x20(%esp),%eax
 804850f:   31 d0                   xor    %edx,%eax
 8048511:   88 44 24 27             mov    %al,0x27(%esp)
 8048515:   8d 44 24 28             lea    0x28(%esp),%eax
 8048519:   03 44 24 20             add    0x20(%esp),%eax
 804851d:   0f b6 00                movzbl (%eax),%eax
 8048520:   3a 44 24 27             cmp    0x27(%esp),%al
 8048524:   74 13                   je     8048539 <main+0x85>
 8048526:   c7 04 24 84 86 04 08    movl   $0x8048684,(%esp)
 804852d:   e8 8e fe ff ff          call   80483c0 <puts@plt>
 8048532:   b8 01 00 00 00          mov    $0x1,%eax
 8048537:   eb 41                   jmp    804857a <main+0xc6>
 8048539:   83 44 24 20 01          addl   $0x1,0x20(%esp)
 804853e:   8b 5c 24 20             mov    0x20(%esp),%ebx
 8048542:   b8 20 a0 04 08          mov    $0x804a020,%eax
 8048547:   c7 44 24 1c ff ff ff    movl   $0xffffffff,0x1c(%esp)
 804854e:   ff 
 804854f:   89 c2                   mov    %eax,%edx
 8048551:   b8 00 00 00 00          mov    $0x0,%eax
 8048556:   8b 4c 24 1c             mov    0x1c(%esp),%ecx
 804855a:   89 d7                   mov    %edx,%edi
 804855c:   f2 ae                   repnz scas %es:(%edi),%al
 804855e:   89 c8                   mov    %ecx,%eax
 8048560:   f7 d0                   not    %eax
 8048562:   83 e8 01                sub    $0x1,%eax
 8048565:   39 c3                   cmp    %eax,%ebx
 8048567:   72 96                   jb     80484ff <main+0x4b>
 8048569:   c7 04 24 8b 86 04 08    movl   $0x804868b,(%esp)
 8048570:   e8 4b fe ff ff          call   80483c0 <puts@plt>
 8048575:   b8 00 00 00 00          mov    $0x0,%eax
 804857a:   8b 54 24 3c             mov    0x3c(%esp),%edx
 804857e:   65 33 15 14 00 00 00    xor    %gs:0x14,%edx
 8048585:   74 05                   je     804858c <main+0xd8>
 8048587:   e8 24 fe ff ff          call   80483b0 <__stack_chk_fail@plt>
 804858c:   8d 65 f8                lea    -0x8(%ebp),%esp
 804858f:   5b                      pop    %ebx
 8048590:   5f                      pop    %edi
 8048591:   5d                      pop    %ebp
 8048592:   c3                      ret

I'm confused in the instruction that uses "cmp". It compares whatever is pointing to 0x27(%esp) with %eax.

However, when I try to see what is inside of 0x27(%esp) it just gives me in return a xor.

And also the content of %al is 65 in decimal. I don't understand what is going on here with the cmp. Can you have an Instruction that compares another instruction XOR with the value of a register? What is the result?

NOTE: the 0x414141 is because I inserted in a previous scanf 3 A's.

Please copy the code as text into the question. We also need more context, but it might be a decryption code. Or maybe you just disassembled some data on the stack which happened to be the machine code for a `xor`. — Jester, Feb 24 '16 at 01:57
How did something you entered into a `scanf` end up being a constant in the machine code? Is this code dynamically generated, or are you looking at something that's not code at all? — Matti Virkkunen, Feb 24 '16 at 02:06
There we go, I didn't thought you could put the whole thing in. But that should be easier for all of you to help. — Joe, Feb 24 '16 at 02:08
sorry, I'm not very good with this disassembling thing. What is it that you want me to do and I will gladly post it. — Joe, Feb 24 '16 at 02:14
We want you to ask a question :) The `xor` in the image is there because you disassembled a local variable as if it was code. It isn't. The program itself is doing some magic with an array. `cmp 0x27(%esp),%al` is just comparing a local variable with a value. — Jester, Feb 24 '16 at 02:15
Inside the instruction of cmp there is a 0x27(%esp), when I examine the stack in gdb "x $esp + 0x27" it outputs me another instruction which is "xor $0x414141, $eax" and then compares this to the register %al. Why is it doing this? What is going on here? — Joe, Feb 24 '16 at 02:20
gdb is disassembling it instead of showing it as data which it really is. Maybe your default format is set to instruction. Do `x/b $esp+0x27` and you should see the data byte. It should be `0x35` (`53`). — Jester, Feb 24 '16 at 02:21
So it is comparing 53 in decimal with %al? (Which currently is 65 in decimal ) — Joe, Feb 24 '16 at 02:24
ah i see, so once I put x /b $esp + 0x27, the rest of the x $esp+0x27 will remain examined as /b instead of the default format that I have. Right? At least that's what I see that's happening. — Joe, Feb 24 '16 at 02:34
Yes, `help x` actually says `Defaults for format and size letters are those previously used.` — Jester, Feb 24 '16 at 02:37

Assembly code involving compare

0 Answers0