1

So I have encounter something strange that I don't understand. I am reading theory about assembly, and I would like to know what does this Stack[0x4]:1 do.

undefined         AL:1           <RETURN>                                XREF[2]:     00010807(W),
                                                                                                   00010869(W)  
             undefined1        Stack[0x4]:1   param_1                                 XREF[1]:     00010779(*)

I dont understand it because the article says that this is -0x43, and by the way what does that - do in -0x43? Thanks.

aurora
  • 60
  • 1
  • 10
  • Sorry but I believe I didn't understand this part:```Stack[0x04] would represent parameter 1 (param_1)on the stack (each parameter is 4 bytes wide).I believe the :1 means that param_1 is a byte``` are you saying that 0x4 is stored/represented by 1 byte and there is 4 of them? And also is -0x43 just because it is local variable? – aurora Jul 11 '20 at 20:52
  • 1
    Could you perhaps add more information about the article you are referring to here? – fcdt Jul 11 '20 at 22:44
  • 1
    Any chance you are looking at: https://guyinatuxedo.github.io/04-bof_variable/tamu19_pwn1/index.html ? – Michael Petch Jul 12 '20 at 01:46
  • Sorry for late answer and yes I am refering to that article. – aurora Jul 13 '20 at 17:26

1 Answers1

0

I think you are confusing param_1 with input. Those are different things. param_1 since it's in main function would be renamed as argc. input is a buffer allocated on the stack that will be filled later with a call to gets.

param_1's since it's a parameter (in this ABI) be at positive offset from ESP - in this case 0x4 and input since it's local variable will be at negative offset from ESP in this case -0x43. This is due to the fact that stack grows towards lower addresses.

Back to Ghidra, Stack[0x4]:1 means that this parameter's value is passed via stack and the value is at offset 0x4 and Ghidra has identified that it's probably of a size of 1 byte.

Paweł Łukasik
  • 3,893
  • 1
  • 24
  • 36