How to know what are valid and missing cases in this switch assembly code

Question

I have this homework from school and I do not get how to know which are valid and missing cases for this switch statement. I mean, I know that the first case is going to be 50 and I will have cases from 50 to 55 but how can I know what statement pertains to 50,51... etc. I don't get this. Thank you in advance.

This problem will give you a chance to reverse engineer a switch statement from machine code. In the following procedure, the body of the switch statement has been removed:
1 int switch_prob(int x, int n)
2 {
3     int result = x;
4
5     switch(n) {
6
7          /* Fill in code here */    
8     }    
9 
10     return result;    
11 }
Figure 3.44 shows the disassembled machine code for the procedure. We can see in lines 4 and 5 that parameters x and n are loaded into registers %eax and %edx, respectively.

The jump table resides in a different area of memory. We can see from the indirect jump on line 9 that the jump table begins at address 0x80485d0. Using the gdb debugger, we can examine the six 4-byte words of memory comprising the jump table with the command x/6w 0x80485d0. gdb prints the following:
(gdb) x/6w 0x80485d0
0x80485d0: 0x08048438 0x08048448 0x08048438 0x0804843d
0x80485e0: 0x08048442 0x08048445
Fill in the body of the switch statement with C code that will have the same behavior as the machine code.
1  08048420 <switch_prob>:
2  8048420: 55                      push %ebp
3  8048421: 89 e5                   mov %esp,%ebp
4  8048423: 8b 45 08                mov 0x8(%ebp),%eax
5  8048426: 8b 55 0c                mov 0xc(%ebp),%edx
6  8048429: 83 ea 32                sub $0x32,%edx
7  804842c: 83 fa 05                cmp $0x5,%edx
8  804842f: 77 17                ja 8048448 <switch_prob+0x28>
9  8048431: ff 24 95 d0 85 04 08    jmp *0x80485d0(,%edx,4)
10  8048438: c1 e0 02               shl $0x2,%eax
11  804843b: eb 0e                  jmp 804844b <switch_prob+0x2b>
12  804843d: c1 f8 02               sar $0x2,%eax
13  8048440: eb 09                  jmp 804844b <switch_prob+0x2b>
14  8048442: 8d 04 40               lea (%eax,%eax,2),%eax
15  8048445: 0f af c0               imul %eax,%eax
16  8048448: 83 c0 0a               add $0xa,%eax
17  804844b: 5d                     pop %ebp
18  804844c: c3                     ret
Figure 3.44

The idea is to interpret the instructions to see which cases are handled. — Erik Eidt, Oct 28 '21 at 02:31
You look at the addresses in the jump table and see which code block is jumped to for which index. — Peter Cordes, Oct 28 '21 at 02:41
@PeterCordes That is what I am trying to understand but I don't even understand it. Let's say that index is 1. What will be the code block and why? This is what I have been trying to understand. Thank you for helping me. — Dany Nuñez, Oct 28 '21 at 02:49
Right. And what machine code is at address `8048448` in your disassembly? — Peter Cordes, Oct 28 '21 at 03:21
@PeterCordes "add $0xa,%eax" Let me see if I understand. 0x08048438 would be index 0, 0x08048448 [1], 0x08048438 [2], and 0x0804843d [3]? If so, what 0x80485e0: 0x08048442 0x08048445 means? Sorry, this is my first class with assembly code — Dany Nuñez, Oct 28 '21 at 03:26
Your GDB line-wraps after 4x 32-bit chunks. (What GDB calls words, what x86 calls dwords). `0x80485e0:` is the starting address of the next line of e`x`amine memory dump output, holding the last two entries of the array. — Peter Cordes, Oct 28 '21 at 03:27
@PeterCordes Can you help me to understand this expression? "lea (%eax,%eax,2),%eax" Is it %eax = %eax * 3? If so, why? — Dany Nuñez, Oct 28 '21 at 16:45
Yes, it's `%eax = %eax * 3`. The `lea` instruction computes an effective address, where the first parameter is the base address, the second parameter is an index and the third parameter (which must be 2, 4, or 8) is the scale. So `lea (base, index, scale), %eax` is the same as `eax = base + (index * scale)`. — user3386109, Oct 28 '21 at 19:11

How to know what are valid and missing cases in this switch assembly code

0 Answers0