Date: Sat, 6 Mar 2004 14:26:51 +0000 From: chungwei Hsiung <chsiung2@buffalo.edu> To: freebsd-hackers@freebsd.org Subject: Re: Strange instructions in compiler output (was: A simple question) Message-ID: <20040306142651.314430be@bear.bflony.adelphia.net> In-Reply-To: <20040305233209.GO67801@wantadilla.lemis.com> References: <4048CA38.6040203@yahoo.com> <20040305233209.GO67801@wantadilla.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello everyone
Thanks for fellows' previous helps. I actually have a further question. I read an article that it says if I compile the following program
#include <stdio.h>
int main(){
char *name[2];
name[0] = "/bin/sh";
name[1] = NULL;
execve(name[0],name,NULL);
return 0;
}
by
gcc -o shellcode -ggdb -static shellcode.c
when i "disassemble execve" inside gdb, I should be able to see the assembly code for execve, but I can't see those codes for execve().
Does anyone know how I can get the assembly code and see how the execve() works??
btw, I am using gcc3.2.2
any help is really appreciated
best regards
Chungwei
On Sat, 6 Mar 2004 10:02:09 +1030
Greg 'groggy' Lehey <grog@FreeBSD.org> wrote:
> On Friday, 5 March 2004 at 13:43:04 -0500, Chungwei Hsiung wrote:
> > Hello..
> > I am super new to this list, and I have a simple question that I don't
> > know why it does that. I have a simple test program. I compile it, and
> > gdb to disassemble main. I got the following..
> >
> > 0x80481f8 <main>: push %ebp
> > 0x80481f9 <main+1>: mov %esp,%ebp
> > 0x80481fb <main+3>: sub $0x8,%esp
> > 0x80481fe <main+6>: and $0xfffffff0,%esp
> > 0x8048201 <main+9>: mov $0x0,%eax
> > 0x8048206 <main+14>: sub %eax,%esp
> > 0x8048208 <main+16>: movl $0x804a6ce,0xfffffff8(%ebp)
> > 0x804820f <main+23>: movl $0x0,0xfffffffc(%ebp)
> > 0x8048216 <main+30>: sub $0x4,%esp
> > 0x8048219 <main+33>: push $0x0
> > 0x804821b <main+35>: lea 0xfffffff8(%ebp),%eax
> > 0x804821e <main+38>: push %eax
> > 0x804821f <main+39>: pushl 0xfffffff8(%ebp)
> > 0x8048222 <main+42>: call 0x804823c <execve>
> > 0x8048227 <main+47>: add $0x10,%esp
> > 0x804822a <main+50>: mov $0x0,%eax
> > 0x804822f <main+55>: leave
> > 0x8048230 <main+56>: ret
> >
> > I don't know if at line 5, we move zero to %eax. why do we need to sub
> > %eax, %esp? why do we need to substract 0 from the stack pointer??
> > Any help is really appreciated.
>
> This is probably because you didn't optimize the output. You'd be
> surprised how many redundant instructions the compiler puts in under
> these circumstances. Try optimizing and see what the code looks like.
>
> If this *was* done with optimization, let's see the source code.
>
> Greg
> --
> Note: I discard all HTML mail unseen.
> Finger grog@FreeBSD.org for PGP public key.
> See complete headers for address and phone numbers.
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040306142651.314430be>