[b][red]This message was edited by _codist_ at 2004-9-12 13:27:16[/red][/b][hr]
Out of curiosity I disassembled a trivial executable I've written in C, and faced some problems fully understanding the output. Here's the source of the exectuable:
i = 1;
I compiled it using gcc 3.3.4 (command: gcc -o main main.c) and disassembled it using objdump 18.104.22.168.7 (command: objdump -d main). Here's the (shortened) output:
8048334: 55 push %ebp
8048335: 89 e5 mov %esp,%ebp
8048337: 83 ec 04 sub $0x4,%esp
804833a: c7 45 fc 01 00 00 00 movl $0x1,0xfffffffc(%ebp)
8048341: c9 leave
8048342: c3 ret
8048343: 55 push %ebp
8048344: 89 e5 mov %esp,%ebp
8048346: 83 ec 08 sub $0x8,%esp
8048349: 83 e4 f0 and $0xfffffff0,%esp
804834c: b8 00 00 00 00 mov $0x0,%eax
8048351: 29 c4 sub %eax,%esp
8048353: e8 dc ff ff ff call 8048334
8048358: b8 00 00 00 00 mov $0x0,%eax
804835d: c9 leave
804835e: c3 ret
804835f: 90 nop
As I understand this, the main function starts by setting up an 8 byte stack frame. Then the lowest 4 bits in esp are set to zero (line 8048349: and $0xfffffff0,%esp). What's the reason behind this? I'd have supposed that manipulations like that rather mess up the stack than do something useful ...
Anyway, I think I've got the rest of the main function. 0 is put in eax and is then substracted from esp (probably that's what they mean with the overhead C automatically adds), function() is called, 0 is put in eax again, the stack frame is cleared, and the function returns.
The function "function" also starts with the good old stack frame set up, sized 4 bytes this time to keep the lokal int variable. Then the value of the var is set to 1 (line 804833a: movl $0x1,0xfffffffc(%ebp)). What I don't really understand here is the way the addressing works - I thought that "0xfffffffc(%ebp)" means as much as "the memory address contained in ebp added to 0xfffffffc" - but then, the address refered to would already exceed 0xffffffff bytes if ebp is greater 3 ... What exactly does that mean, then? I expected something like movl $1,-4(%ebp) here ...
Any answers for the mentioned questions would be appreciated, and please also let me know if I any of my interpretations of the assembley code are wrong ... Looking forward to your answers!