callReturnExploration.s

Transcript

1. Calling functions by Pushing and Jumping callReturnExploration.s

2. LC0: .ascii "%d\n\0" .text .globl _function _function:: movl $99, %eax

   # ret popl %ecx jmp *%ecx .globl _main _main:: pushl %ebp Program starts here

3. LC0: .ascii "%d\n\0" .text .globl _function _function:: movl $99, %eax

   # ret popl %ecx jmp *%ecx .globl _main _main:: pushl %ebp 8(%esp) argv 4(%esp) argc (%esp) return addr %esp 28ff2c %ebp old %ebp %eax $0

4. _function:: ... .globl _main _main:: pushl %ebp movl %esp, %ebp

   subl $8, %esp # call _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) 8(%esp) argv 4(%esp) argc (%esp) return addr %esp 28ff2c %ebp old %ebp %eax $0

5. _function:: ... .globl _main _main:: pushl %ebp movl %esp, %ebp

   subl $8, %esp # call _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) %esp 28ff28 %ebp old %ebp %eax $0 12(%esp) argv 8(%esp) argc 4(%esp) return addr (%esp) old %ebp

6. _function:: ... .globl _main _main:: pushl %ebp movl %esp, %ebp

   subl $8, %esp # call _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) %esp 28ff28 %ebp old %ebp %eax $0 12(%esp) argv 8(%esp) argc 4(%esp) return addr (%esp) old %ebp

7. _function:: ... .globl _main _main:: pushl %ebp movl %esp, %ebp

   subl $8, %esp # call _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) %esp 28ff28 %ebp 28ff28 %eax $0 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp

8. _function:: ... .globl _main _main:: pushl %ebp movl %esp, %ebp

   subl $8, %esp # call _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) %esp 28ff28 %ebp 28ff28 %eax $0 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp

9. _function:: ... .globl _main _main:: pushl %ebp movl %esp, %ebp

   subl $8, %esp # call _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) %esp 28ff20 %ebp 28ff28 %eax $0 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 4(%esp) (%esp)

10. _function:: ... .globl _main _main:: pushl %ebp movl %esp, %ebp

    subl $8, %esp # call _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) %esp 28ff20 %ebp 28ff28 %eax $0 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 4(%esp) (%esp)

11. _function:: ... .globl _main _main:: pushl %ebp movl %esp, %ebp

    subl $8, %esp # call _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) %esp 28ff1c %ebp 28ff28 %eax $0 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 8(%esp) 4(%esp) (%esp) $retAddr

12. _function:: ... .globl _main _main:: pushl %ebp movl %esp, %ebp

    subl $8, %esp # call _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) %esp 28ff1c %ebp 28ff28 %eax $0 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 8(%esp) 4(%esp) (%esp) $retAddr

13. _function:: ... .globl _main _main:: pushl %ebp movl %esp, %ebp

    subl $8, %esp # call _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) %esp 28ff1c %ebp 28ff28 %eax $0 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 8(%esp) 4(%esp) (%esp) $retAddr

14. _function:: movl $99, %eax # ret popl %ecx jmp *%ecx

    .globl _main _main:: pushl %ebp movl %esp, %ebp subl $8, %esp # call _function pushl $retAddr %esp 28ff1c %ebp 28ff28 %eax $0 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 8(%esp) 4(%esp) (%esp) $retAddr

15. _function:: movl $99, %eax # ret popl %ecx jmp *%ecx

    .globl _main _main:: pushl %ebp movl %esp, %ebp subl $8, %esp # call _function pushl $retAddr %esp 28ff1c %ebp 28ff28 %eax $0 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 8(%esp) 4(%esp) (%esp) $retAddr

16. _function:: movl $99, %eax # ret popl %ecx jmp *%ecx

    .globl _main _main:: pushl %ebp movl %esp, %ebp subl $8, %esp # call _function pushl $retAddr 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 8(%esp) 4(%esp) (%esp) $retAddr %esp 28ff1c %ebp 28ff28 %eax $99

17. _function:: movl $99, %eax # ret popl %ecx jmp *%ecx

    .globl _main _main:: pushl %ebp movl %esp, %ebp subl $8, %esp # call _function pushl $retAddr 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 8(%esp) 4(%esp) (%esp) $retAddr %esp 28ff1c %ebp 28ff28 %eax $99

18. _function:: movl $99, %eax # ret popl %ecx jmp *%ecx

    .globl _main _main:: pushl %ebp movl %esp, %ebp subl $8, %esp # call _function pushl $retAddr 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 4(%esp) (%esp) %esp 28ff20 %ebp 28ff28 %eax $99 %ecx $retAddr

19. _function:: movl $99, %eax # ret popl %ecx jmp *%ecx

    .globl _main _main:: pushl %ebp movl %esp, %ebp subl $8, %esp # call _function pushl $retAddr 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 4(%esp) (%esp) %esp 28ff20 %ebp 28ff28 %eax $99 %ecx $retAddr

20. pushl %ebp movl %esp, %ebp subl $8, %esp # call

    _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) movl $LC0, (%esp) call _printf movl $0, %eax leave ret 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 4(%esp) (%esp) %esp 28ff20 %ebp 28ff28 %eax $99 %ecx $retAddr

21. pushl %ebp movl %esp, %ebp subl $8, %esp # call

    _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) movl $LC0, (%esp) call _printf movl $0, %eax leave ret 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 4(%esp) (%esp) %esp 28ff20 %ebp 28ff28 %eax $99

22. pushl %ebp movl %esp, %ebp subl $8, %esp # call

    _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) movl $LC0, (%esp) call _printf movl $0, %eax leave ret 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 4(%esp) (%esp) %esp 28ff20 %ebp 28ff28 %eax $99

23. pushl %ebp movl %esp, %ebp subl $8, %esp # call

    _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) movl $LC0, (%esp) call _printf movl $0, %eax leave ret 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 4(%esp) $99 (%esp) %esp 28ff20 %ebp 28ff28 %eax $99

24. pushl %ebp movl %esp, %ebp subl $8, %esp # call

    _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) movl $LC0, (%esp) call _printf movl $0, %eax leave ret 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 4(%esp) $99 (%esp) %esp 28ff20 %ebp 28ff28 %eax $99

25. pushl %ebp movl %esp, %ebp subl $8, %esp # call

    _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) movl $LC0, (%esp) call _printf movl $0, %eax leave ret 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 4(%esp) $99 (%esp) $LC0 %esp 28ff20 %ebp 28ff28 %eax $99

26. pushl %ebp movl %esp, %ebp subl $8, %esp # call

    _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) movl $LC0, (%esp) call _printf movl $0, %eax leave ret 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 4(%esp) $99 (%esp) $LC0 %esp 28ff20 %ebp 28ff28 %eax $99

27. pushl %ebp movl %esp, %ebp subl $8, %esp # call

    _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) movl $LC0, (%esp) call _printf movl $0, %eax leave ret %esp 28ff1c %ebp 28ff28 %eax $99 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 8(%esp) $99 4(%esp) $LC0 (%esp) address of next instruction

28. pushl %ebp movl %esp, %ebp subl $8, %esp # call

    _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) movl $LC0, (%esp) call _printf movl $0, %eax leave ret %esp 28ff1c %ebp 28ff28 %eax $99 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 8(%esp) $99 4(%esp) $LC0 (%esp) address of next instruction We push the address of the next instruction to the stack.

29. pushl %ebp movl %esp, %ebp subl $8, %esp # call

    _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) movl $LC0, (%esp) call _printf movl $0, %eax leave ret %esp 28ff1c %ebp 28ff28 %eax $99 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 8(%esp) $99 4(%esp) $LC0 (%esp) address of next instruction We push the address of the next instruction to the stack. We jump to _printf and do our business

30. pushl %ebp movl %esp, %ebp subl $8, %esp # call

    _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) movl $LC0, (%esp) call _printf movl $0, %eax leave ret %esp 28ff1c %ebp 28ff28 %eax $99 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 8(%esp) $99 4(%esp) $LC0 (%esp) address of next instruction We push the address of the next instruction to the stack. We jump to _printf and do our business When finished, _printf jumps to our next instruction

31. pushl %ebp movl %esp, %ebp subl $8, %esp # call

    _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) movl $LC0, (%esp) call _printf movl $0, %eax leave ret 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 4(%esp) $99 (%esp) $LC0 %esp 28ff20 %ebp 28ff28 %eax $99

32. pushl %ebp movl %esp, %ebp subl $8, %esp # call

    _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) movl $LC0, (%esp) call _printf movl $0, %eax leave ret 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 4(%esp) $99 (%esp) $LC0 %esp 28ff20 %ebp 28ff28 %eax $99

33. pushl %ebp movl %esp, %ebp subl $8, %esp # call

    _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) movl $LC0, (%esp) call _printf movl $0, %eax leave ret 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 4(%esp) $99 (%esp) $LC0 %esp 28ff20 %ebp 28ff28 %eax $0

34. pushl %ebp movl %esp, %ebp subl $8, %esp # call

    _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) movl $LC0, (%esp) call _printf movl $0, %eax leave ret 12(%ebp) argv 8(%ebp) argc 4(%ebp) return addr (%ebp) old %ebp 4(%esp) $99 (%esp) $LC0 %esp 28ff20 %ebp 28ff28 %eax $0

35. pushl %ebp movl %esp, %ebp subl $8, %esp # call

    _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) movl $LC0, (%esp) call _printf movl $0, %eax leave ret 8(%esp) argv 4(%esp) argc (%esp) return addr %esp 28ff2c %ebp old %ebp %eax $0

36. pushl %ebp movl %esp, %ebp subl $8, %esp # call

    _function pushl $retAddr jmp _function retAddr: movl %eax, 4(%esp) movl $LC0, (%esp) call _printf movl $0, %eax leave ret 8(%esp) argv 4(%esp) argc (%esp) return addr %esp 28ff2c %ebp old %ebp %eax $0

37. Calling functions by Pushing and Jumping This presentation by Pat

    Hawks is licensed under a Creative Commons Attribution 4.0 International License callReturnExploration.s