Solved

Lowlevel details of a C program

Posted on 2012-03-13
2
488 Views
Last Modified: 2012-03-19
Hi Experts,

When I do the following in GDB, I get the previous function in the call stack.  I am wondering how they are organized.  I read this from a website, but I am not sure why disassemble main-1 would give the dis-assembly of doubelFree. It then calls like this until I reach the glibc start_8, start_7 functions.  Can someone explain this please...
Thank you.

void doubleFree(int x, int y) {
      int a = 10;
      int b = 20;
      char *p1 = (char *) malloc(100);
      free(p1);

}

int main(int argc, char **argv) {

      doubleFree(30, 40);

      return 0;
}


(gdb) disass main
Dump of assembler code for function main:
   0x00100904 <+0>:     push    {r11, lr}
   0x00100908 <+4>:     add     r11, sp, #4
   0x0010090c <+8>:     sub     sp, sp, #16
   0x00100910 <+12>:    str     r0, [r11, #-16]
   0x00100914 <+16>:    str     r1, [r11, #-20]
   0x00100918 <+20>:    movw    r3, #8196       ; 0x2004
   0x0010091c <+24>:    movt    r3, #16
   0x00100920 <+28>:    ldr     r3, [r3]
   0x00100924 <+32>:    str     r3, [r11, #-8]
   0x00100928 <+36>:    mov     r0, #30
   0x0010092c <+40>:    mov     r1, #40 ; 0x28
   0x00100930 <+44>:    bl      0x10088c <doubleFree>
   0x00100934 <+48>:    mov     r3, #0
   0x00100938 <+52>:    mov     r0, r3
   0x0010093c <+56>:    movw    r3, #8196       ; 0x2004
   0x00100940 <+60>:    movt    r3, #16
   0x00100944 <+64>:    ldr     r2, [r11, #-8]
   0x00100948 <+68>:    ldr     r3, [r3]
   0x0010094c <+72>:    cmp     r2, r3
   0x00100950 <+76>:    beq     0x100958 <main+84>
   0x00100954 <+80>:    bl      0x100628 <__stack_chk_fail>
   0x00100958 <+84>:    sub     sp, r11, #4
   0x0010095c <+88>:    pop     {r11, pc}
End of assembler dump.
(gdb) disas main-1
Dump of assembler code for function doubleFree:
   0x0010088c <+0>:     push    {r11, lr}
   0x00100890 <+4>:     add     r11, sp, #4
   0x00100894 <+8>:     sub     sp, sp, #24
   0x00100898 <+12>:    str     r0, [r11, #-24]
   0x0010089c <+16>:    str     r1, [r11, #-28]
   0x001008a0 <+20>:    movw    r3, #8196       ; 0x2004
   0x001008a4 <+24>:    movt    r3, #16
   0x001008a8 <+28>:    ldr     r3, [r3]
   0x001008ac <+32>:    str     r3, [r11, #-8]
   0x001008b0 <+36>:    mov     r3, #10
   0x001008b4 <+40>:    str     r3, [r11, #-12]
   0x001008b8 <+44>:    mov     r3, #20
   0x001008bc <+48>:    str     r3, [r11, #-16]
   0x001008c0 <+52>:    mov     r0, #100        ; 0x64
   0x001008c4 <+56>:    bl      0x10061c <malloc>
   0x001008c8 <+60>:    mov     r3, r0
   0x001008cc <+64>:    str     r3, [r11, #-20]
   0x001008d0 <+68>:    ldr     r0, [r11, #-20]
   0x001008d4 <+72>:    bl      0x10067c <free>
   0x001008d8 <+76>:    ldr     r0, [r11, #-20]
   0x001008dc <+80>:    bl      0x10067c <free>
   0x001008e0 <+84>:    movw    r3, #8196       ; 0x2004
   0x001008e4 <+88>:    movt    r3, #16
   0x001008e8 <+92>:    ldr     r2, [r11, #-8]
   0x001008ec <+96>:    ldr     r3, [r3]
   0x001008f0 <+100>:   cmp     r2, r3
   0x001008f4 <+104>:   beq     0x1008fc <doubleFree+112>
   0x001008f8 <+108>:   bl      0x100628 <__stack_chk_fail>
   0x001008fc <+112>:   sub     sp, r11, #4
   0x00100900 <+116>:   pop     {r11, pc}
End of assembler dump.
(gdb) disas doubleFree-1
Dump of assembler code for function frame_dummy:
   0x00100814 <+0>:     push    {r4, r5, r11, lr}
   0x00100818 <+4>:     ldr     r4, [pc, #84]   ; 0x100874 <frame_dummy+96>
   0x0010081c <+8>:     ldr     r3, [pc, #84]   ; 0x100878 <frame_dummy+100>
   0x00100820 <+12>:    add     r11, sp, #12
   0x00100824 <+16>:    add     r4, pc, r4
   0x00100828 <+20>:    ldr     r3, [r4, r3]
   0x0010082c <+24>:    cmp     r3, #0
   0x00100830 <+28>:    beq     0x100848 <frame_dummy+52>
   0x00100834 <+32>:    ldr     r0, [pc, #64]   ; 0x10087c <frame_dummy+104>
   0x00100838 <+36>:    ldr     r1, [pc, #64]   ; 0x100880 <frame_dummy+108>
   0x0010083c <+40>:    add     r0, r4, r0
   0x00100840 <+44>:    add     r1, r4, r1
   0x00100844 <+48>:    bl      0x100670 <exit+12>
   0x00100848 <+52>:    ldr     r3, [pc, #52]   ; 0x100884 <frame_dummy+112>
   0x0010084c <+56>:    add     r0, r4, r3
   0x00100850 <+60>:    ldr     r3, [r4, r3]
   0x00100854 <+64>:    cmp     r3, #0
   0x00100858 <+68>:    popeq   {r4, r5, r11, pc}
   0x0010085c <+72>:    ldr     r3, [pc, #36]   ; 0x100888 <frame_dummy+116>
   0x00100860 <+76>:    ldr     r3, [r4, r3]
   0x00100864 <+80>:    cmp     r3, #0
   0x00100868 <+84>:    popeq   {r4, r5, r11, pc}
   0x0010086c <+88>:    blx     r3
   0x00100870 <+92>:    pop     {r4, r5, r11, pc}
   0x00100874 <+96>:    andeq   r1, r0, r8, lsl #15
   0x00100878 <+100>:   andeq   r0, r0, r8, asr #32
   0x0010087c <+104>:                   ; <UNDEFINED> instruction: 0xffffe9b4
   0x00100880 <+108>:   andeq   r0, r0, r12, asr r0
   0x00100884 <+112>:                   ; <UNDEFINED> instruction: 0xffffff14
   0x00100888 <+116>:   andeq   r0, r0, r4, asr #32
End of assembler dump.
0
Comment
Question by:ambuli
2 Comments
 
LVL 53

Accepted Solution

by:
Infinity08 earned 500 total points
ID: 37718681
>> but I am not sure why disassemble main-1 would give the dis-assembly of doubelFree.

Because the doubleFree function is defined in the text segment right before the main function (look at the memory addresses in the disassembler dumps).

The "-1" part means to take the address of the function that is listed, and subtract 1 from that address. Then disassemble whatever function that new address is part of.

For example, main has the address 0x00100904. The address right before that is 0x00100903, which happens to be pointing in the middle of the last instruction of the doubleFree function.

Note that you can equally use "+1", "-2", etc., but it's not very useful to use these address calculations for determining functions to disassamble. It's usually better to get addresses from the call stack (from the return addresses) and/or the current instruction pointer.
0
 
LVL 8

Expert Comment

by:eager
ID: 37721307
What are you trying to do when you enter "disassem main-1" or "disassem doutbleFree-1"?

If you are trying to change your current context to the calling function (previous frame), use the "up" command.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Guacamole cut and paste issue 3 40
LINUX CENTOS + APACHE 9 60
I think my Ubuntu 12.10 box is hacked, but not sure... 13 49
Exchange 2010 unable to mount DB due to corruption 11 68
This is a short and sweet, but (hopefully) to the point article. There seems to be some fundamental misunderstanding about the function prototype for the "main" function in C and C++, more specifically what type this function should return. I see so…
Fine Tune your automatic Updates for Ubuntu / Debian
Video by: Grant
The goal of this video is to provide viewers with basic examples to understand and use nested-loops in the C programming language.
Video by: Grant
The goal of this video is to provide viewers with basic examples to understand and use while-loops in the C programming language.

937 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now