Solved

Lowlevel details of a C program

Posted on 2012-03-13
2
502 Views
Last Modified: 2012-03-19
Hi Experts,

When I do the following in GDB, I get the previous function in the call stack.  I am wondering how they are organized.  I read this from a website, but I am not sure why disassemble main-1 would give the dis-assembly of doubelFree. It then calls like this until I reach the glibc start_8, start_7 functions.  Can someone explain this please...
Thank you.

void doubleFree(int x, int y) {
      int a = 10;
      int b = 20;
      char *p1 = (char *) malloc(100);
      free(p1);

}

int main(int argc, char **argv) {

      doubleFree(30, 40);

      return 0;
}


(gdb) disass main
Dump of assembler code for function main:
   0x00100904 <+0>:     push    {r11, lr}
   0x00100908 <+4>:     add     r11, sp, #4
   0x0010090c <+8>:     sub     sp, sp, #16
   0x00100910 <+12>:    str     r0, [r11, #-16]
   0x00100914 <+16>:    str     r1, [r11, #-20]
   0x00100918 <+20>:    movw    r3, #8196       ; 0x2004
   0x0010091c <+24>:    movt    r3, #16
   0x00100920 <+28>:    ldr     r3, [r3]
   0x00100924 <+32>:    str     r3, [r11, #-8]
   0x00100928 <+36>:    mov     r0, #30
   0x0010092c <+40>:    mov     r1, #40 ; 0x28
   0x00100930 <+44>:    bl      0x10088c <doubleFree>
   0x00100934 <+48>:    mov     r3, #0
   0x00100938 <+52>:    mov     r0, r3
   0x0010093c <+56>:    movw    r3, #8196       ; 0x2004
   0x00100940 <+60>:    movt    r3, #16
   0x00100944 <+64>:    ldr     r2, [r11, #-8]
   0x00100948 <+68>:    ldr     r3, [r3]
   0x0010094c <+72>:    cmp     r2, r3
   0x00100950 <+76>:    beq     0x100958 <main+84>
   0x00100954 <+80>:    bl      0x100628 <__stack_chk_fail>
   0x00100958 <+84>:    sub     sp, r11, #4
   0x0010095c <+88>:    pop     {r11, pc}
End of assembler dump.
(gdb) disas main-1
Dump of assembler code for function doubleFree:
   0x0010088c <+0>:     push    {r11, lr}
   0x00100890 <+4>:     add     r11, sp, #4
   0x00100894 <+8>:     sub     sp, sp, #24
   0x00100898 <+12>:    str     r0, [r11, #-24]
   0x0010089c <+16>:    str     r1, [r11, #-28]
   0x001008a0 <+20>:    movw    r3, #8196       ; 0x2004
   0x001008a4 <+24>:    movt    r3, #16
   0x001008a8 <+28>:    ldr     r3, [r3]
   0x001008ac <+32>:    str     r3, [r11, #-8]
   0x001008b0 <+36>:    mov     r3, #10
   0x001008b4 <+40>:    str     r3, [r11, #-12]
   0x001008b8 <+44>:    mov     r3, #20
   0x001008bc <+48>:    str     r3, [r11, #-16]
   0x001008c0 <+52>:    mov     r0, #100        ; 0x64
   0x001008c4 <+56>:    bl      0x10061c <malloc>
   0x001008c8 <+60>:    mov     r3, r0
   0x001008cc <+64>:    str     r3, [r11, #-20]
   0x001008d0 <+68>:    ldr     r0, [r11, #-20]
   0x001008d4 <+72>:    bl      0x10067c <free>
   0x001008d8 <+76>:    ldr     r0, [r11, #-20]
   0x001008dc <+80>:    bl      0x10067c <free>
   0x001008e0 <+84>:    movw    r3, #8196       ; 0x2004
   0x001008e4 <+88>:    movt    r3, #16
   0x001008e8 <+92>:    ldr     r2, [r11, #-8]
   0x001008ec <+96>:    ldr     r3, [r3]
   0x001008f0 <+100>:   cmp     r2, r3
   0x001008f4 <+104>:   beq     0x1008fc <doubleFree+112>
   0x001008f8 <+108>:   bl      0x100628 <__stack_chk_fail>
   0x001008fc <+112>:   sub     sp, r11, #4
   0x00100900 <+116>:   pop     {r11, pc}
End of assembler dump.
(gdb) disas doubleFree-1
Dump of assembler code for function frame_dummy:
   0x00100814 <+0>:     push    {r4, r5, r11, lr}
   0x00100818 <+4>:     ldr     r4, [pc, #84]   ; 0x100874 <frame_dummy+96>
   0x0010081c <+8>:     ldr     r3, [pc, #84]   ; 0x100878 <frame_dummy+100>
   0x00100820 <+12>:    add     r11, sp, #12
   0x00100824 <+16>:    add     r4, pc, r4
   0x00100828 <+20>:    ldr     r3, [r4, r3]
   0x0010082c <+24>:    cmp     r3, #0
   0x00100830 <+28>:    beq     0x100848 <frame_dummy+52>
   0x00100834 <+32>:    ldr     r0, [pc, #64]   ; 0x10087c <frame_dummy+104>
   0x00100838 <+36>:    ldr     r1, [pc, #64]   ; 0x100880 <frame_dummy+108>
   0x0010083c <+40>:    add     r0, r4, r0
   0x00100840 <+44>:    add     r1, r4, r1
   0x00100844 <+48>:    bl      0x100670 <exit+12>
   0x00100848 <+52>:    ldr     r3, [pc, #52]   ; 0x100884 <frame_dummy+112>
   0x0010084c <+56>:    add     r0, r4, r3
   0x00100850 <+60>:    ldr     r3, [r4, r3]
   0x00100854 <+64>:    cmp     r3, #0
   0x00100858 <+68>:    popeq   {r4, r5, r11, pc}
   0x0010085c <+72>:    ldr     r3, [pc, #36]   ; 0x100888 <frame_dummy+116>
   0x00100860 <+76>:    ldr     r3, [r4, r3]
   0x00100864 <+80>:    cmp     r3, #0
   0x00100868 <+84>:    popeq   {r4, r5, r11, pc}
   0x0010086c <+88>:    blx     r3
   0x00100870 <+92>:    pop     {r4, r5, r11, pc}
   0x00100874 <+96>:    andeq   r1, r0, r8, lsl #15
   0x00100878 <+100>:   andeq   r0, r0, r8, asr #32
   0x0010087c <+104>:                   ; <UNDEFINED> instruction: 0xffffe9b4
   0x00100880 <+108>:   andeq   r0, r0, r12, asr r0
   0x00100884 <+112>:                   ; <UNDEFINED> instruction: 0xffffff14
   0x00100888 <+116>:   andeq   r0, r0, r4, asr #32
End of assembler dump.
0
Comment
Question by:ambuli
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 53

Accepted Solution

by:
Infinity08 earned 500 total points
ID: 37718681
>> but I am not sure why disassemble main-1 would give the dis-assembly of doubelFree.

Because the doubleFree function is defined in the text segment right before the main function (look at the memory addresses in the disassembler dumps).

The "-1" part means to take the address of the function that is listed, and subtract 1 from that address. Then disassemble whatever function that new address is part of.

For example, main has the address 0x00100904. The address right before that is 0x00100903, which happens to be pointing in the middle of the last instruction of the doubleFree function.

Note that you can equally use "+1", "-2", etc., but it's not very useful to use these address calculations for determining functions to disassamble. It's usually better to get addresses from the call stack (from the return addresses) and/or the current instruction pointer.
0
 
LVL 8

Expert Comment

by:eager
ID: 37721307
What are you trying to do when you enter "disassem main-1" or "disassem doutbleFree-1"?

If you are trying to change your current context to the calling function (previous frame), use the "up" command.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to demonstrate how we can use conditional statements using Python.
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will giveā€¦
The goal of this video is to provide viewers with basic examples to understand how to use strings and some functions related to them in the C programming language.
Video by: Grant
The goal of this video is to provide viewers with basic examples to understand and use while-loops in the C programming language.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question