Lowlevel details of a C program

Posted on 2012-03-13
Last Modified: 2012-03-19
Hi Experts,

When I do the following in GDB, I get the previous function in the call stack.  I am wondering how they are organized.  I read this from a website, but I am not sure why disassemble main-1 would give the dis-assembly of doubelFree. It then calls like this until I reach the glibc start_8, start_7 functions.  Can someone explain this please...
Thank you.

void doubleFree(int x, int y) {
      int a = 10;
      int b = 20;
      char *p1 = (char *) malloc(100);


int main(int argc, char **argv) {

      doubleFree(30, 40);

      return 0;

(gdb) disass main
Dump of assembler code for function main:
   0x00100904 <+0>:     push    {r11, lr}
   0x00100908 <+4>:     add     r11, sp, #4
   0x0010090c <+8>:     sub     sp, sp, #16
   0x00100910 <+12>:    str     r0, [r11, #-16]
   0x00100914 <+16>:    str     r1, [r11, #-20]
   0x00100918 <+20>:    movw    r3, #8196       ; 0x2004
   0x0010091c <+24>:    movt    r3, #16
   0x00100920 <+28>:    ldr     r3, [r3]
   0x00100924 <+32>:    str     r3, [r11, #-8]
   0x00100928 <+36>:    mov     r0, #30
   0x0010092c <+40>:    mov     r1, #40 ; 0x28
   0x00100930 <+44>:    bl      0x10088c <doubleFree>
   0x00100934 <+48>:    mov     r3, #0
   0x00100938 <+52>:    mov     r0, r3
   0x0010093c <+56>:    movw    r3, #8196       ; 0x2004
   0x00100940 <+60>:    movt    r3, #16
   0x00100944 <+64>:    ldr     r2, [r11, #-8]
   0x00100948 <+68>:    ldr     r3, [r3]
   0x0010094c <+72>:    cmp     r2, r3
   0x00100950 <+76>:    beq     0x100958 <main+84>
   0x00100954 <+80>:    bl      0x100628 <__stack_chk_fail>
   0x00100958 <+84>:    sub     sp, r11, #4
   0x0010095c <+88>:    pop     {r11, pc}
End of assembler dump.
(gdb) disas main-1
Dump of assembler code for function doubleFree:
   0x0010088c <+0>:     push    {r11, lr}
   0x00100890 <+4>:     add     r11, sp, #4
   0x00100894 <+8>:     sub     sp, sp, #24
   0x00100898 <+12>:    str     r0, [r11, #-24]
   0x0010089c <+16>:    str     r1, [r11, #-28]
   0x001008a0 <+20>:    movw    r3, #8196       ; 0x2004
   0x001008a4 <+24>:    movt    r3, #16
   0x001008a8 <+28>:    ldr     r3, [r3]
   0x001008ac <+32>:    str     r3, [r11, #-8]
   0x001008b0 <+36>:    mov     r3, #10
   0x001008b4 <+40>:    str     r3, [r11, #-12]
   0x001008b8 <+44>:    mov     r3, #20
   0x001008bc <+48>:    str     r3, [r11, #-16]
   0x001008c0 <+52>:    mov     r0, #100        ; 0x64
   0x001008c4 <+56>:    bl      0x10061c <malloc>
   0x001008c8 <+60>:    mov     r3, r0
   0x001008cc <+64>:    str     r3, [r11, #-20]
   0x001008d0 <+68>:    ldr     r0, [r11, #-20]
   0x001008d4 <+72>:    bl      0x10067c <free>
   0x001008d8 <+76>:    ldr     r0, [r11, #-20]
   0x001008dc <+80>:    bl      0x10067c <free>
   0x001008e0 <+84>:    movw    r3, #8196       ; 0x2004
   0x001008e4 <+88>:    movt    r3, #16
   0x001008e8 <+92>:    ldr     r2, [r11, #-8]
   0x001008ec <+96>:    ldr     r3, [r3]
   0x001008f0 <+100>:   cmp     r2, r3
   0x001008f4 <+104>:   beq     0x1008fc <doubleFree+112>
   0x001008f8 <+108>:   bl      0x100628 <__stack_chk_fail>
   0x001008fc <+112>:   sub     sp, r11, #4
   0x00100900 <+116>:   pop     {r11, pc}
End of assembler dump.
(gdb) disas doubleFree-1
Dump of assembler code for function frame_dummy:
   0x00100814 <+0>:     push    {r4, r5, r11, lr}
   0x00100818 <+4>:     ldr     r4, [pc, #84]   ; 0x100874 <frame_dummy+96>
   0x0010081c <+8>:     ldr     r3, [pc, #84]   ; 0x100878 <frame_dummy+100>
   0x00100820 <+12>:    add     r11, sp, #12
   0x00100824 <+16>:    add     r4, pc, r4
   0x00100828 <+20>:    ldr     r3, [r4, r3]
   0x0010082c <+24>:    cmp     r3, #0
   0x00100830 <+28>:    beq     0x100848 <frame_dummy+52>
   0x00100834 <+32>:    ldr     r0, [pc, #64]   ; 0x10087c <frame_dummy+104>
   0x00100838 <+36>:    ldr     r1, [pc, #64]   ; 0x100880 <frame_dummy+108>
   0x0010083c <+40>:    add     r0, r4, r0
   0x00100840 <+44>:    add     r1, r4, r1
   0x00100844 <+48>:    bl      0x100670 <exit+12>
   0x00100848 <+52>:    ldr     r3, [pc, #52]   ; 0x100884 <frame_dummy+112>
   0x0010084c <+56>:    add     r0, r4, r3
   0x00100850 <+60>:    ldr     r3, [r4, r3]
   0x00100854 <+64>:    cmp     r3, #0
   0x00100858 <+68>:    popeq   {r4, r5, r11, pc}
   0x0010085c <+72>:    ldr     r3, [pc, #36]   ; 0x100888 <frame_dummy+116>
   0x00100860 <+76>:    ldr     r3, [r4, r3]
   0x00100864 <+80>:    cmp     r3, #0
   0x00100868 <+84>:    popeq   {r4, r5, r11, pc}
   0x0010086c <+88>:    blx     r3
   0x00100870 <+92>:    pop     {r4, r5, r11, pc}
   0x00100874 <+96>:    andeq   r1, r0, r8, lsl #15
   0x00100878 <+100>:   andeq   r0, r0, r8, asr #32
   0x0010087c <+104>:                   ; <UNDEFINED> instruction: 0xffffe9b4
   0x00100880 <+108>:   andeq   r0, r0, r12, asr r0
   0x00100884 <+112>:                   ; <UNDEFINED> instruction: 0xffffff14
   0x00100888 <+116>:   andeq   r0, r0, r4, asr #32
End of assembler dump.
Question by:ambuli
LVL 53

Accepted Solution

Infinity08 earned 500 total points
ID: 37718681
>> but I am not sure why disassemble main-1 would give the dis-assembly of doubelFree.

Because the doubleFree function is defined in the text segment right before the main function (look at the memory addresses in the disassembler dumps).

The "-1" part means to take the address of the function that is listed, and subtract 1 from that address. Then disassemble whatever function that new address is part of.

For example, main has the address 0x00100904. The address right before that is 0x00100903, which happens to be pointing in the middle of the last instruction of the doubleFree function.

Note that you can equally use "+1", "-2", etc., but it's not very useful to use these address calculations for determining functions to disassamble. It's usually better to get addresses from the call stack (from the return addresses) and/or the current instruction pointer.

Expert Comment

ID: 37721307
What are you trying to do when you enter "disassem main-1" or "disassem doutbleFree-1"?

If you are trying to change your current context to the calling function (previous frame), use the "up" command.

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Summary: This tutorial covers some basics of pointer, pointer arithmetic and function pointer. What is a pointer: A pointer is a variable which holds an address. This address might be address of another variable/address of devices/address of fu…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Video by: Grant
The goal of this video is to provide viewers with basic examples to understand and use for-loops in the C programming language.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question