?
Solved

Lowlevel details of a C program

Posted on 2012-03-13
2
Medium Priority
?
512 Views
Last Modified: 2012-03-19
Hi Experts,

When I do the following in GDB, I get the previous function in the call stack.  I am wondering how they are organized.  I read this from a website, but I am not sure why disassemble main-1 would give the dis-assembly of doubelFree. It then calls like this until I reach the glibc start_8, start_7 functions.  Can someone explain this please...
Thank you.

void doubleFree(int x, int y) {
      int a = 10;
      int b = 20;
      char *p1 = (char *) malloc(100);
      free(p1);

}

int main(int argc, char **argv) {

      doubleFree(30, 40);

      return 0;
}


(gdb) disass main
Dump of assembler code for function main:
   0x00100904 <+0>:     push    {r11, lr}
   0x00100908 <+4>:     add     r11, sp, #4
   0x0010090c <+8>:     sub     sp, sp, #16
   0x00100910 <+12>:    str     r0, [r11, #-16]
   0x00100914 <+16>:    str     r1, [r11, #-20]
   0x00100918 <+20>:    movw    r3, #8196       ; 0x2004
   0x0010091c <+24>:    movt    r3, #16
   0x00100920 <+28>:    ldr     r3, [r3]
   0x00100924 <+32>:    str     r3, [r11, #-8]
   0x00100928 <+36>:    mov     r0, #30
   0x0010092c <+40>:    mov     r1, #40 ; 0x28
   0x00100930 <+44>:    bl      0x10088c <doubleFree>
   0x00100934 <+48>:    mov     r3, #0
   0x00100938 <+52>:    mov     r0, r3
   0x0010093c <+56>:    movw    r3, #8196       ; 0x2004
   0x00100940 <+60>:    movt    r3, #16
   0x00100944 <+64>:    ldr     r2, [r11, #-8]
   0x00100948 <+68>:    ldr     r3, [r3]
   0x0010094c <+72>:    cmp     r2, r3
   0x00100950 <+76>:    beq     0x100958 <main+84>
   0x00100954 <+80>:    bl      0x100628 <__stack_chk_fail>
   0x00100958 <+84>:    sub     sp, r11, #4
   0x0010095c <+88>:    pop     {r11, pc}
End of assembler dump.
(gdb) disas main-1
Dump of assembler code for function doubleFree:
   0x0010088c <+0>:     push    {r11, lr}
   0x00100890 <+4>:     add     r11, sp, #4
   0x00100894 <+8>:     sub     sp, sp, #24
   0x00100898 <+12>:    str     r0, [r11, #-24]
   0x0010089c <+16>:    str     r1, [r11, #-28]
   0x001008a0 <+20>:    movw    r3, #8196       ; 0x2004
   0x001008a4 <+24>:    movt    r3, #16
   0x001008a8 <+28>:    ldr     r3, [r3]
   0x001008ac <+32>:    str     r3, [r11, #-8]
   0x001008b0 <+36>:    mov     r3, #10
   0x001008b4 <+40>:    str     r3, [r11, #-12]
   0x001008b8 <+44>:    mov     r3, #20
   0x001008bc <+48>:    str     r3, [r11, #-16]
   0x001008c0 <+52>:    mov     r0, #100        ; 0x64
   0x001008c4 <+56>:    bl      0x10061c <malloc>
   0x001008c8 <+60>:    mov     r3, r0
   0x001008cc <+64>:    str     r3, [r11, #-20]
   0x001008d0 <+68>:    ldr     r0, [r11, #-20]
   0x001008d4 <+72>:    bl      0x10067c <free>
   0x001008d8 <+76>:    ldr     r0, [r11, #-20]
   0x001008dc <+80>:    bl      0x10067c <free>
   0x001008e0 <+84>:    movw    r3, #8196       ; 0x2004
   0x001008e4 <+88>:    movt    r3, #16
   0x001008e8 <+92>:    ldr     r2, [r11, #-8]
   0x001008ec <+96>:    ldr     r3, [r3]
   0x001008f0 <+100>:   cmp     r2, r3
   0x001008f4 <+104>:   beq     0x1008fc <doubleFree+112>
   0x001008f8 <+108>:   bl      0x100628 <__stack_chk_fail>
   0x001008fc <+112>:   sub     sp, r11, #4
   0x00100900 <+116>:   pop     {r11, pc}
End of assembler dump.
(gdb) disas doubleFree-1
Dump of assembler code for function frame_dummy:
   0x00100814 <+0>:     push    {r4, r5, r11, lr}
   0x00100818 <+4>:     ldr     r4, [pc, #84]   ; 0x100874 <frame_dummy+96>
   0x0010081c <+8>:     ldr     r3, [pc, #84]   ; 0x100878 <frame_dummy+100>
   0x00100820 <+12>:    add     r11, sp, #12
   0x00100824 <+16>:    add     r4, pc, r4
   0x00100828 <+20>:    ldr     r3, [r4, r3]
   0x0010082c <+24>:    cmp     r3, #0
   0x00100830 <+28>:    beq     0x100848 <frame_dummy+52>
   0x00100834 <+32>:    ldr     r0, [pc, #64]   ; 0x10087c <frame_dummy+104>
   0x00100838 <+36>:    ldr     r1, [pc, #64]   ; 0x100880 <frame_dummy+108>
   0x0010083c <+40>:    add     r0, r4, r0
   0x00100840 <+44>:    add     r1, r4, r1
   0x00100844 <+48>:    bl      0x100670 <exit+12>
   0x00100848 <+52>:    ldr     r3, [pc, #52]   ; 0x100884 <frame_dummy+112>
   0x0010084c <+56>:    add     r0, r4, r3
   0x00100850 <+60>:    ldr     r3, [r4, r3]
   0x00100854 <+64>:    cmp     r3, #0
   0x00100858 <+68>:    popeq   {r4, r5, r11, pc}
   0x0010085c <+72>:    ldr     r3, [pc, #36]   ; 0x100888 <frame_dummy+116>
   0x00100860 <+76>:    ldr     r3, [r4, r3]
   0x00100864 <+80>:    cmp     r3, #0
   0x00100868 <+84>:    popeq   {r4, r5, r11, pc}
   0x0010086c <+88>:    blx     r3
   0x00100870 <+92>:    pop     {r4, r5, r11, pc}
   0x00100874 <+96>:    andeq   r1, r0, r8, lsl #15
   0x00100878 <+100>:   andeq   r0, r0, r8, asr #32
   0x0010087c <+104>:                   ; <UNDEFINED> instruction: 0xffffe9b4
   0x00100880 <+108>:   andeq   r0, r0, r12, asr r0
   0x00100884 <+112>:                   ; <UNDEFINED> instruction: 0xffffff14
   0x00100888 <+116>:   andeq   r0, r0, r4, asr #32
End of assembler dump.
0
Comment
Question by:ambuli
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 53

Accepted Solution

by:
Infinity08 earned 2000 total points
ID: 37718681
>> but I am not sure why disassemble main-1 would give the dis-assembly of doubelFree.

Because the doubleFree function is defined in the text segment right before the main function (look at the memory addresses in the disassembler dumps).

The "-1" part means to take the address of the function that is listed, and subtract 1 from that address. Then disassemble whatever function that new address is part of.

For example, main has the address 0x00100904. The address right before that is 0x00100903, which happens to be pointing in the middle of the last instruction of the doubleFree function.

Note that you can equally use "+1", "-2", etc., but it's not very useful to use these address calculations for determining functions to disassamble. It's usually better to get addresses from the call stack (from the return addresses) and/or the current instruction pointer.
0
 
LVL 8

Expert Comment

by:eager
ID: 37721307
What are you trying to do when you enter "disassem main-1" or "disassem doutbleFree-1"?

If you are trying to change your current context to the calling function (previous frame), use the "up" command.
0

Featured Post

WordPress Tutorial 1: Installation & Setup

WordPress is a very popular option for running your web site and can be used to get your content online quickly for the world to see. This guide will walk you through installing the WordPress server software and the initial setup process.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
The goal of this video is to provide viewers with basic examples to understand opening and reading files in the C programming language.
Suggested Courses
Course of the Month10 days, 2 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question