Call-de-stack GNU Free Documentation License Version 1.1 Shakthi Kannan shakthimaan.com shakthimaan at gmail dot com February 2008.

Slides:



Advertisements
Similar presentations
1 IKI10230 Pengantar Organisasi Komputer Kuliah no. 09: Compiling-Assembling-Linking Sumber: 1. Paul Carter, PC Assembly Language 2. Hamacher. Computer.
Advertisements

1 Homework / Exam Turn in mp2 at start of class today Reading –PAL, pp 3-6, Exam #1 next class –Open Book / Open Notes –NO calculators or other.
Machine Programming – Procedures and IA32 Stack CENG334: Introduction to Operating Systems Instructor: Erol Sahin Acknowledgement: Most of the slides are.
Lecture 10 – Activation Records Eran Yahav 1 Reference: Dragon 7.1,7.2. MCD 6.3,
University of Washington Last Time For loops  for loop → while loop → do-while loop → goto version  for loop → while loop → goto “jump to middle” version.
Machine-Level Programming III: Procedures Apr. 17, 2006 Topics IA32 stack discipline Register saving conventions Creating pointers to local variables CS213.
1 Function Calls Professor Jennifer Rexford COS 217 Reading: Chapter 4 of “Programming From the Ground Up” (available online from the course Web site)
– 1 – , F’02 ICS05 Instructor: Peter A. Dinda TA: Bin Lin Recitation 4.
1 Homework Reading –PAL, pp , Machine Projects –Finish mp2warmup Questions? –Start mp2 as soon as possible Labs –Continue labs with your.
Machine-Level Programming III: Procedures Jan 30, 2003
Machine-Level Programming I: Introduction Apr. 14, 2008 Topics Assembly Programmer’s Execution Model Accessing Information Registers Memory Arithmetic.
September 22, 2014 Pengju (Jimmy) Jin Section E
C Prog. To Object Code text text binary binary Code in files p1.c p2.c
Stack Activation Records Topics IA32 stack discipline Register saving conventions Creating pointers to local variables February 6, 2003 CSCE 212H Computer.
Attacks Using Stack Buffer Overflow Boxuan Gu
Recitation 2: Assembly & gdb Andrew Faulring Section A 16 September 2002.
Y86 Processor State Program Registers
Carnegie Mellon Introduction to Computer Systems /18-243, spring 2009 Recitation, Jan. 14 th.
1 Carnegie Mellon Stacks : Introduction to Computer Systems Recitation 5: September 24, 2012 Joon-Sup Han Section F.
Ithaca College Machine-Level Programming IV: IA32 Procedures Comp 21000: Introduction to Computer Systems & Assembly Lang Spring 2013 * Modified slides.
Machine-Level Programming 1 Introduction Topics Assembly Programmer’s Execution Model Accessing Information Registers Memory Arithmetic operations.
Practical Session 4. Labels Definition - advanced label: (pseudo) instruction operands ; comment valid characters in labels are: letters, numbers, _,
Fabián E. Bustamante, Spring 2007 Machine-Level Programming III - Procedures Today IA32 stack discipline Register saving conventions Creating pointers.
Recitation 4: The Stack & Lab3 Andrew Faulring Section A 30 September 2002.
1 #include void silly(){ char s[30]; gets(s); printf("%s\n",s); } main(){ silly(); return 0; }
Recitation 2 – 2/11/02 Outline Stacks & Procedures Homogenous Data –Arrays –Nested Arrays Mengzhi Wang Office Hours: Thursday.
Recitation 2: Outline Assembly programming Using gdb L2 practice stuff Minglong Shao Office hours: Thursdays 5-6PM Wean Hall.
Smashing the Stack Overview The Stack Region Buffer Overflow
ELF binary # readelf -a foo.out ELF Header:
Low Level Programming Lecturer: Duncan Smeed The Interface Between High-Level and Low-Level Languages.
Machine-Level Programming 1 Introduction Topics Assembly Programmer’s Execution Model Accessing Information Registers Memory Arithmetic operations.
Machine-level Programming III: Procedures Topics –IA32 stack discipline –Register saving conventions –Creating pointers to local variables.
Recitation 2 – 2/4/02 Outline Floating Point Typecasting
University of Amsterdam Computer Systems – the instruction set architecture Arnoud Visser 1 Computer Systems The instruction set architecture.
The Runtime Environment CSE 340 – Principles of Programming Languages Fall 2015 Adam Doupé Arizona State University
IA32 Stack –Region of memory managed with stack discipline –Grows toward lower addresses –Register %esp indicates lowest stack address address of top element.
Section 5: Procedures & Stacks
Recitation 3: Procedures and the Stack
A job ad at a game programming company
Reading Condition Codes (Cont.)
Machine-Level Programming 2 Control Flow
Instruction Set Architecture
C function call conventions and the stack
Computer Architecture and Assembly Language
Homework Reading Machine Projects Labs PAL, pp ,
Recitation 2 – 2/11/02 Outline Stacks & Procedures
Homework In-line Assembly Code Machine Language
Recitation 2 – 2/4/01 Outline Machine Model
Assembly Language Programming V: In-line Assembly Code
Carnegie Mellon Machine-Level Programming III: Switch Statements and IA32 Procedures / : Introduction to Computer Systems 7th Lecture, Sep.
Machine-Level Programming 1 Introduction
Computer Architecture adapted by Jason Fritts then by David Ferry
asum.ys A Y86 Programming Example
Machine-Level Programming III: Switch Statements and IA32 Procedures
Y86 Processor State Program Registers
Discussion Section – 11/3/2012
Machine-Level Programming 4 Procedures
Condition Codes Single Bit Registers
Roadmap C: Java: Assembly language: OS: Machine code: Computer system:
C Prog. To Object Code text text binary binary Code in files p1.c p2.c
Machine-Level Programming 2 Control Flow
Assembly Language Programming II: C Compiler Calling Sequences
The Runtime Environment
Machine-Level Programming III: Procedures Sept 18, 2001
Machine-Level Programming 2 Control Flow
The Runtime Environment
Machine-Level Programming: Introduction
Computer Architecture and System Programming Laboratory
Presentation transcript:

Call-de-stack GNU Free Documentation License Version 1.1 Shakthi Kannan shakthimaan.com shakthimaan at gmail dot com February 2008

In memory of Stack Overflow. Dedication

Compilation as --gstabs main.s -o main.o ld main.o -o main Execution./main OR gdb main Environment gcc x86

.section.text.globl _start _start: :nop :nop :pushl $0x :call foo d:addl $0x4, %esp :movl $0x1, %eax :int $0x80.type foo: :pushl %ebp :movl %esp, %ebp a:movl 8(%ebp), %eax d:xorl %eax, %eax f:movl %ebp, %esp -> :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e674 ebp 0xbfc8e674 esi0x0 edi0x0 eip 0x xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x xbfc8e684:0xbfc8fb12 0xbfc8e680:0x xbfc8e67c:0x xbfc8e678: 0x d ->0xbfc8e674: 0x xbfc8e670:0x fmovl %ebp, %esp Registers Stack Assembly Next IP Legend Completed instruction Value changed by completed instruction Comment Stack pointer Instruction pointer

1. Function call, without any arguments 2. Function call, with an argument 3. Recursive function Examples

.section.data.section.text.globl _start _start: nop call foo movl $1, %eax int $0x80.type foo: pushl %ebp movl %esp, %ebp nop movl %ebp, %esp popl %ebp ret Function call, without any arguments Output of “objdump -d main” main: file format elf32-i386 Disassembly of section.text: : :90 nop :90 nop :e call b:b mov $0x1,%eax :cd 80 int $0x : :55 push %ebp :89 e5 mov %esp,%ebp :90 nop :89 ec mov %ebp,%esp :5d pop %ebp :c3 ret

.section.text.globl _start _start: :nop -> :nop :call foo b:movl $1, %eax :int $0x80.type foo: :pushl %ebp :movl %esp, %ebp :nop :movl %ebp, %esp :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbffa79a0 ebp0x0 esi0x0 edi0x0 eip 0x xbffa79ac: 0xbffa7b3e 0xbffa79a8:0x xbffa79a4:0xbffa7b1c ->0xbffa79a0:0x xbffa799c: 0x xbffa7998 0x xbffa7994: 0x xbffa7990:0x nop Registers Stack Assembly Next IP

.section.text.globl _start _start: :nop :nop -> :call foo b:movl $1, %eax :int $0x80.type foo: :pushl %ebp :movl %esp, %ebp :nop :movl %ebp, %esp :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbffa79a0 ebp0x0 esi0x0 edi0x0 eip 0x nop Registers Stack Assembly 0xbffa79ac: 0xbffa7b3e 0xbffa79a8:0x xbffa79a4:0xbffa7b1c ->0xbffa79a0:0x xbffa799c: 0x xbffa7998 0x xbffa7994: 0x xbffa7990:0x Next IP

.section.text.globl _start _start: :nop :nop :call foo b:movl $1, %eax :int $0x80.type foo: -> :pushl %ebp :movl %esp, %ebp :nop :movl %ebp, %esp :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbffa799c ebp0x0 esi0x0 edi0x0 eip 0x call foo Registers Stack Assembly call pushes return address to stack Next IP 0xbffa79ac: 0xbffa7b3e 0xbffa79a8:0x xbffa79a4:0xbffa7b1c 0xbffa79a0:0x >0xbffa799c: 0x b 0xbffa7998 0x xbffa7994: 0x xbffa7990:0x Stack grows downward

.section.text.globl _start _start: :nop :nop :call foo b:movl $1, %eax :int $0x80.type foo: :pushl %ebp -> :movl %esp, %ebp :nop :movl %ebp, %esp :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbffa7998 ebp0x0 esi0x0 edi0x0 eip 0x pushl %ebp Registers Stack Assembly Save base pointer to stack 0xbffa79ac: 0xbffa7b3e 0xbffa79a8:0x xbffa79a4:0xbffa7b1c 0xbffa79a0:0x xbffa799c: 0x b ->0xbffa7998 0x xbffa7994: 0x xbffa7990:0x Next IP

.section.text.globl _start _start: :nop :nop :call foo b:movl $1, %eax :int $0x80.type foo: :pushl %ebp :movl %esp, %ebp -> :nop :movl %ebp, %esp :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbffa7998 ebp 0xbffa7998 esi0x0 edi0x0 eip 0x movl %esp, %ebp Registers Stack Assembly Use base pointer as reference 0xbffa79ac: 0xbffa7b3e 0xbffa79a8:0x xbffa79a4:0xbffa7b1c 0xbffa79a0:0x xbffa799c: 0x b ->0xbffa7998 0x xbffa7994: 0x xbffa7990:0x Next IP

.section.text.globl _start _start: :nop :nop :call foo b:movl $1, %eax :int $0x80.type foo: :pushl %ebp :movl %esp, %ebp :nop -> :movl %ebp, %esp :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbffa7998 ebp 0xbffa7998 esi0x0 edi0x0 eip 0x nop Registers Stack Assembly 0xbffa79ac: 0xbffa7b3e 0xbffa79a8:0x xbffa79a4:0xbffa7b1c 0xbffa79a0:0x xbffa799c: 0x b ->0xbffa7998 0x xbffa7994: 0x xbffa7990:0x Next IP

.section.text.globl _start _start: :nop :nop :call foo b:movl $1, %eax :int $0x80.type foo: :pushl %ebp :movl %esp, %ebp :nop :movl %ebp, %esp -> :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbffa7998 ebp 0xbffa7998 esi0x0 edi0x0 eip 0x movl %ebp, %esp Registers Stack Assembly 0xbffa79ac: 0xbffa7b3e 0xbffa79a8:0x xbffa79a4:0xbffa7b1c 0xbffa79a0:0x xbffa799c: 0x b ->0xbffa7998 0x xbffa7994: 0x xbffa7990:0x Next IP

.section.text.globl _start _start: :nop :nop :call foo b:movl $1, %eax :int $0x80.type foo: :pushl %ebp :movl %esp, %ebp :nop :movl %ebp, %esp :popl %ebp -> :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbffa799c ebp0x0 esi0x0 edi0x0 eip 0x popl %ebp Registers Stack Assembly Next IP 0xbffa79ac: 0xbffa7b3e 0xbffa79a8:0x xbffa79a4:0xbffa7b1c 0xbffa79a0:0x >0xbffa799c: 0x b 0xbffa7998 0x xbffa7994: 0x xbffa7990:0x Restore old base pointer

.section.text.globl _start _start: :nop :nop :call foo ->804805b:movl $1, %eax :int $0x80.type foo: :pushl %ebp :movl %esp, %ebp :nop :movl %ebp, %esp :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbffa79a0 ebp0x0 esi0x0 edi0x0 eip 0x804805b ret Registers Stack Assembly ret restores saved return address to ip 0xbffa79ac: 0xbffa7b3e 0xbffa79a8:0x xbffa79a4:0xbffa7b1c ->0xbffa79a0:0x xbffa799c: 0x b 0xbffa7998 0x xbffa7994: 0x xbffa7990:0x

.section.text.globl _start _start: :nop :nop :call foo b:movl $1, %eax -> :int $0x80.type foo: :pushl %ebp :movl %esp, %ebp :nop :movl %ebp, %esp :popl %ebp :ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbffa79a0 ebp0x0 esi0x0 edi0x0 eip 0x bmovl $1, %eax Registers Stack Assembly 0xbffa79ac: 0xbffa7b3e 0xbffa79a8:0x xbffa79a4:0xbffa7b1c ->0xbffa79a0:0x xbffa799c: 0x b 0xbffa7998 0x xbffa7994: 0x xbffa7990:0x Next IP

Program exited normally.

.section.data.section.text.globl _start _start: nop push $2 call foo add $4, %esp movl $1, %eax int $0x80.type foo: pushl %ebp movl %esp, %ebp movl 8(%ebp), %eax xorl %eax, %eax movl %ebp, %esp popl %ebp ret Function call, with an argument Output of “objdump -d main” main: file format elf32-i386 Disassembly of section.text: : :90 nop :90 nop :6a 02 push $0x :e8 0a call d:83 c4 04 add $0x4,%esp :b mov $0x1,%eax :cd 80 int $0x : :55 push %ebp :89 e5 mov %esp,%ebp a:8b mov 0x8(%ebp),%eax d:31 c0 xor %eax,%eax f:89 ec mov %ebp,%esp :5d pop %ebp :c3 ret

.section.text.globl _start _start: :nop -> :nop :pushl $0x :call foo d:addl $0x4, %esp :movl $0x1, %eax :int $0x80.type foo: :pushl %ebp :movl %esp, %ebp a:movl 8(%ebp), %eax d:xorl %eax, %eax f:movl %ebp, %esp :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e680 ebp0x0 esi0x0 edi0x0 eip 0x xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x xbfc8e684:0xbfc8fb12 ->0xbfc8e680:0x xbfc8e67c:0x xbfc8e678: 0x xbfc8e674: 0x xbfc8e670:0x nop Registers Stack Assembly Next IP

.section.text.globl _start _start: :nop :nop -> :pushl $0x :call foo d:addl $0x4, %esp :movl $0x1, %eax :int $0x80.type foo: :pushl %ebp :movl %esp, %ebp a:movl 8(%ebp), %eax d:xorl %eax, %eax f:movl %ebp, %esp :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e680 ebp0x0 esi0x0 edi0x0 eip 0x xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x xbfc8e684:0xbfc8fb12 ->0xbfc8e680:0x xbfc8e67c:0x xbfc8e678: 0x xbfc8e674: 0x xbfc8e670:0x nop Registers Stack Assembly Next IP

.section.text.globl _start _start: :nop :nop :pushl $0x2 -> :call foo d:addl $0x4, %esp :movl $0x1, %eax :int $0x80.type foo: :pushl %ebp :movl %esp, %ebp a:movl 8(%ebp), %eax d:xorl %eax, %eax f:movl %ebp, %esp :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e67c ebp0x0 esi0x0 edi0x0 eip 0x xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x xbfc8e684:0xbfc8fb12 0xbfc8e680:0x >0xbfc8e67c:0x xbfc8e678: 0x xbfc8e674: 0x xbfc8e670:0x pushl $0x2 Registers Stack Assembly Next IP Stack grows downward Push argument to stack

.section.text.globl _start _start: :nop :nop :pushl $0x :call foo d:addl $0x4, %esp :movl $0x1, %eax :int $0x80.type foo: -> :pushl %ebp :movl %esp, %ebp a:movl 8(%ebp), %eax d:xorl %eax, %eax f:movl %ebp, %esp :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e678 ebp0x0 esi0x0 edi0x0 eip 0x xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x xbfc8e684:0xbfc8fb12 0xbfc8e680:0x xbfc8e67c:0x >0xbfc8e678: 0x d 0xbfc8e674: 0x xbfc8e670:0x call foo Registers Stack Assembly Next IP call pushes return address to stack

.section.text.globl _start _start: :nop :nop :pushl $0x :call foo d:addl $0x4, %esp :movl $0x1, %eax :int $0x80.type foo: :pushl %ebp -> :movl %esp, %ebp a:movl 8(%ebp), %eax d:xorl %eax, %eax f:movl %ebp, %esp :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e674 ebp0x0 esi0x0 edi0x0 eip 0x xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x xbfc8e684:0xbfc8fb12 0xbfc8e680:0x xbfc8e67c:0x xbfc8e678: 0x d ->0xbfc8e674: 0x xbfc8e670:0x pushl %ebp Registers Stack Assembly Next IP Save base pointer to stack

.section.text.globl _start _start: :nop :nop :pushl $0x :call foo d:addl $0x4, %esp :movl $0x1, %eax :int $0x80.type foo: :pushl %ebp :movl %esp, %ebp ->804806a:movl 8(%ebp), %eax d:xorl %eax, %eax f:movl %ebp, %esp :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e674 ebp 0xbfc8e674 esi0x0 edi0x0 eip 0x804806a 0xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x xbfc8e684:0xbfc8fb12 0xbfc8e680:0x xbfc8e67c:0x xbfc8e678: 0x d ->0xbfc8e674: 0x xbfc8e670:0x movl %esp, %ebp Registers Stack Assembly Next IP Use base pointer as reference

.section.text.globl _start _start: :nop :nop :pushl $0x :call foo d:addl $0x4, %esp :movl $0x1, %eax :int $0x80.type foo: :pushl %ebp :movl %esp, %ebp a:movl 8(%ebp), %eax ->804806d:xorl %eax, %eax f:movl %ebp, %esp :popl %ebp :ret eax0x2 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e674 ebp 0xbfc8e674 esi0x0 edi0x0 eip 0x804806d 0xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x xbfc8e684:0xbfc8fb12 0xbfc8e680:0x xbfc8e67c:0x xbfc8e678: 0x d ->0xbfc8e674: 0x xbfc8e670:0x amovl 8(%ebp), %eax Registers Stack Assembly Next IP Use the argument

.section.text.globl _start _start: :nop :nop :pushl $0x :call foo d:addl $0x4, %esp :movl $0x1, %eax :int $0x80.type foo: :pushl %ebp :movl %esp, %ebp a:movl 8(%ebp), %eax d:xorl %eax, %eax ->804806f:movl %ebp, %esp :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e674 ebp 0xbfc8e674 esi0x0 edi0x0 eip 0x804806f 0xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x xbfc8e684:0xbfc8fb12 0xbfc8e680:0x xbfc8e67c:0x xbfc8e678: 0x d ->0xbfc8e674: 0x xbfc8e670:0x dxorl %eax, %eax Registers Stack Assembly Next IP an operation on the argument

.section.text.globl _start _start: :nop :nop :pushl $0x :call foo d:addl $0x4, %esp :movl $0x1, %eax :int $0x80.type foo: :pushl %ebp :movl %esp, %ebp a:movl 8(%ebp), %eax d:xorl %eax, %eax f:movl %ebp, %esp -> :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e674 ebp 0xbfc8e674 esi0x0 edi0x0 eip 0x xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x xbfc8e684:0xbfc8fb12 0xbfc8e680:0x xbfc8e67c:0x xbfc8e678: 0x d ->0xbfc8e674: 0x xbfc8e670:0x fmovl %ebp, %esp Registers Stack Assembly Next IP

.section.text.globl _start _start: :nop :nop :pushl $0x :call foo d:addl $0x4, %esp :movl $0x1, %eax :int $0x80.type foo: :pushl %ebp :movl %esp, %ebp a:movl 8(%ebp), %eax d:xorl %eax, %eax f:movl %ebp, %esp :popl %ebp -> :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e678 ebp0x0 esi0x0 edi0x0 eip 0x xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x xbfc8e684:0xbfc8fb12 0xbfc8e680:0x xbfc8e67c:0x >0xbfc8e678: 0x d 0xbfc8e674: 0x xbfc8e670:0x popl %ebp Registers Stack Assembly Next IP Restore old base pointer

.section.text.globl _start _start: :nop :nop :pushl $0x :call foo ->804805d:addl $0x4, %esp :movl $0x1, %eax :int $0x80.type foo: :pushl %ebp :movl %esp, %ebp a:movl 8(%ebp), %eax d:xorl %eax, %eax f:movl %ebp, %esp :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e67c ebp0x0 esi0x0 edi0x0 eip 0x804805d 0xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x xbfc8e684:0xbfc8fb12 0xbfc8e680:0x >0xbfc8e67c:0x xbfc8e678: 0x d 0xbfc8e674: 0x xbfc8e670:0x ret Registers Stack Assembly ret restores saved return address to ip

.section.text.globl _start _start: :nop :nop :pushl $0x :call foo d:addl $0x4, %esp -> :movl $0x1, %eax :int $0x80.type foo: :pushl %ebp :movl %esp, %ebp a:movl 8(%ebp), %eax d:xorl %eax, %eax f:movl %ebp, %esp :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e680 ebp0x0 esi0x0 edi0x0 eip 0x xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x xbfc8e684:0xbfc8fb12 ->0xbfc8e680:0x xbfc8e67c:0x xbfc8e678: 0x d 0xbfc8e674: 0x xbfc8e670:0x daddl $0x4, %esp Registers Stack Assembly Next IP restore stack pointer for pushed argument

.section.text.globl _start _start: :nop :nop :pushl $0x :call foo d:addl $0x4, %esp :movl $0x1, %eax -> :int $0x80.type foo: :pushl %ebp :movl %esp, %ebp a:movl 8(%ebp), %eax d:xorl %eax, %eax f:movl %ebp, %esp :popl %ebp :ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e680 ebp0x0 esi0x0 edi0x0 eip 0x xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x xbfc8e684:0xbfc8fb12 ->0xbfc8e680:0x xbfc8e67c:0x xbfc8e678: 0x d 0xbfc8e674: 0x xbfc8e670:0x movl $0x1, %eax Registers Stack Assembly Next IP

Program exited normally.

.section.data.section.text.globl _start _start: nop push $3 call factorial addl $4, %esp movl %eax, %ebx movl $1, %eax int $0x80 Recursive function - factorial.type factorial: pushl %ebp movl %esp, %ebp movl 8(%ebp), %eax cmpl $1, %eax je end_factorial decl %eax pushl %eax call factorial movl 8(%ebp), %ebx imull %ebx, %eax end_factorial: movl %ebp, %esp popl %ebp ret

_start: :nop -> :nop :pushl $0x :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbf ebp0x0 esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f ->0xbf879260:0x xbf87925c:0x xbf879258: 0x xbf879254: 0x xbf879250:0x xbf87924c:0x xbf879248:0x xbf879244:0x xbf879240:0x xbf87923c:0x nop Registers Stack Assembly Next IP

_start: :nop :nop -> :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbf ebp0x0 esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f ->0xbf879260:0x xbf87925c:0x xbf879258: 0x xbf879254: 0x xbf879250:0x xbf87924c:0x xbf879248:0x xbf879244:0x xbf879240:0x xbf87923c:0x nop Registers Stack Assembly Next IP

_start: :nop :nop :pushl $3 -> :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbf87925c ebp0x0 esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x >0xbf87925c:0x xbf879258: 0x xbf879254: 0x xbf879250:0x xbf87924c:0x xbf879248:0x xbf879244:0x xbf879240:0x xbf87923c:0x pushl $3 Registers Stack Assembly Next IP Stack grows downward Calculate factorial of 3

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: -> :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbf ebp0x0 esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x >0xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x xbf879248:0x xbf879244:0x xbf879240:0x xbf87923c:0x call factorial Registers Stack Assembly Next IP call pushes return address to stack

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp ->804806a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbf ebp0x0 esi0x0 edi0x0 eip 0x804806a 0xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d ->0xbf879254: 0x xbf879250:0x xbf87924c:0x xbf879248:0x xbf879244:0x xbf879240:0x xbf87923c:0x pushl %ebp Registers Stack Assembly Next IP Save base pointer to stack

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp ->804806c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x804806c 0xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d ->0xbf879254: 0x xbf879250:0x xbf87924c:0x xbf879248:0x xbf879244:0x xbf879240:0x xbf87923c:0x amovl %esp, %ebp Registers Stack Assembly Next IP Use base pointer as reference

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax ->804806f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x3 ecx0x0 edx0x0 ebx0x0 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x804806f 0xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d ->0xbf879254: 0x xbf879250:0x xbf87924c:0x xbf879248:0x xbf879244:0x xbf879240:0x xbf87923c:0x cmovl 8(%ebp), %eax Registers Stack Assembly Next IP Use the argument

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax -> :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x3 ecx0x0 edx0x0 ebx0x0 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d ->0xbf879254: 0x xbf879250:0x xbf87924c:0x xbf879248:0x xbf879244:0x xbf879240:0x xbf87923c:0x fcmpl $1, %eax Registers Stack Assembly Next IP 1 != 3

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial -> :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x3 ecx0x0 edx0x0 ebx0x0 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d ->0xbf879254: 0x xbf879250:0x xbf87924c:0x xbf879248:0x xbf879244:0x xbf879240:0x xbf87923c:0x je end_factorial Registers Stack Assembly Next IP Flag not set

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax -> :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x2 ecx0x0 edx0x0 ebx0x0 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d ->0xbf879254: 0x xbf879250:0x xbf87924c:0x xbf879248:0x xbf879244:0x xbf879240:0x xbf87923c:0x decl %eax Registers Stack Assembly Next IP

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax -> :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x2 ecx0x0 edx0x0 ebx0x0 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x >0xbf879250:0x xbf87924c:0x xbf879248:0x xbf879244:0x xbf879240:0x xbf87923c:0x pushl %eax Registers Stack Assembly Next IP

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: -> :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x2 ecx0x0 edx0x0 ebx0x0 esp 0xbf87924c ebp 0xbf esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x >0xbf87924c:0x b 0xbf879248: 0x xbf879244:0x xbf879240:0x xbf87923c:0x call factorial Registers Stack Assembly Next IP call pushes return address to stack

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp ->804806a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x2 ecx0x0 edx0x0 ebx0x0 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x804806a 0xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b ->0xbf879248:0xbf xbf879244:0x xbf879240:0x xbf87923c:0x pushl %ebp Registers Stack Assembly Next IP Save base pointer to stack

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp ->804806c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x2 ecx0x0 edx0x0 ebx0x0 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x804806c 0xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b ->0xbf879248:0xbf xbf879244:0x xbf879240:0x xbf87923c:0x amovl %esp, %ebp Registers Stack Assembly Next IP Use base pointer as reference

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax ->804806f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x2 ecx0x0 edx0x0 ebx0x0 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x804806f 0xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b ->0xbf879248:0xbf xbf879244:0x xbf879240:0x xbf87923c:0x cmovl 8(%ebp), %eax Registers Stack Assembly Next IP Use the argument

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax -> :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x2 ecx0x0 edx0x0 ebx0x0 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b ->0xbf879248:0xbf xbf879244:0x xbf879240:0x xbf87923c:0x fcmpl $1, %eax Registers Stack Assembly Next IP 1 != 2

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial -> :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x2 ecx0x0 edx0x0 ebx0x0 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b ->0xbf879248:0xbf xbf879244:0x xbf879240:0x xbf87923c:0x je end_factorial Registers Stack Assembly Next IP Flag not set

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax -> :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b ->0xbf879248:0xbf xbf879244:0x xbf879240:0x xbf87923c:0x decl %eax Registers Stack Assembly Next IP

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax -> :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b 0xbf879248:0xbf >0xbf879244:0x xbf879240:0x xbf87923c:0x pushl %eax Registers Stack Assembly Next IP

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: -> :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b 0xbf879248:0xbf xbf879244:0x >0xbf879240:0x b 0xbf87923c:0x call factorial Registers Stack Assembly Next IP call pushes return address to stack

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp ->804806a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbf87923c ebp 0xbf esi0x0 edi0x0 eip 0x804806a 0xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b 0xbf879248:0xbf xbf879244:0x xbf879240:0x b ->0xbf87923c:0xbf pushl %ebp Registers Stack Assembly Next IP Save base pointer to stack

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp ->804806c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbf87923c ebp 0xbf87923c esi0x0 edi0x0 eip 0x804806c 0xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b 0xbf879248:0xbf xbf879244:0x xbf879240:0x b ->0xbf87923c:0xbf amovl %esp, %ebp Registers Stack Assembly Next IP Use base pointer as reference

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax ->804806f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbf87923c ebp 0xbf87923c esi0x0 edi0x0 eip 0x804806f 0xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b 0xbf879248:0xbf xbf879244:0x xbf879240:0x b ->0xbf87923c:0xbf cmovl 8(%ebp), %eax Registers Stack Assembly Next IP Use the argument

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax -> :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbf87923c ebp 0xbf87923c esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b 0xbf879248:0xbf xbf879244:0x xbf879240:0x b ->0xbf87923c:0xbf fcmpl $1, %eax Registers Stack Assembly Next IP 1 == 1

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: -> :movl %ebp, %esp :popl %ebp :ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbf87923c ebp 0xbf87923c esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b 0xbf879248:0xbf xbf879244:0x xbf879240:0x b ->0xbf87923c:0xbf je end_factorial Registers Stack Assembly Next IP Flag is set

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp -> :popl %ebp :ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbf87923c ebp 0xbf87923c esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b 0xbf879248:0xbf xbf879244:0x xbf879240:0x b ->0xbf87923c:0xbf movl %ebp, %esp Registers Stack Assembly Next IP

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp -> :ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b 0xbf879248:0xbf xbf879244:0x >0xbf879240:0x b 0xbf87923c:0xbf popl %ebp Registers Stack Assembly Next IP Restore old base pointer

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial ->804807b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x804807b 0xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b 0xbf879248:0xbf >0xbf879244:0x xbf879240:0x b 0xbf87923c:0xbf ret Registers Stack Assembly Next IP ret restores saved return address to ip

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx ->804807e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x1 ecx0x0 edx0x0 ebx0x2 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x804807e 0xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b 0xbf879248:0xbf >0xbf879244:0x xbf879240:0x b 0xbf87923c:0xbf bmovl 8(%ebp), %ebx Registers Stack Assembly Next IP

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: -> :movl %ebp, %esp :popl %ebp :ret eax0x2 ecx0x0 edx0x0 ebx0x2 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b 0xbf879248:0xbf >0xbf879244:0x xbf879240:0x b 0xbf87923c:0xbf eimull %ebx, %eax Registers Stack Assembly Next IP

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp -> :popl %ebp :ret eax0x2 ecx0x0 edx0x0 ebx0x2 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b ->0xbf879248:0xbf xbf879244:0x xbf879240:0x b 0xbf87923c:0xbf movl %ebp, %esp Registers Stack Assembly Next IP

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp -> :ret eax0x2 ecx0x0 edx0x0 ebx0x2 esp 0xbf87924c ebp 0xbf esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x >0xbf87924c:0x b 0xbf879248:0xbf xbf879244:0x xbf879240:0x b 0xbf87923c:0xbf pop %ebp Registers Stack Assembly Next IP Restore old base pointer

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial ->804807b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x2 ecx0x0 edx0x0 ebx0x2 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x804807b 0xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x >0xbf879250:0x xbf87924c:0x b 0xbf879248:0xbf xbf879244:0x xbf879240:0x b 0xbf87923c:0xbf ret Registers Stack Assembly Next IP ret restores saved return address to ip

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx ->804807e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x2 ecx0x0 edx0x0 ebx0x3 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x804807e 0xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x >0xbf879250:0x xbf87924c:0x b 0xbf879248:0xbf xbf879244:0x xbf879240:0x b 0xbf87923c:0xbf bmovl 8(%ebp), %ebx Registers Stack Assembly Next IP

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: -> :movl %ebp, %esp :popl %ebp :ret eax0x6 ecx0x0 edx0x0 ebx0x3 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x >0xbf879250:0x xbf87924c:0x b 0xbf879248:0xbf xbf879244:0x xbf879240:0x b 0xbf87923c:0xbf eimull %ebx, %eax Registers Stack Assembly Next IP

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp -> :popl %ebp :ret eax0x6 ecx0x0 edx0x0 ebx0x3 esp 0xbf ebp 0xbf esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x xbf879258: 0x d ->0xbf879254: 0x xbf879250:0x xbf87924c:0x b 0xbf879248:0xbf xbf879244:0x xbf879240:0x b 0xbf87923c:0xbf movl %ebp, %esp Registers Stack Assembly Next IP

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp -> :ret eax0x6 ecx0x0 edx0x0 ebx0x3 esp 0xbf ebp0x0 esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x xbf87925c:0x >0xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b 0xbf879248:0xbf xbf879244:0x xbf879240:0x b 0xbf87923c:0xbf popl %ebp Registers Stack Assembly Next IP Restore old base pointer

_start: :nop :nop :pushl $ :call factorial ->804805d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x6 ecx0x0 edx0x0 ebx0x3 esp 0xbf87925c ebp0x0 esi0x0 edi0x0 eip 0x804805d 0xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f 0xbf879260:0x >0xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b 0xbf879248:0xbf xbf879244:0x xbf879240:0x b 0xbf87923c:0xbf ret Registers Stack Assembly Next IP ret restores saved return address to ip

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp -> :movl %eax, %ebx :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x6 ecx0x0 edx0x0 ebx0x3 esp 0xbf ebp0x0 esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f ->0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b 0xbf879248:0xbf xbf879244:0x xbf879240:0x b 0xbf87923c:0xbf daddl $0x4, %esp Registers Stack Assembly Next IP

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx -> :movl $0x1, %eax :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x6 ecx0x0 edx0x0 ebx0x6 esp 0xbf ebp0x0 esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f ->0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b 0xbf879248:0xbf xbf879244:0x xbf879240:0x b 0xbf87923c:0xbf movl %eax, %ebx Registers Stack Assembly Next IP

_start: :nop :nop :pushl $ :call factorial d:addl $0x4, %esp :movl %eax, %ebx :movl $0x1, %eax -> :int $0x80 factorial: :pushl %ebp a:movl %esp, %ebp c:movl 8(%ebp), %eax f:cmpl $1, %eax :je end_factorial :decl %eax :pushl %eax :call factorial b:movl 8(%ebp), %ebx e:imull %ebx, %eax end_factorial: :movl %ebp, %esp :popl %ebp :ret eax0x1 ecx0x0 edx0x0 ebx0x6 esp 0xbf ebp0x0 esi0x0 edi0x0 eip 0x xbf87926c:0xbf879b36 0xbf879268:0x xbf879264:0xbf879b0f ->0xbf879260:0x xbf87925c:0x xbf879258: 0x d 0xbf879254: 0x xbf879250:0x xbf87924c:0x b 0xbf879248:0xbf xbf879244:0x xbf879240:0x b 0xbf87923c:0xbf movl $0x1, %eax Registers Stack Assembly Next IP

Program exited normally.

Stack Summary Argument N Argument 2 Argument 1 Return address Old base pointer Local variable 1 Local variable 2 Argument... Local variable... Lower order address Higher order address Stack grows downwards

● Richard Blum Professional Assembly Language. Wrox. ● Jonathan Bartlett Programming from the Ground Up. References

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.