The Runtime Environment CSE 340 – Principles of Programming Languages Fall 2016 Adam Doupé Arizona State University http://adamdoupe.com

Locations and Names What is the semantic distinction between locations and names? How does the compiler actually implement locations and names? How does the compiler map names to memory locations? We are going to look into this process Assuming static scoping

Global Variables Where can the compiler put variables? Memory Registers Disk "Cloud" What are the constraints on those variables? Who can access them? Who can't?

mem[A] = mem[A] + mem[B] a @ 0x8049634 b @ 0x8049638 c @ 0x804963c int a; int b; float c; int main() { a = 10; b = 100; c = 10.45; a = a + b; return 0; } a @ A b @ B c @ C mem[A] = 10 mem[B] = 100 mem[C] = 10.45 mem[A] = mem[A] + mem[B] a @ 0x8049634 b @ 0x8049638 c @ 0x804963c movl $0xa,0x8049634 movl $0x64,0x8049638 mov $0x41273333,%eax mov %eax,0x804963c mov 0x8049634,%edx mov 0x8049638,%eax lea (%edx,%eax,1),%eax mov %eax,0x8049634 ATT assembly syntax gcc –Wall –m32 objdump –M att –D a.out

Local Variables What are the constraints on local variables? Where can the compiler place local variables? Global Memory (one for each function)

int fact(int n) { if (n == 0) return 1; } else return fact(n-1) * n; ATT assembly syntax gcc –Wall –m32 objdump –M att –D a.out

Local Variables What are the constraints on local variables? Where can the compiler place local variables? Global Memory (one for each function) "Scratch memory" for each function

The Stack Stack is essentially scratch memory for functions Used in MIPS, ARM, x86, and x86-64 processors Starts at high memory addresses, and grows down Functions are free to push registers or values onto the stack, or pop values from the stack into registers The assembly language supports this on x86 %esp holds the address of the top of the stack push %eax decrements the stack pointer (%esp) then stores the value in %eax to the location pointed to by the stack pointer pop %eax stores the value at the location pointed to by the stack pointer into %eax, then increments the stack pointer (%esp)

Stack Example 0xFFFFFFFF … Garbage push %eax pop %ebx 0x10000 %esp 0x10000

Stack Example 0xFFFFFFFF … Garbage push %eax pop %ebx 0x10000 %esp 0x10000

Stack Example 0xFFFFFFFF … 0xa Garbage push %eax pop %ebx 0x10000 %esp 0xFFFC

Stack Example 0xFFFFFFFF … 0xa Garbage push %eax pop %ebx 0x10000 %esp 0xFFFC

Stack Example 0xFFFFFFFF … 0xa Garbage push %eax pop %ebx 0x10000 %esp 0xFFFC

Stack Example 0xFFFFFFFF … 0xa Garbage push %eax pop %ebx 0x10000 %esp 0x10000

Function Frame Functions would like to use the stack to allocate space for their local variables Can we use the stack pointer for this? Yes, however stack pointer can change throughout program execution Frame pointer points to the start of the function's frame on the stack Each local variable will be (different) offsets of the frame pointer In x86, frame pointer is called the base pointer, and is stored in %ebp

mem[%ebp+A] = mem[%ebp+A] + mem[%ebp+B] a @ %ebp – 0xc b @ %ebp – 0x8 int main() { int a; int b; float c; a = 10; b = 100; c = 10.45; a = a + b; return 0; } a @ %ebp + A b @ %ebp + B c @ %ebp + C mem[%ebp+A] = 10 mem[%ebp+B] = 100 mem[%ebp+C] = 10.45 mem[%ebp+A] = mem[%ebp+A] + mem[%ebp+B] a @ %ebp – 0xc b @ %ebp – 0x8 c @ %ebp – 0x4 mov %esp,%ebp sub $0x10,%esp movl $0xa,-0xc(%ebp) movl $0x64,-0x8(%ebp) mov $0x41273333,%eax mov %eax,-0x4(%ebp) mov -0x8(%ebp),%eax add %eax,-0xc(%ebp) ATT assembly syntax gcc –Wall –m32 objdump –M att –D a.out

Function Frame 0xFFFFFFFF … mov %esp,%ebp sub $0x10,%esp movl $0xa,-0xc(%ebp) movl $0x64,-0x8(%ebp) mov $0x41273333,%eax mov %eax,-0x4(%ebp) mov -0x8(%ebp),%eax add %eax,-0xc(%ebp) 0x10000 0x00000000 %eax %esp 0x10000 %ebp  

Function Frame 0xFFFFFFFF … mov %esp,%ebp sub $0x10,%esp movl $0xa,-0xc(%ebp) movl $0x64,-0x8(%ebp) mov $0x41273333,%eax mov %eax,-0x4(%ebp) mov -0x8(%ebp),%eax add %eax,-0xc(%ebp) 0x10000 0x00000000 %eax %esp 0x10000 %ebp

Function Frame 0xFFFFFFFF … mov %esp,%ebp sub $0x10,%esp movl $0xa,-0xc(%ebp) movl $0x64,-0x8(%ebp) mov $0x41273333,%eax mov %eax,-0x4(%ebp) mov -0x8(%ebp),%eax add %eax,-0xc(%ebp) 0x10000 0x00000000 %eax %esp 0xFFF0 %ebp 0x10000

Function Frame 0xFFFFFFFF … mov %esp,%ebp sub $0x10,%esp movl $0xa,-0xc(%ebp) movl $0x64,-0x8(%ebp) mov $0x41273333,%eax mov %eax,-0x4(%ebp) mov -0x8(%ebp),%eax add %eax,-0xc(%ebp) 0x10000 0xFFFC 0xFFF8 0xFFF4 0xFFF0 0x00000000 %eax %esp 0xFFF0 %ebp 0x10000

Function Frame 0xFFFFFFFF … 0xa mov %esp,%ebp sub $0x10,%esp movl $0xa,-0xc(%ebp) movl $0x64,-0x8(%ebp) mov $0x41273333,%eax mov %eax,-0x4(%ebp) mov -0x8(%ebp),%eax add %eax,-0xc(%ebp) 0x10000 0xFFFC 0xFFF8 0xFFF4 0xFFF0 0x00000000 %eax %esp 0xFFF0 %ebp 0x10000

Function Frame 0xFFFFFFFF … 0xa mov %esp,%ebp sub $0x10,%esp movl $0xa,-0xc(%ebp) movl $0x64,-0x8(%ebp) mov $0x41273333,%eax mov %eax,-0x4(%ebp) mov -0x8(%ebp),%eax add %eax,-0xc(%ebp) 0x10000 0xFFFC 0xFFF8 0xFFF4 0xFFF0 0x00000000 %eax %esp 0xFFF0 %ebp 0x10000

Function Frame 0xFFFFFFFF … 0x64 0xa mov %esp,%ebp sub $0x10,%esp movl $0xa,-0xc(%ebp) movl $0x64,-0x8(%ebp) mov $0x41273333,%eax mov %eax,-0x4(%ebp) mov -0x8(%ebp),%eax add %eax,-0xc(%ebp) 0x10000 0xFFFC 0xFFF8 0xFFF4 0xFFF0 0x00000000 %eax %esp 0xFFF0 %ebp 0x10000

Function Frame 0xFFFFFFFF … 0x64 0xa mov %esp,%ebp sub $0x10,%esp movl $0xa,-0xc(%ebp) movl $0x64,-0x8(%ebp) mov $0x41273333,%eax mov %eax,-0x4(%ebp) mov -0x8(%ebp),%eax add %eax,-0xc(%ebp) 0x10000 0xFFFC 0xFFF8 0xFFF4 0xFFF0 0x00000000 %eax %esp 0xFFF0 %ebp 0x10000

Function Frame 0xFFFFFFFF … 0x64 0xa mov %esp,%ebp sub $0x10,%esp movl $0xa,-0xc(%ebp) movl $0x64,-0x8(%ebp) mov $0x41273333,%eax mov %eax,-0x4(%ebp) mov -0x8(%ebp),%eax add %eax,-0xc(%ebp) 0x10000 0xFFFC 0xFFF8 0xFFF4 0xFFF0 0x00000000 %eax 0x41273333 %esp 0xFFF0 %ebp 0x10000

Function Frame 0xFFFFFFFF … 0x64 0xa mov %esp,%ebp sub $0x10,%esp movl $0xa,-0xc(%ebp) movl $0x64,-0x8(%ebp) mov $0x41273333,%eax mov %eax,-0x4(%ebp) mov -0x8(%ebp),%eax add %eax,-0xc(%ebp) 0x10000 0xFFFC 0xFFF8 0xFFF4 0xFFF0 0x00000000 %eax 0x41273333 %esp 0xFFF0 %ebp 0x10000

Function Frame 0xFFFFFFFF … 0x41273333 0x64 0xa mov %esp,%ebp sub $0x10,%esp movl $0xa,-0xc(%ebp) movl $0x64,-0x8(%ebp) mov $0x41273333,%eax mov %eax,-0x4(%ebp) mov -0x8(%ebp),%eax add %eax,-0xc(%ebp) 0x10000 0xFFFC 0xFFF8 0xFFF4 0xFFF0 0x00000000 %eax 0x41273333 %esp 0xFFF0 %ebp 0x10000

Function Frame 0xFFFFFFFF … 0x41273333 0x64 0xa mov %esp,%ebp sub $0x10,%esp movl $0xa,-0xc(%ebp) movl $0x64,-0x8(%ebp) mov $0x41273333,%eax mov %eax,-0x4(%ebp) mov -0x8(%ebp),%eax add %eax,-0xc(%ebp) 0x10000 c 0xFFFC b 0xFFF8 a 0xFFF4 0xFFF0 0x00000000 %eax 0x41273333 %esp 0xFFF0 %ebp 0x10000

Function Frame 0xFFFFFFFF … 0x41273333 0x64 0xa mov %esp,%ebp sub $0x10,%esp movl $0xa,-0xc(%ebp) movl $0x64,-0x8(%ebp) mov $0x41273333,%eax mov %eax,-0x4(%ebp) mov -0x8(%ebp),%eax add %eax,-0xc(%ebp) 0x10000 c 0xFFFC b 0xFFF8 a 0xFFF4 0xFFF0 0x00000000 %eax 0x64 %esp 0xFFF0 %ebp 0x10000

Function Frame 0xFFFFFFFF … 0x41273333 0x64 0xa mov %esp,%ebp sub $0x10,%esp movl $0xa,-0xc(%ebp) movl $0x64,-0x8(%ebp) mov $0x41273333,%eax mov %eax,-0x4(%ebp) mov -0x8(%ebp),%eax add %eax,-0xc(%ebp) 0x10000 c 0xFFFC b 0xFFF8 a 0xFFF4 0xFFF0 0x00000000 %eax 0x64 %esp 0xFFF0 %ebp 0x10000

Function Frame 0xFFFFFFFF … 0x41273333 0x64 0x6E mov %esp,%ebp sub $0x10,%esp movl $0xa,-0xc(%ebp) movl $0x64,-0x8(%ebp) mov $0x41273333,%eax mov %eax,-0x4(%ebp) mov -0x8(%ebp),%eax add %eax,-0xc(%ebp) 0x10000 c 0xFFFC b 0xFFF8 a 0xFFF4 0xFFF0 0x00000000 %eax 0x64 %esp 0xFFF0 %ebp 0x10000

Function Frame 0xFFFFFFFF … 0x41273333 0x64 0x6E mov %esp,%ebp sub $0x10,%esp movl $0xa,-0xc(%ebp) movl $0x64,-0x8(%ebp) mov $0x41273333,%eax mov %eax,-0x4(%ebp) mov -0x8(%ebp),%eax add %eax,-0xc(%ebp) 0x10000 c 0xFFFC b 0xFFF8 a 0xFFF4 0xFFF0 0x00000000 %eax 0x64 %esp 0xFFF0 %ebp 0x10000

Functions Declarations Invocation Function name Formal parameters (names and types) Return type Invocation f(x1,x2,…,xk) x1,x2,...,xk are expressions x1,x2,...xk are called the actual parameters Invoking function must create the frame on the stack with enough space to hold the actual parameters

Function Frames Allows us to allocate memory for the function's local variables However, when considering calling a function, what other information do we need? Return value Parameters Our frame pointer Return address (where to start program execution when function returns) Local variables Temporary variables

Calling Convention All of the previous information must be stored on the stack in order to call the function Who should store that information? Caller? Callee? Thus, we need to define a convention of who pushes/stores what values on the stack to call a function Varies based on processor, operating system, compiler, or type of call

x86 Linux Calling Convention (cdecl) Caller (in this order) Pushes arguments onto the stack (in right to left order) Pushes address of instruction after call Callee Pushes previous frame pointer onto stack Creates space on stack for local variables Ensures that stack is consistent on return Return value in %eax register

callee: push %ebp mov %esp,%ebp mov 0xc(%ebp),%eax mov 0x8(%ebp),%edx lea (%edx,%eax,1),%eax add $0x1,%eax pop %ebp ret main: sub $0x18,%esp movl $0x28,0x4(%esp) movl $0xa,(%esp) call callee mov %eax,-0x4(%ebp) mov -0x4(%ebp),%eax leave int callee(int a, int b) { return a + b + 1; } int main() int a; a = callee(10, 40); return a; prologue epilogue prologue ATT assembly syntax gcc –Wall –m32 objdump –M att –D a.out leave semantics Set ESP to EBP, then pop EBP. epilogue

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0x00000000 %eax %edx %esp 0xfd2d4 %ebp 0xfd2c0 %eip 0x80483a5

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0x00000000 %eax %edx %esp 0xfd2d0 %ebp 0xfd2c0 %eip 0x80483a5

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x00000000 %eax %edx %esp 0xfd2d0 %ebp 0xfd2c0 %eip 0x80483a5

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x00000000 %eax %edx %esp 0xfd2d0 %ebp 0xfd2c0 %eip 0x80483a5

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x00000000 %eax %edx %esp 0xfd2d0 %ebp 0xfd2c0 %eip 0x80483a6

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x00000000 %eax %edx %esp 0xfd2d0 %ebp %eip 0x80483a6

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x00000000 %eax %edx %esp 0xfd2d0 %ebp %eip 0x80483a8

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0xfd2d0 0xfd2b8 0x00000000 %eax %edx %esp 0xfd2b8 %ebp 0xfd2d0 %eip 0x80483a8

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0xfd2d0 0xfd2bc 0xfd2b8 0x00000000 %eax %edx %esp 0xfd2b8 %ebp 0xfd2d0 %eip 0x80483ab

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xfd2d0 0xfd2bc 0xfd2b8 0x00000000 %eax %edx %esp 0xfd2b8 %ebp 0xfd2d0 %eip 0x80483ab

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xfd2d0 0xfd2bc 0xfd2b8 0x00000000 %eax %edx %esp 0xfd2b8 %ebp 0xfd2d0 %eip 0x80483b3

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0xfd2d0 0xfd2bc 0xfd2b8 0x00000000 %eax %edx %esp 0xfd2b8 %ebp 0xfd2d0 %eip 0x80483b3

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0xfd2d0 0xfd2bc 0xfd2b8 0x00000000 %eax %edx %esp 0xfd2b8 %ebp 0xfd2d0 %eip 0x80483ba

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0xfd2d0 0xfd2bc 0xfd2b8 0x00000000 %eax %edx %esp 0xfd2b4 %ebp 0xfd2d0 %eip 0x80483ba

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0x00000000 %eax %edx %esp 0xfd2b4 %ebp 0xfd2d0 %eip 0x8048394

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0x00000000 %eax %edx %esp 0xfd2b4 %ebp 0xfd2d0 %eip 0x8048394

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax %edx %esp 0xfd2b0 %ebp 0xfd2d0 %eip 0x8048394

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax %edx %esp 0xfd2b0 %ebp 0xfd2d0 %eip 0x8048394

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax %edx %esp 0xfd2b0 %ebp 0xfd2d0 %eip 0x8048394

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax %edx %esp 0xfd2b0 %ebp 0xfd2d0 %eip 0x8048395

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax %edx %esp 0xfd2b0 %ebp %eip 0x8048395

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax %edx %esp 0xfd2b0 %ebp %eip 0x8048397

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 main 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 callee 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax %edx %esp 0xfd2b0 %ebp %eip 0x8048397

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax 0x28 %edx %esp 0xfd2b0 %ebp %eip 0x8048397

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax 0x28 %edx %esp 0xfd2b0 %ebp %eip 0x804839a

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax 0x28 %edx 0xa %esp 0xfd2b0 %ebp %eip 0x804839a

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax 0x28 %edx 0xa %esp 0xfd2b0 %ebp %eip 0x804839d

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax 0x32 %edx 0xa %esp 0xfd2b0 %ebp %eip 0x804839d

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax 0x32 %edx 0xa %esp 0xfd2b0 %ebp %eip 0x80483a0

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax 0x33 %edx 0xa %esp 0xfd2b0 %ebp %eip 0x80483a0

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax 0x33 %edx 0xa %esp 0xfd2b0 %ebp %eip 0x80483a3

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax 0x33 %edx 0xa %esp 0xfd2b0 %ebp 0xfd2d0 %eip 0x80483a3

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax 0x33 %edx 0xa %esp 0xfd2b4 %ebp 0xfd2d0 %eip 0x80483a3

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax 0x33 %edx 0xa %esp 0xfd2b4 %ebp 0xfd2d0 %eip 0x80483a3

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax 0x33 %edx 0xa %esp 0xfd2b4 %ebp 0xfd2d0 %eip 0x80483a4

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax 0x33 %edx 0xa %esp 0xfd2b4 %ebp 0xfd2d0 %eip 0x80483bf

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax 0x33 %edx 0xa %esp 0xfd2b8 %ebp 0xfd2d0 %eip 0x80483bf

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax 0x33 %edx 0xa %esp 0xfd2b8 %ebp 0xfd2d0 %eip 0x80483bf

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax 0x33 %edx 0xa %esp 0xfd2b8 %ebp 0xfd2d0 %eip 0x80483bf

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x33 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2cc 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax 0x33 %edx 0xa %esp 0xfd2b8 %ebp 0xfd2d0 %eip 0x80483bf

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x33 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2cc 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax 0x33 %edx 0xa %esp 0xfd2b8 %ebp 0xfd2d0 %eip 0x80483c2

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x33 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2cc 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 %eax 0x33 %edx 0xa %esp 0xfd2b8 %ebp 0xfd2d0 %eip 0x80483c2

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x33 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2cc 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 leave semantics Set ESP to EBP, then pop EBP. %eax 0x33 %edx 0xa %esp 0xfd2b8 %ebp 0xfd2d0 %eip 0x80483c5

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x33 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2cc 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 leave semantics Set ESP to EBP, then pop EBP. %eax 0x33 %edx 0xa %esp 0xfd2d0 %ebp %eip 0x80483c5

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x33 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2cc 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 leave semantics Set ESP to EBP, then pop EBP. %eax 0x33 %edx 0xa %esp 0xfd2d0 %ebp 0xfd2c0 %eip 0x80483c5

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x33 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2cc 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 leave semantics Set ESP to EBP, then pop EBP. %eax 0x33 %edx 0xa %esp 0xfd2d4 %ebp 0xfd2c0 %eip 0x80483c5

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x33 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2cc 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 leave semantics Set ESP to EBP, then pop EBP. %eax 0x33 %edx 0xa %esp 0xfd2d4 %ebp 0xfd2c0 %eip 0x80483c5

0xFFFFFFFF 0xfd2d4 callee: push %ebp 0x8048394 mov %esp,%ebp 0x8048395 mov 0xc(%ebp),%eax 0x8048397 mov 0x8(%ebp),%edx 0x804839a lea (%edx,%eax,1),%eax 0x804839d add $0x1,%eax 0x80483a0 pop %ebp 0x80483a3 ret 0x80483a4 main: 0x80483a5 0x80483a6 sub $0x18,%esp 0x80483a8 movl $0x28,0x4(%esp) 0x80483ab movl $0xa,(%esp) 0x80483b3 call 0x8048394 0x80483ba mov %eax,-0x4(%ebp) 0x80483bf mov -0x4(%ebp),%eax 0x80483c2 leave 0x80483c5 0x80483c6 0xfd2c0 0x33 0x28 0xa 0x80483bf 0xfd2d0 0xfd2d0 0xfd2cc 0xfd2bc 0xfd2b8 0xfd2b4 0xfd2b0 0x00000000 leave semantics Set ESP to EBP, then pop EBP. %eax 0x33 %edx 0xa %esp 0xfd2d4 %ebp 0xfd2c0 %eip 0x80483c6

Implications of Cdecl Saved EBP and saved EIP are stored on the stack What prevents a program/function from writing/changing those values? What would happen if they did?

mycpy: push %ebp mov %esp,%ebp sub $0x28,%esp mov 0x8(%ebp),%eax mov %eax,0x4(%esp) lea -0xc(%ebp),%eax mov %eax,(%esp) call strcpy leave ret main: sub $0x10,%esp movl $0x8048504,(%esp) call mycpy mov $0x8048517,%eax call printf mov $0x0,%eax #include <string.h> #include <stdio.h> void mycpy(char* str) { char foo[4]; strcpy(foo, str); } int main() callee("asu cse 340 fall 2015 rocks!"); printf("After"); return 0; ATT assembly syntax gcc –Wall –m32 objdump –M att –D a.out leave semantics Set ESP to EBP, then pop EBP. Fix callee()

0xFFFFFFFF 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0x00000000 %eax %esp 0xfd2d4 %ebp 0xfd2e0 %eip 0x804840e

0xFFFFFFFF 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2e0 0x00000000 %eax %esp 0xfd2d0 %ebp 0xfd2e0 %eip 0x804840e

0xFFFFFFFF 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2e0 0x00000000 %eax %esp 0xfd2d0 %ebp 0xfd2e0 %eip 0x804840f

0xFFFFFFFF 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2e0 0x00000000 %eax %esp 0xfd2d0 %ebp %eip 0x804840f

0xFFFFFFFF 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2e0 0x00000000 %eax %esp 0xfd2d0 %ebp %eip 0x8048414

0xFFFFFFFF 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2e0 0xfd2c0 0x00000000 %eax %esp 0xfd2c0 %ebp 0xfd2d0 %eip 0x8048414

0xFFFFFFFF 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2e0 0xfd2c0 0x00000000 %eax %esp 0xfd2c0 %ebp 0xfd2d0 %eip 0x8048417

0xFFFFFFFF 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2e0 0x8048504 0xfd2c0 0x00000000 %eax %esp 0xfd2c0 %ebp 0xfd2d0 %eip 0x8048417

0xFFFFFFFF 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2e0 0x8048504 0xfd2c0 0x00000000 %eax %esp 0xfd2c0 %ebp 0xfd2d0 %eip 0x804841e

0xFFFFFFFF 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2e0 0x8048504 0x8048423 0xfd2c0 0xfd2bc 0x00000000 %eax %esp 0xfd2bc %ebp 0xfd2d0 %eip 0x80483f4

0xFFFFFFFF 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2e0 0x8048504 0x8048423 0xfd2d0 0xfd2c0 0xfd2bc 0xfd2b8 0x00000000 %eax %esp 0xfd2b8 %ebp 0xfd2d0 %eip 0x80483f4

0xFFFFFFFF 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2e0 0x8048504 0x8048423 0xfd2d0 0xfd2c0 0xfd2bc 0xfd2b8 0x00000000 %eax %esp 0xfd2b8 %ebp 0xfd2d0 %eip 0x80483f5

0xFFFFFFFF 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2e0 0x8048504 0x8048423 0xfd2d0 0xfd2c0 0xfd2bc 0xfd2b8 0x00000000 %eax %esp 0xfd2b8 %ebp %eip 0x80483f5

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 0x8048504 0x8048423 0xfd2d0 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 %eax %esp 0xfd2b8 %ebp %eip 0x80483f7

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 0x8048504 0x8048423 0xfd2d0 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd290 %eax %esp 0xfd290 %ebp 0xfd2b8 %eip 0x80483f7

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 0x8048504 0x8048423 0xfd2d0 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd290 %eax %esp 0xfd290 %ebp 0xfd2b8 %eip 0x80483fa

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 0x8048504 0x8048423 0xfd2d0 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd290 %eax 0x8048504 %esp 0xfd290 %ebp 0xfd2b8 %eip 0x80483fa

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 0x8048504 0x8048423 0xfd2d0 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd290 %eax 0x8048504 %esp 0xfd290 %ebp 0xfd2b8 %eip 0x80483fd

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 0x8048504 0x8048423 0xfd2d0 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd290 %eax 0x8048504 %esp 0xfd290 %ebp 0xfd2b8 %eip 0x80483fd

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 0x8048504 0x8048423 0xfd2d0 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd2ac 0xfd290 %eax 0xfd2ac %esp 0xfd290 %ebp 0xfd2b8 %eip 0x8048401

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 0x8048504 0x8048423 0xfd2d0 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd2ac 0xfd290 %eax 0xfd2ac %esp 0xfd290 %ebp 0xfd2b8 %eip 0x8048404

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 0x8048504 0x8048423 0xfd2d0 0xfd2ac 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd2ac 0xfd290 %eax 0xfd2ac %esp 0xfd290 %ebp 0xfd2b8 %eip 0x8048404

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 0x8048504 0x8048423 0xfd2d0 0xfd2ac 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd2ac 0xfd290 %eax 0xfd2ac %esp 0xfd290 %ebp 0xfd2b8 %eip 0x8048407

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 0x8048504 0x8048423 0xfd2d0 0xfd2ac 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd2ac 0xfd290 %eax 0xfd2ac %esp 0xfd290 %ebp 0xfd2b8 %eip 0x804840c

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 0x8048504 0x8048423 0xfd2d0 0xfd2ac 0x8048504: "asu cse 340 fall 2015 rocks!" 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd2ac 0xfd290 %eax 0xfd2ac %esp 0xfd290 %ebp 0xfd2b8 %eip 0x804840c

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 0x8048504 0x8048423 0xfd2d0 asu (0x20757361) 0xfd2ac 0x8048504: "asu cse 340 fall 2015 rocks!" 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd2ac 0xfd290 %eax 0xfd2ac %esp 0xfd290 %ebp 0xfd2b8 %eip 0x804840c

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 0x8048504 0x8048423 0xfd2d0 cse (0x20657363) asu (0x20757361) 0xfd2ac 0x8048504: "asu cse 340 fall 2015 rocks!" 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd2ac 0xfd290 %eax 0xfd2ac %esp 0xfd290 %ebp 0xfd2b8 %eip 0x804840c

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 0x8048504 0x8048423 0xfd2d0 340 (0x20303433) cse (0x20657363) asu (0x20757361) 0xfd2ac 0x8048504: "asu cse 340 fall 2015 rocks!" 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd2ac 0xfd290 %eax 0xfd2ac %esp 0xfd290 %ebp 0xfd2b8 %eip 0x804840c

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 0x8048504 0x8048423 fall (0x6c6c6166) 340 (0x20303433) cse (0x20657363) asu (0x20757361) 0xfd2ac 0x8048504: "asu cse 340 fall 2015 rocks!" 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd2ac 0xfd290 %eax 0xfd2ac %esp 0xfd290 %ebp 0xfd2b8 %eip 0x804840c

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 0x8048504 201 (0x31303220) fall (0x6c6c6166) 340 (0x20303433) cse (0x20657363) asu (0x20757361) 0xfd2ac 0x8048504: "asu cse 340 fall 2015 rocks!" 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd2ac 0xfd290 %eax 0xfd2ac %esp 0xfd290 %ebp 0xfd2b8 %eip 0x804840c

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 5 ro (0x6f722035) 201 (0x31303220) fall (0x6c6c6166) 340 (0x20303433) cse (0x20657363) asu (0x20757361) 0x8048504 0xfd2ac 0x8048504: "asu cse 340 fall 2015 rocks!" 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd2ac 0xfd290 %eax 0xfd2ac %esp 0xfd290 %ebp 0xfd2b8 %eip 0x804840c

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 cks! (0x21736b63) 5 ro (0x6f722035) 201 (0x31303220) fall (0x6c6c6166) 340 (0x20303433) cse (0x20657363) asu (0x20757361) 0x8048504 0xfd2ac 0x8048504: "asu cse 340 fall 2015 rocks!" 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd2ac 0xfd290 %eax 0xfd2ac %esp 0xfd290 %ebp 0xfd2b8 %eip 0x804840c

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 cks! (0x21736b63) 5 ro (0x6f722035) 201 (0x31303220) fall (0x6c6c6166) 340 (0x20303433) cse (0x20657363) asu (0x20757361) 0x8048504 0xfd2ac 0x8048504: "asu cse 340 fall 2015 rocks!" 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd2ac 0xfd290 %eax 0xfd2ac %esp 0xfd2b8 %ebp %eip 0x804840c

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 cks! (0x21736b63) 5 ro (0x6f722035) 201 (0x31303220) fall (0x6c6c6166) 340 (0x20303433) cse (0x20657363) asu (0x20757361) 0x8048504 0xfd2ac 0x8048504: "asu cse 340 fall 2015 rocks!" 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd2ac 0xfd290 %eax 0xfd2ac %esp 0xfd2bc %ebp 0x6c6c6166 %eip 0x804840c

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 cks! (0x21736b63) 5 ro (0x6f722035) 201 (0x31303220) fall (0x6c6c6166) 340 (0x20303433) cse (0x20657363) asu (0x20757361) 0x8048504 0xfd2ac 0x8048504: "asu cse 340 fall 2015 rocks!" 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd2ac 0xfd290 %eax 0xfd2ac %esp 0xfd2bc %ebp 0x6c6c6166 %eip 0x804840d

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 cks! (0x21736b63) 5 ro (0x6f722035) 201 (0x31303220) fall (0x6c6c6166) 340 (0x20303433) cse (0x20657363) asu (0x20757361) 0x8048504 0xfd2ac 0x8048504: "asu cse 340 fall 2015 rocks!" 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd2ac 0xfd290 %eax 0xfd2ac %esp 0xfd2c0 %ebp 0x6c6c6166 %eip 0x31303220

0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 0xfd2e0 cks! (0x21736b63) 5 ro (0x6f722035) 201 (0x31303220) fall (0x6c6c6166) 340 (0x20303433) cse (0x20657363) asu (0x20757361) 0x8048504 0xfd2ac 0x8048504: "asu cse 340 fall 2015 rocks!" 0xfd2d4 mycpy: push %ebp 0x80483f4 mov %esp,%ebp 0x80483f5 sub $0x28,%esp 0x80483f7 mov 0x8(%ebp),%eax 0x80483fa mov %eax,0x4(%esp) 0x80483fd lea -0xc(%ebp),%eax 0x8048401 mov %eax,(%esp) 0x8048404 call strcpy 0x8048407 leave 0x804840c ret 0x804840d main: 0x804840e 0x804840f sub $0x10,%esp 0x8048414 movl $0x8048504,(%esp) 0x8048417 call mycpy 0x804841e mov $0x8048517,%eax 0x8048423 0x8048428 call printf 0x804842b mov $0x0,%eax 0x8048430 0x8048435 0x8048436 0xfd2c0 0xfd2bc 0xfd2b8 0xfd2ac Segmentation Fault! 0xfd290 %eax 0xfd2ac %esp 0xfd2c0 %ebp 0x6c6c6166 %eip 0x31303220

[adamd@ragnuk examples]$ gcc -Wall -m32 buffer_overflow.c [adamd@ragnuk examples]$ ./a.out Segmentation fault (core dumped) [adamd@ragnuk examples]$ gdb ./a.out (gdb) r Starting program: a.out Program received signal SIGSEGV, Segmentation fault.0x31303220 in ?? () (gdb) info registers eax 0xffffd1fc -11780 ecx 0x0 0 edx 0x8048521 134513953 ebx 0x908ff4 9474036 esp 0xffffd210 0xffffd210 ebp 0x6c6c6166 0x6c6c6166 esi 0x0 0 edi 0x0 0 eip 0x31303220 0x31303220e ... #include <string.h> #include <stdio.h> void mycpy(char* str) { char foo[4]; strcpy(foo, str); } int main() callee("asu cse 340 fall 2015 rocks!"); printf("After"); return 0; ATT assembly syntax gcc –Wall –m32 objdump –M att –D a.out leave semantics Set ESP to EBP, then pop EBP.

Buffer Overflow Classic security vulnerability is when an attacker can overwrite the saved EIP value on the stack The attacker's goal is to change a saved EIP value to point to attacker's data Where the program will start executing the attacker's data as code One of the most common vulnerabilities in C and C++ programs Why?

Function Parameter Passing How cdecl calling convention pass parameters to the function callee? Pushed the values onto the stack What are the semantics of passing parameters to a function? Multiple approaches Pass by value Pass by reference Pass by name

Pass by Value Values of the actual parameters at function invocation are calculated and then copied to the function We have seen how this is done for C, a copy of the values are placed on the stack

#include <stdio.h> int x; void test(int x) { x = x + 5; printf("%d\n", x); } int main() int y = 4; test(y); printf("%d\n", y); return y; [adamd@ragnuk]$ gcc –Wall pass_by_value.c [adamd@ragnuk]$ ./a.out 9 4 x 9 4 y 4

Pass by Reference The formal parameters are bound to the locations associated with the actual parameters Thus, the actual parameters must be l-values

#include <stdio.h> int x; void test(int& x) { x = x + 5; printf("%d\n", x); } int main() int y = 4; test(y); printf("%d\n", y); return y; [adamd@ragnuk]$ g++ –Wall pass_by_value.c [adamd@ragnuk]$ ./a.out 9 x y 9 4

Pass by name The formal parameters are replaced by the text of the actual parameters everywhere in the function that the formal parameters occur Algol 60

#include <stdio.h> int x; void test(int x) { x = x + 5; printf("%d\n", x); } int main() int y = 4; test(y); printf("%d\n", y); return y; void test(int y) y = y + 5; [adamd@ragnuk]$ gcc –Wall pass_by_name_1.c [adamd@ragnuk]$ ./a.out 9

#include <stdio.h> int i; int a[10]; void inc(int x) { i++; x++; } int main() i = 1; a[1] = 1; a[2] = 2; inc(a[i]); printf("%d\n%d\n%d\n", i, a[1], a[2]); return 0; void inc(int a[i]) a[i]++; [adamd@ragnuk]$ gcc –Wall pass_by_name_2.c [adamd@ragnuk]$ ./a.out 2 1 3

[adamd@ragnuk]$ gcc –Wall pass_by_name_3.c [adamd@ragnuk]$ ./a.out 5 #include <stdio.h> int i; int p(int y) { int j = y; i++; return j + y; } void q() int j = 2; i = 0; printf("%d\n", p(i+j)); } int main() q(); return 0; int p(int (i+j)) int j = (i+j); return j + (i+j); [adamd@ragnuk]$ gcc –Wall pass_by_name_3.c [adamd@ragnuk]$ ./a.out 5

#include <stdio.h> int foo(int test) { return 10; } int main() int a = 0; int b = foo(a++); printf("%d\n%d\n", a, b); return 0; int foo(int a++) [adamd@ragnuk]$ gcc –Wall pass_by_name_4.c [adamd@ragnuk]$ ./a.out 10

[adamd@ragnuk]$ gcc –Wall pass_by_name_simulation.c [adamd@ragnuk]$ ./a.out 5 #include <stdio.h> int i; int p(int y) { int j = y; i++; return j + y; } void q() int j = 2; i = 0; printf("%d\n", p(i+j)); } int main() q(); return 0; int i, j; int i_plus_j() return i+j; int p(int (*y)(void)) int j = y(); return j + y(); j = 2; printf("%d\n", p(i_plus_j)); }

Java What is the parameter passing semantics of Java? Pass by value? Pass by reference? Pass by name?

class Testing { int foo; } public class ParameterPassing public static void main(String [] args) Testing bar = new Testing(); Testing snap = new Testing(); bar.foo = 0; snap.foo = 10; PassByQuestionMark(bar, snap); System.out.println(bar.foo + "\n" + snap.foo); public static void PassByQuestionMark(Testing a, Testing b) b = new Testing(); b.foo = 100; a.foo = 42;

Java Essentially pass by value and assignment share semantics Note that this is not standard terminology How is it implemented under-the-hood?

Local Functions From what we have seen so far, variables are either global or local What if we want a language that allows defining local functions Functions that are only valid in the containing scope

[adamd@ragnuk]$ gcc –Wall local_functions.c [adamd@ragnuk]$ ./a.out 10 #include <stdio.h> void foo() { int x; void bar() void baz() x = x + 1; if (x < 10) bar(); } baz(); x = 0; printf("%d\n", x); [adamd@ragnuk]$ gcc –Wall local_functions.c [adamd@ragnuk]$ ./a.out 10

Local Functions Can the previously discussed cdecl calling convention support support local functions?

foo #include <stdio.h> void foo() { int x; void bar() void baz() x = x + 1; if (x < 10) bar(); } baz(); x = 0; printf("%d\n", x);

foo bar #include <stdio.h> void foo() { int x; void bar() void baz() x = x + 1; if (x < 10) bar(); } baz(); x = 0; printf("%d\n", x);

foo bar #include <stdio.h> void foo() { int x; void bar() void baz() x = x + 1; if (x < 10) bar(); } baz(); x = 0; printf("%d\n", x);

foo bar baz #include <stdio.h> void foo() { int x; void bar() void baz() x = x + 1; if (x < 10) bar(); } baz(); x = 0; printf("%d\n", x);

foo bar baz #include <stdio.h> void foo() { int x; void bar() void baz() x = x + 1; if (x < 10) bar(); } baz(); x = 0; printf("%d\n", x);

foo bar baz #include <stdio.h> void foo() { int x; void bar() void baz() x = x + 1; if (x < 10) bar(); } baz(); x = 0; printf("%d\n", x);

foo bar baz #include <stdio.h> void foo() { int x; void bar() void baz() x = x + 1; if (x < 10) bar(); } baz(); x = 0; printf("%d\n", x);

foo bar baz #include <stdio.h> void foo() { int x; void bar() void baz() x = x + 1; if (x < 10) bar(); } baz(); x = 0; printf("%d\n", x);

Access Link Saved base pointer (EBP) save the caller's base pointer We want the base pointer of our lexical parent, not our caller's parent Thus, we need to add another element to our calling convention This is called the "access link" Therefore, a function can follow the access links until the last lexical scope is found

foo bar baz #include <stdio.h> void foo() { int x; void bar() void baz() x = x + 1; if (x < 10) bar(); } baz(); x = 0; printf("%d\n", x);

foo bar baz #include <stdio.h> void foo() { int x; void bar() void baz() x = x + 1; if (x < 10) bar(); } baz(); x = 0; printf("%d\n", x);