Presentation is loading. Please wait.

Presentation is loading. Please wait.

Call-de-stack GNU Free Documentation License Version 1.1 Shakthi Kannan shakthimaan.com shakthimaan at gmail dot com February 2008.

Published byEmma Ferguson Modified over 8 years ago

Similar presentations

Presentation on theme: "Call-de-stack GNU Free Documentation License Version 1.1 Shakthi Kannan shakthimaan.com shakthimaan at gmail dot com February 2008."— Presentation transcript:

1 Call-de-stack GNU Free Documentation License Version 1.1 Shakthi Kannan shakthimaan.com shakthimaan at gmail dot com February 2008

2 In memory of Stack Overflow. Dedication

3 Compilation as --gstabs main.s -o main.o ld main.o -o main Execution./main OR gdb main Environment gcc x86

4 .section.text.globl _start _start: 8048054:nop 8048055:nop 8048056:pushl $0x2 8048058:call foo 804805d:addl $0x4, %esp 8048060:movl $0x1, %eax 8048065:int $0x80.type foo, @function foo: 8048067:pushl %ebp 8048068:movl %esp, %ebp 804806a:movl 8(%ebp), %eax 804806d:xorl %eax, %eax 804806f:movl %ebp, %esp ->8048071:popl %ebp 8048072:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e674 ebp 0xbfc8e674 esi0x0 edi0x0 eip 0x8048071 0xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x00000000 0xbfc8e684:0xbfc8fb12 0xbfc8e680:0x00000001 0xbfc8e67c:0x00000002 0xbfc8e678: 0x0804805d ->0xbfc8e674: 0x00000000 0xbfc8e670:0x00000000 804806fmovl %ebp, %esp Registers Stack Assembly Next IP Legend Completed instruction Value changed by completed instruction Comment Stack pointer Instruction pointer

5 1. Function call, without any arguments 2. Function call, with an argument 3. Recursive function Examples

6 .section.data.section.text.globl _start _start: nop call foo movl $1, %eax int $0x80.type foo, @function foo: pushl %ebp movl %esp, %ebp nop movl %ebp, %esp popl %ebp ret Function call, without any arguments Output of “objdump -d main” main: file format elf32-i386 Disassembly of section.text: 08048054 : 8048054:90 nop 8048055:90 nop 8048056:e8 07 00 00 00 call 8048062 804805b:b8 01 00 00 00 mov $0x1,%eax 8048060:cd 80 int $0x80 08048062 : 8048062:55 push %ebp 8048063:89 e5 mov %esp,%ebp 8048065:90 nop 8048066:89 ec mov %ebp,%esp 8048068:5d pop %ebp 8048069:c3 ret

7 .section.text.globl _start _start: 8048054:nop ->8048055:nop 8048056:call foo 804805b:movl $1, %eax 8048060:int $0x80.type foo, @function foo: 8048062:pushl %ebp 8048063:movl %esp, %ebp 8048065:nop 8048066:movl %ebp, %esp 8048068:popl %ebp 8048069:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbffa79a0 ebp0x0 esi0x0 edi0x0 eip 0x8048055 0xbffa79ac: 0xbffa7b3e 0xbffa79a8:0x00000000 0xbffa79a4:0xbffa7b1c ->0xbffa79a0:0x00000001 0xbffa799c: 0x00000000 0xbffa7998 0x00000000 0xbffa7994: 0x00000000 0xbffa7990:0x00000000 8048054nop Registers Stack Assembly Next IP

8 .section.text.globl _start _start: 8048054:nop 8048055:nop ->8048056:call foo 804805b:movl $1, %eax 8048060:int $0x80.type foo, @function foo: 8048062:pushl %ebp 8048063:movl %esp, %ebp 8048065:nop 8048066:movl %ebp, %esp 8048068:popl %ebp 8048069:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbffa79a0 ebp0x0 esi0x0 edi0x0 eip 0x8048056 8048055nop Registers Stack Assembly 0xbffa79ac: 0xbffa7b3e 0xbffa79a8:0x00000000 0xbffa79a4:0xbffa7b1c ->0xbffa79a0:0x00000001 0xbffa799c: 0x00000000 0xbffa7998 0x00000000 0xbffa7994: 0x00000000 0xbffa7990:0x00000000 Next IP

9 .section.text.globl _start _start: 8048054:nop 8048055:nop 8048056:call foo 804805b:movl $1, %eax 8048060:int $0x80.type foo, @function foo: ->8048062:pushl %ebp 8048063:movl %esp, %ebp 8048065:nop 8048066:movl %ebp, %esp 8048068:popl %ebp 8048069:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbffa799c ebp0x0 esi0x0 edi0x0 eip 0x8048062 8048056call foo Registers Stack Assembly call pushes return address to stack Next IP 0xbffa79ac: 0xbffa7b3e 0xbffa79a8:0x00000000 0xbffa79a4:0xbffa7b1c 0xbffa79a0:0x00000001 ->0xbffa799c: 0x0804805b 0xbffa7998 0x00000000 0xbffa7994: 0x00000000 0xbffa7990:0x00000000 Stack grows downward

10 .section.text.globl _start _start: 8048054:nop 8048055:nop 8048056:call foo 804805b:movl $1, %eax 8048060:int $0x80.type foo, @function foo: 8048062:pushl %ebp ->8048063:movl %esp, %ebp 8048065:nop 8048066:movl %ebp, %esp 8048068:popl %ebp 8048069:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbffa7998 ebp0x0 esi0x0 edi0x0 eip 0x8048063 8048062pushl %ebp Registers Stack Assembly Save base pointer to stack 0xbffa79ac: 0xbffa7b3e 0xbffa79a8:0x00000000 0xbffa79a4:0xbffa7b1c 0xbffa79a0:0x00000001 0xbffa799c: 0x0804805b ->0xbffa7998 0x00000000 0xbffa7994: 0x00000000 0xbffa7990:0x00000000 Next IP

11 .section.text.globl _start _start: 8048054:nop 8048055:nop 8048056:call foo 804805b:movl $1, %eax 8048060:int $0x80.type foo, @function foo: 8048062:pushl %ebp 8048063:movl %esp, %ebp ->8048065:nop 8048066:movl %ebp, %esp 8048068:popl %ebp 8048069:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbffa7998 ebp 0xbffa7998 esi0x0 edi0x0 eip 0x8048065 8048063movl %esp, %ebp Registers Stack Assembly Use base pointer as reference 0xbffa79ac: 0xbffa7b3e 0xbffa79a8:0x00000000 0xbffa79a4:0xbffa7b1c 0xbffa79a0:0x00000001 0xbffa799c: 0x0804805b ->0xbffa7998 0x00000000 0xbffa7994: 0x00000000 0xbffa7990:0x00000000 Next IP

12 .section.text.globl _start _start: 8048054:nop 8048055:nop 8048056:call foo 804805b:movl $1, %eax 8048060:int $0x80.type foo, @function foo: 8048062:pushl %ebp 8048063:movl %esp, %ebp 8048065:nop ->8048066:movl %ebp, %esp 8048068:popl %ebp 8048069:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbffa7998 ebp 0xbffa7998 esi0x0 edi0x0 eip 0x8048066 8048065nop Registers Stack Assembly 0xbffa79ac: 0xbffa7b3e 0xbffa79a8:0x00000000 0xbffa79a4:0xbffa7b1c 0xbffa79a0:0x00000001 0xbffa799c: 0x0804805b ->0xbffa7998 0x00000000 0xbffa7994: 0x00000000 0xbffa7990:0x00000000 Next IP

13 .section.text.globl _start _start: 8048054:nop 8048055:nop 8048056:call foo 804805b:movl $1, %eax 8048060:int $0x80.type foo, @function foo: 8048062:pushl %ebp 8048063:movl %esp, %ebp 8048065:nop 8048066:movl %ebp, %esp ->8048068:popl %ebp 8048069:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbffa7998 ebp 0xbffa7998 esi0x0 edi0x0 eip 0x8048068 8048066movl %ebp, %esp Registers Stack Assembly 0xbffa79ac: 0xbffa7b3e 0xbffa79a8:0x00000000 0xbffa79a4:0xbffa7b1c 0xbffa79a0:0x00000001 0xbffa799c: 0x0804805b ->0xbffa7998 0x00000000 0xbffa7994: 0x00000000 0xbffa7990:0x00000000 Next IP

14 .section.text.globl _start _start: 8048054:nop 8048055:nop 8048056:call foo 804805b:movl $1, %eax 8048060:int $0x80.type foo, @function foo: 8048062:pushl %ebp 8048063:movl %esp, %ebp 8048065:nop 8048066:movl %ebp, %esp 8048068:popl %ebp ->8048069:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbffa799c ebp0x0 esi0x0 edi0x0 eip 0x8048069 8048068popl %ebp Registers Stack Assembly Next IP 0xbffa79ac: 0xbffa7b3e 0xbffa79a8:0x00000000 0xbffa79a4:0xbffa7b1c 0xbffa79a0:0x00000001 ->0xbffa799c: 0x0804805b 0xbffa7998 0x00000000 0xbffa7994: 0x00000000 0xbffa7990:0x00000000 Restore old base pointer

15 .section.text.globl _start _start: 8048054:nop 8048055:nop 8048056:call foo ->804805b:movl $1, %eax 8048060:int $0x80.type foo, @function foo: 8048062:pushl %ebp 8048063:movl %esp, %ebp 8048065:nop 8048066:movl %ebp, %esp 8048068:popl %ebp 8048069:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbffa79a0 ebp0x0 esi0x0 edi0x0 eip 0x804805b 8048069ret Registers Stack Assembly ret restores saved return address to ip 0xbffa79ac: 0xbffa7b3e 0xbffa79a8:0x00000000 0xbffa79a4:0xbffa7b1c ->0xbffa79a0:0x00000001 0xbffa799c: 0x0804805b 0xbffa7998 0x00000000 0xbffa7994: 0x00000000 0xbffa7990:0x00000000

16 .section.text.globl _start _start: 8048054:nop 8048055:nop 8048056:call foo 804805b:movl $1, %eax ->8048060:int $0x80.type foo, @function foo: 8048062:pushl %ebp 8048063:movl %esp, %ebp 8048065:nop 8048066:movl %ebp, %esp 8048068:popl %ebp 8048069:ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbffa79a0 ebp0x0 esi0x0 edi0x0 eip 0x8048060 804805bmovl $1, %eax Registers Stack Assembly 0xbffa79ac: 0xbffa7b3e 0xbffa79a8:0x00000000 0xbffa79a4:0xbffa7b1c ->0xbffa79a0:0x00000001 0xbffa799c: 0x0804805b 0xbffa7998 0x00000000 0xbffa7994: 0x00000000 0xbffa7990:0x00000000 Next IP

17 Program exited normally.

18 .section.data.section.text.globl _start _start: nop push $2 call foo add $4, %esp movl $1, %eax int $0x80.type foo, @function foo: pushl %ebp movl %esp, %ebp movl 8(%ebp), %eax xorl %eax, %eax movl %ebp, %esp popl %ebp ret Function call, with an argument Output of “objdump -d main” main: file format elf32-i386 Disassembly of section.text: 08048054 : 8048054:90 nop 8048055:90 nop 8048056:6a 02 push $0x2 8048058:e8 0a 00 00 00 call 8048067 804805d:83 c4 04 add $0x4,%esp 8048060:b8 01 00 00 00 mov $0x1,%eax 8048065:cd 80 int $0x80 08048067 : 8048067:55 push %ebp 8048068:89 e5 mov %esp,%ebp 804806a:8b 45 08 mov 0x8(%ebp),%eax 804806d:31 c0 xor %eax,%eax 804806f:89 ec mov %ebp,%esp 8048071:5d pop %ebp 8048072:c3 ret

19 .section.text.globl _start _start: 8048054:nop ->8048055:nop 8048056:pushl $0x2 8048058:call foo 804805d:addl $0x4, %esp 8048060:movl $0x1, %eax 8048065:int $0x80.type foo, @function foo: 8048067:pushl %ebp 8048068:movl %esp, %ebp 804806a:movl 8(%ebp), %eax 804806d:xorl %eax, %eax 804806f:movl %ebp, %esp 8048071:popl %ebp 8048072:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e680 ebp0x0 esi0x0 edi0x0 eip 0x8048055 0xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x00000000 0xbfc8e684:0xbfc8fb12 ->0xbfc8e680:0x00000001 0xbfc8e67c:0x00000000 0xbfc8e678: 0x00000000 0xbfc8e674: 0x00000000 0xbfc8e670:0x00000000 8048054nop Registers Stack Assembly Next IP

20 .section.text.globl _start _start: 8048054:nop 8048055:nop ->8048056:pushl $0x2 8048058:call foo 804805d:addl $0x4, %esp 8048060:movl $0x1, %eax 8048065:int $0x80.type foo, @function foo: 8048067:pushl %ebp 8048068:movl %esp, %ebp 804806a:movl 8(%ebp), %eax 804806d:xorl %eax, %eax 804806f:movl %ebp, %esp 8048071:popl %ebp 8048072:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e680 ebp0x0 esi0x0 edi0x0 eip 0x8048056 0xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x00000000 0xbfc8e684:0xbfc8fb12 ->0xbfc8e680:0x00000001 0xbfc8e67c:0x00000000 0xbfc8e678: 0x00000000 0xbfc8e674: 0x00000000 0xbfc8e670:0x00000000 8048055nop Registers Stack Assembly Next IP

21 .section.text.globl _start _start: 8048054:nop 8048055:nop 8048056:pushl $0x2 ->8048058:call foo 804805d:addl $0x4, %esp 8048060:movl $0x1, %eax 8048065:int $0x80.type foo, @function foo: 8048067:pushl %ebp 8048068:movl %esp, %ebp 804806a:movl 8(%ebp), %eax 804806d:xorl %eax, %eax 804806f:movl %ebp, %esp 8048071:popl %ebp 8048072:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e67c ebp0x0 esi0x0 edi0x0 eip 0x8048058 0xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x00000000 0xbfc8e684:0xbfc8fb12 0xbfc8e680:0x00000001 ->0xbfc8e67c:0x00000002 0xbfc8e678: 0x00000000 0xbfc8e674: 0x00000000 0xbfc8e670:0x00000000 8048056pushl $0x2 Registers Stack Assembly Next IP Stack grows downward Push argument to stack

22 .section.text.globl _start _start: 8048054:nop 8048055:nop 8048056:pushl $0x2 8048058:call foo 804805d:addl $0x4, %esp 8048060:movl $0x1, %eax 8048065:int $0x80.type foo, @function foo: ->8048067:pushl %ebp 8048068:movl %esp, %ebp 804806a:movl 8(%ebp), %eax 804806d:xorl %eax, %eax 804806f:movl %ebp, %esp 8048071:popl %ebp 8048072:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e678 ebp0x0 esi0x0 edi0x0 eip 0x8048067 0xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x00000000 0xbfc8e684:0xbfc8fb12 0xbfc8e680:0x00000001 0xbfc8e67c:0x00000002 ->0xbfc8e678: 0x0804805d 0xbfc8e674: 0x00000000 0xbfc8e670:0x00000000 8048058call foo Registers Stack Assembly Next IP call pushes return address to stack

23 .section.text.globl _start _start: 8048054:nop 8048055:nop 8048056:pushl $0x2 8048058:call foo 804805d:addl $0x4, %esp 8048060:movl $0x1, %eax 8048065:int $0x80.type foo, @function foo: 8048067:pushl %ebp ->8048068:movl %esp, %ebp 804806a:movl 8(%ebp), %eax 804806d:xorl %eax, %eax 804806f:movl %ebp, %esp 8048071:popl %ebp 8048072:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e674 ebp0x0 esi0x0 edi0x0 eip 0x8048068 0xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x00000000 0xbfc8e684:0xbfc8fb12 0xbfc8e680:0x00000001 0xbfc8e67c:0x00000002 0xbfc8e678: 0x0804805d ->0xbfc8e674: 0x00000000 0xbfc8e670:0x00000000 8048067pushl %ebp Registers Stack Assembly Next IP Save base pointer to stack

24 .section.text.globl _start _start: 8048054:nop 8048055:nop 8048056:pushl $0x2 8048058:call foo 804805d:addl $0x4, %esp 8048060:movl $0x1, %eax 8048065:int $0x80.type foo, @function foo: 8048067:pushl %ebp 8048068:movl %esp, %ebp ->804806a:movl 8(%ebp), %eax 804806d:xorl %eax, %eax 804806f:movl %ebp, %esp 8048071:popl %ebp 8048072:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e674 ebp 0xbfc8e674 esi0x0 edi0x0 eip 0x804806a 0xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x00000000 0xbfc8e684:0xbfc8fb12 0xbfc8e680:0x00000001 0xbfc8e67c:0x00000002 0xbfc8e678: 0x0804805d ->0xbfc8e674: 0x00000000 0xbfc8e670:0x00000000 8048068movl %esp, %ebp Registers Stack Assembly Next IP Use base pointer as reference

25 .section.text.globl _start _start: 8048054:nop 8048055:nop 8048056:pushl $0x2 8048058:call foo 804805d:addl $0x4, %esp 8048060:movl $0x1, %eax 8048065:int $0x80.type foo, @function foo: 8048067:pushl %ebp 8048068:movl %esp, %ebp 804806a:movl 8(%ebp), %eax ->804806d:xorl %eax, %eax 804806f:movl %ebp, %esp 8048071:popl %ebp 8048072:ret eax0x2 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e674 ebp 0xbfc8e674 esi0x0 edi0x0 eip 0x804806d 0xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x00000000 0xbfc8e684:0xbfc8fb12 0xbfc8e680:0x00000001 0xbfc8e67c:0x00000002 0xbfc8e678: 0x0804805d ->0xbfc8e674: 0x00000000 0xbfc8e670:0x00000000 804806amovl 8(%ebp), %eax Registers Stack Assembly Next IP Use the argument

26 .section.text.globl _start _start: 8048054:nop 8048055:nop 8048056:pushl $0x2 8048058:call foo 804805d:addl $0x4, %esp 8048060:movl $0x1, %eax 8048065:int $0x80.type foo, @function foo: 8048067:pushl %ebp 8048068:movl %esp, %ebp 804806a:movl 8(%ebp), %eax 804806d:xorl %eax, %eax ->804806f:movl %ebp, %esp 8048071:popl %ebp 8048072:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e674 ebp 0xbfc8e674 esi0x0 edi0x0 eip 0x804806f 0xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x00000000 0xbfc8e684:0xbfc8fb12 0xbfc8e680:0x00000001 0xbfc8e67c:0x00000002 0xbfc8e678: 0x0804805d ->0xbfc8e674: 0x00000000 0xbfc8e670:0x00000000 804806dxorl %eax, %eax Registers Stack Assembly Next IP an operation on the argument

27 .section.text.globl _start _start: 8048054:nop 8048055:nop 8048056:pushl $0x2 8048058:call foo 804805d:addl $0x4, %esp 8048060:movl $0x1, %eax 8048065:int $0x80.type foo, @function foo: 8048067:pushl %ebp 8048068:movl %esp, %ebp 804806a:movl 8(%ebp), %eax 804806d:xorl %eax, %eax 804806f:movl %ebp, %esp ->8048071:popl %ebp 8048072:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e674 ebp 0xbfc8e674 esi0x0 edi0x0 eip 0x8048071 0xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x00000000 0xbfc8e684:0xbfc8fb12 0xbfc8e680:0x00000001 0xbfc8e67c:0x00000002 0xbfc8e678: 0x0804805d ->0xbfc8e674: 0x00000000 0xbfc8e670:0x00000000 804806fmovl %ebp, %esp Registers Stack Assembly Next IP

28 .section.text.globl _start _start: 8048054:nop 8048055:nop 8048056:pushl $0x2 8048058:call foo 804805d:addl $0x4, %esp 8048060:movl $0x1, %eax 8048065:int $0x80.type foo, @function foo: 8048067:pushl %ebp 8048068:movl %esp, %ebp 804806a:movl 8(%ebp), %eax 804806d:xorl %eax, %eax 804806f:movl %ebp, %esp 8048071:popl %ebp ->8048072:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e678 ebp0x0 esi0x0 edi0x0 eip 0x8048072 0xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x00000000 0xbfc8e684:0xbfc8fb12 0xbfc8e680:0x00000001 0xbfc8e67c:0x00000002 ->0xbfc8e678: 0x0804805d 0xbfc8e674: 0x00000000 0xbfc8e670:0x00000000 8048071popl %ebp Registers Stack Assembly Next IP Restore old base pointer

29 .section.text.globl _start _start: 8048054:nop 8048055:nop 8048056:pushl $0x2 8048058:call foo ->804805d:addl $0x4, %esp 8048060:movl $0x1, %eax 8048065:int $0x80.type foo, @function foo: 8048067:pushl %ebp 8048068:movl %esp, %ebp 804806a:movl 8(%ebp), %eax 804806d:xorl %eax, %eax 804806f:movl %ebp, %esp 8048071:popl %ebp 8048072:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e67c ebp0x0 esi0x0 edi0x0 eip 0x804805d 0xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x00000000 0xbfc8e684:0xbfc8fb12 0xbfc8e680:0x00000001 ->0xbfc8e67c:0x00000002 0xbfc8e678: 0x0804805d 0xbfc8e674: 0x00000000 0xbfc8e670:0x00000000 8048072ret Registers Stack Assembly ret restores saved return address to ip

30 .section.text.globl _start _start: 8048054:nop 8048055:nop 8048056:pushl $0x2 8048058:call foo 804805d:addl $0x4, %esp ->8048060:movl $0x1, %eax 8048065:int $0x80.type foo, @function foo: 8048067:pushl %ebp 8048068:movl %esp, %ebp 804806a:movl 8(%ebp), %eax 804806d:xorl %eax, %eax 804806f:movl %ebp, %esp 8048071:popl %ebp 8048072:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e680 ebp0x0 esi0x0 edi0x0 eip 0x8048060 0xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x00000000 0xbfc8e684:0xbfc8fb12 ->0xbfc8e680:0x00000001 0xbfc8e67c:0x00000002 0xbfc8e678: 0x0804805d 0xbfc8e674: 0x00000000 0xbfc8e670:0x00000000 804805daddl $0x4, %esp Registers Stack Assembly Next IP restore stack pointer for pushed argument

31 .section.text.globl _start _start: 8048054:nop 8048055:nop 8048056:pushl $0x2 8048058:call foo 804805d:addl $0x4, %esp 8048060:movl $0x1, %eax ->8048065:int $0x80.type foo, @function foo: 8048067:pushl %ebp 8048068:movl %esp, %ebp 804806a:movl 8(%ebp), %eax 804806d:xorl %eax, %eax 804806f:movl %ebp, %esp 8048071:popl %ebp 8048072:ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbfc8e680 ebp0x0 esi0x0 edi0x0 eip 0x8048065 0xbfc8e68c:0xbfc8fb38 0xbfc8e688:0x00000000 0xbfc8e684:0xbfc8fb12 ->0xbfc8e680:0x00000001 0xbfc8e67c:0x00000002 0xbfc8e678: 0x0804805d 0xbfc8e674: 0x00000000 0xbfc8e670:0x00000000 8048060movl $0x1, %eax Registers Stack Assembly Next IP

32 Program exited normally.

33 .section.data.section.text.globl _start _start: nop push $3 call factorial addl $4, %esp movl %eax, %ebx movl $1, %eax int $0x80 Recursive function - factorial.type factorial, @function factorial: pushl %ebp movl %esp, %ebp movl 8(%ebp), %eax cmpl $1, %eax je end_factorial decl %eax pushl %eax call factorial movl 8(%ebp), %ebx imull %ebx, %eax end_factorial: movl %ebp, %esp popl %ebp ret

34 _start: 8048054:nop ->8048055:nop 8048056:pushl $0x3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbf879260 ebp0x0 esi0x0 edi0x0 eip 0x8048055 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f ->0xbf879260:0x00000001 0xbf87925c:0x00000000 0xbf879258: 0x00000000 0xbf879254: 0x00000000 0xbf879250:0x00000000 0xbf87924c:0x00000000 0xbf879248:0x00000000 0xbf879244:0x00000000 0xbf879240:0x00000000 0xbf87923c:0x00000000 8048054nop Registers Stack Assembly Next IP

35 _start: 8048054:nop 8048055:nop ->8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbf879260 ebp0x0 esi0x0 edi0x0 eip 0x8048056 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f ->0xbf879260:0x00000001 0xbf87925c:0x00000000 0xbf879258: 0x00000000 0xbf879254: 0x00000000 0xbf879250:0x00000000 0xbf87924c:0x00000000 0xbf879248:0x00000000 0xbf879244:0x00000000 0xbf879240:0x00000000 0xbf87923c:0x00000000 8048055nop Registers Stack Assembly Next IP

36 _start: 8048054:nop 8048055:nop 8048056:pushl $3 ->8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbf87925c ebp0x0 esi0x0 edi0x0 eip 0x8048058 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 ->0xbf87925c:0x00000003 0xbf879258: 0x00000000 0xbf879254: 0x00000000 0xbf879250:0x00000000 0xbf87924c:0x00000000 0xbf879248:0x00000000 0xbf879244:0x00000000 0xbf879240:0x00000000 0xbf87923c:0x00000000 8048056pushl $3 Registers Stack Assembly Next IP Stack grows downward Calculate factorial of 3

37 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: ->8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbf879258 ebp0x0 esi0x0 edi0x0 eip 0x8048069 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 ->0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000000 0xbf87924c:0x00000000 0xbf879248:0x00000000 0xbf879244:0x00000000 0xbf879240:0x00000000 0xbf87923c:0x00000000 8048058call factorial Registers Stack Assembly Next IP call pushes return address to stack

38 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp ->804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbf879254 ebp0x0 esi0x0 edi0x0 eip 0x804806a 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d ->0xbf879254: 0x00000000 0xbf879250:0x00000000 0xbf87924c:0x00000000 0xbf879248:0x00000000 0xbf879244:0x00000000 0xbf879240:0x00000000 0xbf87923c:0x00000000 8048069pushl %ebp Registers Stack Assembly Next IP Save base pointer to stack

39 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp ->804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x0 ecx0x0 edx0x0 ebx0x0 esp 0xbf879254 ebp 0xbf879254 esi0x0 edi0x0 eip 0x804806c 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d ->0xbf879254: 0x00000000 0xbf879250:0x00000000 0xbf87924c:0x00000000 0xbf879248:0x00000000 0xbf879244:0x00000000 0xbf879240:0x00000000 0xbf87923c:0x00000000 804806amovl %esp, %ebp Registers Stack Assembly Next IP Use base pointer as reference

40 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax ->804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x3 ecx0x0 edx0x0 ebx0x0 esp 0xbf879254 ebp 0xbf879254 esi0x0 edi0x0 eip 0x804806f 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d ->0xbf879254: 0x00000000 0xbf879250:0x00000000 0xbf87924c:0x00000000 0xbf879248:0x00000000 0xbf879244:0x00000000 0xbf879240:0x00000000 0xbf87923c:0x00000000 804806cmovl 8(%ebp), %eax Registers Stack Assembly Next IP Use the argument

41 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax ->8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x3 ecx0x0 edx0x0 ebx0x0 esp 0xbf879254 ebp 0xbf879254 esi0x0 edi0x0 eip 0x8048072 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d ->0xbf879254: 0x00000000 0xbf879250:0x00000000 0xbf87924c:0x00000000 0xbf879248:0x00000000 0xbf879244:0x00000000 0xbf879240:0x00000000 0xbf87923c:0x00000000 804806fcmpl $1, %eax Registers Stack Assembly Next IP 1 != 3

42 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial ->8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x3 ecx0x0 edx0x0 ebx0x0 esp 0xbf879254 ebp 0xbf879254 esi0x0 edi0x0 eip 0x8048074 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d ->0xbf879254: 0x00000000 0xbf879250:0x00000000 0xbf87924c:0x00000000 0xbf879248:0x00000000 0xbf879244:0x00000000 0xbf879240:0x00000000 0xbf87923c:0x00000000 8048072je end_factorial Registers Stack Assembly Next IP Flag not set

43 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax ->8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x2 ecx0x0 edx0x0 ebx0x0 esp 0xbf879254 ebp 0xbf879254 esi0x0 edi0x0 eip 0x8048075 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d ->0xbf879254: 0x00000000 0xbf879250:0x00000000 0xbf87924c:0x00000000 0xbf879248:0x00000000 0xbf879244:0x00000000 0xbf879240:0x00000000 0xbf87923c:0x00000000 8048074decl %eax Registers Stack Assembly Next IP

44 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax -> 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x2 ecx0x0 edx0x0 ebx0x0 esp 0xbf879250 ebp 0xbf879254 esi0x0 edi0x0 eip 0x8048076 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 ->0xbf879250:0x00000002 0xbf87924c:0x00000000 0xbf879248:0x00000000 0xbf879244:0x00000000 0xbf879240:0x00000000 0xbf87923c:0x00000000 8048075pushl %eax Registers Stack Assembly Next IP

45 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: ->8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x2 ecx0x0 edx0x0 ebx0x0 esp 0xbf87924c ebp 0xbf879254 esi0x0 edi0x0 eip 0x8048069 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 ->0xbf87924c:0x0804807b 0xbf879248: 0x00000000 0xbf879244:0x00000000 0xbf879240:0x00000000 0xbf87923c:0x00000000 8048076call factorial Registers Stack Assembly Next IP call pushes return address to stack

46 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp ->804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x2 ecx0x0 edx0x0 ebx0x0 esp 0xbf879248 ebp 0xbf879254 esi0x0 edi0x0 eip 0x804806a 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b ->0xbf879248:0xbf879254 0xbf879244:0x00000000 0xbf879240:0x00000000 0xbf87923c:0x00000000 8048069pushl %ebp Registers Stack Assembly Next IP Save base pointer to stack

47 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp ->804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x2 ecx0x0 edx0x0 ebx0x0 esp 0xbf879248 ebp 0xbf879248 esi0x0 edi0x0 eip 0x804806c 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b ->0xbf879248:0xbf879254 0xbf879244:0x00000000 0xbf879240:0x00000000 0xbf87923c:0x00000000 804806amovl %esp, %ebp Registers Stack Assembly Next IP Use base pointer as reference

48 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax ->804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x2 ecx0x0 edx0x0 ebx0x0 esp 0xbf879248 ebp 0xbf879248 esi0x0 edi0x0 eip 0x804806f 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b ->0xbf879248:0xbf879254 0xbf879244:0x00000000 0xbf879240:0x00000000 0xbf87923c:0x00000000 804806cmovl 8(%ebp), %eax Registers Stack Assembly Next IP Use the argument

49 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax ->8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x2 ecx0x0 edx0x0 ebx0x0 esp 0xbf879248 ebp 0xbf879248 esi0x0 edi0x0 eip 0x8048072 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b ->0xbf879248:0xbf879254 0xbf879244:0x00000000 0xbf879240:0x00000000 0xbf87923c:0x00000000 804806fcmpl $1, %eax Registers Stack Assembly Next IP 1 != 2

50 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial ->8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x2 ecx0x0 edx0x0 ebx0x0 esp 0xbf879248 ebp 0xbf879248 esi0x0 edi0x0 eip 0x8048074 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b ->0xbf879248:0xbf879254 0xbf879244:0x00000000 0xbf879240:0x00000000 0xbf87923c:0x00000000 8048072je end_factorial Registers Stack Assembly Next IP Flag not set

51 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax ->8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbf879248 ebp 0xbf879248 esi0x0 edi0x0 eip 0x8048075 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b ->0xbf879248:0xbf879254 0xbf879244:0x00000000 0xbf879240:0x00000000 0xbf87923c:0x00000000 8048074decl %eax Registers Stack Assembly Next IP

52 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax -> 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbf879244 ebp 0xbf879248 esi0x0 edi0x0 eip 0x8048076 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b 0xbf879248:0xbf879254 ->0xbf879244:0x00000001 0xbf879240:0x00000000 0xbf87923c:0x00000000 8048075pushl %eax Registers Stack Assembly Next IP

53 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: ->8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbf879240 ebp 0xbf879248 esi0x0 edi0x0 eip 0x8048069 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b 0xbf879248:0xbf879254 0xbf879244:0x00000001 ->0xbf879240:0x0804807b 0xbf87923c:0x00000000 8048076call factorial Registers Stack Assembly Next IP call pushes return address to stack

54 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp ->804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbf87923c ebp 0xbf879248 esi0x0 edi0x0 eip 0x804806a 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b 0xbf879248:0xbf879254 0xbf879244:0x00000001 0xbf879240:0x0804807b ->0xbf87923c:0xbf879248 8048069pushl %ebp Registers Stack Assembly Next IP Save base pointer to stack

55 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp ->804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbf87923c ebp 0xbf87923c esi0x0 edi0x0 eip 0x804806c 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b 0xbf879248:0xbf879254 0xbf879244:0x00000001 0xbf879240:0x0804807b ->0xbf87923c:0xbf879248 804806amovl %esp, %ebp Registers Stack Assembly Next IP Use base pointer as reference

56 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax ->804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbf87923c ebp 0xbf87923c esi0x0 edi0x0 eip 0x804806f 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b 0xbf879248:0xbf879254 0xbf879244:0x00000001 0xbf879240:0x0804807b ->0xbf87923c:0xbf879248 804806cmovl 8(%ebp), %eax Registers Stack Assembly Next IP Use the argument

57 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax ->8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbf87923c ebp 0xbf87923c esi0x0 edi0x0 eip 0x8048072 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b 0xbf879248:0xbf879254 0xbf879244:0x00000001 0xbf879240:0x0804807b ->0xbf87923c:0xbf879248 804806fcmpl $1, %eax Registers Stack Assembly Next IP 1 == 1

58 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: ->8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbf87923c ebp 0xbf87923c esi0x0 edi0x0 eip 0x8048081 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b 0xbf879248:0xbf879254 0xbf879244:0x00000001 0xbf879240:0x0804807b ->0xbf87923c:0xbf879248 8048072je end_factorial Registers Stack Assembly Next IP Flag is set

59 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp ->8048083:popl %ebp 8048084:ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbf87923c ebp 0xbf87923c esi0x0 edi0x0 eip 0x8048083 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b 0xbf879248:0xbf879254 0xbf879244:0x00000001 0xbf879240:0x0804807b ->0xbf87923c:0xbf879248 8048081movl %ebp, %esp Registers Stack Assembly Next IP

60 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp ->8048084:ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbf879240 ebp 0xbf879248 esi0x0 edi0x0 eip 0x8048084 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b 0xbf879248:0xbf879254 0xbf879244:0x00000001 ->0xbf879240:0x0804807b 0xbf87923c:0xbf879248 8048083popl %ebp Registers Stack Assembly Next IP Restore old base pointer

61 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial ->804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x1 ecx0x0 edx0x0 ebx0x0 esp 0xbf879244 ebp 0xbf879248 esi0x0 edi0x0 eip 0x804807b 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b 0xbf879248:0xbf879254 ->0xbf879244:0x00000001 0xbf879240:0x0804807b 0xbf87923c:0xbf879248 8048084ret Registers Stack Assembly Next IP ret restores saved return address to ip

62 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx ->804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x1 ecx0x0 edx0x0 ebx0x2 esp 0xbf879244 ebp 0xbf879248 esi0x0 edi0x0 eip 0x804807e 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b 0xbf879248:0xbf879254 ->0xbf879244:0x00000001 0xbf879240:0x0804807b 0xbf87923c:0xbf879248 804807bmovl 8(%ebp), %ebx Registers Stack Assembly Next IP

63 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: ->8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x2 ecx0x0 edx0x0 ebx0x2 esp 0xbf879244 ebp 0xbf879248 esi0x0 edi0x0 eip 0x8048081 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b 0xbf879248:0xbf879254 ->0xbf879244:0x00000001 0xbf879240:0x0804807b 0xbf87923c:0xbf879248 804807eimull %ebx, %eax Registers Stack Assembly Next IP

64 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp ->8048083:popl %ebp 8048084:ret eax0x2 ecx0x0 edx0x0 ebx0x2 esp 0xbf879248 ebp 0xbf879248 esi0x0 edi0x0 eip 0x8048083 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b ->0xbf879248:0xbf879254 0xbf879244:0x00000001 0xbf879240:0x0804807b 0xbf87923c:0xbf879248 8048081movl %ebp, %esp Registers Stack Assembly Next IP

65 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp ->8048084:ret eax0x2 ecx0x0 edx0x0 ebx0x2 esp 0xbf87924c ebp 0xbf879254 esi0x0 edi0x0 eip 0x8048084 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 ->0xbf87924c:0x0804807b 0xbf879248:0xbf879254 0xbf879244:0x00000001 0xbf879240:0x0804807b 0xbf87923c:0xbf879248 8048083pop %ebp Registers Stack Assembly Next IP Restore old base pointer

66 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial ->804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x2 ecx0x0 edx0x0 ebx0x2 esp 0xbf879250 ebp 0xbf879254 esi0x0 edi0x0 eip 0x804807b 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 ->0xbf879250:0x00000002 0xbf87924c:0x0804807b 0xbf879248:0xbf879254 0xbf879244:0x00000001 0xbf879240:0x0804807b 0xbf87923c:0xbf879248 8048084ret Registers Stack Assembly Next IP ret restores saved return address to ip

67 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx ->804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x2 ecx0x0 edx0x0 ebx0x3 esp 0xbf879250 ebp 0xbf879254 esi0x0 edi0x0 eip 0x804807e 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 ->0xbf879250:0x00000002 0xbf87924c:0x0804807b 0xbf879248:0xbf879254 0xbf879244:0x00000001 0xbf879240:0x0804807b 0xbf87923c:0xbf879248 804807bmovl 8(%ebp), %ebx Registers Stack Assembly Next IP

68 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: ->8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x6 ecx0x0 edx0x0 ebx0x3 esp 0xbf879250 ebp 0xbf879254 esi0x0 edi0x0 eip 0x8048081 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 ->0xbf879250:0x00000002 0xbf87924c:0x0804807b 0xbf879248:0xbf879254 0xbf879244:0x00000001 0xbf879240:0x0804807b 0xbf87923c:0xbf879248 804807eimull %ebx, %eax Registers Stack Assembly Next IP

69 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp ->8048083:popl %ebp 8048084:ret eax0x6 ecx0x0 edx0x0 ebx0x3 esp 0xbf879254 ebp 0xbf879254 esi0x0 edi0x0 eip 0x8048083 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d ->0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b 0xbf879248:0xbf879254 0xbf879244:0x00000001 0xbf879240:0x0804807b 0xbf87923c:0xbf879248 8048081movl %ebp, %esp Registers Stack Assembly Next IP

70 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp ->8048084:ret eax0x6 ecx0x0 edx0x0 ebx0x3 esp 0xbf879258 ebp0x0 esi0x0 edi0x0 eip 0x8048084 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 0xbf87925c:0x00000003 ->0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b 0xbf879248:0xbf879254 0xbf879244:0x00000001 0xbf879240:0x0804807b 0xbf87923c:0xbf879248 8048083popl %ebp Registers Stack Assembly Next IP Restore old base pointer

71 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial ->804805d:addl $0x4, %esp 9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x6 ecx0x0 edx0x0 ebx0x3 esp 0xbf87925c ebp0x0 esi0x0 edi0x0 eip 0x804805d 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f 0xbf879260:0x00000001 ->0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b 0xbf879248:0xbf879254 0xbf879244:0x00000001 0xbf879240:0x0804807b 0xbf87923c:0xbf879248 8048084ret Registers Stack Assembly Next IP ret restores saved return address to ip

72 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp ->9048060:movl %eax, %ebx 8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x6 ecx0x0 edx0x0 ebx0x3 esp 0xbf879260 ebp0x0 esi0x0 edi0x0 eip 0x8048060 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f ->0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b 0xbf879248:0xbf879254 0xbf879244:0x00000001 0xbf879240:0x0804807b 0xbf87923c:0xbf879248 804805daddl $0x4, %esp Registers Stack Assembly Next IP

73 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 8048060:movl %eax, %ebx ->8048062:movl $0x1, %eax 8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x6 ecx0x0 edx0x0 ebx0x6 esp 0xbf879260 ebp0x0 esi0x0 edi0x0 eip 0x8048062 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f ->0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b 0xbf879248:0xbf879254 0xbf879244:0x00000001 0xbf879240:0x0804807b 0xbf87923c:0xbf879248 8048060movl %eax, %ebx Registers Stack Assembly Next IP

74 _start: 8048054:nop 8048055:nop 8048056:pushl $3 8048058:call factorial 804805d:addl $0x4, %esp 8048060:movl %eax, %ebx 8048062:movl $0x1, %eax ->8048067:int $0x80 factorial: 8048069:pushl %ebp 804806a:movl %esp, %ebp 804806c:movl 8(%ebp), %eax 804806f:cmpl $1, %eax 8048072:je end_factorial 8048074:decl %eax 8048075:pushl %eax 8048076:call factorial 804807b:movl 8(%ebp), %ebx 804807e:imull %ebx, %eax end_factorial: 8048081:movl %ebp, %esp 8048083:popl %ebp 8048084:ret eax0x1 ecx0x0 edx0x0 ebx0x6 esp 0xbf879260 ebp0x0 esi0x0 edi0x0 eip 0x8048067 0xbf87926c:0xbf879b36 0xbf879268:0x00000000 0xbf879264:0xbf879b0f ->0xbf879260:0x00000001 0xbf87925c:0x00000003 0xbf879258: 0x0804805d 0xbf879254: 0x00000000 0xbf879250:0x00000002 0xbf87924c:0x0804807b 0xbf879248:0xbf879254 0xbf879244:0x00000001 0xbf879240:0x0804807b 0xbf87923c:0xbf879248 8048062movl $0x1, %eax Registers Stack Assembly Next IP

75 Program exited normally.

76 Stack Summary Argument N Argument 2 Argument 1 Return address Old base pointer Local variable 1 Local variable 2 Argument... Local variable... Lower order address Higher order address Stack grows downwards

77 ● Richard Blum. 2005. Professional Assembly Language. Wrox. ● Jonathan Bartlett. 2003. Programming from the Ground Up. References

Download ppt "Call-de-stack GNU Free Documentation License Version 1.1 Shakthi Kannan shakthimaan.com shakthimaan at gmail dot com February 2008."

Similar presentations

1 IKI10230 Pengantar Organisasi Komputer Kuliah no. 09: Compiling-Assembling-Linking Sumber: 1. Paul Carter, PC Assembly Language 2. Hamacher. Computer.

1 IKI10230 Pengantar Organisasi Komputer Kuliah no. 09: Compiling-Assembling-Linking Sumber: 1. Paul Carter, PC Assembly Language 2. Hamacher. Computer.
1 Homework / Exam Turn in mp2 at start of class today Reading –PAL, pp 3-6, 361-367 Exam #1 next class –Open Book / Open Notes –NO calculators or other.

1 Homework / Exam Turn in mp2 at start of class today Reading –PAL, pp 3-6, Exam #1 next class –Open Book / Open Notes –NO calculators or other.
Machine Programming – Procedures and IA32 Stack CENG334: Introduction to Operating Systems Instructor: Erol Sahin Acknowledgement: Most of the slides are.

Machine Programming – Procedures and IA32 Stack CENG334: Introduction to Operating Systems Instructor: Erol Sahin Acknowledgement: Most of the slides are.
Lecture 10 – Activation Records Eran Yahav 1 Reference: Dragon 7.1,7.2. MCD 6.3,6.4.2 www.cs.technion.ac.il/~yahave/tocs2011/compilers-lec10.pptx.

Lecture 10 – Activation Records Eran Yahav 1 Reference: Dragon 7.1,7.2. MCD 6.3,
University of Washington Last Time For loops  for loop → while loop → do-while loop → goto version  for loop → while loop → goto “jump to middle” version.

University of Washington Last Time For loops  for loop → while loop → do-while loop → goto version  for loop → while loop → goto “jump to middle” version.
Machine-Level Programming III: Procedures Apr. 17, 2006 Topics IA32 stack discipline Register saving conventions Creating pointers to local variables CS213.

Machine-Level Programming III: Procedures Apr. 17, 2006 Topics IA32 stack discipline Register saving conventions Creating pointers to local variables CS213.
1 Function Calls Professor Jennifer Rexford COS 217 Reading: Chapter 4 of “Programming From the Ground Up” (available online from the course Web site)

1 Function Calls Professor Jennifer Rexford COS 217 Reading: Chapter 4 of “Programming From the Ground Up” (available online from the course Web site)
– 1 – 15-213, F’02 ICS05 Instructor: Peter A. Dinda TA: Bin Lin Recitation 4.

– 1 – , F’02 ICS05 Instructor: Peter A. Dinda TA: Bin Lin Recitation 4.
1 Homework Reading –PAL, pp 201-216, 297-312 Machine Projects –Finish mp2warmup Questions? –Start mp2 as soon as possible Labs –Continue labs with your.

1 Homework Reading –PAL, pp , Machine Projects –Finish mp2warmup Questions? –Start mp2 as soon as possible Labs –Continue labs with your.
Machine-Level Programming III: Procedures Jan 30, 2003

Machine-Level Programming III: Procedures Jan 30, 2003
Machine-Level Programming I: Introduction Apr. 14, 2008 Topics Assembly Programmer’s Execution Model Accessing Information Registers Memory Arithmetic.

Machine-Level Programming I: Introduction Apr. 14, 2008 Topics Assembly Programmer’s Execution Model Accessing Information Registers Memory Arithmetic.
September 22, 2014 Pengju (Jimmy) Jin Section E

September 22, 2014 Pengju (Jimmy) Jin Section E
C Prog. To Object Code text text binary binary Code in files p1.c p2.c

C Prog. To Object Code text text binary binary Code in files p1.c p2.c
Stack Activation Records Topics IA32 stack discipline Register saving conventions Creating pointers to local variables February 6, 2003 CSCE 212H Computer.

Stack Activation Records Topics IA32 stack discipline Register saving conventions Creating pointers to local variables February 6, 2003 CSCE 212H Computer.
Attacks Using Stack Buffer Overflow Boxuan Gu

Attacks Using Stack Buffer Overflow Boxuan Gu
Recitation 2: Assembly & gdb Andrew Faulring 15213 Section A 16 September 2002.

Recitation 2: Assembly & gdb Andrew Faulring Section A 16 September 2002.
Y86 Processor State Program Registers

Y86 Processor State Program Registers
Carnegie Mellon Introduction to Computer Systems 15-213/18-243, spring 2009 Recitation, Jan. 14 th.

Carnegie Mellon Introduction to Computer Systems /18-243, spring 2009 Recitation, Jan. 14 th.
1 Carnegie Mellon Stacks 15-213: Introduction to Computer Systems Recitation 5: September 24, 2012 Joon-Sup Han Section F.

1 Carnegie Mellon Stacks : Introduction to Computer Systems Recitation 5: September 24, 2012 Joon-Sup Han Section F.
Ithaca College Machine-Level Programming IV: IA32 Procedures Comp 21000: Introduction to Computer Systems & Assembly Lang Spring 2013 * Modified slides.

Ithaca College Machine-Level Programming IV: IA32 Procedures Comp 21000: Introduction to Computer Systems & Assembly Lang Spring 2013 * Modified slides.

Similar presentations

Ads by Google