Understand assembly code in a C function on x86


Let's say I have a C function:

char* func(char* cp1, int i1, char* cp2, int* ip1);


  1. the address cp1 pointing is passed in in RDI, value of i1 in RSI, address cp2 pointing in RDX, and address of ip1 in RCX?
  2. if it is true that RDX holds the address cp2 pointing, then what does movzx edx,BYTE PTR [rdi+0x3] do? As EDX is just the lower 32 bit of RDX, which holds a memory address.
  3. is the returned char pointer stored in RAX?

Trying to understand the function call convention on x86.



To provide more details:

// here is the caller's code
int some_int = 1;
// ptr2 is char[55]
func(ptr1, 88, ptr2, &some_int);

The assembly code is generated by gcc (I believe as vendor does code injection) for x86_64 on Linux (e.g. CentOS 7).

Here is the assembly code

                   .data:00000000 83 fe 03                         cmp    $0x3,%esi
                   .data:00000003 7e 3b                            jle    0x00000040
                   .data:00000005 83 ee 04                         sub    $0x4,%esi
                   .data:00000008 c1 ee 02                         shr    $0x2,%esi
                   .data:0000000b 48 8d 44 b7 04                   lea    0x4(%rdi,%rsi,4),%rax
                   .data:00000010 eb 16                            jmp    0x00000028
                   .data:00000012 66 0f 1f 44 00 00                nopw   0x0(%rax,%rax,1)
                   .data:00000018 0f b6 57 03                      movzbl 0x3(%rdi),%edx
                   .data:0000001c 30 57 02                         xor    %dl,0x2(%rdi)
                   .data:0000001f 48 83 c7 04                      add    $0x4,%rdi
                   .data:00000023 48 39 c7                         cmp    %rax,%rdi
                   .data:00000026 74 18                            je     0x00000040
                   .data:00000028 0f b6 4f 01                      movzbl 0x1(%rdi),%ecx
                   .data:0000002c 38 0f                            cmp    %cl,(%rdi)
                   .data:0000002e 77 e8                            ja     0x00000018
                   .data:00000030 0f b6 57 02                      movzbl 0x2(%rdi),%edx
                   .data:00000034 30 57 03                         xor    %dl,0x3(%rdi)
                   .data:00000037 48 83 c7 04                      add    $0x4,%rdi
                   .data:0000003b 48 39 c7                         cmp    %rax,%rdi
                   .data:0000003e 75 e8                            jne    0x00000028
                   .data:00000040 31 c0                            xor    %eax,%eax
                   .data:00000042 c3                               retq   
asked on Stack Overflow Jan 16, 2020 by HCSF • edited Jan 17, 2020 by Peter Cordes

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0