Understand assembly code in a C function on x86
Let's say I have a C function:
char* func(char* cp1, int i1, char* cp2, int* ip1);
Questions:
- the address cp1 pointing is passed in in RDI, value of i1 in RSI, address cp2 pointing in RDX, and address of ip1 in RCX?
- if it is true that RDX holds the address cp2 pointing, then what does
movzx edx,BYTE PTR [rdi+0x3]do? As EDX is just the lower 32 bit of RDX, which holds a memory address. - is the returned char pointer stored in RAX?
Trying to understand the function call convention on x86.
Thanks.
======
To provide more details:
// here is the caller's code
int some_int = 1;
// ptr2 is char[55]
func(ptr1, 88, ptr2, &some_int);
The assembly code is generated by gcc (I believe as vendor does code injection) for x86_64 on Linux (e.g. CentOS 7).
Here is the assembly code
.data:00000000 83 fe 03 cmp $0x3,%esi
.data:00000003 7e 3b jle 0x00000040
.data:00000005 83 ee 04 sub $0x4,%esi
.data:00000008 c1 ee 02 shr $0x2,%esi
.data:0000000b 48 8d 44 b7 04 lea 0x4(%rdi,%rsi,4),%rax
.data:00000010 eb 16 jmp 0x00000028
.data:00000012 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
.data:00000018 0f b6 57 03 movzbl 0x3(%rdi),%edx
.data:0000001c 30 57 02 xor %dl,0x2(%rdi)
.data:0000001f 48 83 c7 04 add $0x4,%rdi
.data:00000023 48 39 c7 cmp %rax,%rdi
.data:00000026 74 18 je 0x00000040
.data:00000028 0f b6 4f 01 movzbl 0x1(%rdi),%ecx
.data:0000002c 38 0f cmp %cl,(%rdi)
.data:0000002e 77 e8 ja 0x00000018
.data:00000030 0f b6 57 02 movzbl 0x2(%rdi),%edx
.data:00000034 30 57 03 xor %dl,0x3(%rdi)
.data:00000037 48 83 c7 04 add $0x4,%rdi
.data:0000003b 48 39 c7 cmp %rax,%rdi
.data:0000003e 75 e8 jne 0x00000028
.data:00000040 31 c0 xor %eax,%eax
.data:00000042 c3 retq
HCSF
Peter Cordes0 Answers
Nobody has answered this question yet.
User contributions licensed under CC BY-SA 3.0