Monday, October 17, 2005

Struggling with Stack Overflow

Hmm... after my week-ends im writing the blog.
Actually i spend my week-ends mostly in getting a stack overflow to work, but not yet get succeed. But i came to know one interesting thing, when i try disassemble my C code i found some extra assembly code which are not related to my code. I really surprise and i tried to compile using both gcc and g++. But both produces the same object file(with extra asm codes). So i jump into researching and found that the compiler produce these extra asm codes for memory alignment. Let me explain the screnario with an example

#include

int main ()
{
return 0;
}


this is my code and does nothing. I compiled like this

g++ test.cpp -o test
and objdump of assembly

objdump -d test
08048364
:
8048364: 55 push %ebp
8048365: 89 e5 mov %esp,%ebp
8048367: 83 ec 08 sub $0x8,%esp
804836a: 83 e4 f0 and $0xfffffff0,%esp
804836d: b8 00 00 00 00 mov $0x0,%eax
8048372: 29 c4 sub %eax,%esp
8048374: b8 00 00 00 00 mov $0x0,%eax
8048379: c9 leave
804837a: c3 ret
804837b: 90 nop
lets analyze the code
8048364: 55 push %ebp
8048365: 89 e5 mov %esp,%ebp
this belongs to function prolog

8048374: b8 00 00 00 00 mov $0x0,%eax
8048379: c9 leave
804837a: c3 ret
this is function epilog
so from where comes the following opcodes?????????

8048367: 83 ec 08 sub $0x8,%esp
804836a: 83 e4 f0 and $0xfffffff0,%esp
804836d: b8 00 00 00 00 mov $0x0,%eax
8048372: 29 c4 sub %eax,%esp
after a severe search i found that these are lines produced by compiler for memory alignment. also i found we can easily turn of this by including -Os (optimise for size) compiler options

g++ -Os test.cpp -o test
objdump -d test
...
08048364
:
8048364: 55 push %ebp
8048365: 89 e5 mov %esp,%ebp
8048367: 31 c0 xor %eax,%eax
8048369: c9 leave
804836a: c3 ret
804836b: 90 nop
...
surprised??????? yea even i felt the same.

But still dont know how to make the stack overflow work, let see atleast today i can get it to work

2 comments:

Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...
This comment has been removed by a blog administrator.