1.9. SCANF()
Later this value is copied from the stack to theECXregister and passed toprintf():
Figure 1.14:OllyDbg: preparing the value for passing toprintf()GCC
Let’s try to compile this code in GCC 4.4.1 under Linux:
main proc near
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
and esp, 0FFFFFFF0h
sub esp, 20h
mov [esp+20h+var_20], offset aEnterX ; "Enter X:"
call _puts
mov eax, offset aD ; "%d"
lea edx, [esp+20h+var_4]
mov [esp+20h+var_1C], edx
mov [esp+20h+var_20], eax
call _isoc99_scanf
mov edx, [esp+20h+var4]
mov eax, offset aYouEnteredD ; "You entered %d...\n"
mov [esp+20h+var_1C], edx
mov [esp+20h+var_20], eax
call _printf
mov eax, 0
leave
retn
main endp
GCC replaced theprintf()call with call toputs(). The reason for this was explained in (1.5.4 on
page 21).
As in the MSVC example—the arguments are placed on the stack using theMOVinstruction.
By the way