CHAPTER 15. SIMPLE C-STRINGS PROCESSING CHAPTER 15. SIMPLE C-STRINGS PROCESSING
TheSUBinstruction just got executed:
Figure 15.4:OllyDbg:EAXto be decremented nowThe difference of pointers is in theEAXregister now—7. Indeed, the length of the “hello!” string is 6, but with the zero byte
included—7. Butstrlen() must return the number of non-zero characters in the string. So the decrement executes and
then the function returns.
Optimizing GCC
Let’s check GCC 4.4.1 with optimizations turned on (-O3key):
public strlen
strlen proc near
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
mov eax, ecxloc_8048418:
movzx edx, byte ptr [eax]
add eax, 1
test dl, dl
jnz short loc_8048418
not ecx
add eax, ecx
pop ebp
retn
strlen endp
Here GCC is almost the same as MSVC, except for the presence ofMOVZX.
However, hereMOVZXcould be replaced withmov dl, byte ptr [eax].
Probably it is simpler for GCC’s code generator torememberthe whole 32-bitEDXregister is allocated for acharvariable and
it then can be sure that the highest bits has no any noise at any point.
After that we also see a new instruction—NOT. This instruction inverts all bits in the operand. You can say that it is a synonym
to theXOR ECX, 0ffffffffhinstruction.NOTand the followingADDcalculate the pointer difference and subtract 1,
just in a different way. At the startECX, where the pointer tostris stored, gets inverted and 1 is subtracted from it.