issuhub.com

Reverse Engineering for Beginners

(avery) #1 
CHAPTER 7. SCANF() CHAPTER 7. SCANF()

Listing 7.8: Optimizing GCC 4.4.5 (IDA)

.text:004006C0 main:

.text:004006C0

.text:004006C0 var_10 = -0x10

.text:004006C0 var_4 = -4

.text:004006C0

; function prologue:

.text:004006C0 lui $gp, 0x42

.text:004006C4 addiu $sp, -0x20

.text:004006C8 li $gp, 0x418940

.text:004006CC sw $ra, 0x20+var_4($sp)

.text:004006D0 sw $gp, 0x20+var_10($sp)

; call puts():

.text:004006D4 la $t9, puts

.text:004006D8 lui $a0, 0x40

.text:004006DC jalr $t9 ; puts

.text:004006E0 la $a0, aEnterX # "Enter X:" ; branch delay slot

; call scanf():

.text:004006E4 lw $gp, 0x20+var_10($sp)

.text:004006E8 lui $a0, 0x40

.text:004006EC la $t9, __isoc99_scanf

; prepare address of x:

.text:004006F0 la $a1, x

.text:004006F4 jalr $t9 ; __isoc99_scanf

.text:004006F8 la $a0, aD # "%d" ; branch delay slot

; call printf():

.text:004006FC lw $gp, 0x20+var_10($sp)

.text:00400700 lui $a0, 0x40

; get address of x:

.text:00400704 la $v0, x

.text:00400708 la $t9, printf

; load value from "x" variable and pass it to printf() in $a1:

.text:0040070C lw $a1, (x - 0x41099C)($v0)

.text:00400710 jalr $t9 ; printf

.text:00400714 la $a0, aYouEnteredD___ # "You entered %d...\n" ; branch ⤦

Çdelay slot

; function epilogue:

.text:00400718 lw $ra, 0x20+var_4($sp)

.text:0040071C move $v0, $zero

.text:00400720 jr $ra

.text:00400724 addiu $sp, 0x20 ; branch delay slot

...

.sbss:0041099C # Segment type: Uninitialized

.sbss:0041099C .sbss

.sbss:0041099C .globl x

.sbss:0041099C x: .space 4

.sbss:0041099C

IDA reduces the amount of information, so we’ll also do a listing using objdump and comment it:

Listing 7.9: Optimizing GCC 4.4.5 (objdump)
1 004006c0

:
2 ; function prologue:
3 4006c0: 3c1c0042 lui gp,0x42
4 4006c4: 27bdffe0 addiu sp,sp,-32
5 4006c8: 279c8940 addiu gp,gp,-30400
6 4006cc: afbf001c sw ra,28(sp)
7 4006d0: afbc0010 sw gp,16(sp)
8 ; call puts():
9 4006d4: 8f998034 lw t9,-32716(gp)
10 4006d8: 3c040040 lui a0,0x40
11 4006dc: 0320f809 jalr t9
12 4006e0: 248408f0 addiu a0,a0,2288 ; branch delay slot
13 ; call scanf():
14 4006e4: 8fbc0010 lw gp,16(sp)
15 4006e8: 3c040040 lui a0,0x40
16 4006ec: 8f998038 lw t9,-32712(gp)

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.