1.9. SCANF()
MSVC: x86
Here is what we get in the assembly output (MSVC 2010):
lea eax, DWORD PTR _x$[ebp]
push eax
push OFFSET $SG3833 ; '%d', 00H
call _scanf
add esp, 8
cmp eax, 1
jne SHORT $LN2@main
mov ecx, DWORD PTR _x$[ebp]
push ecx
push OFFSET $SG3834 ; 'You entered %d...', 0aH, 00H
call _printf
add esp, 8
jmp SHORT $LN1@main
$LN2@main:
push OFFSET $SG3836 ; 'What you entered? Huh?', 0aH, 00H
call _printf
add esp, 4
$LN1@main:
xor eax, eax
Thecallerfunction (main()) needs thecalleefunction (scanf()) result, so thecalleereturns it in theEAX
register.
We check it with the help of the instructionCMP EAX, 1(CoMPare). In other words, we compare the value
in theEAXregister with 1.
AJNEconditional jump follows theCMPinstruction.JNEstands forJump if Not Equal.
So, if the value in theEAXregister is not equal to 1, theCPUwill pass the execution to the address
mentioned in theJNEoperand, in our case$LN2@main. Passing the control to this address results in
theCPUexecutingprintf()with the argumentWhat you entered? Huh?. But if everything is fine, the
conditional jump is not be taken, and anotherprintf()call is to be executed, with two arguments:
'You entered %d...'and the value ofx.
Since in this case the secondprintf()has not to be executed, there is aJMPpreceding it (unconditional
jump). It passes the control to the point after the secondprintf()and just before theXOR EAX, EAX
instruction, which implementsreturn 0.
So, it could be said that comparing a value with another isusuallyimplemented byCMP/Jccinstruction
pair, wherecciscondition code.CMPcompares two values and sets processor flags^77 .Jccchecks those
flags and decides to either pass the control to the specified address or not.
This could sound paradoxical, but theCMPinstruction is in factSUB(subtract). All arithmetic instructions
set processor flags, not justCMP. If we compare 1 and 1, 1 − 1 is 0 so theZFflag would be set (meaning that
the last result is 0). In no other circumstancesZFcan be set, except when the operands are equal.JNE
checks only theZFflag and jumps only if it is not set.JNEis in fact a synonym forJNZ(Jump if Not Zero).
Assembler translates bothJNEandJNZinstructions into the same opcode. So, theCMPinstruction can be
replaced with aSUBinstruction and almost everything will be fine, with the difference thatSUBalters the
value of the first operand.CMPisSUB without saving the result, but affecting flags.
MSVC: x86: IDA
It is time to runIDAand try to do something in it. By the way, for beginners it is good idea to use/MD
option in MSVC, which means that all these standard functions are not be linked with the executable file,
but are to be imported from theMSVCR*.DLLfile instead. Thus it will be easier to see which standard
function are used and where.
WhileanalyzingcodeinIDA, itisveryhelpfultoleavenotesforoneself(andothers). Ininstance, analyzing
this example, we see thatJNZis to be triggered in case of an error. So it is possible to move the cursor to
the label, press “n” and rename it to “error”. Create another label—into “exit”. Here is my result:
.text:00401000 _main proc near
.text:00401000
(^77) x86 flags, see also:wikipedia.