Assembly Language for Beginners

(nextflipdebug2) #1

1.15. SWITCH()/CASE/DEFAULT


Now let’s press F7 or F8 (step over) and return...not tof(), but rather tomain():


Figure 1.49:OllyDbg: return tomain()

Yes, the jump has been direct, from the guts ofprintf()tomain(). BecauseRAin the stack points not
to some place inf(), but rather tomain(). AndCALL 0x00FF1000has been the actual instruction which
calledf().


ARM: Optimizing Keil 6/2013 (ARM mode)


.text:0000014C f1:
.text:0000014C 00 00 50 E3 CMP R0, #0
.text:00000150 13 0E 8F 02 ADREQ R0, aZero ; "zero\n"
.text:00000154 05 00 00 0A BEQ loc_170
.text:00000158 01 00 50 E3 CMP R0, #1
.text:0000015C 4B 0F 8F 02 ADREQ R0, aOne ; "one\n"
.text:00000160 02 00 00 0A BEQ loc_170
.text:00000164 02 00 50 E3 CMP R0, #2
.text:00000168 4A 0F 8F 12 ADRNE R0, aSomethingUnkno ; "something unknown\n"
.text:0000016C 4E 0F 8F 02 ADREQ R0, aTwo ; "two\n"
.text:00000170
.text:00000170 loc_170: ; CODE XREF: f1+8
.text:00000170 ; f1+14
.text:00000170 78 18 00 EA B __2printf


Again, by investigating this code we cannot say if it was a switch() in the original source code, or just a
pack of if() statements.


Anyway, we see here predicated instructions again (likeADREQ(Equal)) which is triggered only in case
R0 = 0, and then loads the address of the string«zero\n»intoR0. The next instructionBEQredirects
control flow toloc_170, ifR0 = 0.


An astute reader may ask, willBEQtrigger correctly sinceADREQit has already filled theR0register before
with another value?


Yes, it will sinceBEQchecks the flags set by theCMPinstruction, andADREQdoes not modify any flags at
all.


The rest of the instructions are already familiar to us. There is only one call toprintf(), at the end,
and we have already examined this trick here (1.8.2 on page 54). At the end, there are three paths to
printf().

Free download pdf