Quick introduction to reverse engineering for beginners
Quick introduction to reverse engineering for beginners
Quick introduction to reverse engineering for beginners
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
GCC replaced first printf() call <strong>to</strong> puts(). Indeed: printf() with only sole argument is almost<br />
analogous <strong>to</strong> puts().<br />
Almost, because we need <strong>to</strong> be sure that this string will not contain printf-control statements starting<br />
with % : then effect of these two functions will be different.<br />
Why GCC replaced printf() <strong>to</strong> puts? Because puts() work faster 11 .<br />
It working faster because just passes characters <strong>to</strong> stdout not comparing each with % symbol.<br />
As be<strong>for</strong>e — arguments are placed in<strong>to</strong> stack by MOV instruction.<br />
1.4.1 Global variables<br />
What if x variable from previous example will not be local but global variable? Then it will be accessible<br />
from any place but not only from function body. It is not very good programming practice, but <strong>for</strong> the sake<br />
of experiment we could do this.<br />
_DATA SEGMENT<br />
COMM _x:DWORD<br />
$SG2456 DB ’Enter X:’, 0aH, 00H<br />
ORG $+2<br />
$SG2457 DB ’%d’, 00H<br />
ORG $+1<br />
$SG2458 DB ’You entered %d...’, 0aH, 00H<br />
_DATA ENDS<br />
PUBLIC _main<br />
EXTRN _scanf:PROC<br />
EXTRN _printf:PROC<br />
; Function compile flags: /Odtp<br />
_TEXT SEGMENT<br />
_main PROC<br />
push ebp<br />
mov ebp, esp<br />
push OFFSET $SG2456<br />
call _printf<br />
add esp, 4<br />
push OFFSET _x<br />
push OFFSET $SG2457<br />
call _scanf<br />
add esp, 8<br />
mov eax, DWORD PTR _x<br />
push eax<br />
push OFFSET $SG2458<br />
call _printf<br />
add esp, 8<br />
xor eax, eax<br />
pop ebp<br />
ret 0<br />
_main ENDP<br />
_TEXT ENDS<br />
Now x variable is defined in _DATA segment. Memory in local stack is not allocated anymore. All accesses<br />
<strong>to</strong> it are not via stack but directly <strong>to</strong> process memory. Its value is not defined. This mean that memory<br />
will be allocated by operation system, but not compiler, neither operation system will not take care about<br />
its initial value at the moment of main() function start. As experiment, try <strong>to</strong> declare large array and see<br />
what will it contain after program loading.<br />
Now let’s assign value <strong>to</strong> variable explicitly:<br />
11 http://www.ciselant.de/projects/gcc_printf/gcc_printf.html<br />
12