[inoukat_private] Tue, Apr 09, 2002 at 08:56:27AM -0400 wrote: > > When you don't pass parameters (ie: f(1)), you must add 4 of more in > addition to pointing to the return address. (even if you have 2, 3 or more > of parameters, it's alway 4) > > Here the code: > > void > f() > { > char a[4]; > int *b; > > b = a + 12; > *b += 0x8; > } > > void > main() > { > int x; > > x = 0; > f(); > > x = 1; > > printf("%d\n", x); > } > > To know why, read the dissassembler code from gdb, the answer is in here > :-) > > Eric > This helped me somewhat understand in calculating the return addresses in that I printed out the address' as it was changed. [nocon]$ cat code.c void f(int bla) { char a[4]; int *b; b = a + 8; printf("ret = 0x%x\n",*b); *b += 10; printf("new ret = 0x%x\n",*b); } main() { int x; x = 0; f(1); x = 1; /* we want to jump past this assignment */ printf("%d\n", x); /* should print 0 not 1 */ } [nocon]$ gcc code.c [...] [nocon]$ gdb -q ./a.out (gdb) disas main Dump of assembler code for function main: 0x80484a8 <main>: push %ebp 0x80484a9 <main+1>: mov %esp,%ebp 0x80484ab <main+3>: sub $0x8,%esp 0x80484ae <main+6>: movl $0x0,0xfffffffc(%ebp) 0x80484b5 <main+13>: sub $0xc,%esp 0x80484b8 <main+16>: push $0x1 0x80484ba <main+18>: call 0x8048460 <f> 0x80484bf <main+23>: add $0x10,%esp <---------- ( 0x80484bf: b = a + 8; ) 0x80484c2 <main+26>: movl $0x1,0xfffffffc(%ebp) 0x80484c9 <main+33>: sub $0x8,%esp <---------- ( 0x80484c9: *b += 10; ) 0x80484cc <main+36>: pushl 0xfffffffc(%ebp) 0x80484cf <main+39>: push $0x8048561 0x80484d4 <main+44>: call 0x804833c <printf> 0x80484d9 <main+49>: add $0x10,%esp 0x80484dc <main+52>: leave 0x80484dd <main+53>: ret 0x80484de <main+54>: mov %esi,%esi End of assembler dump. (gdb) quit [nocon]$ ./a.out ret = 0x80484bf new ret = 0x80484c9 0 [nocon]$ -- - noconflic ====================================== noconat_private http://nocon.darkflame.net ======================================
This archive was generated by hypermail 2b30 : Wed Apr 10 2002 - 12:55:19 PDT