call return exploration
TRANSCRIPT
![Page 1: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/1.jpg)
Calling functions by Pushing and Jumping
callReturnExploration.s
![Page 2: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/2.jpg)
LC0:.ascii "%d\n\0"
.text
.globl _function_function::movl $99, %eax
# retpopl %ecxjmp *%ecx
.globl _main_main::pushl %ebpProgram starts here
![Page 3: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/3.jpg)
LC0:.ascii "%d\n\0"
.text
.globl _function_function::movl $99, %eax
# retpopl %ecxjmp *%ecx
.globl _main_main::pushl %ebp
8(%esp) argv
4(%esp) argc
(%esp) return addr
%esp 28ff2c %ebp old %ebp %eax $0
![Page 4: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/4.jpg)
_function::...
.globl _main_main::pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)
8(%esp) argv
4(%esp) argc
(%esp) return addr
%esp 28ff2c %ebp old %ebp %eax $0
![Page 5: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/5.jpg)
_function::...
.globl _main_main::pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)
%esp 28ff28 %ebp old %ebp %eax $0
12(%esp) argv
8(%esp) argc
4(%esp) return addr
(%esp) old %ebp
![Page 6: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/6.jpg)
_function::...
.globl _main_main::pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)
%esp 28ff28 %ebp old %ebp %eax $0
12(%esp) argv
8(%esp) argc
4(%esp) return addr
(%esp) old %ebp
![Page 7: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/7.jpg)
_function::...
.globl _main_main::pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)
%esp 28ff28 %ebp 28ff28 %eax $0
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
![Page 8: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/8.jpg)
_function::...
.globl _main_main::pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)
%esp 28ff28 %ebp 28ff28 %eax $0
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
![Page 9: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/9.jpg)
_function::...
.globl _main_main::pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)
%esp 28ff20 %ebp 28ff28 %eax $0
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
4(%esp)
(%esp)
![Page 10: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/10.jpg)
_function::...
.globl _main_main::pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)
%esp 28ff20 %ebp 28ff28 %eax $0
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
4(%esp)
(%esp)
![Page 11: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/11.jpg)
_function::...
.globl _main_main::pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)
%esp 28ff1c %ebp 28ff28 %eax $0
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
8(%esp)
4(%esp)
(%esp) $retAddr
![Page 12: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/12.jpg)
_function::...
.globl _main_main::pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)
%esp 28ff1c %ebp 28ff28 %eax $0
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
8(%esp)
4(%esp)
(%esp) $retAddr
![Page 13: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/13.jpg)
_function::...
.globl _main_main::pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)
%esp 28ff1c %ebp 28ff28 %eax $0
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
8(%esp)
4(%esp)
(%esp) $retAddr
![Page 14: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/14.jpg)
_function::movl $99, %eax
# retpopl %ecxjmp *%ecx
.globl _main_main::pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddr
%esp 28ff1c %ebp 28ff28 %eax $0
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
8(%esp)
4(%esp)
(%esp) $retAddr
![Page 15: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/15.jpg)
_function::movl $99, %eax
# retpopl %ecxjmp *%ecx
.globl _main_main::pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddr
%esp 28ff1c %ebp 28ff28 %eax $0
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
8(%esp)
4(%esp)
(%esp) $retAddr
![Page 16: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/16.jpg)
_function::movl $99, %eax
# retpopl %ecxjmp *%ecx
.globl _main_main::pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddr
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
8(%esp)
4(%esp)
(%esp) $retAddr
%esp 28ff1c %ebp 28ff28 %eax $99
![Page 17: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/17.jpg)
_function::movl $99, %eax
# retpopl %ecxjmp *%ecx
.globl _main_main::pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddr
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
8(%esp)
4(%esp)
(%esp) $retAddr
%esp 28ff1c %ebp 28ff28 %eax $99
![Page 18: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/18.jpg)
_function::movl $99, %eax
# retpopl %ecxjmp *%ecx
.globl _main_main::pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddr
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
4(%esp)
(%esp)
%esp 28ff20 %ebp 28ff28 %eax $99%ecx $retAddr
![Page 19: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/19.jpg)
_function::movl $99, %eax
# retpopl %ecxjmp *%ecx
.globl _main_main::pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddr
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
4(%esp)
(%esp)
%esp 28ff20 %ebp 28ff28 %eax $99%ecx $retAddr
![Page 20: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/20.jpg)
pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)movl $LC0, (%esp)call _printfmovl $0, %eaxleaveret
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
4(%esp)
(%esp)
%esp 28ff20 %ebp 28ff28 %eax $99%ecx $retAddr
![Page 21: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/21.jpg)
pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)movl $LC0, (%esp)call _printfmovl $0, %eaxleaveret
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
4(%esp)
(%esp)
%esp 28ff20 %ebp 28ff28 %eax $99
![Page 22: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/22.jpg)
pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)movl $LC0, (%esp)call _printfmovl $0, %eaxleaveret
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
4(%esp)
(%esp)
%esp 28ff20 %ebp 28ff28 %eax $99
![Page 23: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/23.jpg)
pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)movl $LC0, (%esp)call _printfmovl $0, %eaxleaveret
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
4(%esp) $99
(%esp)
%esp 28ff20 %ebp 28ff28 %eax $99
![Page 24: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/24.jpg)
pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)movl $LC0, (%esp)call _printfmovl $0, %eaxleaveret
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
4(%esp) $99
(%esp)
%esp 28ff20 %ebp 28ff28 %eax $99
![Page 25: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/25.jpg)
pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)movl $LC0, (%esp)call _printfmovl $0, %eaxleaveret
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
4(%esp) $99
(%esp) $LC0
%esp 28ff20 %ebp 28ff28 %eax $99
![Page 26: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/26.jpg)
pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)movl $LC0, (%esp)call _printfmovl $0, %eaxleaveret
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
4(%esp) $99
(%esp) $LC0
%esp 28ff20 %ebp 28ff28 %eax $99
![Page 27: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/27.jpg)
pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)movl $LC0, (%esp)call _printfmovl $0, %eaxleaveret
%esp 28ff1c %ebp 28ff28 %eax $99
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
8(%esp) $99
4(%esp) $LC0
(%esp)address of
next instruction
![Page 28: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/28.jpg)
pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)movl $LC0, (%esp)call _printfmovl $0, %eaxleaveret
%esp 28ff1c %ebp 28ff28 %eax $99
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
8(%esp) $99
4(%esp) $LC0
(%esp)address of
next instruction
We push the address of the next instruction to the stack.
![Page 29: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/29.jpg)
pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)movl $LC0, (%esp)call _printfmovl $0, %eaxleaveret
%esp 28ff1c %ebp 28ff28 %eax $99
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
8(%esp) $99
4(%esp) $LC0
(%esp)address of
next instruction
We push the address of the next instruction to the stack.
We jump to _printf and do our business
![Page 30: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/30.jpg)
pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)movl $LC0, (%esp)call _printfmovl $0, %eaxleaveret
%esp 28ff1c %ebp 28ff28 %eax $99
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
8(%esp) $99
4(%esp) $LC0
(%esp)address of
next instruction
We push the address of the next instruction to the stack.
We jump to _printf and do our business
When finished, _printf jumps to our next instruction
![Page 31: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/31.jpg)
pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)movl $LC0, (%esp)call _printfmovl $0, %eaxleaveret
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
4(%esp) $99
(%esp) $LC0
%esp 28ff20 %ebp 28ff28 %eax $99
![Page 32: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/32.jpg)
pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)movl $LC0, (%esp)call _printfmovl $0, %eaxleaveret
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
4(%esp) $99
(%esp) $LC0
%esp 28ff20 %ebp 28ff28 %eax $99
![Page 33: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/33.jpg)
pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)movl $LC0, (%esp)call _printfmovl $0, %eaxleaveret
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
4(%esp) $99
(%esp) $LC0
%esp 28ff20 %ebp 28ff28 %eax $0
![Page 34: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/34.jpg)
pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)movl $LC0, (%esp)call _printfmovl $0, %eaxleaveret
12(%ebp) argv
8(%ebp) argc
4(%ebp) return addr
(%ebp) old %ebp
4(%esp) $99
(%esp) $LC0
%esp 28ff20 %ebp 28ff28 %eax $0
![Page 35: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/35.jpg)
pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)movl $LC0, (%esp)call _printfmovl $0, %eaxleaveret
8(%esp) argv
4(%esp) argc
(%esp) return addr
%esp 28ff2c %ebp old %ebp %eax $0
![Page 36: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/36.jpg)
pushl %ebpmovl %esp, %ebpsubl $8, %esp
# call _functionpushl $retAddrjmp _function
retAddr:movl %eax, 4(%esp)movl $LC0, (%esp)call _printfmovl $0, %eaxleaveret
8(%esp) argv
4(%esp) argc
(%esp) return addr
%esp 28ff2c %ebp old %ebp %eax $0
![Page 37: Call Return Exploration](https://reader033.vdocument.in/reader033/viewer/2022051709/5871a1ec1a28ab044e8b7065/html5/thumbnails/37.jpg)
Calling functions by Pushing and Jumping
This presentation by Pat Hawks is licensed under aCreative Commons Attribution 4.0 International License
callReturnExploration.s