I'm not understanding what the function below does. From what I gather, function 4 does something like (x+x)*2 or it does something like (high-low)/2 if a condition is reached. (I might be wrong on this). From reading the code, I also understood that in order to "defuse" the bomb. I need two decimal inputs, and the second one should be 14.
I'm stuck trying to figure out the first value, and trying to identify the correct formula to use in order to figure out the first value.
Function_4
00000000004010b2 <func4>:
4010b2: 55 push %rbp
4010b3: 48 89 e5 mov %rsp,%rbp
4010b6: 89 d0 mov %edx,%eax
4010b8: 29 f0 sub %esi,%eax
4010ba: 89 c1 mov %eax,%ecx
4010bc: c1 e9 1f shr $0x1f,%ecx
4010bf: 01 c8 add %ecx,%eax
4010c1: d1 f8 sar %eax
4010c3: 8d 0c 30 lea (%rax,%rsi,1),%ecx
4010c6: 39 f9 cmp %edi,%ecx
4010c8: 7e 0c jle 4010d6 <func4+0x24>
4010ca: 8d 51 ff lea -0x1(%rcx),%edx
4010cd: e8 e0 ff ff ff callq 4010b2 <func4>
4010d2: 01 c0 add %eax,%eax
4010d4: eb 15 jmp 4010eb <func4+0x39>
4010d6: b8 00 00 00 00 mov $0x0,%eax
4010db: 39 f9 cmp %edi,%ecx
4010dd: 7d 0c jge 4010eb <func4+0x39>
4010df: 8d 71 01 lea 0x1(%rcx),%esi
4010e2: e8 cb ff ff ff callq 4010b2 <func4>
4010e7: 8d 44 00 01 lea 0x1(%rax,%rax,1),%eax
4010eb: 5d pop %rbp
4010ec: c3 retq
Phase_4
00000000004010ed <phase_4>:
4010ed: 55 push %rbp
4010ee: 48 89 e5 mov %rsp,%rbp
4010f1: 48 83 ec 10 sub $0x10,%rsp
4010f5: 48 8d 4d fc lea -0x4(%rbp),%rcx
4010f9: 48 8d 55 f8 lea -0x8(%rbp),%rdx
4010fd: be 6d 2a 40 00 mov $0x402a6d,%esi
401102: b8 00 00 00 00 mov $0x0,%eax
401107: e8 a4 fb ff ff callq 400cb0 <__isoc99_sscanf#plt>
40110c: 83 f8 02 cmp $0x2,%eax
40110f: 75 0b jne 40111c <phase_4+0x2f>
401111: 8b 45 f8 mov -0x8(%rbp),%eax
401114: 83 e8 20 sub $0x20,%eax
401117: 83 f8 1e cmp $0x1e,%eax
40111a: 76 05 jbe 401121 <phase_4+0x34>
40111c: e8 b4 05 00 00 callq 4016d5 <explode_bomb>
401121: ba 3e 00 00 00 mov $0x3e,%edx
401126: be 20 00 00 00 mov $0x20,%esi
40112b: 8b 7d f8 mov -0x8(%rbp),%edi
40112e: e8 7f ff ff ff callq 4010b2 <func4>
401133: 83 f8 0e cmp $0xe,%eax
401136: 75 06 jne 40113e <phase_4+0x51>
401138: 83 7d fc 0e cmpl $0xe,-0x4(%rbp)
40113c: 74 05 je 401143 <phase_4+0x56>
40113e: e8 92 05 00 00 callq 4016d5 <explode_bomb>
401143: c9 leaveq
401144: c3 retq
Related
This question already has answers here:
Binary Bomb - Phase 4
(1 answer)
having trouble with bomb lab phase 4 [closed]
(1 answer)
Closed 5 years ago.
I'm having a bit of trouble understanding the following assembly code for the bomb lab. Running through it so far, I've figured out that the answer is supposed to be two decimal values. If not it will explode the bomb. Then, function 4 is making sure that the first value inputted is between 0 and 30. (0x1e) Then it jumps to func4 where it does something to my number. I understand up to the
sub %esi,%eax
then I don't completely understand what is going on in the function. I've tried plugging in values and checking them in the registry but I still don't understand what is going in function 4.
My attempt at understanding it is that, first its setting registers equal to each other. Then its doing an arithmetic right shift by 31 (0x1f). Then its subtracting by 1 and adding it to eax.
So, from what I understand its taking a number. Subtracting it by 1 and then adding them together? Such that the simplified formula would be (x-1)*x ?
Func_4
00000000004010b2 <func4>:
4010b2: 55 push %rbp
4010b3: 48 89 e5 mov %rsp,%rbp
4010b6: 89 d0 mov %edx,%eax
4010b8: 29 f0 sub %esi,%eax
4010ba: 89 c1 mov %eax,%ecx
4010bc: c1 e9 1f shr $0x1f,%ecx
4010bf: 01 c8 add %ecx,%eax
4010c1: d1 f8 sar %eax
4010c3: 8d 0c 30 lea (%rax,%rsi,1),%ecx
4010c6: 39 f9 cmp %edi,%ecx
4010c8: 7e 0c jle 4010d6 <func4+0x24>
4010ca: 8d 51 ff lea -0x1(%rcx),%edx
4010cd: e8 e0 ff ff ff callq 4010b2 <func4>
4010d2: 01 c0 add %eax,%eax
4010d4: eb 15 jmp 4010eb <func4+0x39>
4010d6: b8 00 00 00 00 mov $0x0,%eax
4010db: 39 f9 cmp %edi,%ecx
4010dd: 7d 0c jge 4010eb <func4+0x39>
4010df: 8d 71 01 lea 0x1(%rcx),%esi
4010e2: e8 cb ff ff ff callq 4010b2 <func4>
4010e7: 8d 44 00 01 lea 0x1(%rax,%rax,1),%eax
4010eb: 5d pop %rbp
4010ec: c3 retq
Phase_4
00000000004010ed <phase_4>:
4010ed: 55 push %rbp
4010ee: 48 89 e5 mov %rsp,%rbp
4010f1: 48 83 ec 10 sub $0x10,%rsp
4010f5: 48 8d 4d fc lea -0x4(%rbp),%rcx
4010f9: 48 8d 55 f8 lea -0x8(%rbp),%rdx
4010fd: be 6d 2a 40 00 mov $0x402a6d,%esi
401102: b8 00 00 00 00 mov $0x0,%eax
401107: e8 a4 fb ff ff callq 400cb0 <__isoc99_sscanf#plt>
40110c: 83 f8 02 cmp $0x2,%eax
40110f: 75 0b jne 40111c <phase_4+0x2f>
401111: 8b 45 f8 mov -0x8(%rbp),%eax
401114: 83 e8 20 sub $0x20,%eax
401117: 83 f8 1e cmp $0x1e,%eax
40111a: 76 05 jbe 401121 <phase_4+0x34>
40111c: e8 b4 05 00 00 callq 4016d5 <explode_bomb>
401121: ba 3e 00 00 00 mov $0x3e,%edx
401126: be 20 00 00 00 mov $0x20,%esi
40112b: 8b 7d f8 mov -0x8(%rbp),%edi
40112e: e8 7f ff ff ff callq 4010b2 <func4>
401133: 83 f8 0e cmp $0xe,%eax
401136: 75 06 jne 40113e <phase_4+0x51>
401138: 83 7d fc 0e cmpl $0xe,-0x4(%rbp)
40113c: 74 05 je 401143 <phase_4+0x56>
40113e: e8 92 05 00 00 callq 4016d5 <explode_bomb>
401143: c9 leaveq
401144: c3 retq
Consider the code snippet below.
The entry point of the program is main as defined in C-source code. Now, normally a function starts by decreasing %rsp to reserve space for local variables. But here, the GCC compiler reserves this space in some of the added (initial) functions.
My question is, where do I look for the number of bytes of reserved variables in these GCC-specific initialization functions? In this case, the number of reserved bytes is 0x08.
Also, in what order are these initial functions called?
00000000004003c0 <_start>:
4003c0: 31 ed xor ebp,ebp
4003c2: 49 89 d1 mov r9,rdx
4003c5: 5e pop rsi
4003c6: 48 89 e2 mov rdx,rsp
4003c9: 48 83 e4 f0 and rsp,0xfffffffffffffff0
4003cd: 50 push rax
4003ce: 54 push rsp
4003cf: 49 c7 c0 a0 05 40 00 mov r8,0x4005a0
4003d6: 48 c7 c1 30 05 40 00 mov rcx,0x400530
4003dd: 48 c7 c7 c0 04 40 00 mov rdi,0x4004c0
4003e4: e8 b7 ff ff ff call 4003a0 <__libc_start_main#plt>
4003e9: f4 hlt
4003ea: 66 0f 1f 44 00 00 nop WORD PTR [rax+rax*1+0x0]
00000000004003f0 <deregister_tm_clones>:
4003f0: b8 37 10 60 00 mov eax,0x601037
4003f5: 55 push rbp
4003f6: 48 2d 30 10 60 00 sub rax,0x601030
4003fc: 48 83 f8 0e cmp rax,0xe
400400: 48 89 e5 mov rbp,rsp
400403: 76 1b jbe 400420 <deregister_tm_clones+0x30>
400405: b8 00 00 00 00 mov eax,0x0
40040a: 48 85 c0 test rax,rax
40040d: 74 11 je 400420 <deregister_tm_clones+0x30>
40040f: 5d pop rbp
400410: bf 30 10 60 00 mov edi,0x601030
400415: ff e0 jmp rax
400417: 66 0f 1f 84 00 00 00 nop WORD PTR [rax+rax*1+0x0]
40041e: 00 00
400420: 5d pop rbp
400421: c3 ret
400422: 0f 1f 40 00 nop DWORD PTR [rax+0x0]
400426: 66 2e 0f 1f 84 00 00 nop WORD PTR cs:[rax+rax*1+0x0]
40042d: 00 00 00
0000000000400430 <register_tm_clones>:
400430: be 30 10 60 00 mov esi,0x601030
400435: 55 push rbp
400436: 48 81 ee 30 10 60 00 sub rsi,0x601030
40043d: 48 c1 fe 03 sar rsi,0x3
400441: 48 89 e5 mov rbp,rsp
400444: 48 89 f0 mov rax,rsi
400447: 48 c1 e8 3f shr rax,0x3f
40044b: 48 01 c6 add rsi,rax
40044e: 48 d1 fe sar rsi,1
400451: 74 15 je 400468 <register_tm_clones+0x38>
400453: b8 00 00 00 00 mov eax,0x0
400458: 48 85 c0 test rax,rax
40045b: 74 0b je 400468 <register_tm_clones+0x38>
40045d: 5d pop rbp
40045e: bf 30 10 60 00 mov edi,0x601030
400463: ff e0 jmp rax
400465: 0f 1f 00 nop DWORD PTR [rax]
400468: 5d pop rbp
400469: c3 ret
40046a: 66 0f 1f 44 00 00 nop WORD PTR [rax+rax*1+0x0]
0000000000400470 <__do_global_dtors_aux>:
400470: 80 3d b9 0b 20 00 00 cmp BYTE PTR [rip+0x200bb9],0x0 # 601030 <__TMC_END__>
400477: 75 11 jne 40048a <__do_global_dtors_aux+0x1a>
400479: 55 push rbp
40047a: 48 89 e5 mov rbp,rsp
40047d: e8 6e ff ff ff call 4003f0 <deregister_tm_clones>
400482: 5d pop rbp
400483: c6 05 a6 0b 20 00 01 mov BYTE PTR [rip+0x200ba6],0x1 # 601030 <__TMC_END__>
40048a: f3 c3 repz ret
40048c: 0f 1f 40 00 nop DWORD PTR [rax+0x0]
0000000000400490 <frame_dummy>:
400490: bf 20 0e 60 00 mov edi,0x600e20
400495: 48 83 3f 00 cmp QWORD PTR [rdi],0x0
400499: 75 05 jne 4004a0 <frame_dummy+0x10>
40049b: eb 93 jmp 400430 <register_tm_clones>
40049d: 0f 1f 00 nop DWORD PTR [rax]
4004a0: b8 00 00 00 00 mov eax,0x0
4004a5: 48 85 c0 test rax,rax
4004a8: 74 f1 je 40049b <frame_dummy+0xb>
4004aa: 55 push rbp
4004ab: 48 89 e5 mov rbp,rsp
4004ae: ff d0 call rax
4004b0: 5d pop rbp
4004b1: e9 7a ff ff ff jmp 400430 <register_tm_clones>
4004b6: 66 2e 0f 1f 84 00 00 nop WORD PTR cs:[rax+rax*1+0x0]
4004bd: 00 00 00
00000000004004c0 <main>:
4004c0: 55 push rbp
4004c1: 48 89 e5 mov rbp,rsp
4004c4: c7 45 f8 00 00 00 00 mov DWORD PTR [rbp-0x8],0x0
4004cb: c7 45 fc 01 00 00 00 mov DWORD PTR [rbp-0x4],0x1
4004d2: eb 46 jmp 40051a <.cend>
4004d4: 66 66 66 2e 0f 1f 84 data16 data16 nop WORD PTR cs:[rax+rax*1+0x0]
4004db: 00 00 00 00 00
4004e0: ff 05 4e 0b 20 00 inc DWORD PTR [rip+0x200b4e] # 601034 <sum>
4004e6: 50 push rax
4004e7: 53 push rbx
4004e8: 56 push rsi
4004e9: 48 31 c0 xor rax,rax
4004ec: 48 c7 c6 14 05 40 00 mov rsi,0x400514
00000000004004f3 <.cloop>:
4004f3: 48 0f b6 1e movzx rbx,BYTE PTR [rsi]
4004f7: 48 31 d8 xor rax,rbx
4004fa: 48 ff c6 inc rsi
4004fd: 48 81 fe 1a 05 40 00 cmp rsi,0x40051a
400504: 75 ed jne 4004f3 <.cloop>
400506: 48 83 f8 00 cmp rax,0x0
40050a: 74 05 je 400511 <.restore>
40050c: 48 31 c0 xor rax,rax
40050f: ff d0 call rax
0000000000400511 <.restore>:
400511: 5e pop rsi
400512: 5b pop rbx
400513: 58 pop rax
0000000000400514 <.cstart>:
400514: eb 01 jmp 400517 <.end>
0000000000400516 <.cslot>:
400516: ac lods al,BYTE PTR ds:[rsi]
0000000000400517 <.end>:
400517: ff 45 fc inc DWORD PTR [rbp-0x4]
000000000040051a <.cend>:
40051a: 83 7d fc 1e cmp DWORD PTR [rbp-0x4],0x1e
40051e: 7e c0 jle 4004e0 <main+0x20>
400520: 8b 05 0e 0b 20 00 mov eax,DWORD PTR [rip+0x200b0e] # 601034 <sum>
400526: 5d pop rbp
400527: c3 ret
400528: 0f 1f 84 00 00 00 00 nop DWORD PTR [rax+rax*1+0x0]
40052f: 00
0000000000400530 <__libc_csu_init>:
400530: 41 57 push r15
400532: 41 56 push r14
400534: 41 89 ff mov r15d,edi
400537: 41 55 push r13
400539: 41 54 push r12
40053b: 4c 8d 25 ce 08 20 00 lea r12,[rip+0x2008ce] # 600e10 <__frame_dummy_init_array_entry>
400542: 55 push rbp
400543: 48 8d 2d ce 08 20 00 lea rbp,[rip+0x2008ce] # 600e18 <__init_array_end>
40054a: 53 push rbx
40054b: 49 89 f6 mov r14,rsi
40054e: 49 89 d5 mov r13,rdx
400551: 4c 29 e5 sub rbp,r12
400554: 48 83 ec 08 sub rsp,0x8
400558: 48 c1 fd 03 sar rbp,0x3
40055c: e8 0f fe ff ff call 400370 <_init>
400561: 48 85 ed test rbp,rbp
400564: 74 20 je 400586 <__libc_csu_init+0x56>
400566: 31 db xor ebx,ebx
400568: 0f 1f 84 00 00 00 00 nop DWORD PTR [rax+rax*1+0x0]
40056f: 00
400570: 4c 89 ea mov rdx,r13
400573: 4c 89 f6 mov rsi,r14
400576: 44 89 ff mov edi,r15d
400579: 41 ff 14 dc call QWORD PTR [r12+rbx*8]
40057d: 48 83 c3 01 add rbx,0x1
400581: 48 39 eb cmp rbx,rbp
400584: 75 ea jne 400570 <__libc_csu_init+0x40>
400586: 48 83 c4 08 add rsp,0x8
40058a: 5b pop rbx
40058b: 5d pop rbp
40058c: 41 5c pop r12
40058e: 41 5d pop r13
400590: 41 5e pop r14
400592: 41 5f pop r15
400594: c3 ret
400595: 90 nop
400596: 66 2e 0f 1f 84 00 00 nop WORD PTR cs:[rax+rax*1+0x0]
40059d: 00 00 00
00000000004005a0 <__libc_csu_fini>:
4005a0: f3 c3 repz ret
Disassembly of section .fini:
00000000004005a4 <_fini>:
4005a4: 48 83 ec 08 sub rsp,0x8
4005a8: 48 83 c4 08 add rsp,0x8
4005ac: c3
I've been trying to decompile the following asm snippet(that's all I have):
55 push %rbp
48 89 e5 mov %rsp,%rbp
48 81 ec d0 00 00 00 sub $0xd0,%rsp
64 48 8b 04 25 28 00 mov %fs:0x28,%rax
00 00
48 89 45 f8 mov %rax,-0x8(%rbp)
31 c0 xor %eax,%eax
48 c7 85 30 ff ff ff movq $0x0,-0xd0(%rbp)
00 00 00 00
48 8d b5 38 ff ff ff lea -0xc8(%rbp),%rsi
b8 00 00 00 00 mov $0x0,%eax
ba 18 00 00 00 mov $0x18,%edx
48 89 f7 mov %rsi,%rdi
48 89 d1 mov %rdx,%rcx
f3 48 ab rep stos %rax,%es:(%rdi)
48 8b 15 19 06 20 00 mov 0x200619(%rip),%rdx
48 8d 85 30 ff ff ff lea -0xd0(%rbp),%rax
be ce 0f 40 00 mov $0x400fce,%esi
48 89 c7 mov %rax,%rdi
b8 00 00 00 00 mov $0x0,%eax
e8 4e fc ff ff callq 4008a0 <sprintf#plt>
Here is my attempt:
char buf[192] = {0};
sprintf(buf, "hello %s", name);
I've compiled this with gcc 4.8.5, and it gave me:
55 push %rbp
48 89 e5 mov %rsp,%rbp
48 81 ec d0 00 00 00 sub $0xd0,%rsp
64 48 8b 04 25 28 00 mov %fs:0x28,%rax
00 00
48 89 45 f8 mov %rax,-0x8(%rbp)
31 c0 xor %eax,%eax
48 8d b5 30 ff ff ff lea -0xd0(%rbp),%rsi
b8 00 00 00 00 mov $0x0,%eax
ba 18 00 00 00 mov $0x18,%edx
48 89 f7 mov %rsi,%rdi
48 89 d1 mov %rdx,%rcx
f3 48 ab rep stos %rax,%es:(%rdi)
48 8b 15 14 14 20 00 mov 0x201414(%rip),%rdx
48 8d 85 30 ff ff ff lea -0xd0(%rbp),%rax
be 2e 10 40 00 mov $0x40102e,%esi
48 89 c7 mov %rax,%rdi
b8 00 00 00 00 mov $0x0,%eax
e8 cb fb ff ff callq 4008a0 <sprintf#plt>
I'm struggling to figure out why this exists:
movq $0x0,-0xd0(%rbp)
and also the subsequent usage of -0xd0(%rbp) as a pointer for the argument to sprintf. I'm puzzled because the rep stos begin at -0xc8(%rbp) and not -0xd0(%rbp).
This is probably compiler specific, but still I'm curious what could possibly be the original code that produced that asm.
I imagine something like:
char buf[192] = {0, 0, 0, 0, 0, 0, 0, 0};
sprintf(buf + 8, "hello %s", name);
... would give you that output.
The movq instruction you refer to stores 0 (an 8-byte quantity) at the beginning of an array. The -0xc8(%rbp) comes from copying a string to an offset within the array.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I observe some very weird performance for read and write access on Intel machine.
I wrote a C program that allocate an array first. The code of the program is at [1] ; You can compile it by running Make. (I don't use any compiling optimization.)
The sequence of the operations of the program is as follows:
allocate a char array;
init each element of array to be 1;
use clflush to flush the whole array from cache;
read each cache line of the array by using tmp = array[i];
(Do simple calculation after reading each cache line)
use clflush to flush the whole array from cache;
write each cache line of the array by using array[i] = tmp;
(Do the same simple calculation after reading each cache line)
I run the program on Intel(R) Xeon(R) CPU E5-1650 v2 # 3.50GHz (Haswell arch.) with turbo boost disabled.
The command I used to run the program is:
sudo ./rw-latency-test-compute 5210 10 1
I got the read latency for the whole array is 6670us, while the write latency for the whole array is 3518us.
The interesting part is
If I don't do any computation after I read/write a cache line, the read latency for the whole array is 2175us, while the write latency for the whole array is 3687us.
So doing computation seems speed up the execution... :-(
Do you have any suggestion/explanation on this weird performance?
The whole assembly code of the program can be found at [2].
The assembly code of the inner loop is as follows:
0000000000400898 <read_array>:
400898: 55 push %rbp
400899: 48 89 e5 mov %rsp,%rbp
40089c: 53 push %rbx
40089d: 48 83 ec 28 sub $0x28,%rsp
4008a1: 48 89 7d d8 mov %rdi,-0x28(%rbp)
4008a5: 48 89 75 d0 mov %rsi,-0x30(%rbp)
4008a9: c7 45 e8 00 00 00 00 movl $0x0,-0x18(%rbp)
4008b0: c7 45 e4 00 00 00 00 movl $0x0,-0x1c(%rbp)
4008b7: eb 58 jmp 400911 <read_array+0x79>
4008b9: b8 00 00 00 00 mov $0x0,%eax
4008be: e8 38 ff ff ff callq 4007fb <sw_barrier>
4008c3: 8b 45 e4 mov -0x1c(%rbp),%eax
4008c6: 48 98 cltq
4008c8: 48 03 45 d8 add -0x28(%rbp),%rax
4008cc: 0f b6 00 movzbl (%rax),%eax
4008cf: 88 45 ef mov %al,-0x11(%rbp)
4008d2: 0f be 45 ef movsbl -0x11(%rbp),%eax
4008d6: 89 c1 mov %eax,%ecx
4008d8: 03 4d e8 add -0x18(%rbp),%ecx
4008db: ba 01 80 00 80 mov $0x80008001,%edx
4008e0: 89 c8 mov %ecx,%eax
4008e2: f7 ea imul %edx
4008e4: 8d 04 0a lea (%rdx,%rcx,1),%eax
4008e7: 89 c2 mov %eax,%edx
4008e9: c1 fa 0f sar $0xf,%edx
4008ec: 89 c8 mov %ecx,%eax
4008ee: c1 f8 1f sar $0x1f,%eax
4008f1: 89 d3 mov %edx,%ebx
4008f3: 29 c3 sub %eax,%ebx
4008f5: 89 d8 mov %ebx,%eax
4008f7: 89 45 e8 mov %eax,-0x18(%rbp)
4008fa: 8b 55 e8 mov -0x18(%rbp),%edx
4008fd: 89 d0 mov %edx,%eax
4008ff: c1 e0 10 shl $0x10,%eax
400902: 29 d0 sub %edx,%eax
400904: 89 ca mov %ecx,%edx
400906: 29 c2 sub %eax,%edx
400908: 89 d0 mov %edx,%eax
40090a: 89 45 e8 mov %eax,-0x18(%rbp)
40090d: 83 45 e4 40 addl $0x40,-0x1c(%rbp)
400911: 8b 45 e4 mov -0x1c(%rbp),%eax
400914: 48 98 cltq
400916: 48 3b 45 d0 cmp -0x30(%rbp),%rax
40091a: 7c 9d jl 4008b9 <read_array+0x21>
40091c: b8 e1 0f 40 00 mov $0x400fe1,%eax
400921: 8b 55 e8 mov -0x18(%rbp),%edx
400924: 89 d6 mov %edx,%esi
400926: 48 89 c7 mov %rax,%rdi
400929: b8 00 00 00 00 mov $0x0,%eax
40092e: e8 3d fd ff ff callq 400670 <printf#plt>
400933: 48 83 c4 28 add $0x28,%rsp
400937: 5b pop %rbx
400938: 5d pop %rbp
400939: c3 retq
000000000040093a <write_array>:
40093a: 55 push %rbp
40093b: 48 89 e5 mov %rsp,%rbp
40093e: 53 push %rbx
40093f: 48 83 ec 28 sub $0x28,%rsp
400943: 48 89 7d d8 mov %rdi,-0x28(%rbp)
400947: 48 89 75 d0 mov %rsi,-0x30(%rbp)
40094b: c6 45 ef 01 movb $0x1,-0x11(%rbp)
40094f: c7 45 e8 00 00 00 00 movl $0x0,-0x18(%rbp)
400956: c7 45 e4 00 00 00 00 movl $0x0,-0x1c(%rbp)
40095d: eb 63 jmp 4009c2 <write_array+0x88>
40095f: b8 00 00 00 00 mov $0x0,%eax
400964: e8 92 fe ff ff callq 4007fb <sw_barrier>
400969: 8b 45 e4 mov -0x1c(%rbp),%eax
40096c: 48 98 cltq
40096e: 48 03 45 d8 add -0x28(%rbp),%rax
400972: 0f b6 55 ef movzbl -0x11(%rbp),%edx
400976: 88 10 mov %dl,(%rax)
400978: 8b 45 e4 mov -0x1c(%rbp),%eax
40097b: 48 98 cltq
40097d: 48 03 45 d8 add -0x28(%rbp),%rax
400981: 0f b6 00 movzbl (%rax),%eax
400984: 0f be c0 movsbl %al,%eax
400987: 89 c1 mov %eax,%ecx
400989: 03 4d e8 add -0x18(%rbp),%ecx
40098c: ba 01 80 00 80 mov $0x80008001,%edx
400991: 89 c8 mov %ecx,%eax
400993: f7 ea imul %edx
400995: 8d 04 0a lea (%rdx,%rcx,1),%eax
400998: 89 c2 mov %eax,%edx
40099a: c1 fa 0f sar $0xf,%edx
40099d: 89 c8 mov %ecx,%eax
40099f: c1 f8 1f sar $0x1f,%eax
4009a2: 89 d3 mov %edx,%ebx
4009a4: 29 c3 sub %eax,%ebx
4009a6: 89 d8 mov %ebx,%eax
4009a8: 89 45 e8 mov %eax,-0x18(%rbp)
4009ab: 8b 55 e8 mov -0x18(%rbp),%edx
4009ae: 89 d0 mov %edx,%eax
4009b0: c1 e0 10 shl $0x10,%eax
4009b3: 29 d0 sub %edx,%eax
4009b5: 89 ca mov %ecx,%edx
4009b7: 29 c2 sub %eax,%edx
4009b9: 89 d0 mov %edx,%eax
4009bb: 89 45 e8 mov %eax,-0x18(%rbp)
4009be: 83 45 e4 40 addl $0x40,-0x1c(%rbp)
4009c2: 8b 45 e4 mov -0x1c(%rbp),%eax
4009c5: 48 98 cltq
4009c7: 48 3b 45 d0 cmp -0x30(%rbp),%rax
4009cb: 7c 92 jl 40095f <write_array+0x25>
4009cd: b8 ee 0f 40 00 mov $0x400fee,%eax
4009d2: 8b 55 e8 mov -0x18(%rbp),%edx
4009d5: 89 d6 mov %edx,%esi
4009d7: 48 89 c7 mov %rax,%rdi
4009da: b8 00 00 00 00 mov $0x0,%eax
4009df: e8 8c fc ff ff callq 400670 <printf#plt>
4009e4: 48 83 c4 28 add $0x28,%rsp
4009e8: 5b pop %rbx
4009e9: 5d pop %rbp
4009ea: c3 retq
[1]https://github.com/PennPanda/rw-latency-test/blob/master/rw-latency-test-compute.c
[2] https://github.com/PennPanda/rw-latency-test/blob/2da88f1cccba40aba155317567199028b28bd250/rw-latency-test-compute.asm
Write is faster than read because if you read from RAM and use the value (that is, you don't just read and discard), the processor has to stall for the read at the point the value is used. However, write proceeds asynchronously and never stalls.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
08048544 <compare_password>:
8048544: 55 push %ebp
8048545: 89 e5 mov %esp,%ebp
8048547: 83 ec 38 sub $0x38,%esp
804854a: 8b 45 0c mov 0xc(%ebp),%eax
804854d: 89 45 d4 mov %eax,-0x2c(%ebp)
8048550: 65 a1 14 00 00 00 mov %gs:0x14,%eax
8048556: 89 45 f4 mov %eax,-0xc(%ebp)
8048559: 31 c0 xor %eax,%eax
804855b: c7 45 e4 00 00 00 00 movl $0x0,-0x1c(%ebp)
8048562: c7 45 e0 00 00 00 00 movl $0x0,-0x20(%ebp)
8048569: eb 22 jmp 804858d <compare_password+0x49>
804856b: 8b 45 e0 mov -0x20(%ebp),%eax
804856e: 03 45 d4 add -0x2c(%ebp),%eax
8048571: 0f b6 10 movzbl (%eax),%edx
8048574: 8b 45 e0 mov -0x20(%ebp),%eax
8048577: 05 44 a1 04 08 add $0x804a144,%eax
804857c: 0f b6 00 movzbl (%eax),%eax
804857f: 31 c2 xor %eax,%edx
8048581: 8d 45 ea lea -0x16(%ebp),%eax
8048584: 03 45 e0 add -0x20(%ebp),%eax
8048587: 88 10 mov %dl,(%eax)
8048589: 83 45 e0 01 addl $0x1,-0x20(%ebp)
804858d: 83 7d e0 09 cmpl $0x9,-0x20(%ebp)
8048591: 7e d8 jle 804856b <compare_password+0x27>
8048593: c7 45 e0 00 00 00 00 movl $0x0,-0x20(%ebp)
804859a: eb 2c jmp 80485c8 <compare_password+0x84>
804859c: 8b 55 08 mov 0x8(%ebp),%edx
804859f: 89 d0 mov %edx,%eax
80485a1: c1 e0 02 shl $0x2,%eax
80485a4: 01 d0 add %edx,%eax
80485a6: 01 c0 add %eax,%eax
80485a8: 03 45 e0 add -0x20(%ebp),%eax
80485ab: 05 e0 a0 04 08 add $0x804a0e0,%eax
80485b0: 0f b6 10 movzbl (%eax),%edx
80485b3: 8d 45 ea lea -0x16(%ebp),%eax
80485b6: 03 45 e0 add -0x20(%ebp),%eax
80485b9: 0f b6 00 movzbl (%eax),%eax
80485bc: 38 c2 cmp %al,%dl
80485be: 75 04 jne 80485c4 <compare_password+0x80>
80485c0: 83 45 e4 01 addl $0x1,-0x1c(%ebp)
80485c4: 83 45 e0 01 addl $0x1,-0x20(%ebp)
80485c8: 83 7d e0 09 cmpl $0x9,-0x20(%ebp)
80485cc: 7e ce jle 804859c <compare_password+0x58>
80485ce: 83 7d e4 08 cmpl $0x8,-0x1c(%ebp)
80485d2: 7e 07 jle 80485db <compare_password+0x97>
80485d4: b8 01 00 00 00 mov $0x1,%eax
80485d9: eb 05 jmp 80485e0 <compare_password+0x9c>
80485db: b8 00 00 00 00 mov $0x0,%eax
80485e0: 8b 55 f4 mov -0xc(%ebp),%edx
80485e3: 65 33 15 14 00 00 00 xor %gs:0x14,%edx
80485ea: 74 05 je 80485f1 <compare_password+0xad>
80485ec: e8 2f fe ff ff call 8048420 <__stack_chk_fail#plt>
80485f1: c9 leave
80485f2: c3 ret
080485f3 <main>:
80485f3: 55 push %ebp
80485f4: 89 e5 mov %esp,%ebp
80485f6: 83 e4 f0 and $0xfffffff0,%esp
80485f9: 83 ec 30 sub $0x30,%esp
80485fc: 65 a1 14 00 00 00 mov %gs:0x14,%eax
8048602: 89 44 24 2c mov %eax,0x2c(%esp)
8048606: 31 c0 xor %eax,%eax
8048608: c7 44 24 04 00 00 00 movl $0x0,0x4(%esp)
804860f: 00
8048610: 8d 44 24 10 lea 0x10(%esp),%eax
8048614: 89 04 24 mov %eax,(%esp)
8048617: e8 f4 fd ff ff call 8048410 <gettimeofday#plt>
804861c: 8b 54 24 10 mov 0x10(%esp),%edx
8048620: 8b 44 24 14 mov 0x14(%esp),%eax
8048624: 0f af c2 imul %edx,%eax
8048627: 89 04 24 mov %eax,(%esp)
804862a: e8 21 fe ff ff call 8048450 <srand#plt>
804862f: e8 3c fe ff ff call 8048470 <rand#plt>
8048634: 89 44 24 18 mov %eax,0x18(%esp)
8048638: 8b 4c 24 18 mov 0x18(%esp),%ecx
804863c: ba 67 66 66 66 mov $0x66666667,%edx
8048641: 89 c8 mov %ecx,%eax
8048643: f7 ea imul %edx
8048645: c1 fa 02 sar $0x2,%edx
8048648: 89 c8 mov %ecx,%eax
804864a: c1 f8 1f sar $0x1f,%eax
804864d: 29 c2 sub %eax,%edx
804864f: 89 d0 mov %edx,%eax
8048651: c1 e0 02 shl $0x2,%eax
8048654: 01 d0 add %edx,%eax
8048656: 01 c0 add %eax,%eax
8048658: 89 ca mov %ecx,%edx
804865a: 29 c2 sub %eax,%edx
804865c: 89 d0 mov %edx,%eax
804865e: 89 44 24 18 mov %eax,0x18(%esp)
8048662: 8b 54 24 18 mov 0x18(%esp),%edx
8048666: 89 d0 mov %edx,%eax
8048668: c1 e0 02 shl $0x2,%eax
804866b: 01 d0 add %edx,%eax
804866d: 01 c0 add %eax,%eax
804866f: 8d 90 60 a0 04 08 lea 0x804a060(%eax),%edx
8048675: b8 c0 87 04 08 mov $0x80487c0,%eax
804867a: 89 54 24 04 mov %edx,0x4(%esp)
804867e: 89 04 24 mov %eax,(%esp)
8048681: e8 7a fd ff ff call 8048400 <printf#plt>
8048686: b8 da 87 04 08 mov $0x80487da,%eax
804868b: 8d 54 24 22 lea 0x22(%esp),%edx
804868f: 89 54 24 04 mov %edx,0x4(%esp)
8048693: 89 04 24 mov %eax,(%esp)
8048696: e8 e5 fd ff ff call 8048480 <__isoc99_scanf#plt>
804869b: 8d 44 24 22 lea 0x22(%esp),%eax
804869f: 89 44 24 04 mov %eax,0x4(%esp)
80486a3: 8b 44 24 18 mov 0x18(%esp),%eax
80486a7: 89 04 24 mov %eax,(%esp)
80486aa: e8 95 fe ff ff call 8048544 <compare_password>
80486af: 89 44 24 1c mov %eax,0x1c(%esp)
80486b3: 83 7c 24 1c 01 cmpl $0x1,0x1c(%esp)
80486b8: 75 0e jne 80486c8 <main+0xd5>
80486ba: c7 04 24 dd 87 04 08 movl $0x80487dd,(%esp)
80486c1: e8 6a fd ff ff call 8048430 <puts#plt>
80486c6: eb 0c jmp 80486d4 <main+0xe1>
80486c8: c7 04 24 f2 87 04 08 movl $0x80487f2,(%esp)
80486cf: e8 5c fd ff ff call 8048430 <puts#plt>
80486d4: 8b 54 24 2c mov 0x2c(%esp),%edx
80486d8: 65 33 15 14 00 00 00 xor %gs:0x14,%edx
80486df: 74 05 je 80486e6 <main+0xf3>
80486e1: e8 3a fd ff ff call 8048420 <__stack_chk_fail#plt>
80486e6: c9 leave
80486e7: c3 ret
80486e8: 90 nop
80486e9: 90 nop
80486ea: 90 nop
80486eb: 90 nop
80486ec: 90 nop
80486ed: 90 nop
80486ee: 90 nop
80486ef: 90 nop
Ok, learning assembly code from scratch will take some time and effort, but there's no harm in getting the basics.
Each line of this output contains three parts:
The offset in the file where that piece of code is (in hex)
The bytes that make up that piece of code (each in hex, again)
The assembly language form of that code (basically reverse-translated from the bytes).
You can generally read the flow of the program through the last column. Instructions like JMPs will refer to other locations, which may or may not be nearby in the code. They may be presented in a labelled form like:
jmp 804858d <compare_password+0x49>
That says, jump to offset 0x804858d, so you can find that value in the first column. The label says that this is offset 0x49 after compare_password.
If you don't know what most of the instructions do, well, they mostly move, combine and compare individual words of memory and register. Even when you learn what each code does, understanding what it does in the context of this particular program can be hard. And you generally need to know the location of other important pieces of data when the program will be running to know what the effect will be.
There are lots of resources for learning computer programming at the level of debugging, assembly language and dissassembly, but I will leave it to others to refer you. If you really want to learn, a good way is to write your own simple program in C, and compile it to assembly. Then compare the C and assembly output side-by-side, figuring out how the C statements have been translated into instructions.