On 17 Mar, 22:27, Frank Kotler <spamt...@[EMAIL PROTECTED]
> wrote:
> Yes! If you're "call"ed, say "main" being called from the "startup"
> code, you can end with "ret". But the "_start" label is not called, it's
> "jmp"ed to. There is no return address on the stack, the first thing on
> the stack is the argument count, "argc". So a "ret" will attempt to
> return to "argc" as an address - probably 1 (our program name is
> "argv[0]", so "argc" is at least 1). This is outside "our" address
> space, and segfaults.
>
Wow, this was the reason why the EIP register had the address 1, at
the end of the program!!!
This is an im****tant thing that I couldn't understand before...
> Addition and subtraction are simple enough, displaying the result is
> somewhat less obvious. If we send a number to stdout, it's treated as an
> ascii code, and the ascii codes for the "number characters" are not the
> same as the number! Fortunately, the decimal digit characters are
> contiguous, so we can add '0' (the character '0', *not* the number 0 -
> aka 48 decimal or 30h) to "convert" a number to its ascii code. That's
> good for *one* digit, if we've got more, we need to extract 'em one at a
> time. "div" will do this... there are faster ways. "div" puts the
> quotient in eax, and the remainder in edx... if we "div" by ten
> repeatedly, we get the digits we want, but "backwards" from the way we
> want to print 'em. Simplest way to "demo" this is to use a "static"
> buffer. This may be a little harder to follow, since it makes a
> "tem****ary" buffer on the stack. If ya *can't* follow it, we can start
> with something simpler... but you could "just use it"... ya don't know
> how "printf" works either, most likely...
The code you've posted was very clear... so (even for me) It hasn't
been extremely difficult to understand it.
Thank you again, Frank
|
