charc1willstorethecharacterwhichisreadc2willstoreacopyoftheKSPStatusppointertokeyboardportsp0x62while1c2pifc20x10breakifKSPsayskeyhitbreakc1p2readthecharacterfr ID: 104857
Download Pdf The PPT/PDF document "ofas-ashowsthattheCALLwasato set0x000bof..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
ofas-ashowsthattheCALLwasato set0x000bofthe.textsegment.Sothelattermusthavestartedat0x804807f-0x000b=0x8048074.TheGDBsessionalsoshowsthatxwasatlocation0x80490a4.Sincexwasatthebeginningofthe.datasegment,thelattermustalsostartat0x80490a4.2.dOur rstquerytoGDBaboutc(ESP)hadbeenjustbeforetheCALL.Atthattime,thetwoargumentstoinit()hadalreadybeenpushedontothestack.Theexe-cutionoftheCALLandthentheREThadnonete ectonESP,sowhenwereachedtheADDwhichimmediatelyfollowedtheCALL,c(ESP)wasstillwhatithadbeenatourlastquery,0xb fcec8.TheADDthenadded8tothatvalue,yielding0xb fced0.ESPneverchangedafterthat.3.ap/x$ebp3.bTheinstructionmovl$12(%ebp),%eaxpointedEAXtothebeginningofargv,i.e.argv[0].Thenextline,addl$4,%eaxmovedEAXtopointtoargv[1].Ifwewantargv[3]instead,thenthenumberaddedshouldbe12insteadof4.4.Ofcourse,justbeforetheCALL,weneedtopushthetwoargumentstoscanf(),whichare$xand$fmt.Notethatthe rstofthoseshouldNOTbex,incontrasttotheprintf()case;that'sbecauseourcallinthescanf()casewouldbescanf("%",&x)|notetheampersand.Butthere'smore.Wehavetoworryaboutwhatscanf()mightdotoourregistervalues.ItsayslaterinthenotesthattheCcompiler'scallingconventionisasfollows:Themodulebeingcompiled,inthiscasescanf(),mustsavethevaluesoftheESI,EDIandEBXregistersthathadbeenthereatthetimethecallingmodulemakesthecall.Inourcasehere,ourcallingmoduleneednotworrythatitsvalueinEBXmaybelost.Ontheotherhand,ourcallingmoduledoesuseECX,andthecompilerdoesNOTguaranteethatthevalueinthatregisterwillbepreserved;so,wemustsaveitonthestackbeforethecall,andrestoreitafterthecall.WecouldalsosaveandrestoreEDXforthesamereason,incasewelateraddcodewhichusesEDX.Inaddition,incallinganyCfunction,weknowthattheremaybeareturnpassedbackinEAX.ThatisespeciallytruefortheClibraryfunctions,whichgenerallygivearesultasareturnvalue.So,inourcallingmodulewemustprotectEAXtoo,bysavingitbeforethecallandrestoringitafterward.5. charc1,//willstorethecharacterwhichisreadc2,//willstoreacopyoftheKSPStatus*p;//pointertokeyboardports...p=0x62;while(1){c2=*p;if(!(c2&0x10))break;//ifKSPsayskeyhit,break}c1=*(p-2);//readthecharacterfromtheKDPc2|=0x20;*p=c2;//flickACKbitonc2&=0xdf;*p=c2;//restoreACKbitto02