Consider the following assembly code There are 3 functions in the code main, func1 and func2 In the code, the main function calls func1, and then func1 calls func2 Your task is to determine what data is on the stack at different points during the programs execution Everything related to function calling must have the correct memory addresses, values (or empty if not possible to determine the value), and position in the stack For this problem assume the initial value of register rbp is 0x0 and rsp is 0x7fffffffe988 The given assembly code Dump of assembler code for function main 0x00005555555551d6 endbr64 0x00005555555551da push rbp 0x00005555555551db mov rsp, rbp 0x00005555555551de sub $0x20, rsp 0x00005555555551e2 mov fs 0x28, rax 0x00005555555551eb mov rax, 0x8( rbp) 0x00005555555551ef xor eax, eax 0x00005555555551f1 movabs $0x356b633072313632, rax 0x00005555555551fb mov rax, 0x12( rbp) 0x00005555555551ff movw $0x21, 0xa( rbp) 0x0000555555555205 lea 0x12( rbp), rax 0x0000555555555209 mov rax, rdi 0x000055555555520c callq 0x555555555170 0x0000555555555211 mov eax, 0x18( rbp) 0x0000555555555214 mov $0x0, eax 0x0000555555555219 mov 0x8( rbp), rdx 0x000055555555521d xor fs 0x28, rdx 0x0000555555555226 je 0x55555555522d 0x0000555555555228 callq 0x555555555050 0x000055555555522d leaveq 0x000055555555522e retq Dump of assembler code for function func1 0x0000555555555170 endbr64 0x0000555555555174 push rbp 0x0000555555555175 mov rsp, rbp 0x0000555555555178 sub $0x18, rsp 0x000055555555517c mov rdi, 0x18( rbp) 0x0000555555555180 movl $0x0, 0x8( rbp) 0x0000555555555187 movl $0x0, 0x4( rbp) 0x000055555555518e movl $0x0, 0x4( rbp) 0x0000555555555195 jmp 0x5555555551bd 0x0000555555555197 mov 0x4( rbp), eax 0x000055555555519a movslq eax, rdx 0x000055555555519d mov 0x18( rbp), rax 0x00005555555551a1 add rdx, rax 0x00005555555551a4 movzbl ( rax), eax 0x00005555555551a7 movsbl al, eax 0x00005555555551aa mov eax, edi 0x00005555555551ac callq 0x555555555149 0x00005555555551b1 test eax, eax 0x00005555555551b3 je 0x5555555551b9 0x00005555555551b5 addl $0x1, 0x8( rbp) 0x00005555555551b9 addl $0x1, 0x4( rbp) 0x00005555555551bd mov 0x4( rbp), eax 0x00005555555551c0 movslq eax, rdx 0x00005555555551c3 mov 0x18( rbp), rax 0x00005555555551c7 add rdx, rax 0x00005555555551ca movzbl ( rax), eax 0x00005555555551cd test al, al 0x00005555555551cf jne 0x555555555197 0x00005555555551d1 mov 0x8( rbp), eax 0x00005555555551d4 leaveq 0x00005555555551d5 retq Dump of assembler code for function func2 0x0000555555555149 endbr64 0x000055555555514d push rbp 0x000055555555514e mov rsp, rbp 0x0000555555555151 mov edi, eax 0x0000555555555153 mov al, 0x4( rbp) 0x0000555555555156 cmpb $0x2f, 0x4( rbp) 0x000055555555515a jle 0x555555555169 0x000055555555515c cmpb $0x39, 0x4( rbp) 0x0000555555555160 jg 0x555555555169 0x0000555555555162 mov $0x1, eax 0x0000555555555167 jmp 0x55555555516e 0x0000555555555169 mov $0x0, eax 0x000055555555516e pop rbp 0x000055555555516f retq We set a breakpoint at address 0x0000555555551ac in func1( ) callq and this is what we saw when we looked at the stack using x 20x $rsp Breakpoint 2, 0x00005555555551ac in func1 () (gdb) x 20xg $rsp 0x7fffffffe938 0x00007fffffffe96e 0x00007fffffffe966 0x7fffffffe948 0x0000000000000000 0x00007fffffffe980 0x7fffffffe958 0x0000555555555211 0x0000000000000000 0x7fffffffe968 0x3632555555555060 0x0021356b63307231 0x7fffffffe978 0x88001bad30191f00 0x0000000000000000 0x7fffffffe988 0x00007ffff7deb0b3 0x00007ffff7ffc620 0x7fffffffe998 0x00007fffffffea78 0x0000000100000000 0x7fffffffe9a8 0x00005555555551d6 0x0000555555555230 0x7fffffffe9b8 0x4c483b192d1f37a3 0x0000555555555060 0x7fffffffe9c8 0x00007fffffffea70 0x0000000000000000 Answer the following questions about the values shown on stack Q1 1 Where is the return address to main that was stored on the stack Q1 2 What is the return address to main that was stored on the stack Q1 3 What is the rbp value that is pushed to the stack by the instruction 0x0000555555555174 push rbp Q1 4 Where is the rbp value that is pushed to the stack by the instruction 0x0000555555555174 push rbp stored on the stack Q1 5 At what address does the result get stored at for the instruction 0x000055555555518e movl $0x0, 0x4( rbp) Q1 6 What is the 64 bit value at 0x18( rbp) Q2 Problem 2 We then set a breakpoint at 0x000055555555516f retq and looked at the stack and the memory just above where the current rsp is by using x 20xg $rsp 24 Use the memory and the assembly provided earlier to answer the following questions Breakpoint 3, 0x000055555555516f in func2 () (gdb) x 20xg $rsp 24 0x7fffffffe918 0x0000000000000000 0x0000553255554040 0x7fffffffe928 0x00007fffffffe950 0x00005555555551b1 0x7fffffffe938 0x00007fffffffe96e 0x00007fffffffe966 0x7fffffffe948 0x0000000000000000 0x00007fffffffe980 0x7fffffffe958 0x0000555555555211 0x0000000000000000 0x7fffffffe968 0x3632555555555060 0x0021356b63307231 0x7fffffffe978 0x5451f5e58d070900 0x0000000000000000 0x7fffffffe988 0x00007ffff7deb0b3 0x00007ffff7ffc620 0x7fffffffe998 0x00007fffffffea78 0x0000000100000000 0x7fffffffe9a8 0x00005555555551d6 0x0000555555555230 Q2 1 What value was stored to the stack by the instruction 0x0000555555555153 mov al, 0x4( rbp) Q2 2 At what address in the memory, was the value stored at in the instruction 0x0000555555555153 mov al, 0x4( rbp) Q2 3 What is the return address to func1 that was stored on the stack Q2 4 Where is the return address to func1 that was stored on the stack Q2 5 Where is the rbp value that is pushed to the stack by the instruction 0x000055555555514d push rbp stored on the stack

The Answer is in the image, click to view ...

Answered step by step

Verified Expert Solution

Link Copied!

Question

1 Approved Answer

Posted on Sep 29, 2024

Consider the following assembly code. There are 3 functions in the code - main, func1 and func2. In the code, the main function calls func1,

Consider the following assembly code. There are 3 functions in the code - main, func1 and func2. In the code, the main function calls func1, and then func1 calls func2. Your task is to determine what data is on the stack at different points during the programs execution. Everything related to function calling must have the correct memory addresses, values (or empty if not possible to determine the value), and position in the stack. For this problem assume the initial value of register %rbp is 0x0 and %rsp is 0x7fffffffe988.

The given assembly code:

Dump of assembler code for function main: => 0x00005555555551d6 <+0>: endbr64 0x00005555555551da <+4>: push %rbp 0x00005555555551db <+5>: mov %rsp,%rbp 0x00005555555551de <+8>: sub $0x20,%rsp 0x00005555555551e2 <+12>: mov %fs:0x28,%rax 0x00005555555551eb <+21>: mov %rax,-0x8(%rbp) 0x00005555555551ef <+25>: xor %eax,%eax 0x00005555555551f1 <+27>: movabs $0x356b633072313632,%rax 0x00005555555551fb <+37>: mov %rax,-0x12(%rbp) 0x00005555555551ff <+41>: movw $0x21,-0xa(%rbp) 0x0000555555555205 <+47>: lea -0x12(%rbp),%rax 0x0000555555555209 <+51>: mov %rax,%rdi 0x000055555555520c <+54>: callq 0x555555555170 0x0000555555555211 <+59>: mov %eax,-0x18(%rbp) 0x0000555555555214 <+62>: mov $0x0,%eax 0x0000555555555219 <+67>: mov -0x8(%rbp),%rdx 0x000055555555521d <+71>: xor %fs:0x28,%rdx 0x0000555555555226 <+80>: je 0x55555555522d 0x0000555555555228 <+82>: callq 0x555555555050 <__stack_chk_fail@plt> 0x000055555555522d <+87>: leaveq 0x000055555555522e <+88>: retq

Dump of assembler code for function func1: 0x0000555555555170 <+0>: endbr64 0x0000555555555174 <+4>: push %rbp 0x0000555555555175 <+5>: mov %rsp,%rbp 0x0000555555555178 <+8>: sub $0x18,%rsp 0x000055555555517c <+12>: mov %rdi,-0x18(%rbp) 0x0000555555555180 <+16>: movl $0x0,-0x8(%rbp) 0x0000555555555187 <+23>: movl $0x0,-0x4(%rbp) 0x000055555555518e <+30>: movl $0x0,-0x4(%rbp) 0x0000555555555195 <+37>: jmp 0x5555555551bd 0x0000555555555197 <+39>: mov -0x4(%rbp),%eax 0x000055555555519a <+42>: movslq %eax,%rdx 0x000055555555519d <+45>: mov -0x18(%rbp),%rax 0x00005555555551a1 <+49>: add %rdx,%rax 0x00005555555551a4 <+52>: movzbl (%rax),%eax 0x00005555555551a7 <+55>: movsbl %al,%eax 0x00005555555551aa <+58>: mov %eax,%edi 0x00005555555551ac <+60>: callq 0x555555555149 0x00005555555551b1 <+65>: test %eax,%eax 0x00005555555551b3 <+67>: je 0x5555555551b9 0x00005555555551b5 <+69>: addl $0x1,-0x8(%rbp) 0x00005555555551b9 <+73>: addl $0x1,-0x4(%rbp) 0x00005555555551bd <+77>: mov -0x4(%rbp),%eax 0x00005555555551c0 <+80>: movslq %eax,%rdx 0x00005555555551c3 <+83>: mov -0x18(%rbp),%rax 0x00005555555551c7 <+87>: add %rdx,%rax 0x00005555555551ca <+90>: movzbl (%rax),%eax 0x00005555555551cd <+93>: test %al,%al 0x00005555555551cf <+95>: jne 0x555555555197 0x00005555555551d1 <+97>: mov -0x8(%rbp),%eax 0x00005555555551d4 <+100>: leaveq 0x00005555555551d5 <+101>: retq

Dump of assembler code for function func2: 0x0000555555555149 <+0>: endbr64 0x000055555555514d <+4>: push %rbp 0x000055555555514e <+5>: mov %rsp,%rbp 0x0000555555555151 <+8>: mov %edi,%eax 0x0000555555555153 <+10>: mov %al,-0x4(%rbp) 0x0000555555555156 <+13>: cmpb $0x2f,-0x4(%rbp) 0x000055555555515a <+17>: jle 0x555555555169 0x000055555555515c <+19>: cmpb $0x39,-0x4(%rbp) 0x0000555555555160 <+23>: jg 0x555555555169 0x0000555555555162 <+25>: mov $0x1,%eax 0x0000555555555167 <+30>: jmp 0x55555555516e 0x0000555555555169 <+32>: mov $0x0,%eax 0x000055555555516e <+37>: pop %rbp 0x000055555555516f <+38>: retq We set a breakpoint at address 0x0000555555551ac in func1( ) callq and this is what we saw when we looked at the stack using x/20x $rsp

Breakpoint 2, 0x00005555555551ac in func1 () (gdb) x/20xg $rsp 0x7fffffffe938: 0x00007fffffffe96e 0x00007fffffffe966 0x7fffffffe948: 0x0000000000000000 0x00007fffffffe980 0x7fffffffe958: 0x0000555555555211 0x0000000000000000 0x7fffffffe968: 0x3632555555555060 0x0021356b63307231 0x7fffffffe978: 0x88001bad30191f00 0x0000000000000000 0x7fffffffe988: 0x00007ffff7deb0b3 0x00007ffff7ffc620 0x7fffffffe998: 0x00007fffffffea78 0x0000000100000000 0x7fffffffe9a8: 0x00005555555551d6 0x0000555555555230 0x7fffffffe9b8: 0x4c483b192d1f37a3 0x0000555555555060 0x7fffffffe9c8: 0x00007fffffffea70 0x0000000000000000 Answer the following questions about the values shown on stack

Q1.1 Where is the return address to main that was stored on the stack?

Q1.2 What is the return address to main that was stored on the stack?

Q1.3 What is the %rbp value that is pushed to the stack by the instruction `0x0000555555555174 <+4>: push %rbp?

Q1.4 Where is the %rbp value that is pushed to the stack by the instruction 0x0000555555555174 <+4>: push %rbp stored on the stack?

Q1.5 At what address does the result get stored at for the instruction 0x000055555555518e <+30>: movl $0x0,-0x4(%rbp)

Q1.6 What is the 64-bit value at -0x18(%rbp)?

Q2 Problem 2

We then set a breakpoint at 0x000055555555516f <+38>: retq and looked at the stack and the memory just above where the current rsp is by using x/20xg $rsp - 24 Use the memory and the assembly provided earlier to answer the following questions.

Breakpoint 3, 0x000055555555516f in func2 () (gdb) x/20xg $rsp-24 0x7fffffffe918: 0x0000000000000000 0x0000553255554040 0x7fffffffe928: 0x00007fffffffe950 0x00005555555551b1 0x7fffffffe938: 0x00007fffffffe96e 0x00007fffffffe966 0x7fffffffe948: 0x0000000000000000 0x00007fffffffe980 0x7fffffffe958: 0x0000555555555211 0x0000000000000000 0x7fffffffe968: 0x3632555555555060 0x0021356b63307231 0x7fffffffe978: 0x5451f5e58d070900 0x0000000000000000 0x7fffffffe988: 0x00007ffff7deb0b3 0x00007ffff7ffc620 0x7fffffffe998: 0x00007fffffffea78 0x0000000100000000 0x7fffffffe9a8: 0x00005555555551d6 0x0000555555555230

Q2.1 What value was stored to the stack by the instruction 0x0000555555555153 <+10>: mov %al,-0x4(%rbp)

Q2.2 At what address in the memory, was the value stored at in the instruction 0x0000555555555153 <+10>: mov %al,-0x4(%rbp)

Q2.3 What is the return address to func1 that was stored on the stack?

Q2.4 Where is the return address to func1 that was stored on the stack?

Q2.5 Where is the %rbp value that is pushed to the stack by the instruction 0x000055555555514d <+4>: push %rbp stored on the stack?