Exercise 5 [X86 Stack Layout] 

Consider the following simple program:

	#include int CallMe(int a, int b) { int tmp; tmp = a + b; tmp = 2*tmp-a; return tmp; } int main() { int ret = CallMe(11, 22); return ret; }

Study the corresponding assembly language code below, then fill in the stack contents at the indicated breakpoints. 

Disassembled code for function main:

main

0x080483bf : push ebp

0x080483c0 : mov ebp,esp

0x080483c2 : push ecx

0x080483c3 : sub esp,0x18

0x080483c6 : mov DWORD PTR [esp+0x4],0x16

0x080483ce : mov DWORD PTR [esp],0xb

/* Breakpoint 1 at (main+22) */

0x080483d5 : call 0x8048394 

0x080483da : mov DWORD PTR [ebp-0x8],eax

0x080483dd : mov eax,DWORD PTR [ebp-0x8]

0x080483e0 : add esp,0x18

0x080483e3 : pop ecx

0x080483e4 : pop ebp

0x080483e5 : lea esp,[ecx-0x4]

0x080483e8 : ret 

Disassembled code for function CallMe:

CallMe

0x08048394 : push ebp

0x08048395 : mov ebp,esp

/* Breakpoint 2 at (CallMe+3) */

0x08048397 : sub esp,0x10

0x0804839a : mov edx,DWORD PTR [ebp+0xc]

0x0804839d : mov eax,DWORD PTR [ebp+0x8]

0x080483a0 : add eax,edx

0x080483a2 : mov DWORD PTR [ebp-0x4],eax

/* Breakpoint 3 at (CallMe+17) */

0x080483a5 : mov eax,DWORD PTR [ebp-0x4]

0x080483a8 : add eax,eax

0x080483aa : sub eax,DWORD PTR [ebp+0x8]

0x080483ad : mov DWORD PTR [ebp-0x4],eax

/* Breakpoint 4 at (CallMe+28) */

0x080483b0 : mov eax,DWORD PTR [ebp-0x4]

0x080483b3 : leave 

0x080483b4 : ret 

Assume that you have placed breakpoints at addresses labeled 1 through 4 in the assembly code. Show the contents of the stack at each execution breakpoint. Use precise values whenever available for example, show the hexadecimal value of the return address, and the actual numbers placed on the stack.

/* Breakpoint 1 */		/* Breakpoint 2 */		/* Breakpoint 3 */		/* Breakpoint 4 */
24 bytes		24 bytes		24 bytes		24 bytes
ecx		ecx		ecx		ecx
ebp(os)		ebp(os)		ebp(os)		ebp(os)