Code mystery!

November 22, 2008 – 7:25 pm

Even seemingly lame classes can be awesome from time to time.

Right now my network security class (which has been suffering from a distinct lack of awesome until recently) has two quite enjoyable homeworks out. The first (hw5) is to implement a buffer and heap overflow attack. The second (hw6) is to attack a WEP encrypted network find out what lives there and steal some passwords/files. Both of these are things I’ve known how to do in theory for a long time but have never gotten around to implementing. That being said they are much more difficult in practice than in theory… which brings me to the purpose of this post.

So I’m working on hw5 and reading the assembly produced by gcc to figure out the make up of my stack and I see the following:

movl    $0, %eax       ; eax <- 0
addl    $15, %eax      ; eax <- eax + 15; eax = 1111
addl    $15, %eax      ; eax <- eax + 15; eax = 0001 1110
shrl    $4, %eax       ; shift right by 4; eax = 0001
sall    $4, %eax       ; shift right by 4, preserving sign bits; eax = 0000
movl    %eax, -8(%ebp) ; (fb - 8) = eax
movl    -8(%ebp), %eax ; eax = (fb - 8)... der, wtf?

Unless I'm missing something the compiler just jumped through a freaking ton of hoops to accomplish storing 0 on the stack. Would someone please tell me what's going on if I've got this wrong? Then, to top it all off, after we movl %eax, -8(%ebp) we turn right around and do the reverse movl -8(%ebp), %eax which just totally confuses me.

Well, I'm a bit of an idiot. I just looked at this again and noticed it was shrl and shll which is a shift right then a shift LEFT which is to say it 0's out the bottom 4 bits. I'm still not sure about the last two movl instructions though.

Sorry, comments for this entry are closed at this time.