Assembly: memory address of variables in C programming

This is my C code

C:\Codes>gdb test -q Reading symbols from C:\Codes\test.exe...done. (gdb) list 1,15 1 #include<stdio.h> 2 3 int main() 4 { 5 int a = 12345; 6 int b = 0x12345; 7 printf("+-----+-------+---------+----------+\n"); 8 printf("| Var | Dec | Hex | Address |\n"); 9 printf("+-----+-------+---------+----------+\n"); 10 printf("| a | %d | 0x%x | %p |\n",a,a,&a); 11 printf("| b | %d | 0x%x | %p |\n",b,b,&b); 12 printf("+-----+-------+---------+----------+\n"); 13 14 return 0; 15 } (gdb) set disassembly-flavor intel 

And this is standard output

 C:\Codes>test +-----+-------+---------+----------+ | Var | Dec | Hex | Address | +-----+-------+---------+----------+ | a | 12345 | 0x3039 | 0022FF4C | | b | 74565 | 0x12345 | 0022FF48 | +-----+-------+---------+----------+ 

This is what I see in GDB

 (gdb) break 7 Breakpoint 1 at 0x40135e: file test.c, line 7. (gdb) run Starting program: C:\Codes/test.exe [New Thread 4044.0xab0] Breakpoint 1, main () at test.c:7 7 printf("+-----+-------+---------+----------+\n"); (gdb) disassemble Dump of assembler code for function main: 0x00401340 <+0>: push ebp 0x00401341 <+1>: mov ebp,esp 0x00401343 <+3>: and esp,0xfffffff0 0x00401346 <+6>: sub esp,0x20 0x00401349 <+9>: call 0x401990 <__main> 0x0040134e <+14>: mov DWORD PTR [esp+0x1c],0x3039 0x00401356 <+22>: mov DWORD PTR [esp+0x18],0x12345 => 0x0040135e <+30>: mov DWORD PTR [esp],0x403024 0x00401365 <+37>: call 0x401c00 <puts> 0x0040136a <+42>: mov DWORD PTR [esp],0x40304c 0x00401371 <+49>: call 0x401c00 <puts> 0x00401376 <+54>: mov DWORD PTR [esp],0x403024 0x0040137d <+61>: call 0x401c00 <puts> 0x00401382 <+66>: mov edx,DWORD PTR [esp+0x1c] 0x00401386 <+70>: mov eax,DWORD PTR [esp+0x1c] 0x0040138a <+74>: lea ecx,[esp+0x1c] 0x0040138e <+78>: mov DWORD PTR [esp+0xc],ecx 0x00401392 <+82>: mov DWORD PTR [esp+0x8],edx 0x00401396 <+86>: mov DWORD PTR [esp+0x4],eax 0x0040139a <+90>: mov DWORD PTR [esp],0x403071 0x004013a1 <+97>: call 0x401c08 <printf> 0x004013a6 <+102>: mov edx,DWORD PTR [esp+0x18] 0x004013aa <+106>: mov eax,DWORD PTR [esp+0x18] 0x004013ae <+110>: lea ecx,[esp+0x18] 0x004013b2 <+114>: mov DWORD PTR [esp+0xc],ecx 0x004013b6 <+118>: mov DWORD PTR [esp+0x8],edx 0x004013ba <+122>: mov DWORD PTR [esp+0x4],eax 0x004013be <+126>: mov DWORD PTR [esp],0x40308c 0x004013c5 <+133>: call 0x401c08 <printf> 0x004013ca <+138>: mov DWORD PTR [esp],0x403024 0x004013d1 <+145>: call 0x401c00 <puts> 0x004013d6 <+150>: mov eax,0x0 0x004013db <+155>: leave 0x004013dc <+156>: ret End of assembler dump. (gdb) 

The address for variables a and b must be in 0x22ff4c and 0x22ff48 respectively

 (gdb) print &a $1 = (int *) 0x22ff4c (gdb) print &b $2 = (int *) 0x22ff48 

However, if you look at the next GDB dismantling, the address was not 0x22ff4c and 0x22ff48 , but 0x0040134e and 0x00401356

  0x0040134e <+14>: mov DWORD PTR [esp+0x1c],0x3039 0x00401356 <+22>: mov DWORD PTR [esp+0x18],0x12345 

I am also debugging this on x32dbg, but getting the same address. x32dbg

I'm confused here. What are 0x0040134e and 0x00401356 if they are not memory addresses for variables a and b ?

+5
source share
1 answer
 0x0040134e <+14>: mov DWORD PTR [esp+0x1c],0x3039 0x00401356 <+22>: mov DWORD PTR [esp+0x18],0x12345 

No, 0x0040134e and 0x00401356 are not addresses for variables a and b . Instead, they are the address of the instruction in the code, i.e. IP instruction pointer . a and b initialized in the following lines:

 0x0040134e <+14>: mov DWORD PTR [esp+0x1c],0x3039 0x00401356 <+22>: mov DWORD PTR [esp+0x18],0x12345 

Here the address a and b corresponds to esp+0x1c and esp+0x18 , where esp is the stack pointer. As the address, you get 0x22ff4c and 0x22ff48 , from which you can easily subtract that the current esp is 0x22ff4c - 0x1c .

Note that this answer ignores basic virtual memory management or other related operating system memory management issues, i.e. for most architectures 0x22ff4c and 0x22ff48 , the virtual memory address will be used, not the real physical address of your RAM.

+7
source

Source: https://habr.com/ru/post/1269410/


All Articles