Search code examples
gccassemblyreverse-engineeringdisassemblyobjdump

What are these extra instructions when disassembling simple binary?

this is a bit of a noobish question... Here's a quick bit of background. I'm learning about assembly, so I wrote a really simple C program, compiled it with gcc -m32 -O0 -o prog.elf and then ran objdump against it with objdump -M intel -d prog.elf.

The C code is:

#include <stdio.h>

int main() {
    int a = 1;
    int b = 2;
    a = a + b;

    return (0);
}

Which seems simple enough. The generated Intel assembly (with my comments) is:

push   ebp                       ; Push previous stack frame.
mov    ebp, esp                  ; Move SP to EBP to set new stack frame.
sub    esp, 0xc                  ; Reserve 0xc bytes for local variables.
xor    eax, eax                  ; Clear eax.
mov    DWORD PTR [ebp-0x4], 0x0  ; Move 0x0 into local variable ebp-0x4.
mov    DWORD PTR [ebp-0x8], 0x1  ; Move 0x1 into local variable ebp-0x8.
mov    DWORD PTR [ebp-0xc], 0x2  ; Move 0x2 into local variable ebp-0xc.
mov    ecx, DWORD PTR [ebp-0x8]  ; Move local variable ebp-0x8 into ecx.
add    ecx, DWORD PTR [ebp-0xc]  ; Add local variable ebp-0xc to ecx.
mov    DWORD PTR [ebp-0x8], ecx  ; Move value of ecx into local variable ebp-0x8.
add    esp, 0xc                  ; Set SP back to location before.
pop    ebp                       ; Restore base pointer.
ret                              ; Return

My question is, what is ebp-0x4 doing there? It doesn't seem to be doing anything. I'll take a guess and say it's from main()'s paramaters, which it doesn't have, but for some reason it still pushes 0x0 as a parameter if none are provided? Also, why xor eax, eax doesn't seem to be used...

I'm just a little confused about why they're there. If anyone can help me understand why that would be great. Thanks in advance!

Solution

  • I'm not sure as to why you think xor eax, eax is not being used, this is a simple way to set eax to zero. Since it's often the return code from a function, it would be the equivalent of your return 0; (which doesn't need parentheses by the way).

    As to why the ebp-0x4 is there, I couldn't say. I will say that the rest of the code is well and truly unoptimised so it may just be an artefact of the compilation process. It may well disappear at higher optimisation levels, especially since the entire function could basically be replaced with the one line you think is superfluous :-)