Hackernoon logoHow C Program Converts Into Assembly by@IndianWestCoast

How C Program Converts Into Assembly

Author profile picture

@IndianWestCoastVishal Chovatiya

Software DeveloperāŒØ, Fitness FreakšŸ‹, GeekšŸ¤“, HipsteršŸ•“, BloggeršŸ‘Øā€šŸ’», Productivity HackerāŒš

In an earlier article, we have seen C runtime: before starting main & How C program stored in RAM memory. Here we will see "How C program converts into the assembly?" and different aspect of its working at the machine level.
/!\: Originally published @Ā www.vishalchovatiya.com.

A bit about function stack frames

  • During function code execution, a new stack frame is created in stack memory to allow access to function parameters and local variables.
  • The direction of stack frame growth totally depends on compiler ABI which is out of our scope for this article.
  • The complete information on stack frame size, memory allocation, returning from stack frame is decided at compile time.
  • Before diving into assembly code you should be aware of two things :
  1. CPU registers of x86 machine.
  2. x86 assembly instructions: As this is a very vast topic & updating quite frequently, we will only see the instructions needed for our examples.

x86 CPU Registers

General Purpose Registers
Pointer Register
Segment Register
Index Registers
Apart from all these, there are many other registers as well which even I don't know about. But above-mentioned registers are sufficient to understand the subsequent topics.

How C program converts into assembly?

We will consider the following example with its disassembly inlined to understand its different aspect of its working at machine level :
We will focus on a stack frame of the function
func()
. But before analysing stack frame of it, we will see how the calling of function happens

Function calling

Function calling is done by call instruction(see Line 15) which is subroutine instruction equivalent to:
push rip + 1 ; return address is address of next instructions
jmp func
Here,
call
store the
rip+1
(not that +1 is just for simplicity, technically this will be substituted by the size of instruction) in the stack which is return address once call to
func()
ends.

Function stack frame

A function stack frame is divided into three parts
1. Prologue/Entry: As you can see instructions(line 2 to 4) generated against start bracket
{
is prologue which is setting up the stack frame for
func()
, Line 2 is pushing the previous frame pointer into the stack & Line 3 is updating the current frame pointer with stack end which is going to be a new frame start.
push 
is basically equivalent to :
sub esp, 4   ; decrements ESP by 4 which is kind of space allocation
mov [esp], X ; put new stack item value X in

Parameter passing

Argument ofĀ 
func()
Ā is stored inĀ 
ediĀ 
register on Line 14 before callingĀ 
callĀ 
instruction. If there is more argument then it will be stored in a subsequent register or stack & address will be used.
Line 4 inĀ 
func()
Ā is reserving space by pulling frame pointer(pointed byĀ 
rbp
Ā register) down by 4 bytes for the parameterĀ 
argĀ 
as it is of typeĀ 
int
. ThenĀ 
movĀ 
instruction will initialize it with value store in
edi
. This is how parameters are passed & stored in the current stack frame.
          ---|-------------------------|--- main()
             |                         |          
             |                         |          
             |                         |          
             |-------------------------|          
             |    main frame pointer   |          
rbp & rsp ---|-------------------------|--- func()
in func()    |           arg           |          
             |-------------------------|          
             |            a            |          
             |-------------------------|    stack 
             |            +            |      |   
             |            +            |      |   
             |            +            |      |   
          ---|-------------------------|---  \|/  
             |                         |          
             |                         |          
                                                   

Allocating space for local variables

2.Ā UserĀ code:Ā Line 5 is reserving space for a local variableĀ 
a
, again by pulling frame pointer further down by 4 bytes.Ā 
mov
Ā instruction will initialize that memory with a valueĀ 
5
.

Accessing global & local static variables

  • As you can see above,Ā 
    gĀ 
    is addressed directly with its absolute addressing because its address is fixed which lies in the data segment.
  • This is not the case all the time. Here we have compiled our code for Ā x86 mode, thatā€™s why it is accessing it with an absolute address.
  • In the case of x64 mode, the address is resolved usingĀ 
    rip
    Ā register which meant that the assembler and linker should cooperate to compute the offset ofĀ 
    gĀ 
    from the ultimate location of the current instruction which is pointed byĀ 
    rip
    Ā register.
  • The same statement stands true for the local static variables also.
3. Epilogue/Exit:Ā After the user code execution, the previous frame pointer is retrieved from the stack byĀ 
pop
Ā instruction which we have stored in Line 2.Ā 
popĀ 
is equivalent to:
mov X, [esp] ; put top stack item value into X 
add esp, 4   ; increments ESP by 4 which is kind of deallocation

ReturnĀ from function

ret
instruction jumps back to the next instruction from where
func() 
called by retrieving the jump address from stack stored byĀ 
call 
instruction.Ā 
ret
Ā is subroutine instruction which is equivalent to:
pop rip ; 
jmp rip ;
If any return value specified then it will be stored inĀ 
eax
register which you can see in Line 16.
So, this is it for ā€œHow C program converts into assembly?ā€. Although this kind of information is strictly coupled with compiler & ABI. But most of the compilers, ABI & instruction set architecture follows the same more or less. In case, you have not gone throughĀ my previous articles, here are simple FAQs helps you to understand better:

Intuitive FAQsĀ 

Q. How do you determine the stack growth direction ?
A.Ā Simpleā€¦! by comparing the address of two different functionā€™s local variables.
int *main_ptr = NULL;
int *func_ptr = NULL;
void func() { int a; func_ptr = &a; }
int main()
{
    int a; main_ptr = &a;
    func();
    (main_ptr > func_ptr) ? printf("DOWN\n") : printf("UP\n");
    return 0;
}
Q. How do you corrupt stack deliberately ?
A.Ā Corrupt the SFR values stored in the stack frame.
void func()
{
    int a;
    memset(&a, 0, 100); // Corrupt SFR values stored in stack frame
}
int main()
{
    func();
    return 0;
}
Q. How you can increase stack frame size ?
A.Ā 
alloca()
Ā is the answer. Google about it or seeĀ this. Although this is not recommended.

Tags

The Noonification banner

Subscribe to get your daily round-up of top tech stories!