stackoom
  简体   繁体   中英

What is the equivalent C code for this assembly?

 原文  2015-10-09 04:41:07       c/ assembly/ reverse-engineering

Question

add    0x4025c0(,%rcx,4),%edx

So I'm trying to convert this piece of assembly code into the actual C expression, can anyone please help me? Thank you!

Updated: The code is actually part of this assembly program: 

   0x00000000004010fe <+0>:     push   %rbx
   0x00000000004010ff <+1>:     mov    %rdi,%rbx
   0x0000000000401102 <+4>:     callq  0x401341 <string_length>
   0x0000000000401107 <+9>:     cmp    $0x6,%eax
   0x000000000040110a <+12>:    je     0x401111 <phase_5+19>
   0x000000000040110c <+14>:    callq  0x4015bf <explode_bomb>
   0x0000000000401111 <+19>:    mov    $0x0,%eax
   0x0000000000401116 <+24>:    mov    $0x0,%edx
   0x000000000040111b <+29>:    movzbl (%rbx,%rax,1),%ecx
   0x000000000040111f <+33>:    and    $0xf,%ecx
   0x0000000000401122 <+36>:    add    0x4025c0(,%rcx,4),%edx
   0x0000000000401129 <+43>:    add    $0x1,%rax
   0x000000000040112d <+47>:    cmp    $0x6,%rax
   0x0000000000401131 <+51>:    jne    0x40111b <phase_5+29>
   0x0000000000401133 <+53>:    cmp    $0x33,%edx
   0x0000000000401136 <+56>:    je     0x40113d <phase_5+63>
   0x0000000000401138 <+58>:    callq  0x4015bf <explode_bomb>
   0x000000000040113d <+63>:    pop    %rbx
   0x000000000040113e <+64>:    xchg   %ax,%ax
   0x0000000000401140 <+66>:    retq

3 answers

solution1
 3  

add    0x4025c0(,%rcx,4),%edx

means 

%edx += *(0x4025c0 + %rcx*4);

%rcx is a register in x64 asm. Here 0x4025c0 is the base address. *4 illustrates that the size of array element is 4 bytes (32 bits). So it can be translated into 

%edx += *(uint32_t)0x4025c0[%rcx];

The whole code snippet does the following thing: 

void check(char *str)
{
    const uint32_t *subTable = 0x4025c0;

    if (strlen(str) == 6)
    {
        uint32_t j = 0;
        for (int i = 0; i < 6; i++)
            j += subTable[str[i]];
        if (j == 0x33)
            return;
    }
    call explode_bomb;
}

A substitution table is stored in address 0x4025c0. Only when the input is of length 6 and the sum of its substitution numbers is 0x33, it will pass the check.

solution2
 2  2015-10-09 04:51:09

Simply expressing it in C is something like edx += ((uint32_t *)0x4025c0)[rcx]; But it's rather impossible to know what it's being used for without more context.

solution3
 0  2015-10-09 05:03:02

Usually, the brackets are to be of the form 

displacement(base register, offset register, scalar multiplier)

which is expanded as, 

[base register + displacement + offset register * scalar multiplier].

So, 

0x4025c0(,%rcx,4)

is, 

(0x4025C0 + value at RCX * 4)

and 

ADD    (0x4025C0 + value at RCX x 4), %edx

should mean, 

edx += (0x4025C0 + ((*rcx)*4));

It means that after execution of this instruction, for example, if value at RCX is 100 (0x64), then EDX will hold the value 0x4025C0 + 0x190 .

Reference: https://en.wikibooks.org/wiki/X86_Assembly/GAS_Syntax

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question what is this assembly code in C? Decoding equivalent assembly code of C code Assembly Code to C, what are the arguments in the C code that will make the Assembly code What is the C++ equivalent of this C code Assembly Language to C equivalent What is the Linux 64 Assembly Equivalent for C's system call? debugging the assembly equivalent of a c code to understand the function call What is the RUST equivalent of following C code? Converting Visual C/C++ inline assembly code to GCC equivalent code Obtaining the assembly equivalent code from my C/C++ code - x86 and ARM
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM