Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why there is always a useless function argument in stack?

Tags:

assembly

freebsd

I'm learning assembly language programming on FreeBSD. I'm using FreeBSD 9.0 i386 release and nasm assembler.

When I wrote a simple syscall function, I found that I had to push a useless value into the stack to make the code run correctly.

For example: 

; File:test.asm
section .text
  global _start
_start:
  xor  eax,eax
  ; Argument of exit()
  push 0x0
  ; Syscall of exit()
  mov  al,1
  int  0x80

I used the following command to assemble and link the above code: 

%nasm -f elf test.asm -o test.o
%ld test.o -o test.bin

I used ktrace to inspect the program and found: 

%ktrace ./test.bin
%kdump -d -f ./ktrace.out 
2059 ktrace   RET   ktrace 0
2059 ktrace   CALL  execve(-1077940941,-1077941260,-1077941252)
2059 ktrace   NAMI  "./test.bin"
2059 test.bin RET   execve 0
2059 test.bin CALL  exit(1)

So the code didn't run correctly, cause I provided 0 as the only argument of exit() but the program actually run exit(1).

Then I changed my code.

; File:test.asm
section .text
  global _start
_start:
  xor  eax,eax
  push 0x0
  ; Whatever digits,0x1,0x2...0xFFFFFFFF, ect.
  push 0xFFFFFFFF
  mov  al,1
  int  0x80

Then the code was executed correctly.

At first, I though it was because of something like "stack padding" or "stack alignment", like Stack allocation, padding, and alignment. So it might respect 16-bit alignment. But I found it not. For example, This following code: 

; File:test.asm
section .text
  global _start
_start:
  xor  eax,eax
  push 0x0
  ; Actual argument of exit()
  push 0x3
  push 0xFFFFFFFF
  ; Syscall of exit()
  mov  al,1
  int  0x80

actually executed exit(3). It seemed that it didn't align bytes. I debug the above code with gdb, when the last line was about to be executed, the stack was something like this: 

0xFFFFFFFF  -> esp
0x00000003
0x00000000

So here's my question: why there's always a useless argument or is there a method to work around?

like image 783
Lion Avatar asked Jul 11 '12 13:07

Lion

1 Answers

It's a dummy argument to increase performance slightly by preventing a call/ret instruction pair.

See $2.1 in the below link:

http://www.int80h.org/bsdasm/#default-calling-convention

like image 145
Josh Greifer Avatar answered Oct 18 '22 22:10

Josh Greifer
Sign in to Comment

Related questions

Why does TZCNT work for my Sandy Bridge processor?
Confused about data alignment for double variables
What are the advantages of a frame pointer?
What does code pattern like .size X,.-X do?
How to get the gcc compiler to not optimize a standard library function call like printf?
Why do I get triple fault when trying to handle an exception on 286 but not on a modern CPU nor Bochs?
Solution needed for building a static IDT and GDT at assemble/compile/link time
How are BIOS interrupts deconflicted with reserved hardware interrupts?
How to optimise this 8-bit positional popcount using assembly?
How does an instruction decoder tell the difference between a prefix and a primary opcode?
Why can't we declare uninitialized variables in .bss section using `?` in arbitrary order?
Call C function from Assembly -- the application freezes at "call printf" and I have no idea why
How to determine values saved on the stack?
Question about ADD on ASM 8086
i386 assembly question: why do I need to meddle with the stack pointer?
GCC inline assembly - Move float to XMM0 before call
Detours Hook in external process for "empty" function does not work
LC3 Assembly Bitwise Right Shift
Self modifying code, copy/jump in the heap failed
What's the equivalent of BP register ( Frame Pointer ) on ARM processors?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!