On Thursday 25 January 2007 01:43, In Cognito wrote:
> > > 0x080483a7 <func+3>: sub $0x208,%esp
> > > 0x080483ad <func+9>: mov 0x8(%ebp),%eax
> > > 0x080483b0 <func+12>: mov %eax,0x4(%esp)
> > > 0x080483b4 <func+16>: lea 0xfffffe00(%ebp),%eax
> > > 0x080483ba <func+22>: mov %eax,(%esp)
> > > 0x080483bd <func+25>: call 0x80482e8 <strcpy@plt>
> > > 0x080483c2 <func+30>: leave
> > > 0x080483c3 <func+31>: ret
> > >
> > > 0x208 = 520 bytes; alright padding can be useful
> > > 0xfffffe00(%ebp) = -512 + ebp.
> >
> > What padding? It's a place for strcpy parameters...
>
> char buf[512]
>
> sub $0x208,%esp
>
> 0x208 = 520 bytes allocated on the stack. there are 8 extra bytes
> between %esp and buf[0].
Exactly. Two 32-bit stack slots.
And look for what these two stack slots are used:
> > > 0x080483ad <func+9>: mov 0x8(%ebp),%eax
> > > 0x080483b0 <func+12>: mov %eax,0x4(%esp) [esp+4] = b
> > > 0x080483b4 <func+16>: lea 0xfffffe00(%ebp),%eax
> > > 0x080483ba <func+22>: mov %eax,(%esp) [esp] = &buf
> > > 0x080483bd <func+25>: call 0x80482e8 <strcpy@plt> call strcpy
This is it. strcpy will see them on stack as parameters.
It isn't padding.
--
vda