To start learning how to read assembly, we first take a look at a very basic C function and its stack.
We will look at the assembly of the following C program:
int main() {
return 0;
}This program simply returns the return code 0 for the main() function to signify successful completion. A non-zero return code can be used to signal an unsuccessful completion.
The x86_64 assembly of the above program looks something as follows:
main:
push rbp
mov rbp, rsp
mov eax, 0
pop rbp
retWe are using the Intel syntax for the assembly in the entire series. To learn how we disassembled the C code to assembly, refer to this blog post.
When the main() function is called, the return address of the calling function is pushed onto the stack (To understand how the stack frame is set when C program is executed, refer to this post). The stack at this moment should look as follows:
Back to the code!
int main() {push rbp
mov rbp, rspThe C code on the left corresponds to the assembly on the right. These first two instructions are a part of every C function and are called as the function prologue or preamble. They prepare the stack and the registers for a C function.
Now let us take a look at how the stack looks when these instructions are executed
push rbp
The push instruction stores the value of the current base pointer (RBP) on the top of the stack. This is done so that once main() is finished executing it can return to the calling function at the same point when main() was called. With the push instruction, the stack pointer (RSP) is always incremented to point to the latest entry on top of the stack.
mov rbp, rsp
Now, the value of the RBP is set to the address of the RSP. Both the registers now point to the same location on the stack. At this point the stack is setup so that the main() function can execute.
return 0;
}mov eax, 0
pop rbp
retBy convention, in x86_64 the return value should be stored in the 64-bit register RAX. The 32-bit register EAX is used in the first mov instruction because an int value is returned which is 4 bytes/32-bit. But if you are writing assembly, you can store this is any register you want.
After any C function returns, there are two things to be done:
- The
main()function stack needs to be cleaned to prevent any memory leak. - The control needs to be returned to the calling function that called the C function.
This is done by the last two instructions on the left and they are called as the epilogue of every C function. Now, let us see how they achieve this.
pop rbp
As there were no local variables, the stack did not need to be cleaned. We will discuss the next blog.
The pop instruction stores the value on the top of the stack (pointed at by the RSP) to RBP. This essentially restores the base pointer to the previous point where the calling function made the call to the main() funciton. The RSP is also decremented by the pop instruction to point to the current top of the stack.
ret
The ret instruction transfers the control to the return address of the calling function that was stored on the top of the stack. It also always moves the value of the current RSP to RBP to resume the execution flow at the instruction following the call to the main() function.
Now that we have a slight understanding of how the stack is setup and cleaned function is called, we look at the next program to understand some more cases.