NASM - The Netwide Assembler

NASM Forum => Programming with NASM => Topic started by: turtle13 on December 21, 2018, 03:25:20 AM

Title: What is this line of assembly doing (IDA disassembler) cs:stdin@@GLIBC_2_2_5
Post by: turtle13 on December 21, 2018, 03:25:20 AM

what is going on in this line of assembly code?

(https://i.imgur.com/oNvJvyY.png)

Title: Re: What is this line of assembly doing (IDA disassembler) cs:stdin@@GLIBC_2_2_5
Post by: Frank Kotler on December 21, 2018, 03:57:17 AM

Hi Turtle13,
Good to see ya!

Appears to be setting the file for fgets (man 3 fgets) to read to stdin. Then calls fgets and goes elsewhere if nothing read.

Best,
Frank

Title: Re: What is this line of assembly doing (IDA disassembler) cs:stdin@@GLIBC_2_2_5
Post by: turtle13 on December 21, 2018, 02:18:15 PM

Frank nice to hear from you,

thanks for giving some clarification. Specifically what is the cs:GLIBC_2_2_5 doing... cs is a segment register correct? and LibC is the "C library of functions" so I'm assuming that that points to some offset in the .bss or .data section that has the "fgets" function call? And loading that offset into rdx? For 64- bit the 3rd arg is put into rdx register, so in this case that would be the "FILE *stream" argument for fgets

Code: [Select]

char *fgets(char *s, int size, FILE *stream)

Title: Re: What is this line of assembly doing (IDA disassembler) cs:stdin@@GLIBC_2_2_5
Post by: Frank Kotler on December 21, 2018, 07:52:20 PM

Ahhh, I've been thinking I should have tried to explain that better, although I do NOT claim to know C! The C Standard Library contains open(). read(), write(). etc.  - equivalent (?) to the system calls you're probably used to. It also includes fopen(), fread(), etc. If you learn C "from the book", it probably tells you to use fread(), etc. and may not even mention that the other versions exist. The difference is that the "f" versions are "buffered I/O".  These use a "different stdin" (etc.) than the small integer "STDIN" you'd use for system calls. This "stdin" (I think) is the address of a structure which knows where the actual buffer is and the current position in the buffer 0 as well as STDIN=0, I suppose. If you're not aware that you've asked for buffered I/O, the results may not be what you expect.
"cs" is a segment register, but in this case it's a segment override - the address of "stdin" is with respect to section .text rather than .data or .bss. "fgets" itself would be in .text, although the address of it might be found elsewhere(?). I think IDA is adding that (and the underscore on "fgets). I don't think you'd need them if you were writing the code yourself.

Best,
Frank

Title: Re: What is this line of assembly doing (IDA disassembler) cs:stdin@@GLIBC_2_2_5
Post by: turtle13 on December 28, 2018, 07:03:27 AM

So by "segment override" that means that the cs register will have whatever was stored in it before replaced with the segment starting address for the "GLIBC_2_2_5" segment?

Title: Re: What is this line of assembly doing (IDA disassembler) cs:stdin@@GLIBC_2_2_5
Post by: dreamCoder on December 28, 2018, 12:19:21 PM

From the looks of it, I think you're referring to GOT/PLT stuff. Nothing serious about it. It's just how (or where) all your external dependencies (glibc in this case) are stored in memory. This should help explaining (https://www.youtube.com/watch?v=kUk5pw4w0h4)