I am dealing with a possible array in assembly, but I cannot figure out what the starter value is

https://stackoverflow.com/questions/20600780

02-09-2022
|

Question

Size contains the number 86.

var_10= dword ptr -10h
var_C= dword ptr -0Ch
size= dword ptr  8
push    ebp
mov     ebp, esp
sub     esp, 28h
mov     eax, [ebp+size]
mov     [esp], eax      ; size
call    _malloc
mov     ds:x, eax
mov     [ebp+var_C], 0
jmp     short loc_804889E

loc_804889E:                        ~~~~~~~~~~~~~~~~~~~~~
mov     eax, [ebp+size]
sub     eax, 1
cmp     eax, [ebp+var_C]
jg      short loc_8048887

loc_8048887:                        ~~~~~~~~~~~~~~~~~~~~~ 
mov     edx, ds:x
mov     eax, [ebp+var_C]
add     edx, eax
mov     eax, [ebp+var_C]
add     eax, 16h
mov     [edx], al
add     [ebp+var_C], 1

I am having difficulties reversing this portion of a project I am working on. There's a portion of the code where ds:x is moved into edx and is added with var_c and I am unsure where to go with that.

To me the program looks like it calls malloc and then moves that into ds:x and then moves 0 to var_c.

After that it simply subtracts 1 from the size of my pointer array and compares that number to 0, then jumps to a portion where it adds ds:x into edx so it can add eax to edx.

Am I dealing with some sort of array here? What is the first value that's going to go into edx in loc_8048887? Another way this could help would be to see a C equivalent of it... But that would be what I am trying to accomplish and would rather learn the solution through a different means.

Thank you!

Solution

In x86 assembly there's no strict distinction between a variable stored in memory and an array in memory. It only depends on how you access the memory region. All you have is code and data. Anyway, I'd say that ds:x is an array as because of this code here:

mov     edx, ds:x        ; edx = [x]
mov     eax, [ebp+var_C] ; eax = something
add     edx, eax         ; edx = [x] + something
mov     eax, [ebp+var_C] ; eax = something
add     eax, 16h         ; eax = something + 0x16
mov     [edx], al        ; [[x] + something ] = al . Yes, ds:x is an array!

What is the value of edx in loc_8048887? To find it out you only need some very basic debugging skills. I assume you have gdb at hand, if not, get it ASAP. Then compile the code with debug symbols and link it, then run gdb with the executable, set a code breakpoint at loc_8048887, run the program with r, and finally check the value of edx.

These are the commands you need:

gdb myexecutable
(gdb) b loc_8048887
(gdb) r
(gdb) info registers edx

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow