the sub x86-instruction question












0














Assume that we have the following c code



void fun(void){

    printf("this is funn");

}


Then, we compile it with debug mode, we get the following disassemble code:



push ebp

mov ebp,esp

sub esp, 0xc0

...


Ok,we just discuss:



sub esp, 0xc0


My question is: why is the default value here 0xc0, not the other value, such as 0xF0, 0xFF… and so on?






x86







share|improve this question













migrated from unix.stackexchange.com Dec 18 at 11:09


This question came from our site for users of Linux, FreeBSD and other Un*x-like operating systems.















  • There is nothing here that is actually specific to Unix and Linux.
    – JdeBP
    Dec 18 at 10:17










  • Where do you get 0xf0 from?
    – ctrl-alt-delor
    Dec 18 at 10:30










  • Assuming that disassembly uses Intel syntax and I understood it correctly, the disassembly stores the previous value of the EBP register to the stack, copies the stack pointer to EBP, and then decrements the stack pointer by 0xc0, effectively allocating 192 bytes of stack space as some temporary storage area. Why 192? Probably because the routine that follows will only need exactly that much at maximum!
    – telcoM
    Dec 18 at 10:46






  • 2




    @telcoM yes, it’s a standard stack frame setup, but the 0xC0 value isn’t easy to explain (I get 8 with my GCC). Stack guards perhaps (red zones etc.)? The difficult part is guessing what “compile it with debug mode” means in terms of an actual compiler command.
    – Stephen Kitt
    Dec 18 at 10:59










  • @StephenKitt: Only x86-64 System V has a red-zone, out of any standard x86 calling convention. Unless this is x32 (32-bit pointers in long mode), code using esp doesn't have a red zone. Besides that, a red zone means you don't have to sub rsp, anything to reserve space in a leaf function, because you can simply use space below the stack pointer and be guaranteed that it won't be asynchronously clobbered. I wondered if 0xc0 is a typo for 0x0c, but that wouldn't make sense after push ebp. We only need 8 more bytes to re-align the stack by 16 before a call.
    – Peter Cordes
    Dec 18 at 20:25
















0














Assume that we have the following c code



void fun(void){

    printf("this is funn");

}


Then, we compile it with debug mode, we get the following disassemble code:



push ebp

mov ebp,esp

sub esp, 0xc0

...


Ok,we just discuss:



sub esp, 0xc0


My question is: why is the default value here 0xc0, not the other value, such as 0xF0, 0xFF… and so on?






x86







share|improve this question













migrated from unix.stackexchange.com Dec 18 at 11:09


This question came from our site for users of Linux, FreeBSD and other Un*x-like operating systems.















  • There is nothing here that is actually specific to Unix and Linux.
    – JdeBP
    Dec 18 at 10:17










  • Where do you get 0xf0 from?
    – ctrl-alt-delor
    Dec 18 at 10:30










  • Assuming that disassembly uses Intel syntax and I understood it correctly, the disassembly stores the previous value of the EBP register to the stack, copies the stack pointer to EBP, and then decrements the stack pointer by 0xc0, effectively allocating 192 bytes of stack space as some temporary storage area. Why 192? Probably because the routine that follows will only need exactly that much at maximum!
    – telcoM
    Dec 18 at 10:46






  • 2




    @telcoM yes, it’s a standard stack frame setup, but the 0xC0 value isn’t easy to explain (I get 8 with my GCC). Stack guards perhaps (red zones etc.)? The difficult part is guessing what “compile it with debug mode” means in terms of an actual compiler command.
    – Stephen Kitt
    Dec 18 at 10:59










  • @StephenKitt: Only x86-64 System V has a red-zone, out of any standard x86 calling convention. Unless this is x32 (32-bit pointers in long mode), code using esp doesn't have a red zone. Besides that, a red zone means you don't have to sub rsp, anything to reserve space in a leaf function, because you can simply use space below the stack pointer and be guaranteed that it won't be asynchronously clobbered. I wondered if 0xc0 is a typo for 0x0c, but that wouldn't make sense after push ebp. We only need 8 more bytes to re-align the stack by 16 before a call.
    – Peter Cordes
    Dec 18 at 20:25














0












0








0


1





Assume that we have the following c code



void fun(void){

    printf("this is funn");

}


Then, we compile it with debug mode, we get the following disassemble code:



push ebp

mov ebp,esp

sub esp, 0xc0

...


Ok,we just discuss:



sub esp, 0xc0


My question is: why is the default value here 0xc0, not the other value, such as 0xF0, 0xFF… and so on?






x86







share|improve this question













Assume that we have the following c code



void fun(void){

    printf("this is funn");

}


Then, we compile it with debug mode, we get the following disassemble code:



push ebp

mov ebp,esp

sub esp, 0xc0

...


Ok,we just discuss:



sub esp, 0xc0


My question is: why is the default value here 0xc0, not the other value, such as 0xF0, 0xFF… and so on?






x86




x86






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Dec 18 at 10:04







user327399











migrated from unix.stackexchange.com Dec 18 at 11:09


This question came from our site for users of Linux, FreeBSD and other Un*x-like operating systems.






migrated from unix.stackexchange.com Dec 18 at 11:09


This question came from our site for users of Linux, FreeBSD and other Un*x-like operating systems.














  • There is nothing here that is actually specific to Unix and Linux.
    – JdeBP
    Dec 18 at 10:17










  • Where do you get 0xf0 from?
    – ctrl-alt-delor
    Dec 18 at 10:30










  • Assuming that disassembly uses Intel syntax and I understood it correctly, the disassembly stores the previous value of the EBP register to the stack, copies the stack pointer to EBP, and then decrements the stack pointer by 0xc0, effectively allocating 192 bytes of stack space as some temporary storage area. Why 192? Probably because the routine that follows will only need exactly that much at maximum!
    – telcoM
    Dec 18 at 10:46






  • 2




    @telcoM yes, it’s a standard stack frame setup, but the 0xC0 value isn’t easy to explain (I get 8 with my GCC). Stack guards perhaps (red zones etc.)? The difficult part is guessing what “compile it with debug mode” means in terms of an actual compiler command.
    – Stephen Kitt
    Dec 18 at 10:59










  • @StephenKitt: Only x86-64 System V has a red-zone, out of any standard x86 calling convention. Unless this is x32 (32-bit pointers in long mode), code using esp doesn't have a red zone. Besides that, a red zone means you don't have to sub rsp, anything to reserve space in a leaf function, because you can simply use space below the stack pointer and be guaranteed that it won't be asynchronously clobbered. I wondered if 0xc0 is a typo for 0x0c, but that wouldn't make sense after push ebp. We only need 8 more bytes to re-align the stack by 16 before a call.
    – Peter Cordes
    Dec 18 at 20:25


















  • There is nothing here that is actually specific to Unix and Linux.
    – JdeBP
    Dec 18 at 10:17










  • Where do you get 0xf0 from?
    – ctrl-alt-delor
    Dec 18 at 10:30










  • Assuming that disassembly uses Intel syntax and I understood it correctly, the disassembly stores the previous value of the EBP register to the stack, copies the stack pointer to EBP, and then decrements the stack pointer by 0xc0, effectively allocating 192 bytes of stack space as some temporary storage area. Why 192? Probably because the routine that follows will only need exactly that much at maximum!
    – telcoM
    Dec 18 at 10:46






  • 2




    @telcoM yes, it’s a standard stack frame setup, but the 0xC0 value isn’t easy to explain (I get 8 with my GCC). Stack guards perhaps (red zones etc.)? The difficult part is guessing what “compile it with debug mode” means in terms of an actual compiler command.
    – Stephen Kitt
    Dec 18 at 10:59










  • @StephenKitt: Only x86-64 System V has a red-zone, out of any standard x86 calling convention. Unless this is x32 (32-bit pointers in long mode), code using esp doesn't have a red zone. Besides that, a red zone means you don't have to sub rsp, anything to reserve space in a leaf function, because you can simply use space below the stack pointer and be guaranteed that it won't be asynchronously clobbered. I wondered if 0xc0 is a typo for 0x0c, but that wouldn't make sense after push ebp. We only need 8 more bytes to re-align the stack by 16 before a call.
    – Peter Cordes
    Dec 18 at 20:25
















There is nothing here that is actually specific to Unix and Linux.
– JdeBP
Dec 18 at 10:17




There is nothing here that is actually specific to Unix and Linux.
– JdeBP
Dec 18 at 10:17












Where do you get 0xf0 from?
– ctrl-alt-delor
Dec 18 at 10:30




Where do you get 0xf0 from?
– ctrl-alt-delor
Dec 18 at 10:30












Assuming that disassembly uses Intel syntax and I understood it correctly, the disassembly stores the previous value of the EBP register to the stack, copies the stack pointer to EBP, and then decrements the stack pointer by 0xc0, effectively allocating 192 bytes of stack space as some temporary storage area. Why 192? Probably because the routine that follows will only need exactly that much at maximum!
– telcoM
Dec 18 at 10:46




Assuming that disassembly uses Intel syntax and I understood it correctly, the disassembly stores the previous value of the EBP register to the stack, copies the stack pointer to EBP, and then decrements the stack pointer by 0xc0, effectively allocating 192 bytes of stack space as some temporary storage area. Why 192? Probably because the routine that follows will only need exactly that much at maximum!
– telcoM
Dec 18 at 10:46




2




2




@telcoM yes, it’s a standard stack frame setup, but the 0xC0 value isn’t easy to explain (I get 8 with my GCC). Stack guards perhaps (red zones etc.)? The difficult part is guessing what “compile it with debug mode” means in terms of an actual compiler command.
– Stephen Kitt
Dec 18 at 10:59




@telcoM yes, it’s a standard stack frame setup, but the 0xC0 value isn’t easy to explain (I get 8 with my GCC). Stack guards perhaps (red zones etc.)? The difficult part is guessing what “compile it with debug mode” means in terms of an actual compiler command.
– Stephen Kitt
Dec 18 at 10:59












@StephenKitt: Only x86-64 System V has a red-zone, out of any standard x86 calling convention. Unless this is x32 (32-bit pointers in long mode), code using esp doesn't have a red zone. Besides that, a red zone means you don't have to sub rsp, anything to reserve space in a leaf function, because you can simply use space below the stack pointer and be guaranteed that it won't be asynchronously clobbered. I wondered if 0xc0 is a typo for 0x0c, but that wouldn't make sense after push ebp. We only need 8 more bytes to re-align the stack by 16 before a call.
– Peter Cordes
Dec 18 at 20:25




@StephenKitt: Only x86-64 System V has a red-zone, out of any standard x86 calling convention. Unless this is x32 (32-bit pointers in long mode), code using esp doesn't have a red zone. Besides that, a red zone means you don't have to sub rsp, anything to reserve space in a leaf function, because you can simply use space below the stack pointer and be guaranteed that it won't be asynchronously clobbered. I wondered if 0xc0 is a typo for 0x0c, but that wouldn't make sense after push ebp. We only need 8 more bytes to re-align the stack by 16 before a call.
– Peter Cordes
Dec 18 at 20:25












1 Answer
1






active

oldest

votes


















1














This is a standard stack frame setup, saving the stack pointer then using EBP for indexing. The amount subtracted from ESP is what is allocated for the procedure's local variable storage, and local variables will be accessed by referencing [EBP-??].



Without seeing the code for your procedure it is difficult to say why it allocates that much storage. There is no default value used by the compiler, it always allocates exactly what is needed. It can do this because local variables types must be explicitly declared, and the compiler knows how much space is used by each type. There is no randomness or uncertainty in it, and no benefit to allocating extra storage. I also can't see how randomizing the local variable storage size would prevent any kind of stack-based attack. Most modern processors have hardware data execution prevention measures in place, making these attacks impossible anyway.






share|improve this answer





















    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53831736%2fthe-sub-x86-instruction-question%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown
























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    This is a standard stack frame setup, saving the stack pointer then using EBP for indexing. The amount subtracted from ESP is what is allocated for the procedure's local variable storage, and local variables will be accessed by referencing [EBP-??].



    Without seeing the code for your procedure it is difficult to say why it allocates that much storage. There is no default value used by the compiler, it always allocates exactly what is needed. It can do this because local variables types must be explicitly declared, and the compiler knows how much space is used by each type. There is no randomness or uncertainty in it, and no benefit to allocating extra storage. I also can't see how randomizing the local variable storage size would prevent any kind of stack-based attack. Most modern processors have hardware data execution prevention measures in place, making these attacks impossible anyway.






    share|improve this answer


























      1














      This is a standard stack frame setup, saving the stack pointer then using EBP for indexing. The amount subtracted from ESP is what is allocated for the procedure's local variable storage, and local variables will be accessed by referencing [EBP-??].



      Without seeing the code for your procedure it is difficult to say why it allocates that much storage. There is no default value used by the compiler, it always allocates exactly what is needed. It can do this because local variables types must be explicitly declared, and the compiler knows how much space is used by each type. There is no randomness or uncertainty in it, and no benefit to allocating extra storage. I also can't see how randomizing the local variable storage size would prevent any kind of stack-based attack. Most modern processors have hardware data execution prevention measures in place, making these attacks impossible anyway.






      share|improve this answer
























        1












        1








        1






        This is a standard stack frame setup, saving the stack pointer then using EBP for indexing. The amount subtracted from ESP is what is allocated for the procedure's local variable storage, and local variables will be accessed by referencing [EBP-??].



        Without seeing the code for your procedure it is difficult to say why it allocates that much storage. There is no default value used by the compiler, it always allocates exactly what is needed. It can do this because local variables types must be explicitly declared, and the compiler knows how much space is used by each type. There is no randomness or uncertainty in it, and no benefit to allocating extra storage. I also can't see how randomizing the local variable storage size would prevent any kind of stack-based attack. Most modern processors have hardware data execution prevention measures in place, making these attacks impossible anyway.






        share|improve this answer












        This is a standard stack frame setup, saving the stack pointer then using EBP for indexing. The amount subtracted from ESP is what is allocated for the procedure's local variable storage, and local variables will be accessed by referencing [EBP-??].



        Without seeing the code for your procedure it is difficult to say why it allocates that much storage. There is no default value used by the compiler, it always allocates exactly what is needed. It can do this because local variables types must be explicitly declared, and the compiler knows how much space is used by each type. There is no randomness or uncertainty in it, and no benefit to allocating extra storage. I also can't see how randomizing the local variable storage size would prevent any kind of stack-based attack. Most modern processors have hardware data execution prevention measures in place, making these attacks impossible anyway.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Dec 18 at 11:43









        Craig Parton

        887




        887






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53831736%2fthe-sub-x86-instruction-question%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Morgemoulin

            Image
            Morgemoulin — miejscowość i gmina — Państwo   Francja Region Grand Est Departament Moza Okręg Verdun Kod INSEE 55357 Powierzchnia 6,82 km² Populacja  (1990) • liczba ludności 75 • gęstość 11 os./km² Kod pocztowy 55400 Położenie na mapie Francji Morgemoulin 49°14′N   5°35′E / 49,233333   5,583333 Portal Francja Morgemoulin – miejscowość i gmina we Francji, w regionie Grand Est, w departamencie Moza. Według danych na rok 1990 gminę zamieszkiwało 75 osób, a gęstość zaludnienia wynosiła 11 osób/km² (wśród 2335 gmin Lotaryngii Morgemoulin plasuje się na 970. miejscu pod względem liczby ludności, natomiast pod względem powierzchni na miejscu 848.). Bibliografia | Francuski urząd statystyczny ( fr. ) . p   •   d   •   e Gminy okręgu Verdun Abaucourt-Hautecourt • Aincreville • Ambly-sur-Meuse • Amel-sur-l'Étang • Ancemont • Arrancy-sur-Crusne • Aubréville • Autré...
            Read more

            Scott Moir

            Image
            Scott Moir Tessa Virtue i Scott Moir w 2016 r. Reprezentacja   Kanada Data i miejsce urodzenia 2 września 1987 London Wzrost 180 cm Konkurencja Pary taneczne Partner sportowy Tessa Virtue Trener Marie-France Dubreuil, Patrice Lauzon, Romain Haguenauer Poprzednio: Marina Zujewa, Oleg Epstein, Igor Szpilband, Johnny Johns, Carol Moir, Paul MacIntosh, Suzanne Killing Klub Montreal International School of Skating Poprzednio: Arctic Edge FSC Ilderton Skating Club Lokalizacja treningowa Montreal Poprzednio: Canton Kitchener Rekordy życiowe ISU przed sezonem 2018/2019 Nota łączna 206,07 Igrzyska Olimpijskie 2018 Taniec krótki 83,67 Igrzyska Olimpijskie 2018 Taniec dowolny 122,40 Igrzyska Olimpijskie 2018 Dorobek medalowy Reprezentacja   Kanada Igrzyska olimpijskie Złoto Vancouver 2010 pary taneczne Złoto Pjongczang 2018 pary taneczne Złoto Pjongczang 2018 drużynowo Srebro S...
            Read more

            Souastre

            Image
            Souastre — miejscowość i gmina — Herb Państwo   Francja Region Hauts-de-France Departament Pas-de-Calais Okręg Arras Kod INSEE 62800 Powierzchnia 7,18 km² Populacja  (1990) • liczba ludności 352 • gęstość 49 os./km² Kod pocztowy 62111 Położenie na mapie Francji Souastre 50°09′N   2°34′E / 50,150000   2,566667 Portal Francja Souastre – miejscowość i gmina we Francji, w regionie Hauts-de-France, w departamencie Pas-de-Calais. Według danych na rok 1990 gminę zamieszkiwały 352 osoby, a gęstość zaludnienia wynosiła 49 osób/km² (wśród 1549 gmin regionu Nord-Pas-de-Calais Souastre plasuje się na 887. miejscu pod względem liczby ludności, natomiast pod względem powierzchni na miejscu 507.). Bibliografia | Francuski urząd statystyczny ( fr. ) . p   •   d   •   e Gminy okręgu Arras Ablain-Saint-Nazaire Ablainzevelle Acheville Achicourt Achiet-le-Grand Achiet-le-Pe...
            Read more