D. VostokovFoundations of Linux Debugging, Disassembling, and Reversinghttps://doi.org/10.1007/978-1-4842-9153-5_14

14. Summary of Code Disassembly Patterns

Dmitry Vostokov¹

(1)

Dublin, Ireland

This final chapter summarizes the various patterns we have encountered during the reading of this book.

Function Prolog/Epilog

Function prolog

push %rbp

mov %rsp,%rbp

Function epilog

mov %rbp,%rsp

pop %rbp

ret

It is equivalent to

leave

ret

Some code may omit to restore %RSP if it does not change:

pop %rbp

ret

Knowing prolog can help identify situations when symbol files or function start addresses are not correct. For example, suppose we have the following backtrace: ...

Get Foundations of Linux Debugging, Disassembling, and Reversing: Analyze Binary Code, Understand Stack Memory Usage, and Reconstruct C/C++ Code with Intel x64 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Foundations of Linux Debugging, Disassembling, and Reversing: Analyze Binary Code, Understand Stack Memory Usage, and Reconstruct C/C++ Code with Intel x64 by Dmitry Vostokov

14. Summary of Code Disassembly Patterns

Function Prolog/Epilog

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly