Function of ECX stack register in Assembly code dump

Question

#include<stdio.h>
#include<string.h>
int main(int argc, char ** argv)
{
    char buffer[500];
    strcpy(buffer, argv[1]);

    return 0;
}

I can compiling this program using gcc -m32 -fno-stack-protector -z execstack -fno-pie -no-pie -g -o vuln vuln.c

On disassembling the main function using the debugger, I am getting this as the output:

Dump of assembler code for function main:
   0x0804840b <+0>:     lea    0x4(%esp),%ecx
   0x0804840f <+4>:     and    $0xfffffff0,%esp
   0x08048412 <+7>:     pushl  -0x4(%ecx)
   0x08048415 <+10>:    push   %ebp
   0x08048416 <+11>:    mov    %esp,%ebp
   0x08048418 <+13>:    push   %ecx
   0x08048419 <+14>:    sub    $0x204,%esp
   0x0804841f <+20>:    mov    %ecx,%eax
   0x08048421 <+22>:    mov    0x4(%eax),%eax
   0x08048424 <+25>:    add    $0x4,%eax
   0x08048427 <+28>:    mov    (%eax),%eax
   0x08048429 <+30>:    sub    $0x8,%esp
   0x0804842c <+33>:    push   %eax
   0x0804842d <+34>:    lea    -0x1fc(%ebp),%eax
   0x08048433 <+40>:    push   %eax
   0x08048434 <+41>:    call   0x80482e0 <strcpy@plt>
   0x08048439 <+46>:    add    $0x10,%esp
   0x0804843c <+49>:    mov    $0x0,%eax
   0x08048441 <+54>:    mov    -0x4(%ebp),%ecx
   0x08048444 <+57>:    leave  
   0x08048445 <+58>:    lea    -0x4(%ecx),%esp
   0x08048448 <+61>:    ret
End of assembler dump.

GCC version : 6.5.0
OS : Ubuntu 16.04
GDB version : 7.11.1

The tutorial which I was refering was showed this assembly code :

Dump of assembler code for function main:
   0x080483fb <+0>:     push   %ebp
   0x080483fc <+1>:     mov    %esp,%ebp
   0x080483fe <+3>:     sub    $0x1f4,%esp
   0x08048404 <+9>:     mov    0xc(%ebp),%eax
   0x08048407 <+12>:    add    $0x4,%eax
   0x0804840a <+15>:    mov    (%eax),%eax
   0x0804840c <+17>:    push   %eax
   0x0804840d <+18>:    lea    -0x1f4(%ebp),%eax
   0x08048413 <+24>:    push   %eax
   0x08048414 <+25>:    call   0x80482d0 <strcpy@plt>
   0x08048419 <+30>:    add    $0x8,%esp
   0x0804841c <+33>:    mov    $0x0,%eax
   0x08048421 <+38>:    leave
   0x08048422 <+39>:    ret
End of assembler dump.

I have the following questions:
How can I get the exact same assembly code dump mentioned in the tutorial?
The difference in the output seems because of ecx register. What does that register do and why is it not part of tutorial's assembly code ?
In main function, I constructed buffer array of size 500 which is 1f4 in hexadecimal, that's why the assembly code of the tutorial is subtracting 1f4 from esp register, but my assembly code is subtracting 204 which is 516 in decimal. I am not able to understand this.

Edit: As noted in the comments, If I add -mpreferred-stack-boundary=2 to the compiler flags, then I get the same assembly code as the tutorial. Why?

Does `-mpreferred-stack-boundary=2` make it more like the tutorial's? If so, this would seem to be related to the SysV i386 ABI changing from a 4-byte to a 16-byte stack alignment requirement. — Joseph Sible-Reinstate Monica, May 03 '20 at 01:50
Yes, @JosephSible-ReinstateMonica when I ran code using this flag, gave me assembly code the same as tutorial. Can you elaborate a bit on "SysV i386 ABI changing from a 4-byte to a 16-byte stack alignment requirement.". Thanks. — kunalgarg2100, May 03 '20 at 02:05
Here's some related questions that may explain it better: https://stackoverflow.com/q/49391001/7509065 https://stackoverflow.com/q/21748272/7509065 https://stackoverflow.com/q/40307193/7509065 — Joseph Sible-Reinstate Monica, May 03 '20 at 02:19
What happens when you turn on optimizations? -O1 -O2 -O3? and remove -g? — washcloth, May 03 '20 at 03:00
@Washcloth I suspect that will make it look even less like the tutorial's result. — Joseph Sible-Reinstate Monica, May 03 '20 at 03:02
What version of gcc does the tutorial use? What compiler switches did they say they used? If you don't know, then it's just going to be endless tinkering, like trying to get a cake recipe to exactly match someone else's cake down to the tiniest detail. — Raymond Chen, May 03 '20 at 03:04
@RaymondChen He did manage to get an exact match already, by adding `-mpreferred-stack-boundary=2`. The question is why he needs to use that flag when the tutorial didn't. — Joseph Sible-Reinstate Monica, May 03 '20 at 03:10
@RaymondChen I don't know the gcc version used in the tutorial — kunalgarg2100, May 03 '20 at 04:51
My guess is that you're using [this site](http://marqueta.org/code/2016/12/18/buffer-overflow.html), and they do say that they are compiling with `gcc -fno-stack-protector -z execstack -mpreferred-stack-boundary=2 -g -o vuln vuln.c`. You may have overlooked that paragraph. They didn't say what version of gcc they're using, but given that the article was written in December 2016, it's unlikely that they're using 6.5.0, which released in October 2018. (If they did, then they should be using their time machine for something more important.) — Raymond Chen, May 03 '20 at 13:27
(In the future, if you're having trouble understanding a tutorial, you probably should include a link to the confusing tutorial. We're not psychic.) — Raymond Chen, May 03 '20 at 13:28

Function of ECX stack register in Assembly code dump

0 Answers0