On Thursday 25 January 2007 01:43, In Cognito wrote: > > > 0x080483a7 <func+3>: sub $0x208,%esp > > > 0x080483ad <func+9>: mov 0x8(%ebp),%eax > > > 0x080483b0 <func+12>: mov %eax,0x4(%esp) > > > 0x080483b4 <func+16>: lea 0xfffffe00(%ebp),%eax > > > 0x080483ba <func+22>: mov %eax,(%esp) > > > 0x080483bd <func+25>: call 0x80482e8 <[EMAIL PROTECTED]> > > > 0x080483c2 <func+30>: leave > > > 0x080483c3 <func+31>: ret > > > > > > 0x208 = 520 bytes; alright padding can be useful > > > 0xfffffe00(%ebp) = -512 + ebp. > > > > What padding? It's a place for strcpy parameters... > > char buf[512] > > sub $0x208,%esp > > 0x208 = 520 bytes allocated on the stack. there are 8 extra bytes > between %esp and buf[0].
Exactly. Two 32-bit stack slots. And look for what these two stack slots are used: > > > 0x080483ad <func+9>: mov 0x8(%ebp),%eax > > > 0x080483b0 <func+12>: mov %eax,0x4(%esp) [esp+4] = b > > > 0x080483b4 <func+16>: lea 0xfffffe00(%ebp),%eax > > > 0x080483ba <func+22>: mov %eax,(%esp) [esp] = &buf > > > 0x080483bd <func+25>: call 0x80482e8 <[EMAIL PROTECTED]> call strcpy This is it. strcpy will see them on stack as parameters. It isn't padding. -- vda
