On Fri, Oct 17, 2008 at 11:33 AM, Andrew Haley <[EMAIL PROTECTED]> wrote: > hyeron bosh wrote: >> I have a (probably naive) question about >> messing up the stack pointer. >> >> Here is the code produced by gcc >> for some function "X" (original source code is C/Obj-C) >> >> #---- function "X" entry point -------------------- >> 0x82699 <>: push %ebp >> 0x8269a <+1>: mov %esp,%ebp >> 0x8269c <+3>: push %edi >> 0x8269d <+4>: push %esi >> 0x8269e <+5>: push %ebx >> 0x8269f <+6>: call 0x826a4 <+11> >> 0x826a4 <+11>: pop %ebx >> 0x826a5 <+12>: sub $0x2e,%esp ;; <---------(1) >> ... >> ... stuff here >> ... call another function "Y" >> ... stuff here >> ... >> 0x829fe <+869>: add $0x2e,%esp ;; <---------(2) >> 0x82a01 <+872>: pop %ebx >> 0x82a02 <+873>: pop %esi >> 0x82a03 <+874>: pop %edi >> 0x82a04 <+875>: leave >> 0x82a05 <+876>: ret >> #---------------- end of function ----------------- >> >> As I understand, instructions (1) and (2) are used >> to make room for the local variables declared in "X". >> Hence I would assume that simply replacing in both instructions the >> immediate value 0x2e with a HIGHER value, say 0x40 >> cannot affect the execution of the process. >> >> Surprisingly (for me) I patched the executable >> replacing just those 2 bytes and I got: >> EXC_BAD_INSTRUCTION in a function "Z" called by "Y". >> >> I thought that no matter how the source is written >> [ I do not have the source code :) ], >> the patch I made must always be harmless, but >> obviously this is not the case. >> >> Thanks for any explaination. > > Two possibilities: > > You messed up the alignment of the stack pointer; some multimedia > instructions require an aligned stack. > > The compiler knows the relationship between BP and SP. There might be code > that broke because you changed that. > > Andrew. >
Fast and accurate. It was alignment. I must shift it by a multiple of 16 (I thought a multiple of 8 would be safe). And the BAD instruction was in fact multimedia! Thanks, filippo
