Differences between Assembly Code output of the same program

Question

I have been trying to replicate the buffer overflow example3 from this article aleph one

I'm doing this as a practice for a project in a computer security course i'm taking so please, I badly need your help. I've been the following the example, performing the tasks as I go along. My problem is the assembly code dumped by gdb in my computer (i'm doing this on a debian linux image running on VM Ware) is different from that of the example in the article. There are some constructs which I find confusing.

Here is the one from my computer:

here is the one from the article...

Dump of assembler code for function main:
0x8000490 <main>:       pushl  %ebp
0x8000491 <main+1>:     movl   %esp,%ebp
0x8000493 <main+3>:     subl   $0x4,%esp
0x8000496 <main+6>:     movl   $0x0,0xfffffffc(%ebp)
0x800049d <main+13>:    pushl  $0x3
0x800049f <main+15>:    pushl  $0x2
0x80004a1 <main+17>:    pushl  $0x1
0x80004a3 <main+19>:    call   0x8000470 <function>
0x80004a8 <main+24>:    addl   $0xc,%esp
0x80004ab <main+27>:    movl   $0x1,0xfffffffc(%ebp)
0x80004b2 <main+34>:    movl   0xfffffffc(%ebp),%eax
0x80004b5 <main+37>:    pushl  %eax
0x80004b6 <main+38>:    pushl  $0x80004f8
0x80004bb <main+43>:    call   0x8000378 <printf>
0x80004c0 <main+48>:    addl   $0x8,%esp
0x80004c3 <main+51>:    movl   %ebp,%esp
0x80004c5 <main+53>:    popl   %ebp
0x80004c6 <main+54>:    ret
0x80004c7 <main+55>:    nop

As you can see, there are differences between the two. I'm confuse and I can't understand totally the assembly code from my computer. I would like to know the differences between the two.

How is pushl different from push, mov vs movl , and so on...

what does the expression 0xhexavalue(%register) means?

I am sorry If I'm asking a lot, But I badly need your help.

UPDATE:

Why is it that the parameter to the function 'function' got translated to different assembly code:

From the article, I believe that the parameters 1, 2, & 3 to the function got pushed to the stack..

In the one from my computer, the parameters were moved to the register 'esp' with some offset.

Are they different? Thanks

Thanks for the help really...

Answer 1

There is no real difference. 'movl' means "move long" -- i.e. to move a 32-bit value. The code in the article uses this explicit form every time. The code you've disassembled leaves off the 'l' if it can be deduced from the operands (e.g., when you move a value into EAX, it has to be a 32-bit value because EAX is a 32-bit register, when you push ECX you must be pushing a 32-bit value because ECX is also a 32-bit register).

Of course, there are real differences between the code, but that one is purely of the notation each is using.

Answer 2

It looks to me like your compiler and/or system are different from the ones used in the article. Certainly your code has been generated differently.

push vs. pushl are just pushing (potentially) different amounts of data - you'll need to look at your assembler documentation for what instructions they map to in the chip. Looking at the machine opcode can help there. The Intel manual will help you figure that out. Same goes for mov and movl. It is quite possible that they are the same, and your disassembler is just leaving the l off when it's not needed for clarity.

The expression 0xhexvalue(%register) is accessing the memory at offset hexvalue from the value in register. Imagine it as the C code *(register + hexvalue).

Answer 3

The Aleph One article came out in '96 if I remember correctly. So after 14 years of development, GCC builds executables differently, thus the effective code will be different. Try compiling with all the optimizations turned off (gcc -O0) and with debugging code in (gcc -g), maybe the code will be a bit cleaner/simpler.