Code explanation

Can somebody explain why this code outputs what it does?

// tested with Core 2 Duo, Core 2 Quad and Xeon
// tested with gcc4.1.2 gcc4.4.3 and gcc4.6.1
// compile with: gcc -O0 -m32
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <setjmp.h>

jmp_buf p;
void (*q)();

const char *data =
    "\x8b\x44\x24\x04\x8b\x5c\x24\x08"
    "\x8b\x00\x8b\x1b\x31\xc3\x31\xd8"
    "\x31\xc3\x8b\x4c\x24\x04\x89\x01"
    "\x8b\x4c\x24\x08\x89\x19\xc3\x90"
    "\x55\x89\xe5\x8b\x45\x04\xc9\xc3"
    "\x55\x90\x90\x89\xe5\x90\x90\x90"
    "\x8b\x45\x08\x89\x45\x04\xc9\xc3"
    "\x60\x09\x0e\x13\x14\x01\x0c\x0c"
    "\xc0\x07\x05\x0e\x14\x0f\x0f\x60"
    "\x00\x67\x6f\x74\x6f\x20\x63\x6f"
    "\x6e\x73\x69\x64\x65\x72\x65\x64"
    "\x20\x68\x61\x72\x6d\x66\x75\x6c"
    "\x6c\x00\x90\x90\x1c\x1b\x0a\x20";

int f(int x)
{
    static int b = 0; static int s = 0;
    int a = 0, t;
    if (!s) {
        a = b; b = x;
    } else {
        a = x; t = b;
        do {
            a ^= b;
            b = (a^b) & b;
            b <<= 1;
        } while (b);
        b = t;
    }
    s = (s+1) % 2;
    return a;
}

int g(int i, int *j)
{
    *j = i;
    i = (int) putchar;
    if (*j == (48 << 1)) 
        __asm volatile (
                "movl 8(%ebp),%eax;"
                "leave;"
                "ret"
                );
    return (int) puts;
}

void h(int i)
{
    int b;
    q = (void(*)()) g(i++[data],&b);
    for (f(b);*(data+i)!=b;++i,f(b))
        q(f(i[data])%0xff);
}

void sh(int s)
{
    if (s == 010)
        ((void(*)())g(s,&s))("F");
    longjmp(p,s);
}

int main(void)
{
    int base, addr = 0xffffffff, offs = 16;
    int a = 11, b = 32, i = 25;
    int s = 8, t = 1, u = 4;
    ((void(*)()) data)(&a,&b);
    ((void(*)()) data)(&b,&t);
    ((void(*)()) data)(&t,&s);
    addr ^= a;
       a ^= addr;
    addr ^= a;
    base = ((int(*)())data+addr)();
    if (a == -1)
        goto over;
    puts("A");

    base = (1<<3) | ((f(addr) + f(offs)) & ~0xff);
    h(base+addr+offs);
    exit(0);

over:
    signal(t,sh);signal(s,sh);signal(u,sh);

    if (!(s = setjmp(p))) {
        q = (void(*)()) g(0x30, &a);
        q(data + a + i);
        s = a / (b-1);
        puts("B");
    } else if (s == 0xb) {
        puts("C");
        ((int(*)(int)) data+addr+(offs/2))(base);
    } else {
        puts("D");
        *((int*) base+s) = 0xffffffff;
    }
   
    puts("E");
    return 1;
}

>>117
-m32 shouldn't produce those cast to x of different size...

/g/ quality thread.

Just leave and go back to /g/.

>>120-121
Agreed, >>117 is clearly doing something wrong. -m32 sets 32-bit environment, ints, longs and pointers to 32-bit

HEY GUISSE WHAT IS DE OUTPUT OF THIS PROGREM?

#include <stdio.h>

int main (void) {
  int a;

  printf("%d\n", a);

  return 0;
}

ALL MUST COMPILE WITH GCC AND ONLY USE ON INTEL PROCESSORS, SINCE IT'S THE SAME COMPILER AND SAME PROCESSOR IT WILL ALWAYS PRODUCE THE SAME OUTPUT

thANKS FOR lISTENING!

>>117
Do:
gcc -m32 -O0 nstd.c && readelf -h a.out

>>125
Except OPs code is not undefined at all.

>>125
It will compile, but the output is undefined.

>>127
YEAH DATS WUT I SED LOL
I FORGOT TO TELL THOUGH ALL MUST COMPILE WITH -O0 AND -m32 OR ELSE IT WON'T WORK thANKS FOR lISTENING IF YOU USE THIS FLAGS IT WILL ALWAYS PRODUCE THE SAME CODE SO IT WILL ALWAYS GIVE THE SAME RESULT

>>129
In ops case it always will, unless your OS is NX capable in which things will break.

>>125
But having 'int a' as a global variable isn't a semantic error. Yeah, I know it's gay. But like everyone else, I don't write the rules, I just play by them.

>>129
>implying inline assembly is as undefined as uninitialized variables

>>130
YEAH DATS WUT I SED ARE U HAVING TRUBLE READING?

ITT: Inline assembly is undefined behaviour

>>128
BUT HOW IS DAT POSIBEL? IT WILL ALWAYS CREATE THE SAME CODE AND RUN ON THE SAME PROCESSORS??????

>>134
If you read the GNU extension page the usage of the __asm in OP is undefined in GNU-C as well since it has extraordinary side-effects such as altering the stack which GCC assumes it doesn't for performance reasons.

>>135
PLEASE STOP FAGGING UP MY 4CHAN EXPERIENCE. THANK YOU.

>>136
I'm guessing that's why -O0 was included

>>138
It doesn't matter, it's undefined GNU-C, you can't tell what it does.

>>137
OKAY SORI

>>137
This isn't 4chan.

uname -r && (cat /proc/cpuinfo | grep "model name" -m 1) && (gcc --version | grep gcc) && gcc -m32 -O0 test.c && ./a.out
3.0.0-14-generic
model name    : Intel(R) Core(TM)2 Duo CPU     E8400  @ 3.00GHz
gcc (Ubuntu/Linaro 4.6.1-9ubuntu3) 4.6.1
goto considered harmfull
F
D
C
A
install gentoo

$ uname -r && (cat /proc/cpuinfo | grep "model name" -m 1) && (gcc --version | grep gcc) && gcc -m32 -O0 test.c && ./a.out
2.6.18-274.el5
model name      : Intel(R) Xeon(R) CPU           L7555  @ 1.87GHz
gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-51)
goto considered harmfull
F
D
C
A
install gentoo

uname -r && (cat /proc/cpuinfo | grep "model name" -m 1) && (gcc --version | grep gcc) && gcc -m32 -O0 test.c && ./a.out
2.6.32-36-generic
model name    : Intel(R) Core(TM)2 Quad CPU    Q6600  @ 2.40GHz
gcc-4.4.real (Ubuntu 4.4.3-4ubuntu5) 4.4.3
goto considered harmfull
F
D
C
A
install gentoo

uname -r && (cat /proc/cpuinfo | grep "model name" -m 1) && (gcc --version | grep gcc) && gcc -m32 -O0 test.c && ./a.out
2.6.32-37-generic
model name    : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
gcc (Ubuntu 4.4.3-4ubuntu5) 4.4.3
goto considered harmfull
F
D
C
A

Hey brah it's spelled harmful and not harmfull.

>>142
forgot last line, says install gentoo as well

>>142
That doesn't matter you dumb Jew, it's still undefined, you can't guarantee that it'll always output that.

ITT people from from /g/ don't understand what undefined means

>>143
It's full of harm. Like this thread.

# ./a.out
[1]   Illegal instruction (core dumped) ./a.out

>>142
It clearly works even on AMD. Fucking morons ITT

Who cares if it's undefined in the standard - it's pretty well-defined given a specific compiler+architecture. It can be understood if one is willing to use a disassembler or a debugger.

Not that I'm willing to bother wasting 10 minutes to understand what the code does as as far as I can tell, it just prints some characters in an obfuscated unportable manner, which can be done much easily in a portable manner, here's the disassembly for the data:

8B4424 04       MOV EAX,DWORD PTR SS:[ESP+4]
8B5C24 08       MOV EBX,DWORD PTR SS:[ESP+8]
8B00            MOV EAX,DWORD PTR DS:[EAX]
8B1B            MOV EBX,DWORD PTR DS:[EBX]
31C3            XOR EBX,EAX
31D8            XOR EAX,EBX
31C3            XOR EBX,EAX
8B4C24 04       MOV ECX,DWORD PTR SS:[ESP+4]
8901            MOV DWORD PTR DS:[ECX],EAX
8B4C24 08       MOV ECX,DWORD PTR SS:[ESP+8]
8919            MOV DWORD PTR DS:[ECX],EBX
C3              RETN
90              NOP
55              PUSH EBP
89E5            MOV EBP,ESP
8B45 04         MOV EAX,DWORD PTR SS:[EBP+4]
C9              LEAVE
C3              RETN
55              PUSH EBP
90              NOP
90              NOP
89E5            MOV EBP,ESP
90              NOP
90              NOP
90              NOP
8B45 08         MOV EAX,DWORD PTR SS:[EBP+8]
8945 04         MOV DWORD PTR SS:[EBP+4],EAX
C9              LEAVE
C3              RETN
All this code is too trivial and can be implemented in C without need of asm.

Ends with non-code/data:

60 09 0E 13 14 01 0C 0C C0 07 05 0E 14 0F 0F 60 
00 67 6F 74 6F 20 63 6F 6E 73 69 64 65 72 65 64  .goto considered
20 68 61 72 6D 66 75 6C 6C 00 90 90 1C 1B 0A 20   harmfull


harmfull
Nice english.

>>149
Okay then you fucking retard what is the output of >>125?

>>129,133,135,140
Funny names.

Here OP I fixed your code for you, this is what I think you were trying to do.

#include <stdio.h>

int main (void) {
  puts("goto considered harmfull\n"
       "F\n"
       "D\n"
       "C\n"
       "A\n"
       "install gentoo");

  return 0;
}

>>153
This program will block in it's called to read() on zee *nix box if the underlying device is say, an anonymous pipe -(.

>>154
So like, the rational solution would be to create a conforming C program. Otherwise, if that's not possible, you have resort to stupid OS specific tricks.

``On my machine'' that data string disassembles to this.
   10af3:       46 00 8b        divf2 $0x0 [f-float],(r11)+
   10af6:       44 24 04        mulf2 $0x24 [f-float],$0x4 [f-float]
   10af9:       8b 5c 24 08     bicb3 ap,$0x24,$0x8
   10afd:       8b 00 8b 1b     bicb3 $0x0,(r11)+,$0x1b
   10b01:       31 c3 31        brw 13cc7 <__EH_FRAME_BEGIN__+0x3167>
   10b04:       d8 31 c3 8b     adwc $0x31,0x4c8b(r3)
   10b08:       4c
   10b09:       24 04 89 01     cvtpt $0x4,(r9)+,$0x1,(r11)+,$0x24[ap]
   10b0d:       8b 4c 24
   10b10:       08 89 19 c3     cvtps (r9)+,$0x19,0x5590(r3),(r9)+
   10b14:       90 55 89
   10b17:       e5 8b 45 04     bbcc (r11)+,$0x4[r5],10ae5 <_fini+0x49>
   10b1b:       c9
   10b1c:       c3 55 90 90     subl3 r5,@(r0)+,@(r0)+
   10b20:       89 e5 90 90     bisb3 0x8b909090(r5),$0x8[r5],(r9)+
   10b24:       90 8b 45 08
   10b28:       89
   10b29:       45 04 c9 c3     mulf3 $0x4 [f-float],0x60c3(r9),$0x9 [f-float]
   10b2d:       60 09
   10b2f:       0e 13 14        insque $0x13,$0x14
   10b32:       01              nop
   10b33:       0c 0c c0 07     prober $0xc,0x507(r0),$0xe
   10b37:       05 0e
   10b39:       14 0f           bgtr 10b4a <_fini+0xae>
   10b3b:       0f 60 00        remque (r0),$0x0
   10b3e:       67 6f 74 6f     divd3 (pc),-(r4),(pc)
   10b42:       20 63 6f 6e     addp4 (r3),(pc),(sp),-(r3)
   10b46:       73
   10b47:       69 64 65        cvtdw (r4),(r5)
   10b4a:       72 65 64        mnegd (r5),(r4)
   10b4d:       20 68 61 72     addp4 (r8),(r1),-(r2),(fp)
   10b51:       6d
   10b52:       66 75 6c        divd2 -(r5),(ap)
   10b55:       6c 00 90        cvtbd $0x0,@(r0)+
   10b58:       90 1c 1b        movb $0x1c,$0x1b
   10b5b:       index $0x20,$0x0,Address 0x00010b5e is out of bounds.

>>154
Well that doesn't sound very good.

>>156
VAX?

>>156
Of course it'll disassemble to non-sense in a different architecture than intended was used. Fortunately, there are portable disassemblers for the architecture in question.

>>142
Doesn't Lunix have NX?