vxcute · March 20, 2021 12:15
diff --git a/wtf.c b/wtf.c
 // struct person will be somewhere in memory and aligned somehow and to access 
 // its variables u should access with address the computer don't know what person means 

 struct person{
    int age; 
    int wtf;
 }; 

 /* all of this code is translated to assembly instructions 

 assembly is not machine language bullshits 

 thats why we need assembler + linker 

 and these instructions will translated to their relvent opcodes 

 ex: 0:  b8 01 00 00 00          mov    eax,0x1     

 b8 is the opcode for mov eax 01 is the value stored in eax 

     main:
        push    rbp
        mov     rbp, rsp
        sub     rsp, 16
        mov     DWORD PTR [rbp-4], 5
        mov     DWORD PTR [rbp-8], 10
        mov     DWORD PTR [rbp-16], 10
        mov     DWORD PTR [rbp-12], 20
        mov     eax, 0
        call    wtf         this wtf is not the real thing computer doesn't know wtf is the assembler will replace this with the addresss of the function to be call <function_addr>
        mov     eax, 0
        leave
        ret
 wtf:
        push    rbp
        mov     rbp, rsp
        mov     eax, 1337
        pop     rbp
        ret
 
 rbp (base pointer) is used to create stack frame with rsp 
 
 ex:    
        00AFFCC4  7692FA29  return to kernel32.7692FA29 from ???            <- rsp 
        00AFFCC8  0095E000  
        00AFFCCC  7692FA10  kernel32.7692FA10
        00AFFCD0  00AFFD2C  "<ý¯"                                           <- rbp 
        
        random example but did u get it ?????           


        rbp-4 => first local variabl
        rbp-8 => second local varible 
        rbp+4 => return address
        rbp+8 => first function parameter
        
        stack grows to lower address so like this rsp was 00AFFCC8 when push this decrements the rsp so now rsp -> 00AFFCC4 
        
        rsp+4 => 00AFFCC8
        
        pop doesn't remove the value totally from the stack 
        
        it just removes the stack pointer from pointing to it 
          
        ex
        
                    00E3184E | 6A 02   | push 2        // rsp = address where 2 is at 
                    00E31850 | 58      | pop eax       // pop 2 to eax rsp now is rsp -= 4 or rsp = rsp-4
                    00E31851 | 83EC 04 | sub esp,4     // sub esp-4 to get to the value 2 again so its not lost right ?
           
        etc .. get it ?
 */

 int main()
 {
    int x = 5, y = 10; // variables just store data they are not named x, y in binary they have addresses that at it u can find their value
    struct person Person;
    Person.age= 10;     // rbp-16 age is 4 bytes 
    Person.wtf = 20;    // rbp-12 wtf is 4 bytes 12 + 4 => 16 
                        // 

    wtf();          // wtf is stored at a memory address its not named wtf in memory the computer just know addresses u shit 
    return 0; 
 }

 // function wtf will be at some address its not named wtf in the binary 

 int wtf(){
    return 1337; 
 }
	// struct person will be somewhere in memory and aligned somehow and to access
	// its variables u should access with address the computer don't know what person means

	struct person{
	int age;
	int wtf;
	};

	/* all of this code is translated to assembly instructions

	assembly is not machine language bullshits

	thats why we need assembler + linker

	and these instructions will translated to their relvent opcodes

	ex: 0: b8 01 00 00 00 mov eax,0x1

	b8 is the opcode for mov eax 01 is the value stored in eax

	main:
	push rbp
	mov rbp, rsp
	sub rsp, 16
	mov DWORD PTR [rbp-4], 5
	mov DWORD PTR [rbp-8], 10
	mov DWORD PTR [rbp-16], 10
	mov DWORD PTR [rbp-12], 20
	mov eax, 0
	call wtf this wtf is not the real thing computer doesn't know wtf is the assembler will replace this with the addresss of the function to be call <function_addr>
	mov eax, 0
	leave
	ret
	wtf:
	push rbp
	mov rbp, rsp
	mov eax, 1337
	pop rbp
	ret

	rbp (base pointer) is used to create stack frame with rsp

	ex:
	00AFFCC4 7692FA29 return to kernel32.7692FA29 from ??? <- rsp
	00AFFCC8 0095E000
	00AFFCCC 7692FA10 kernel32.7692FA10
	00AFFCD0 00AFFD2C "<ý¯" <- rbp

	random example but did u get it ?????


	rbp-4 => first local variabl
	rbp-8 => second local varible
	rbp+4 => return address
	rbp+8 => first function parameter

	stack grows to lower address so like this rsp was 00AFFCC8 when push this decrements the rsp so now rsp -> 00AFFCC4

	rsp+4 => 00AFFCC8

	pop doesn't remove the value totally from the stack

	it just removes the stack pointer from pointing to it

	ex

	00E3184E \| 6A 02 \| push 2 // rsp = address where 2 is at
	00E31850 \| 58 \| pop eax // pop 2 to eax rsp now is rsp -= 4 or rsp = rsp-4
	00E31851 \| 83EC 04 \| sub esp,4 // sub esp-4 to get to the value 2 again so its not lost right ?

	etc .. get it ?
	*/

	int main()
	{
	int x = 5, y = 10; // variables just store data they are not named x, y in binary they have addresses that at it u can find their value
	struct person Person;
	Person.age= 10; // rbp-16 age is 4 bytes
	Person.wtf = 20; // rbp-12 wtf is 4 bytes 12 + 4 => 16
	//

	wtf(); // wtf is stored at a memory address its not named wtf in memory the computer just know addresses u shit
	return 0;
	}

	// function wtf will be at some address its not named wtf in the binary

	int wtf(){
	return 1337;
	}