I am trying to interpret line-by-line what is this assembly code doing but I found myself really confused when presented with this jump table which is in assembly.This is taken from the textbook exercise question 3.63 but there is no explanation on it - hence why I am asking it here. The goal is to reverse engineer provided assembly listing and write C code which could generate it (feel switch statement body). Please help :(
The textbook is : Randal E. Bryant, David R. O’Hallaron - Computer Systems. A Programmer’s Perspective [3rd ed.] (2016, Pearson)
qn 3.63
long switch_prob(long x, long n) {
long result = x;
switch(n) {
/* Fill in code here */
}
return result;
}
I am not sure how to 'decode' it or how to know where it is pointing to.
0000000000400590 <switch_prob>:
400590: 48 83 ee 3c sub $0x3c,%rsi
400594: 48 83 fe 05 cmp $0x5,%rsi
400598: 77 29 ja 4005c3 <switch_prob+0x33>
40059a: ff 24 f5 f8 06 40 00 jmpq *0x4006f8(,%rsi,8)
4005a1: 48 8d 04 fd 00 00 00 lea 0x0(,%rdi,8),%rax
4005a8: 00
4005a9: c3 retq
4005aa: 48 89 f8 mov %rdi,%rax
4005ad: 48 c1 f8 03 sar $0x3,%rax
4005b1: c3 retq
4005b2: 48 89 f8 mov %rdi,%rax
4005b5: 48 c1 e0 04 shl $0x4,%rax
4005b9: 48 29 f8 sub %rdi,%rax
4005bc: 48 89 c7 mov %rax,%rdi
4005bf: 48 0f af ff imul %rdi,%rdi
4005c3: 48 8d 47 4b lea 0x4b(%rdi),%rax
4005c7: c3 retq
The jump table resides in a different area of memory. We can see from the indirect jump on line 5 that the jump table begins at address 0x4006f8. Using the GDB debugger, we can examine the six 8-byte words of memory comprising the jump table with the command x/6gx 0x4006f8. GDB prints the following:
(gdb) x/6gx 0x4006f8
0x4006f8: 0x00000000004005a1 0x00000000004005c3
0x400708: 0x00000000004005a1 0x00000000004005aa
0x400718: 0x00000000004005b2 0x00000000004005bf
I understand that this line 40059a: ff 24 f5 f8 06 40 00 jmpq *0x4006f8(,%rsi,8)
is jumping to the table but I am unsure about how to
1)interpret the jump table [what does each address correspond to, what does each of the 6 values
mean/hold]
2) reverse engineer it to get the different cases of the switch statement.
Any help is appreciated, thank you :)
There are apparently (5 or) 6 cases of consecutive values, and the omnipresent default.
The jump table contains one address per case, and you will find these addresses in your listing.
For example, 0x00000000004005a1 is the address of this part:
4005a1: 48 8d 04 fd 00 00 00 lea 0x0(,%rdi,8),%rax
4005a8: 00
4005a9: c3 retq
Because the second entry in the table points to the same address as the default (detected by cmp $0x5,%rsi and ja 4005c3 <switch_prob+0x33>), we can assume that this case is not explicitly listed. That's why it might be just 5 cases.
The subtracted value 0x3c might be the character '<' in ASCII. As well you might like to interpret it in decimal.
The interpretation of each branch of the switch is left as an exercise for you, as this seems to be homework.