Absolute call using register and offset from table

Question

I write the following program in NASM in order to practice offset, addressing, tables, etc.

t_addr:
        dw      rout1-@, rout2-@

@       equ     $
_start:
        mov     esi, rout1
        call    esi

        call    _start_reloc
_start_reloc:
        pop     ebp
        sub     ebp, _start_reloc-@

        xor     eax, eax
        add     eax, 1
        sal     eax, 1

        lea     esi, [ebp+t_addr-@]
        mov     ax, word [esi+eax]
        add     eax, ebp
        call    eax
        ret

rout1:
        mov     eax, 0
        ret

rout2:
        xor     eax, eax
        ret

Although the first two instructions after _start label run as they should and transfer control to rout1 function, when i try to access the rout2 function using the offset from the table, and while in the GDB i look the value of eax before the call eax instruction and contains the address of rout2 when performing the call i get segmentation fault and the EIP is loaded with 0x00000001. WHY???

p.s: i use linux 32-bit.

BlackBear BlackBear · Accepted Answer · 2011-03-16T12:24:20

the first problem I see is that when you enter _start_reloc you pop ebp. when that function ends and you ret, eip gets the value that's on the stack. normally that would be ebp, but since you popped it out now eip has a random value. instead of pop ebp try with mov ebp,[esp] or pop ebp then push ebp

Absolute call using register and offset from table

1 Answers