{"id":17502614,"url":"https://github.com/cgsamp/c-disassembly","last_synced_at":"2026-04-05T23:35:52.827Z","repository":{"id":258269452,"uuid":"873729652","full_name":"cgsamp/c-disassembly","owner":"cgsamp","description":"Simple C program assembled on Debian and Macos, with deep dive into Assembly code","archived":false,"fork":false,"pushed_at":"2024-10-16T17:05:38.000Z","size":26,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-02T23:14:16.039Z","etag":null,"topics":["assembly-language","c","debian","decompiling","docker","gcc","macos"],"latest_commit_sha":null,"homepage":"","language":"Assembly","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cgsamp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-16T16:09:25.000Z","updated_at":"2024-10-16T18:40:51.000Z","dependencies_parsed_at":"2024-10-18T08:17:37.153Z","dependency_job_id":null,"html_url":"https://github.com/cgsamp/c-disassembly","commit_stats":null,"previous_names":["cgsamp/c-disassembly"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cgsamp%2Fc-disassembly","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cgsamp%2Fc-disassembly/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cgsamp%2Fc-disassembly/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cgsamp%2Fc-disassembly/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cgsamp","download_url":"https://codeload.github.com/cgsamp/c-disassembly/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246093104,"owners_count":20722395,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["assembly-language","c","debian","decompiling","docker","gcc","macos"],"created_at":"2024-10-19T21:14:15.606Z","updated_at":"2025-12-30T23:20:32.604Z","avatar_url":"https://github.com/cgsamp.png","language":"Assembly","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Diving into C and Assembly on Macos and Debian\n\nI was curious about how C compiles into Assembly and wanted to do some basic investigation.\n\n## The C Program\n\n[This program](factorial.c) was compiled on macos with **gcc** as well as Debian via a docker container. *gcc* on macos wraps **clang** so there are some differences.\n\n```\n#include \u003cstdio.h\u003e\n\nint main() {\n    printf(\"Hello from Factorial!\\n\");\n    int number = 10;\n    int total = 1;\n    for (int i=0; i \u003c number; i++) {\n        total = total * (i + 1);\n    }\n    printf(\"%d factorial is %d\\n\",number,total);\n    return 0;\n}\n```\n\nThe program just uses a for loop to calculate 10 factorial and print it out.\n\n## Macos\n\n### Compiling\n\nI can easily use\n```\ngcc factorial.c -o factorial_macos\n```\nto create an executable binary. \n\n### Executing\n\nSimple as\n```\n➜  ./factorial_macos\nHello from Factorial!\n10 factorial is 3628800\n```\n\n### Assembling\n\nI can also create the assembly with\n```\ngcc -S factorial.c factorial_macos.s\n```\n[factorial_macos.s](factorial_macos.s)\n\n### Deassembling\n\nI can also create a listing file, sort of, with \n```\nobjdump -d -h factorial_macos  \u003e factorial_macos.lst\n```\n[factorial_macos.lst](factorial_macos.lst)\n\n## Debian\n\n**gcc** on Debian is not wrapped, and can produce a more interesting listing file. To do that, I wanted to use a docker container to operate on my files somewhat locally.\n\n### Docker\n\nI have docker desktop installed and started, so the docker daemon is running. \n\n```\n➜  docker --version\nDocker version 20.10.10, build b485636\n```\n\nI am using a container provided by gcc [https://hub.docker.com/_/gcc](https://hub.docker.com/_/gcc). I can enter bash within the container, mounting my project directory to `code` with\n```\ndocker run -it -v /Users/csamp/projects/see:/code gcc:latest bash\n```\nor execute commands and exit with\n```\ndocker run --rm -t -v /Users/csamp/projects/see:/code -w /code gcc:latest [command with arguments]\n```\n### Compiling\n\nI can easily use\n```\ndocker run --rm -t -v /Users/csamp/projects/see:/code -w /code gcc:latest gcc factorial.c -o factorial_debian\n```\nto create an executable binary. \n\n### Executing\n\nThe structure of Debian executables is different than macos executables.\n```\n➜  docker run --rm -t -v /Users/csamp/projects/see:/code -w /code gcc:latest ./factorial_debian\nHello from Factorial!\n10 factorial is 3628800\n```\n\n### Assembling\n\nHere I again use **gcc** to create the assembly, but this one does not wrap another tool.\n```\ndocker run --rm -v /Users/csamp/projects/see:/code -w /code gcc:latest gcc -S factorial.c -o factorial_debian.s \n```\n[factorial_debian.s](factorial_debian.s)\n\n### Object file\n\nWhile I could let **gcc** compile and link the .c file into an executable, like on macos, I can also take the manual step of using **as** to create the object file. This .o file is machine code that can be viewed with a hex editor.\n```\ndocker run --rm -v /Users/csamp/projects/see:/code -w /code gcc:latest as -o factorial_debian.o factorial_debian.s\n```\n\n### Linking\n\nLinking takes the object file, combines it with other libraries on the target platform, such as the *printf* function, and makes the binary executable.\n\n```\ndocker run --rm -v /Users/csamp/projects/see:/code -w /code gcc:latest ld -o factorial_debian factorial_debian.o /lib/x86_64-linux-gnu/libc.so.6 -dynamic-linker /lib64/ld-linux-x86-64.so.2\n```\n\n### Deassembling / Listing\n\nWhile I can use **objdump** to disassemble the binary, I can get a better listing out of gcc on Debian:\n```\ndocker run --rm -t -v /Users/csamp/projects/see:/code -w /code gcc:latest gcc -g -Wa,-adhln -o factorial_debian factorial.c \u003e factorial_debian.lst \n```\n[factorial_debian.lst](factorial_debian.lst)\n\n## The Assembly\n\nHere I have removed some assembler directives and commented on each assembler instruction. See also [factorial_debian.s](factorial_debian.s) for this content.\n\n```\n\t.section\t.rodata\t\t# Program section for read-only data\n.LC0:\t\t\t\t\t# Storing a null-terminated string at memory location .LC0\n\t.string\t\"Hello from Factorial!\"\n.LC1:\t\t\t\t\t# Storing a null-terminated string at memory location .LC1\n\t.string\t\"%d factorial is %d\\n\"\n\n\t.text\t\t\t\t# Beginning the text of the program instructions\n\t.globl\t_start\t\t\t# Declares the symbol _start as externally accessible\n_start:\t\t\t\t\t# Sets _start to this stack location, which is the entrypoint\n\tpushq\t%rbp\t\t\t# Push the quadword (64-bit, 8-byte) current stack base pointer onto the stack.\n\tmovq\t%rsp, %rbp\t\t# Move the current stack pointer into the base pointer register\n\tsubq\t$16, %rsp\t\t# Subtract 16 bytes from the current stack pointer to make room for two 8-byte variables\n\tmovl\t$.LC0, %edi\t\t# Put the memory location referenced by .LC0 into edi register\n\tcall\tputs\t\t\t# Call function puts, put-string, that puts the string pointed at by the edi register to stdout\n\n\tmovl\t$10, -12(%rbp)\t\t# Put the value 10 into the memory location starting at 12 bytes below the stack base pointer\n\tmovl\t$1, -4(%rbp)\t\t# Put the value 1 into the memory location 4 bytes below the base stack pointer\n\tmovl\t$0, -8(%rbp)\t\t# Put the value 0 into the memory location 8 bytes below the base stack pointer\n\tjmp\t.L2\t\t\t# Move the instruction pointer to the memory location symbolized by .L2\n\n.L3:\t\t\t\t\t# Loop contents\n\tmovl\t-8(%rbp), %eax\t\t# Move the 4-byte long integer to at memory location 8 bytes below the stack pointer into register eax\n\tleal\t1(%eax), %edx\t\t# Uses the pointer arithmetic operator LEA, usually used to increment memory locations, to increment the value in eax. Memory locations are just integers this works.\n\tmovl\t-4(%rbp), %eax\t\t# Move the long value stored 4 bytes below the base stack pointer into the eax register\n\timull\t%edx, %eax\t\t# Multiplies the signed long value in edx by the signed long value in eax and stores the result in eax.\n\tmovl\t%eax, -4(%rbp)\t\t# Moves the value in eax to the location four bytes below the base pointer.\n\taddl\t$1, -8(%rbp)\t\t# Add one to the long value 8 bytes below the base pointer/\n\n.L2:\t\t\t\t\t# Loop test\n\tmovl\t-8(%rbp), %eax\t\t# Moves the long value 8 bytes below the base pointer into eax\n\tcmpl\t-12(%rbp), %eax \t# Compares long value 12 bytes below base pointer to the value in eax\n\tjl\t.L3\t\t\t# Jumps if less than; looks at the sign flag and overflow flag. Jumps to the loop contents.\n\n\tmovl\t-4(%rbp), %edx\t\t# Puts the long 4 below base pointer into edx\n\tmovl\t-12(%rbp), %eax\t\t# Puts the long value 12 below base pointer into eax\n\tmovl\t%eax, %esi\t\t# Puts the value of eax into esi\n\tmovl\t$.LC1, %edi\t\t# Puts the memory location symbolized by .LC1 into edi\n\tmovl\t$0, %eax\t\t# Puts 0 into eax\n\tcall\tprintf\t\t\t# Calls printf, which uses edi, edx and esi to do string substituion and print to stdout \n\n    movl    $60, %eax       \t\t# Syscall number for exit (60 on Linux)\n    xorq    %rdi, %rdi      \t\t# Exit code 0\n    syscall                 \t\t# Invoke system call to exit\n\n```\n\n## Wrap up\n\nI plan to do this on my M1 Mac and see what the ARM assembly looks like!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcgsamp%2Fc-disassembly","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcgsamp%2Fc-disassembly","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcgsamp%2Fc-disassembly/lists"}