int main() // program entry point; this is the main function where program execution begins { printf(“begin\n”); // print “begin” followed by a newline; this calls printf to output the string goto exit; // jump to the label ‘exit’; this performs an unconditional jump to the specified label printf(“skip me!\n”); // print “skip me!” followed by a newline; this call is skipped due to the goto exit: // label for the jump target; this is the point where execution jumps to printf(“end\n”); // print “end” followed by a newline; this calls printf to output the string };

1
<p>
2
And this is what came out with MSVC 2012:
3
</p>
4
<p>
5
Listing 1.107: MSVC 2012
6
</p>
7
```assembly
8
$SG2934 DB 'begin', 0aH, 00H ; define string "begin\n" in data segment; this allocates a null-terminated string
9
$SG2936 DB 'skip me!', 0aH, 00H ; define string "skip me!\n" in data segment; this allocates a null-terminated string
10
$SG2937 DB 'end', 0aH, 00H ; define string "end\n" in data segment; this allocates a null-terminated string
11
_main PROC ; start of main procedure
12
    push ebp ; push EBP onto stack; save base pointer
13
    mov ebp, esp ; move ESP to EBP; set up base pointer
14
    push OFFSET $SG2934 ; 'begin' ; push address of "begin\n" onto stack
15
    call _printf ; call printf function
16
    add esp, 4 ; add 4 to ESP; clean up stack after call
17
    jmp SHORT $exit$3 ; jump to label $exit$3; unconditional jump
18
    push OFFSET $SG2936 ; 'skip me!' ; push address of "skip me!\n" (skipped code)
19
    call _printf ; call printf (skipped)
20
    add esp, 4 ; clean up stack (skipped)
21
$exit$3: ; label for jump target
22
    push OFFSET $SG2937 ; 'end' ; push address of "end\n"
23
    call _printf ; call printf
24
    add esp, 4 ; clean up stack
25
    xor eax, eax ; XOR EAX with itself; set EAX to 0 (return value)
26
    pop ebp ; pop EBP; restore base pointer
27
    ret 0 ; return from function with 0
28
_main ENDP ; end of main procedure

The goto instruction was simply transformed into a JMP instruction, which has the same effect:

An unconditional jump to another place.

The second printf() cannot be executed except by human intervention, either using a debugger or by patching the code

And this can be a simple and useful exercise in patching.

We open the resulting executable in x32dbg (he did it on Hiew but I will do it on x32dbg)

First, we compile the C code with this command:

And run the exe file on x32dbg and go to main and set Breakpoint at the beginning of Main

The instruction that jmp 0x001071FF which is this

This is supposed to go to the function that goes to Exit

Now we will try to cancel the jmp operation so that it prints what's after it without going to Exit

And we will do this in two ways:

1. We change the Assembly from jmp 0x001071FF to NOP by selecting it and pressing Space and changing it to Nop like this

And it will run the program normally and output like this

2. We change the Hex value and we do as follows:

We select the jmp instruction then Right Click then Follow in dump then Selected Address

Then we see the value in Hex it will be like this

We change the value 07 to 00 which is the same as nop exactly

And we start doing F8 until ret

1.17.1 Dead code

The second printf() call is also called “dead code” in compiler terms.

And this means that this code will never be executed.

That's why, when you compile this example with optimizations enabled,

The compiler removes the dead code, and leaves no trace of it:

Listing 1.109: Optimizing MSVC 2012

But, the compiler forgot to remove the string "skip me!"