How can I determine if a binary file with pointers to the framework is compiled or not on Linux?

Zan / Wings:

Compiling some simple things with / without framepointer optimization and using diff -u on disassembled output gives some tips:

 $ diff -u with* --- with-fp 2011-03-23 09:49:29.366277002 +0000 +++ without-fp 2011-03-23 09:49:35.046277002 +0000 @@ -5,14 +5,12 @@ Disassembly of section .text: 00000000 <func>: - 0: 55 push %ebp + 0: 53 push %ebx 1: 31 c0 xor %eax,%eax - 3: 89 e5 mov %esp,%ebp - 5: 53 push %ebx - 6: 81 ec 00 04 00 00 sub $0x400,%esp - c: 8b 4d 08 mov 0x8(%ebp),%ecx - f: 8d 9d fc fb ff ff lea -0x404(%ebp),%ebx - 15: 8d 76 00 lea 0x0(%esi),%esi + 3: 81 ec 00 04 00 00 sub $0x400,%esp + 9: 8b 8c 24 08 04 00 00 mov 0x408(%esp),%ecx + 10: 89 e3 mov %esp,%ebx + 12: 8d b6 00 00 00 00 lea 0x0(%esi),%esi 18: 8b 14 81 mov (%ecx,%eax,4),%edx 1b: 89 14 83 mov %edx,(%ebx,%eax,4) 1e: 83 c0 01 add $0x1,%eax @@ -28,5 +26,4 @@ 3e: 75 f0 jne 30 <func+0x30> 40: 81 c4 00 04 00 00 add $0x400,%esp 46: 5b pop %ebx - 47: 5d pop %ebp - 48: c3 ret + 47: c3 ret 

You see several kinds of changes:

• Code with frame parameters will always contain both push %ebp and mov %esp, %ebp .
  Framepointer-less code may (not in the case shown, because it does not use the %ebp for anything) have push %ebp , but will not have mov %esp, %ebp alone, since there is no need to initialize the frameinter.
• Code with framepointers refers to the arguments on the stack relative to the frameinter, for example mov 0x8(%ebp), %ecx in the case shown.
  The Framepointer-less code does this relative to the stack pointer, with an additional function frame size offset, for example mov 0x408(%esp), %ecx .
  The same can be said about local variables, in the code shown, which is lea -0x404(%ebp), %ebx for the frameepointer usage code vs. mov %esp, %ebx (may have been lea 0x0(%esp), %ebx ) for code without framepointers.
• There are probably some changes in the distribution of the registers between them, especially if the code becomes complex enough to use the %ebp for a local variable (the example shown does not show this)

Compiler optimization levels have some influence on how the generated code looks, but the specific elements mentioned ( mov %esp, %ebp and the use of %ebp relational addressing for arguments / local variables) are always found only in code that uses framepointers and is missing. if you compiled with -fomit-frame-pointer .