Beginning Assembly, Part 2 The Assembling! Poorly Presented by Gleep

Dicks How does Dicks work? Zenity dependancy Pushes text params onto the stack Stores mem addresses of params in registers Calls execve to start Zenity and passes regs to Zenity with params for pop-up text box

Binary Coded Decimal Represents a decimal number by coding each digit in binary Unpacked BCD is one byte per digit Packed BCD is one byte per two digits

Floating Point Maths Floating point ops use special registers ST(0) thru ST(7)… 80 bit registers for data bit control register bit status register bit tag register to describe contents of data regs bit FIP register for next floating point op bit FDP FPU data pointer bit Opcode register

Floating Point Reg Ops The floating point registers act as a stack. ST(0) is top of stack. Fld src – loads 80 bit src onto FP stack Fst dst – moves top of FP stack into dst Info all will show all FP and SSE registers

Floating Point Maths ((55.24 / 31) + (83.11 * 2.4)) / ((14.35 * 9) – (251.5 / 77.62)) = OMGLOLWUT?!?!

Single Instruction Multiple Data Aka – MMX, SSE, 3DNow! MMX aliases the 8 FPU data regs as MM0-7 for 64 bit packed integers SSE includes 8 new 128 bit regs XMM0-7 for 128 bit packed integers and floating point data Useful for processing large amounts of data with one instruction

SIMD Continued MMX regs can store 8x8 bit byte ints, 4x16 bit word ints, or 2x32 bit double word ints Movq src, dst – where dst is %mm0-7 SSE regs can store 16x8 bit byte packed ints, 8x16 bit word packed ints, 4x32 bit double word packed ints, or 2x64 bit quad word ints Movdqu src, dst – moves unaligned data into %xmm0-7 Movdqa src, dst – moves aligned data. Using this with unaligned data will throw an error.

SIMD Continued This was supposed to be a meaningful slide but then I got bored with SIMD. Research it yourself if you need to code it in natively.

C structures in ASM For Loops If/Then While Switch

Using C Libraries in Asm When using C functions in asm, need to link in C libraries containing the functions Ld –dynamic-linker /lib/ld-linux.so.2 –o -lx - where x is /lib/libx.so /lib/ld-linux.so.2 is a dynamic loader -lc option would link to /lib/libc.so

Compiling Asm with GCC Gcc –o Automagically links everything Must change _start label to main

Unconditional Branching JMP – 3 types… Short, Near, Far – Equivalent of Goto: – Short JMP is less that 128 bytes – Far JMP is to another code segment – Near JMP is everything else – Takes one memory label as a parameter Call – Equivalent to function call in C – Call pushes EIP to stack – Call returns to main with the RET command

Unconditional Branching Cont’d Interrupt – Hardware – used for I/O functions – Software Used for accessing kernel functions In Linux, uses Interrupt 0x80 In Windows, uses Interrupt 0x21 Parameters in registers determine which function is being called with what parameters Ex: MOVL $1, %EAX – MOVL $0, %EBX – INT $0x80

Conditional JMPs JZ – JMP if ZF is set JNZ – JMP if ZF is not set JGE – JMP if equal or greater JLE - JMP if less than or equal There’s a bunch of em… use the Googles

Function : Ret Call Functions can be defined anywhere within asm file Return values can be returned in regs or global vars Can put functions in separate file, just add.globl statement after.type statement, and add function object file to linker statement

Function Prologue and Epilogue Prologue – Function: Pushl %ebp Movl %esp, %ebp Subl $8, %esp Epilogue Movl %ebp, %esp Popl %ebp Ret

Enter and Leave Enter #bytes – used to perform function call prologue Leave – used to perform function call epilogue

Main Process Stack Frame Base Main Process Variable 1 Main Process Return Address Main Process Old EBP Address New Function Variable 1 New Function Variable 2 EBP ESP Main Process executes Main Process calls New Function Call places RET addr on stack Prologue pushes EBP to stack Prologue sets EBP to ESP Prologue decrements ESP to make room for variables New Function loads variables New Function executes Epilogue sets ESP to EBP Epilogue pops old EBP from stack RET pops old RET address to EIP Main Process resumes

System Calls Can be found in /usr/include/asm/unistd.h Look up the needed input and return values in man 2 Can use strace to see background syscalls when running a program Strace –p will attach strace to a running process Use man 3 to see C function calls

Inline Assembly You can embed assembly within C programs Asm ( “code goes here”); Must enclose the code in quotes Can use the “volatile” keyword to tell compiler not to optimize it Must use \n newline char if embedding more than one command If coding ANSI C, use __asm__ instead Asm ( “movl $1, %eax\n\t” “movl $0, %ebx\n\t” “int $0x80”);

Calling Libraries If using asm libraries in C code, add the asm files onto compile statement Gcc –o testprog testprog.c func1.s func2.s Can also assemble code into object file then add the object file to gcc

Making Libraries Can create a static library using the Ar command to add object files into an archive Static library name syntax Libx.a Ar r libmyfunc.a func1.o func2.o func3.o Can see what is contained in a library using nm command Nm –s libmyfunc.a Compile by including the libx.a file on gcc command

Making shared libraries Shared library name syntax libx.so. Create shared library with –shared option on gcc Gcc –shared –o libmyfunc.so.1 func1.o func2.o func3.o To compile using shared library, in same dir as program file use –L. option Gcc –o testfunc –L. –lmyfunc testfunc.c

Using shared libraries The dynamic loader must know where to find any libraries needed for program function Change LD_LIBRARY_PATH environment variable Export LD_LIBRARY_PATH= “$LD_LIBRARY_PATH:.” Or change the /etc/ld.so.conf file After adding path to ld.so.conf, must run ldconfig as root