1 Homework Reading –Professional Assembly Language, pp 73-106 –Also, study website references: “Using gas” and “gas i386 Assembly Language Guide” Machine.

Slides:



Advertisements
Similar presentations
Assembly Language – 1.
Advertisements

Practical Malware Analysis
1 ARM Movement Instructions u MOV Rd, ; updates N, Z, C Rd = u MVN Rd, ; Rd = 0xF..F EOR.
INSTRUCTION SET ARCHITECTURES
1 Lecture 4: Procedure Calls Today’s topics:  Procedure calls  Large constants  The compilation process Reminder: Assignment 1 is due on Thursday.
SPARC Architecture & Assembly Language
What is a pointer? First of all, it is a variable, just like other variables you studied So it has type, storage etc. Difference: it can only store the.
ITCS 3181 Logic and Computer Systems 2015 B. Wilkinson slides3.ppt Modification date: March 16, Addressing Modes The methods used in machine instructions.
IT253: Computer Organization Lecture 6: Assembly Language and MIPS: Programming Tonga Institute of Higher Education.
1 COMS 361 Computer Organization Title: Instructions Date: 9/28/2004 Lecture Number: 10.
The Assembly Language Level
Inline Assembly Section 1: Recitation 7. In the early days of computing, most programs were written in assembly code. –Unmanageable because No type checking,
1 Homework Turn in HW2 at start of next class. Starting Chapter 2 K&R. Read ahead. HW3 is on line. –Due: class 9, but a lot to do! –You may want to get.
Chapter 3 Assembly Language: Part 1. Machine language program (in hex notation) from Chapter 2.
1 ICS 51 Introductory Computer Organization Fall 2006 updated: Oct. 2, 2006.
1 Homework Reading –PAL, pp , Machine Projects –Finish mp2warmup Questions? –Start mp2 as soon as possible Labs –Continue labs with your.
1 Programming & Programming Languages Overview l Machine operations and machine language. l Example of machine language. l Different types of processor.
1 Homework Reading –Professional Assembly Language, pp –Also, study website references: “Using gas” and “gas i386 Assembly Language Guide” Machine.
Chapter 2 Software Tools and Assembly Language Syntax.
ICS312 Set 4 Program Structure. Outline for a SMALL Model Program Note the quiz at the next lecture will be to reproduce this slide.MODEL SMALL.586 ;
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
Dr. José M. Reyes Álamo 1.  The 80x86 memory addressing modes provide flexible access to memory, allowing you to easily access ◦ Variables ◦ Arrays ◦
Chapter 3 Elements of Assembly Language. 3.1 Assembly Language Statements.
Buffer Overflows : An In-depth Analysis. Introduction Buffer overflows were understood as early as 1972 The legendary Morris Worm made use of a Buffer.
Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,
ITEC 352 Lecture 12 ISA(3). Review Buses Memory ALU Registers Process of compiling.
Assembly תרגול 5 תכנות באסמבלי. Assembly vs. Higher level languages There are NO variables’ type definitions.  All kinds of data are stored in the same.
Computer Architecture and Operating Systems CS 3230 :Assembly Section Lecture 3 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.
1 Homework Reading –PAL pp , Continue mp1 –Questions? Continue lab sessions with your section.
Smashing the Stack Overview The Stack Region Buffer Overflow
Assembly Language for x86 Processors 7th Edition Chapter 13: High-Level Language Interface (c) Pearson Education, All rights reserved. You may modify.
CPS4200 Unix Systems Programming Chapter 2. Programs, Processes and Threads A program is a prepared sequence of instructions to accomplish a defined task.
CNIT 127: Exploit Development Ch 1: Before you begin.
Big Endian vs. Little Endian Storage of Numeric Data Noah Mendelsohn Tufts University Web:
1 CS503: Operating Systems Spring 2014 Part 0: Program Structure Dongyan Xu Department of Computer Science Purdue University.
X86 Programming Memory Accessing Modes, Characters, and Strings Computer Architecture.
1 Lecture 6: Assembly Programs Today’s topics:  Large constants  The compilation process  A full example  Intro to the MARS simulator.
Arrays. Outline 1.(Introduction) Arrays An array is a contiguous block of list of data in memory. Each element of the list must be the same type and use.
C is a high level language (HLL)
Practical Session 8. Position Independent Code- self sufficiency of combining program Position Independent Code (PIC) program has everything it needs.
Analyzing C/C++ Vulnerabilities -- Mike Gerschefske.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2014.
CC410: System Programming Dr. Manal Helal – Fall 2014 – Lecture 4 - Assembler 1.
Variables Bryce Boe 2012/09/05 CS32, Summer 2012 B.
Homework Reading Lab with your assigned section starts next week
Assembly language.
ECE 3430 – Intro to Microcomputer Systems
Lecture 6: Assembly Programs
Assembly Lab 3.
Computer Architecture and Assembly Language
Homework Reading Machine Projects Labs PAL, pp ,
Additional Assembly Programming Concepts
Homework Reading Machine Projects Labs
Homework In-line Assembly Code Machine Language
Homework Reading Continue work on mp1
Assembly Language Programming V: In-line Assembly Code
BIC 10503: COMPUTER ARCHITECTURE
Chapter 7 LC-2 Assembly Language.
Assembly Language Programming I: Introduction
Assembly Language Programming II: C Compiler Calling Sequences
Homework Reading Machine Projects Labs PAL, pp
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2015.
CNT4704: Analysis of Computer Communication Network Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Fall 2011.
Chapter 7 Assembly Language
Comp Org & Assembly Lang
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2016.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2013.
Computer Architecture and Assembly Language
Week 5 Computers are like Old Testament gods; lots of rules and no mercy. Joseph Campbell.
Computer Architecture and System Programming Laboratory
Presentation transcript:

1 Homework Reading –Professional Assembly Language, pp –Also, study website references: “Using gas” and “gas i386 Assembly Language Guide” Machine Projects –Turn in mp1 tonight –Get mp2warmup/Do it for practice (no turn-in) –Start looking at mp2 Labs –Continue with labs in your assigned section

2 C versus Assembly Language C is called a “portable assembly language” –Allows low level operations on bits and bytes –Allows access to memory via use of pointers –Integrates well with assembly language functions Advantages over assembly code –Easier to read and understand source code –Requires fewer lines of code for same function –Doesn’t require knowledge of the hardware

3 C versus Assembly Language Good reasons for learning assembly language –It is a good way to learn how a processor works –In time-critical sections of code, it is possible to improve performance with assembly language –In writing a new operating system or in porting an existing system to a new machine, there are sections of code which must be written in assembly language such as the cpuid example in this lecture

4 Best of Both Worlds Integrating C and assembly code Convenient to let C do most of the work and integrate with assembly code where needed Make our gas routines callable from C –Use C compiler conventions for function calls –Preserve registers that C compiler expects saved

5 Instruction Four Field Format Label: –Can be referred to as a representation of the address –Usual practice is to place these on a line by themselves Mnemonic to specify the instruction and size –Makes it unnecessary to remember instruction code values Operand(s) on which the instruction operates (if any) –Zero, one, or two operands depending on the instruction Comment contains documentation –It begins with a # anywhere and goes to the end of the line –It is very important to comment assembly code well!!

6 Assembly Framework for a Function General form for a function in assembly is:.globl _mycode.text _mycode:... # comments ret.data mydata:.long 17 # comment.end

7 Assembler Directives Defining a label for external reference (call).globl _mycode Defining the code section of program (ROM).text Defining the static data section of program (RAM).data End of the Assembly Language.end

8 Assembler Directives for Sections These directives designate sections where we want our assembler output placed into memory –.text places the assembler output into program memory space (e.g. where PROM will be located) –.data places the assembler output into a static initialized memory space (e.g. where RAM will be located) –.bss allows assembler to set labels for uninitialized memory space (we won’t be using this section) –.section ignore/omit this directive with our assembler In builds, ld is given addresses for the sections

9 Assembler Directives Defining / initializing static storage locations: label1:.long 0x # 32 bits label2:.word 0x1234 # 16 bits label3:.byte 0x12 # 8 bits

10 Assembler Directives Defining / initializing a string label1:.ascii “Hello World\n\0” label2:.asciz “Hello World\n”

Defining Constant Values Constant definitions follow C conventions: $123# decimal constant $0x123# hex constant $‘a’# character constant $‘\n’# character escape sequence With the following exception: $‘\0’# assembles as ‘0’ instead of 0 # just use $0 to avoid problem

12 Symbolic Constant Names Allow use of symbols for numeric values –Perform same function as C preprocessor #define –Unfortunately not the same format as used in C preprocessor so can’t just include.h files to define symbols across combination of C/assembly code –Format is: SYMBOL = value –Example: NCASES = 8 movl $NCASES, %eax

13 Addressing Memory Direct addressing for memory –Gas allows use of hard coded memory addresses –Not recommended except for HW based addresses –Examples:.text movb %al, 0x1234 movb 0x1234, %dl...

14 Addressing Memory Direct addressing for memory –Gas allows use of a label for memory address –Examples:.text movb %al, total movb total, %dl....data total:.byte0

15 Addressing Memory Indirect - like *pointer in C –Defined as using a register as the address of the memory location to access in an instruction movl $0x1234, %ebp movb (%ebp), %al %ebp Memory 0x %al One byte

16 Addressing Memory Indirect with Offset - like *(pointer+4 ) in C –May also be done with a fixed offset, e.g. 4 movl $0x1234, %ebp movb 4(%ebp), %al %ebp Memory 0x %al One byte + 4

17 Through the Looking Glass, by Lewis Carroll "The name of the song is called 'Haddocks' Eyes.’” "Oh, that's the name of the song, is it?" Alice said trying to feel interested. "No, you don't understand," the Knight said, looking a little vexed. "That's what the name is called. The name really is 'The Aged Aged Man.'" "Then I ought to have said 'That's what the song is called'?" Alice corrected herself. "No, you oughtn't: that's quite another thing! The song is called 'Ways and Means': but that's only what it's called, you know!" "Well, what is the song, then?" said Alice, who was by this time completely bewildered. "I was coming to that," the Knight said. "The song really is ‘A-sitting On A Gate': and the tune's my own invention.“

Through the Looking Glass Lewis Carroll in C code 18 Defining an array and initializing a pointer to it: char WaysandMeans[100]; // At address TheAgedAgedMan strcpy (WaysandMeans, “A Sitting on a Gate”); char *HaddocksEyes = WaysandMeans; // TheAgedAgedMan Dereferencing the pointer: printf(“%s\n”, HaddocksEyes); Prints what? WaysandMeans HaddocksEyes “A Sitting on a Gate” TheAgedAgedMan which is the &WaysandMeans

Through the Looking Glass Lewis Carroll in i386 Assembly 19 Defining an array and initializing a pointer to it:.data WaysandMeans:.asciz “A Sitting on A Gate” HaddocksEyes:.long 0 # pointer to WayandMeans.text movl $WaysandMeans, HaddocksEyes Dereferencing the pointer: movl HaddocksEyes, %edx movb (%edx), %al # put first char in %al WaysandMeans HaddocksEyes “A Sitting on a Gate” TheAgedAgedMan which is the &WaysandMeans

20 Addressing Memory Memory-memory addressing restrictions –Why can’t we write instructions such as these? movlfirst, second # direct movl (%eax), (%ebx) # indirect –Intel instruction set does not support instructions to move a value from memory to memory! Must always use a register as an intermediate location for the value being moved, e.g. movl first, %eax # direct from mem movl %eax, second# direct to mem

21 Integrating C and Assembly Pick up the makefile from $pcbook Always read the makefile for a program first! The makefile in $pcbook expects a “matched pair” –C driver filename is mycodec.c –Assembly filename is mycode.s The make file uses macro substitutions for input: –The format of the make command is: make A=mycode Note: Examples are located in: ~bobw/cs341/examples/lecture06

22 Example: Function cpuid C “driver” in file cpuidc.c to execute code in cpuid.s /* cpuidc.c - C driver to test cpuid function * bob wilson - 1/15/2012 */ #include extern char *cpuid(); /* our.s file is external*/ int main(int argc, char **argv) { printf("The cpu ID is: %s\n", cpuid()); return 0; }

23 Example: Function cpuid Assembly code for function in file cpuid.s # cpuid.s C callable function to get cpu ID value.data buffer:.asciz "Overwritten!" # overwritten later.text.globl _cpuid _cpuid: movl $0,%eax # zero to get Vendor ID cpuid # get it movl $buffer, %eax # point to string buffer movl %ebx, (%eax) # move four chars movl %edx, 4(%eax) # move four chars movl %ecx, 8(%eax) # move four chars ret # string pointer is in %eax.end

24 Self Modifying Code  Our assembler does not actually support cpuid instruction, so I made the code self-modifying:... _cpuid: movb $0x0f, cpuid1 # patch in the cpuid first byte movb $0xa2, cpuid2 # patch in the cpuid second byte movl $0,%eax # input to cpuid for ID value cpuid1: # hex for cpuid instruction here nop # 0x0f replaces 0x90 cpuid2: nop # 0xa2 replaces 0x90...

25 Self Modifying Code  Obviously, the self modifying code I used for this demonstration would not work if: –The code is physically located in PROM/ROM –There is an O/S like UNIX/Linux that protects the code space from being modified (A problem that we avoid using Tutor on our SAPC’s) Try justifying the “kludge” in the next slide to the maintenance programmer!!

Self Modifying Code in C  int main(int argc, char **args) { char function [100]; // array to hold the machine code bytes of the function // I put machine code instructions byte by byte into the function array: // Instruction 1: movl the &function[6] to the %eax (for return value) // Instruction 2: the machine code for a ret instruction (0xc3) // Following the ret instruction, I put the bytes of the string “Hello World” // with a null terminator into the array starting at function[6] function[0] = 0xb8; // op code for movl immediate data to %eax function[1] = (int) &function[6] & 0xff; // immediate data field function[2] = (int) &function[6] >> 8 & 0xff; // little endian format function[3] = (int) &function[6] >> 16 & 0xff; // four bytes for the function[4] = (int) &function[6] >> 24 & 0xff; // address of the string function[5] = 0xc3; // op code for ret function[6] = 'H'; // string whose address is returned is stored here... // rest of characters in string omitted for clarity function[17] = 0; // null terminator for the string // execute the function whose address is the array printf("%s\n", (* (char * (*)()) function) ()); return 0; } 26