Today’s topics Parameter passing on the system stack Parameter passing on the system stack Register indirect and base-indexed addressing modes Register indirect and base-indexed addressing modes “Random” numbers “Random” numbers Intro to arrays Intro to arrays
CALL and RET Instructions The CALL instruction calls a procedure The CALL instruction calls a procedure Pushes the offset of the next instruction onto the stack Pushes the offset of the next instruction onto the stack copies the address of the called procedure into EIP copies the address of the called procedure into EIP The RET instruction returns from a procedure The RET instruction returns from a procedure pops top of stack into EIP pops top of stack into EIP
Nested procedure calls Any procedure might call another procedure Any procedure might call another procedure Return addresses are “stacked” (LIFO) Return addresses are “stacked” (LIFO) ret instructions must follow the order on the stack ret instructions must follow the order on the stack One very good reason not to jmp out of a procedure! One very good reason not to jmp out of a procedure! It is essential that the stack be properly aligned when the RET instruction is executed !! It is essential that the stack be properly aligned when the RET instruction is executed !!
Parameters Definitions: Definitions: Argument (actual parameter) is a value or reference passed to a procedure. Argument (actual parameter) is a value or reference passed to a procedure. Parameter (formal parameter) is a value or reference received by a procedure Parameter (formal parameter) is a value or reference received by a procedure
Register vs. Stack Parameters Register parameters require dedicating a register to each parameter. Register parameters require dedicating a register to each parameter. Stack parameters make better use of system resources Stack parameters make better use of system resources Example: Example: two ways of calling Summation procedure. two ways of calling Summation procedure. Method 1 (parameters in registers) : pushad ;save registers mov ebx,low mov ecx,high call Summation popad ;restore registers Method 2 (parameters on stack) : push low push high call Summation
Register vs. Stack Parameters Of course, methods of calling a procedure and passing parameters depend on the procedure implementation … and vice- versa. Of course, methods of calling a procedure and passing parameters depend on the procedure implementation … and vice- versa. some “setup” is involved (in the calling procedure) some “setup” is involved (in the calling procedure) some “bookkeeping” is involved (in the called procedure) some “bookkeeping” is involved (in the called procedure) Parameters in registers require register management Parameters in registers require register management Parameters on the system stack require stack management Parameters on the system stack require stack management
RET Instruction Pops stack into the instruction pointer (EIP) Pops stack into the instruction pointer (EIP) Transfers control to the target address. Transfers control to the target address. Syntax: Syntax: RET RET RET n RET n Optional operand n causes n to be added to the stack pointer after EIP is assigned a value. Optional operand n causes n to be added to the stack pointer after EIP is assigned a value. Equivalent to popping the return address and n additional bytes off the stack Equivalent to popping the return address and n additional bytes off the stack
Parameter Classifications An input parameter is data passed by a calling program to a procedure. An input parameter is data passed by a calling program to a procedure. The called procedure is not expected to modify the corresponding parameter variable, and even if it does, the modification is confined to the procedure itself. The called procedure is not expected to modify the corresponding parameter variable, and even if it does, the modification is confined to the procedure itself. An output parameter is created by passing the address of a variable when a procedure is called. The “address of” a variable is the same thing as a “pointer to” or a “reference to” the variable. In MASM, we use OFFSET. The procedure does not use any existing data from the variable, but it fills in new contents before it returns. An input-output parameter is the address of a variable which contains input that will be both used and modified by the procedure. The content is modified at the memory address passed by the calling procedure.
Stack Frame Also known as an activation record Also known as an activation record Area of the stack used for a procedure's return address, passed parameters, saved registers, and local variables Area of the stack used for a procedure's return address, passed parameters, saved registers, and local variables Created by the following steps: Created by the following steps: Calling program pushes arguments onto the stack and calls the procedure. Calling program pushes arguments onto the stack and calls the procedure. The called procedure pushes EBP onto the stack, and sets EBP to ESP. The called procedure pushes EBP onto the stack, and sets EBP to ESP.
Addressing modes Immediate Set register to a constant Immediate Set register to a constant Direct Set register to address of global Direct Set register to address of global Register Use register as operand Register Use register as operand Register indirect Access memory through address in a register Register indirect Access memory through address in a register Indexed “array” element, using offset in register Indexed “array” element, using offset in register Base-indexed Start address in one register; offset in another, add and access memory Base-indexed Start address in one register; offset in another, add and access memory Stack Memory area specified and maintained as a stack; stack pointer in register Stack Memory area specified and maintained as a stack; stack pointer in register Offset (branch) “ goto” address; may be computed Offset (branch) “ goto” address; may be computed
Register indirect mode [reg] means “contents of memory at the address in reg ” [reg] means “contents of memory at the address in reg ” It’s OK to add a constant (named or literal) It’s OK to add a constant (named or literal) Example:mov[edx+12], eax Example:mov[edx+12], eax We have used register indirect with esp to reference the value at the top of the system stack We have used register indirect with esp to reference the value at the top of the system stack NOTE:register indirect is a memory reference NOTE:register indirect is a memory reference There are no memory-memory instructions There are no memory-memory instructions E.G., mov[edx],[eax] is WRONG! E.G., mov[edx],[eax] is WRONG!
Explicit Access to Stack Parameters A procedure can explicitly access stack parameters using constant offsets from EBP. A procedure can explicitly access stack parameters using constant offsets from EBP. Example: [ebp + 8] Example: [ebp + 8] EBP is often called the base pointer or frame pointer because it is (should be) set to the base address of the stack frame. EBP is often called the base pointer or frame pointer because it is (should be) set to the base address of the stack frame. EBP does not change value during the procedure. EBP does not change value during the procedure. EBP must be restored to its original value when a procedure returns. EBP must be restored to its original value when a procedure returns.
Explicit Access to Stack Parameters Remember that the return address is pushed onto the stack after the parameters are pushed. Remember that the return address is pushed onto the stack after the parameters are pushed. Programmer is responsible for managing the stack. Programmer is responsible for managing the stack.
Stack Frame Example.data xDWORD175 yDWORD37 ZDWORD ?.code main PROC push x push y push OFFSET z call SumTwo... SYSTEMSTACK [ESP] Return address z [ESP+8]37 [ESP+12]175 means “address of”
Stack Frame Example SumTwo PROC push ebp mov ebp,esp mov eax,[ebp+16] ;175 in eax add eax,[ebp+12] ; = 212 in eax mov ebx,[ebp+8] in ebx mov [ebx],eax ;store 212 in z pop ebp ret 12 SumTwo ENDP SYSTEMSTACK [EBP] old EBP [EBP+4] Return address z [EBP+12]37 [EBP+16]175 means “address of”
Trouble-Shooting Tips Save and restore registers when they are modified by a procedure. Save and restore registers when they are modified by a procedure. Except a register that returns a function result Except a register that returns a function result Do not pass an immediate value to a procedure that expects a reference parameter. Dereferencing its address will likely cause a general-protection fault.
Random Numbers Irvine library has random integer generator Irvine library has random integer generator "pseudo-random" numbers "pseudo-random" numbers Randomize procedure Randomize procedure Initializes sequence based on system clock (random seed) Initializes sequence based on system clock (random seed) Call once at the beginning of the program Call once at the beginning of the program Without Randomize, program gets the same sequence every time it is executed. Without Randomize, program gets the same sequence every time it is executed.
Limiting random values RandomRange procedure RandomRange procedure Accepts N > 0 in eax Accepts N > 0 in eax Returns random integer in [0.. N-1] in eax Returns random integer in [0.. N-1] in eax To generate a random number in [lo.. hi]: To generate a random number in [lo.. hi]: Find number of integers possible in [lo.. hi] : range = hi – lo +1 Find number of integers possible in [lo.. hi] : range = hi – lo +1 Put range in eax, and call RandomRange Put range in eax, and call RandomRange Result in eax is in [0.. range -1] Result in eax is in [0.. range -1] Add lo to eax. Add lo to eax.
RandomRange Example Get a random integer in range [ ] Get a random integer in range [ ] moveax,hi;31 subeax,lo;31-18 = 13 inceax;14 callRandomRange;eax in [0..13] addeax,lo;eax in [18..31] Questions on random numbers? Questions on random numbers?
Arrays in MASM Declaration (in data segment) Declaration (in data segment) MAX_SIZE = 100.data listDWORDMAX_SIZEDUP(?) Defines an array of 100 uninitialized 32- bit integers Defines an array of 100 uninitialized 32- bit integers Array elements are in contiguous memory Array elements are in contiguous memory
Arrays in MASM Declaration Declaration MAX_SIZE = 100.data listDWORDMAX_SIZEDUP(?) countDWORD0 What happens (in HLL) if we reference list[100] ? What happens (in HLL) if we reference list[100] ? Compile-time error Compile-time error What happens in MASM if we go beyond the end of the array? What happens in MASM if we go beyond the end of the array? Not predictable Not predictable
Array address calculations Array declaration defines a name for the first element only Array declaration defines a name for the first element only HLLs reference it as list[0] HLLs reference it as list[0] All other elements are accessed by calculating the actual address All other elements are accessed by calculating the actual address General formula for array address calculation: General formula for array address calculation: address of list[k] = list + (k * sizeof element) address of list[k] = list + (k * sizeof element) Example: Example: address of 4 th element (list [3]) is address of list + (3 * sizeof DWORD) address of 4 th element (list [3]) is address of list + (3 * sizeof DWORD)
Array references in MASM Several methods Several methods indexed indexed base-indexed base-indexed others others
Addressing modes Immediate Set register to a constant Immediate Set register to a constant Direct Set register to address of global Direct Set register to address of global Register Use register as operand Register Use register as operand Register indirect Access memory through address in a register Register indirect Access memory through address in a register Indexed “array” element, using offset in register Indexed “array” element, using offset in register Base-indexed Start address in one register; offset in another, add and access memory Base-indexed Start address in one register; offset in another, add and access memory Stack Memory area specified and maintained as a stack; stack pointer in register Stack Memory area specified and maintained as a stack; stack pointer in register Offset (branch) “ goto” address; may be computed Offset (branch) “ goto” address; may be computed
Indexed addressing Array element, using offset in register Array element, using offset in register Examples: Examples: movedi,0;high-level notation movlist[edi],eax;list[0] addedi,4;see note below movlist[edi],ebx;list[1] This means "add the value in [ ] to address of list " This means "add the value in [ ] to address of list " Note: Add 4 because these array elements are DWORD Note: Add 4 because these array elements are DWORD if BYTE, add 1 if BYTE, add 1 if WORD, add 2 if WORD, add 2 if QWORD, add 8 if QWORD, add 8 etc. etc.
Base-indexed addressing Start address in one register; offset in another, then add the registers to access memory Start address in one register; offset in another, then add the registers to access memory Examples: Examples: movedx,OFFSET list movecx,12 moveax,[edx+ecx] movebx,4 moveax,[edx+ebx] mov[edx+ecx],eax
Processing Arrays in MASM Example: Display an array of integers Example: Display an array of integers Assumptions: Assumptions: Already initialized Already initialized Number of elements is stored in count Number of elements is stored in count Assume global declarations Assume global declarations Assume elements are DWORD (32-bit) Assume elements are DWORD (32-bit) Many possible solutions Many possible solutions
Display: version 0.1 (register indirect) displayPROC movesi,OFFSET movecx,count;ecx is loop control more: moveax,[esi];get current element callPrintDec callCrlf addesi,4;next element loopmore endMore:ret displayENDP
Display: version 0.2 (indexed) displayPROC movesi,0;esi is “index” movecx,count;ecx is loop control more: moveax,list[esi];get current elt. callPrintDec callCrlf addesi,4;next element loopmore endMore:ret displayENDP
Display: version 0.3 (base-indexed) displayPROC movebx,OFFSET movecx,count;ecx is loop control movedx,0;edx is element ptr more: moveax,[ebx+edx] callWriteDec callCrlf addedx,4 loopmore endMore:ret displayENDP
Questions?