Introduction to Assembly Abed Asi Extended System Programming Laboratory (ESPL) CS BGU Fall 2014/2015

2 When ?TopicLecture October 26, 2014 Introduction to C Programming in Unix Environment - I 1 November 2, 2014 Introduction to C Programming in Unix Environment - II 2 November 9, 2014Introduction to Assembly3 November 16, 2014Functions and System Calls (Assembly)4 Midterm A (December 8, :00) December 7, 2014Unix Processes5 December 14, 2014Programs Execution6 December 28, 2014Introduction to script languages (Python) + ELF 7 January 4, 2014Web programming8 Midterm B (January 19, 2015)

Abed Asi - ESPL 3 Courtesy: Guide to Assembly Language Programming in Linux, Sivarama P. Dandamudi, 2005Sivarama P. Dandamudi

 Low-level programming language  Influenced by:  The architecture of the processor  The instruction set  Two basic types of processors  CISC (Complex Instruction Set Computers)  RISC (Reduced Instruction Set Computers)  Pentium is an example of a CISC processor  Assembler translates assembly to machine code  NASM is a popular assembler for Pentium processors Abed Asi - ESPL 4

 Program development is faster  Programs are easier to maintain  Programs are portable Abed Asi - ESPL 5 so, why to program in the Assembly language ?

 Efficiency  Time efficiency  Space efficiency  Direct hardware control Abed Asi - ESPL 6  Programmer productivity ?  Write code  Debug

 Educational purposes  Practical purposes (embedded systems)  Cracking Abed Asi - ESPL 7 Personal Satisfaction

 IA – 32 architecture  Registers  Fetch-decode-execute cycle  Data Allocation  Addressing Modes  Registers  Immediate  Direct  Indirect  Logical and Arithmetic instructions Abed Asi - ESPL 8

 A processor acts as a controller  Executing the following cycle forever:  Fetch an instruction from the memory  Decode the instruction  Execute the instruction Abed Asi - ESPL 9

10  Pentium has bit and 6 16-bit registers  Registers are grouped into:  General registers  Control registers  Segment registers  General registers  Data registers  Pointer registers  Index registers

 Data registers  Four 32-bit registers (EAX, EBX, ECX,EDX)  Four 16-bit registers (AX, BX, CX, DX)  Eight 8-bit registers (AH,AL,BL,BH,CL,CH,DL,DH)  Data registers can be used in arithmetic and logical instructions  Special functions for specific instructions  EAX – Accumulator (mul)  ECX – Counter (loop) Abed Asi - ESPL 11

 String Registers (could be used as general-purpose)  ESI  EDI  Pointer Registers (could be used as general-purpose)  Mainly used to maintain the stack  ESP  EBP Abed Asi - ESPL 12

 Instruction Pointer (EIP)  Tracks the next instr.  Updated once an instr. is executed, jump, etc.  Flag register  Affected by logical and arithmetic inst.  Affects conditional jump operations Abed Asi - ESPL 13

 It’s meaning is independent from any other bit  OF— The Overflow flag is set when the result of an operation becomes too large to fit in the operand it originally occupied.  SF— The Sign flag becomes set when the result of an operation forces the operand to become negative.  ZF— The Zero flag becomes set when the results of an operation become zero  CF— The Carry Flag becomes set when an arithmetic or shift operation "carries out" a bit from the operand Abed Asi - ESPL 14

 A program is logically divided into two segments:  Code segment (CS)  Data segment (DS)  The SS register points to the program’s stack segment Abed Asi - ESPL 15

 The classes of statements  Executable  Directive/pesudo-instructions - constants and more  Macros – naming a group of statements  All three classes use the same format  [label] mnemonic [operands] [;comment]  Fields in [ ] are optional  Examples  repeat: inc result ;executable  CR: EQU 0DH ; directive Abed Asi - ESPL 16

 Storage allocation statement  variable-name define-directive initial-value [,initial-value], …  Define directive takes one of this basic forms  DBDefine Byte; allocates 1 byte  DWDefine Word;allocates 2 bytes  DDDefine Doubleword;allocates 4 bytes  DQDefine Quadword;allocates 8 bytes  DTDefine Ten Bytes;allocates 10 bytes  Examples … Abed Asi - ESPL 17

Abed Asi - ESPL 18  sorted DB ‘y’  sorted DB ‘79H’  sorted DB B  Allocate two bytes of contiguous storage and initialized it to  value DW  automatically converted to its 16-bit hex. equivalent (6247H)  address: x x sorted DB ‘y’ Pentium uses little-endian

 A string  messageDB‘H’ DB‘E’ DB‘L’ DB‘L’ DB‘O’  more compactly: message DB ‘HELLO’ Abed Asi - ESPL 19  Array with 8 elements  messageDW0 DW 0 DW 0 DW 0 DW 0  can be abbreviated: marks DW 0,0,0,0,0 marks TIMES 8 DW 0

 Reserve space for uninitialized data  Reserve directives  RESBReserve a byte  RESWReserve a Word  RESDReserve a Doubleword  RESQReserve a Quadword  RESTReserve Ten bytes  response RESB1  buffer RESW100  total RESD1 Abed Asi - ESPL 20

 Assembly language instructions require operands  Possible locations of the operands (addressing mode):  in a register internal to the processor  in the instruction itself  in the main memory (usually in the data segment)  mov instruction  copies the content of the source register into the dest. register  syntax: mov destination, source ; example: mov EAX, EBX  works with 32-bit, 16-bit and 8-bit registers  memory-to-memory transfer is not supported! Abed Asi - ESPL 21

 Using processor’s internal registers  Very efficient. Why ? mov EAX, EBX mov BX, CX mov AL, CL Abed Asi - ESPL 22

 Data is part of the instruction  Data is located in the code segment not in the data segment  The immediate data is always a constant mov AL, 75 Abed Asi - ESPL 23

responseDB ‘Y’ ;allocates a byte, initializes to Y table1TIMES 20 DD 0 ;allocates 80 bytes, initializes to 0 name1DB‘Jim Ray’ ; 7 bytes Abed Asi - ESPL 24 movAL, [response] ; copies Y into AL register mov[response], ‘N’ ; N is written into response mov[name1], ‘K’ ; writes K as the first character of name1 move[table1],56 ; 56 is written in the first element – table1[0] = 56  mov EBX, table1 VS. mov EBX, [table1]  what is the difference ? one memory reference per instruction

 How to access second element of table1 ?  This mode is required for variable with several elements movEBX, table1 mov[EBX], 100 ;table[0] = 100 addEBX, 4; EBX = EBX + 4 mov[EBX], 99; table[1] = 99  lea EBX,[table1+ESI] Abed Asi - ESPL 25

 Moving immediate value into memory sometimes causes ambiguity mov EBX, table1 // table1 TIMES 20 DD 0 mov ESI, name1 // name1 DB‘Jim Ray’ mov [EBX], 100 mov [ESI], 100  Word equivalent of 100 ? maybe a byte equivalent of 100 ?  Clarify this by using a type specifier movDWORD [EBX], 100  mov [EBX], DWORD 100 mov BYTE [EBX], 100  mov [EBX], BYTE 100 Abed Asi - ESPL 26

Abed Asi - ESPL 27 Bytes addressedType Specifier 1BYTE 2WORD 4DWORD 8QWORD 10TBYTE

 increment/decrement the operand by 1  The operand can be either in register or in memory inc destination ;might be 8-, 16-, 32-bit dec destination ;might be 8-, 16-, 32-bit Abed Asi - ESPL 28

 Used to add 8-, 16-, 32-bit operands add destination, source ;dest = dest + source  inc EAX is preffered to add EAX,1  Less memory, same speed Abed Asi - ESPL 29

 SUB used to subtract 8-, 16-, 32-bit operands sub destination, source ;dest = dest - source  CMP compares two operands (equal, not equal,..)  CMP behavior is similar to SUB except that the result is not saved  So, how can we retrieve the comparison result ?  CMP is typically used with a conditional JUMP inst. Abed Asi - ESPL 30

 Jump if the specified condition is satisfied j label ;identifies the condition  The condition being tested is the result of the last arithmetic or logic operation read_char: movDL,0... (code for reading a character into AL)... cmpAL,0DH ;compares the character to CR jeCR_received ; if equal, jump to CR_received incCL ;otherwise, increment CL and jmpread_char ; go back to read another char. CR_received: movDL, AL Abed Asi - ESPL 31 but, the CMP doesn’t save the result, so what really happens ?!!

Abed Asi - ESPL 32 MeaningMnemonic jump if equal jump if zero je jz jump if not equal jump if not zero jne jnz jump if greater jump if not less of equal jg jnle jump if greater or equal jump if not less jge jnl jump if less jump if not greater or equal jl jnge jump if less or equal jump if not greater jle jng jump if carry (i.e. if CF = 1)jc

mov EAX, 1 inc_again: inc EAX jmp inc_again mov EBX, EAX …  When to stop ? Abed Asi - ESPL 33

 Two multiplication instr. : mul and imul mul source  The source operand can be in a register or in memory  Immediate operands are not allowed  Where is the second operand ? Abed Asi - ESPL 34

 Two Division instr. : div and idiv div source  The source operand is the divisor Abed Asi - ESPL 35

mov CL,50 repeat1: dec CL jnz repeat1... Abed Asi - ESPL 36 mov ECX,50 repeat1: loop repeat1...

anddestination, source ordestination, source xordestination, source notdestination, source testdestination, source... and AL, 01H jebit_is_zero jmpskip1 bit_is_zero: skip1: Abed Asi - ESPL 37

 Shift  SHL  SHR  Rotate  ROL  ROR Abed Asi - ESPL 38

; Data section begins section.data var1 dd 40 var2 dd 20 var3 dd 30 section.text global _start _start: mov ecx, [var1] cmp ecx, [var2] jg check_third_var mov ecx, [var2] check_third_var: cmp ecx, [var3] jg _exit mov ecx, [var3] _exit: mov ebx, ecx mov eax, 1 int 80h Abed Asi - ESPL 39

section.text global _start ;must be declared for linker (ld) section.data msg db 'Hello world!',0xa ;our dear string len equ $ - msg ;length of our dear string _start: ;tell linker entry point mov edx,len ;message length mov ecx,msg ;message to write mov ebx,1 ;file descriptor (stdout) mov eax,4 ;system call number (sys_write) int 0x80 ;call kernel mov eax,1 ;system call number (sys_exit) int 0x80 ;call kernel Abed Asi - ESPL 40