Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede x86 Assembly Registers and the Stack Nov 2009.

Slides:



Advertisements
Similar presentations
University of Washington Procedures and Stacks II The Hardware/Software Interface CSE351 Winter 2013.
Advertisements

Machine/Assembler Language Putting It All Together Noah Mendelsohn Tufts University Web:
Assembly Language for x86 Processors 6th Edition Chapter 5: Procedures (c) Pearson Education, All rights reserved. You may modify and copy this slide.
© 2006 Pearson Education, Upper Saddle River, NJ All Rights Reserved.Brey: The Intel Microprocessors, 7e Chapter 2 The Microprocessor and its Architecture.
PC hardware and x86 3/3/08 Frans Kaashoek MIT
1 ICS 51 Introductory Computer Organization Fall 2006 updated: Oct. 2, 2006.
1 Lecture 5: Procedures Assembly Language for Intel-Based Computers, 4th edition Kip R. Irvine.
1 Homework Reading –PAL, pp , Machine Projects –Finish mp2warmup Questions? –Start mp2 as soon as possible Labs –Continue labs with your.
ICS312 Set 3 Pentium Registers. Intel 8086 Family of Microprocessors All of the Intel chips from the 8086 to the latest pentium, have similar architectures.
September 22, 2014 Pengju (Jimmy) Jin Section E
Microprocessor Systems Design I Instructor: Dr. Michael Geiger Spring 2014 Lecture 4: x86 memory.
© 2006 Pearson Education, Upper Saddle River, NJ All Rights Reserved.Brey: The Intel Microprocessors, 7e Chapter 2 The Microprocessor and its Architecture.
CEG 320/520: Computer Organization and Assembly Language ProgrammingIntel Assembly 1 Intel IA-32 vs Motorola
6.828: PC hardware and x86 Frans Kaashoek
1 Carnegie Mellon Stacks : Introduction to Computer Systems Recitation 5: September 24, 2012 Joon-Sup Han Section F.
Ithaca College Machine-Level Programming IV: IA32 Procedures Comp 21000: Introduction to Computer Systems & Assembly Lang Spring 2013 * Modified slides.
64-Bit Architectures Topics 64-bit data New registers and instructions Calling conventions CS 105 “Tour of the Black Holes of Computing!”
Practical Session 4. Labels Definition - advanced label: (pseudo) instruction operands ; comment valid characters in labels are: letters, numbers, _,
INSTRUCTION SET AND ASSEMBLY LANGUAGE PROGRAMMING
The x86 Architecture Lecture 15 Fri, Mar 4, 2005.
1 ICS 51 Introductory Computer Organization Fall 2009.
UHD:CS2401: A. Berrached1 The Intel x86 Hardware Organization.
Carnegie Mellon 1 Odds and Ends Intro to x86-64 Memory Layout.
Chapter 2 Parts of a Computer System. 2.1 PC Hardware: Memory.
Carnegie Mellon 1 Machine-Level Programming I: Basics Lecture, Feb. 21, 2013 These slides are from website which accompanies the.
Functions/Methods in Assembly
Compiler Construction Code Generation Activation Records
X86 Assembly Language We will be using the nasm assembler (other assemblers: MASM, as, gas)
University of Amsterdam Computer Systems – the instruction set architecture Arnoud Visser 1 Computer Systems The instruction set architecture.
CS642: Computer Security X86 Review Process Layout, ISA, etc. Drew Davidson
Introduction to Intel IA-32 and IA-64 Instruction Set Architectures.
1 Assembly Language: Function Calls Jennifer Rexford.
Microprocessors CSE- 341 Dr. Jia Uddin Assistant Professor, CSE, BRAC University Dr. Jia Uddin, CSE, BRAC University.
The Microprocessor & Its Architecture A Course in Microprocessor Electrical Engineering Department Universitas 17 Agustus 1945 Jakarta.
Precept 7: Introduction to IA-32 Assembly Language Programming
Stack Operations Dr. Hadi AL Saadi.
CS 177 Computer Security Lecture 9
Assembly function call convention
Reading Condition Codes (Cont.)
Instruction Set Architecture
Computer Architecture and Assembly Language
Assembly language.
Credits and Disclaimers
C function call conventions and the stack
Computer Architecture and Assembly Language
Homework Reading Machine Projects Labs PAL, pp ,
Aaron Miller David Cohen Spring 2011
Homework In-line Assembly Code Machine Language
Basic Microprocessor Architecture
Assembly IA-32.
Assembly Language Programming V: In-line Assembly Code
Recitation: Attack Lab
Y86 Processor State Program Registers
Machine-Level Programming 4 Procedures
8086 Registers Module M14.2 Sections 9.2, 10.1.
CS-401 Computer Architecture & Assembly Language Programming
Introduction to Intel IA-32 and IA-64 Instruction Set Architectures
Assembly Language Programming II: C Compiler Calling Sequences
CS 301 Fall 2002 Computer Organization
MIPS Procedure Calls CSE 378 – Section 3.
The Microprocessor & Its Architecture
Week 2: Buffer Overflow Part 1.
Computer Architecture CST 250
X86 Assembly Review.
“Way easier than when we were students”
Credits and Disclaimers
Credits and Disclaimers
Computer Architecture and System Programming Laboratory
Computer Architecture and System Programming Laboratory
Presentation transcript:

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede x86 Assembly Registers and the Stack Nov 2009

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede x86 Registers 16-bit has 14 – General AX BX CX DX – Segment CS DS SS ES – Pointer SP BP – Array Indexing SI DI – FLAGS (single register) Carry Overflow … – Code IP 32-bit has 16 – General EAX EBX ECX EDX – Segment (16-bit) CS DS SS ES FS GS – Pointer ESP EBP – Array Indexing ESI EDI – EFLAGS (single register) Carry Overflow … – Code EIP 64-bit has 24 – General RAX RBX RCX RDX – Segment (16-bit) CS DS SS ES FS GS – Pointer RSP RBP – Array Indexing RSI RDI – RFLAGS (single) Carry Overflow … – Code EIP – Addt. General R8 R9 R10 R11 R12 R13 R14 R15

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede x86 Registers (Special) For all x86 processors Control Registers – CR0 – CR1 – CR2 – CR3 – CR4 Debug Registers – DR0 – DR1 – DR2 – DR3 – DR6 – DR7 Test Registers – TR4 – TR5 – TR6 – TR7 Descriptor Registers – GDTR – LDTR – IDTR Task Register – TR

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede x86 Registers (common use) EAX – accumulator EBX – base index (ex: arrays) ECX – counter EDX – data ESI – source index for string ops EDI – destination index for string ops EBP – stack base pointer (of stack frame) ESP – stack top pointer (current stack position) EIP – current code instruction pointer

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede x86 Registers (Caller and Callee) In relation to preserving register values: Caller (calling method saves) – eax – edx – ecx Callee (called method must preserve) – ebx – esi – edi – ebp – esp Must point to returned address in stack at end of method when returning

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede Memory  HIGH ADDR  LOW ADDR Memory allocation is configured so that the beginning of the stack is towards the very end of the allocated memory for the program at run time. The stack grows downwards in memory use. The heap grows upwards. The program code, constants, and predefined data are loaded in the lower memory at startup. Environment and command line arguments are at the top (end) of the memory. The x86 architecture is little endian.

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede Initial State  0x400 (1024)  0x0 (0) One possible memory layout. Free memory on the stack ending at 0x400 (address first 4 free bytes starting at 0x3FC). argc/argv/envp program args consume an unknown amount of memory until run time. TEXT, DATA consume a fixed block of memory. HEAP can grow as needed pending sufficient memory.  0x3FC (1020)  0x3F8 (1016)  0x3F4 (1012)  0x3F0 (1008)  0x3EC (1004)  …

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede Initial State (Registers) After the code has been loaded but before execution has begun our registers look like: RegisterValue (Hex) Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ ESP0x400 EIP0x0  0x400 (1024)  0x0 (0)  0x3FC (1020)  0x3F8 (1016)  0x3F4 (1012)  0x3F0 (1008)  0x3EC (1004)  …

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede Initial State (Registers) After the code has been loaded but before execution has begun our registers look like: RegisterValue (Hex) Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ ESP0x400 EIP0x0  0x400 (1024)  0x0 (0)  0x3FC (1020)  0x3F8 (1016)  0x3F4 (1012)  0x3F0 (1008)  0x3EC (1004)  … This garbled text is a reminder that the value is random data because it hasn’t been set to anything yet

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede Sample C Program // Note that envp is not standard to C but is allowed int main(const int argc, const char * argv[], const char * envp[]) { // argc is usually 1 or greater as argv[0] = pathname of program return argc; } Compile with: gcc -S program.c This will generate a program.s file which contains the assembly code

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede Sample GNU Assembly.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret These are used for debugging by debugger tools. They are optional. These are used for debugging by debugger tools. They are optional.

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret Indicates start of code section.

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret Indicates “_main” is a global label. Linker uses this label for startup. Indicates “_main” is a global label. Linker uses this label for startup.

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret Again for the debugger. Optional.

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret The “_main” label where the startup code beings.

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret Preserve previous stack frame. For main may seem redundant but good practice says have it and useful if program needs to provide an exit code at the end. Preserve previous stack frame. For main may seem redundant but good practice says have it and useful if program needs to provide an exit code at the end.

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret Set current stack pointer as base reference. Useful for addressing passed in arguments to method. Set current stack pointer as base reference. Useful for addressing passed in arguments to method.

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret Reserve 8 bytes on the stack Why? Reserve 8 bytes on the stack Why?

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret Reserve 8 bytes on the stack The space is for preparation for the __alloc and __main calls for C library setup Reserve 8 bytes on the stack The space is for preparation for the __alloc and __main calls for C library setup

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret Align the stack pointer with the next lowest 16-byte boundary by AND esp with 0xFFFFFFF0. Useful for SIMD instructions and faster floating point operations. Align the stack pointer with the next lowest 16-byte boundary by AND esp with 0xFFFFFFF0. Useful for SIMD instructions and faster floating point operations.

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret This whole section is preparation for C library setup for __alloca and __main. End result will have eax equal to … This whole section is preparation for C library setup for __alloca and __main. End result will have eax equal to …

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret Set eax to 0.

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret eax = eax + 15 eax = 15 eax = eax + 15 eax = 15

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret eax = eax + 15 eax = 30 eax = eax + 15 eax = 30

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret eax = eax >> 4 Logical shift right 4 30 = eax = eax = eax >> 4 Logical shift right 4 30 = eax =

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret eax = eax << 4 Arithmetic shift left 4 Before eax: = After eax: = eax = eax << 4 Arithmetic shift left 4 Before eax: = After eax: =

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret Set data in memory at offset ebp – 4 to the value of eax -4(%ebp) = 16 Set data in memory at offset ebp – 4 to the value of eax -4(%ebp) = 16

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret Set eax back to the same value in that memory location eax = 16 Set eax back to the same value in that memory location eax = 16

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret End result will have eax equal to 16 This is unoptimized code which is why it didn’t use a simple movl $16, %eax. Try gcc –O2 –S program.c as well. The value in eax can be used by the __alloca and __main calls made later. End result will have eax equal to 16 This is unoptimized code which is why it didn’t use a simple movl $16, %eax. Try gcc –O2 –S program.c as well. The value in eax can be used by the __alloca and __main calls made later.

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret Inserted by the GNU compiler to setup global constructors (see libgcc2.c).

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret Place the value of argc into register eax so it is returned as the exit code.

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret leave is the same as: mov %ebp, %esp pop %ebp It simply restores ebp to the previous frame it originally pointed to before entering the function. leave is the same as: mov %ebp, %esp pop %ebp It simply restores ebp to the previous frame it originally pointed to before entering the function.

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret leave is the same as: mov %ebp, %esp pop %ebp Move the stack pointer back to the start of the frame for this function. leave is the same as: mov %ebp, %esp pop %ebp Move the stack pointer back to the start of the frame for this function.

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret leave is the same as: mov %ebp, %esp pop %ebp Take the current value at the top of the stack frame, which is the original ebp we saved, and restore it to ebp. leave is the same as: mov %ebp, %esp pop %ebp Take the current value at the top of the stack frame, which is the original ebp we saved, and restore it to ebp.

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s.file“program.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret Pop the value at the top of the stack to get the return address and return. Note that the value in register eax is the return value for the method. Pop the value at the top of the stack to get the return address and return. Note that the value in register eax is the return value for the method.

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s – Stepping through.file“program.c".def___main;.scl.text.globl _main.def_main;.scl _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret  0x400  0x0 (0)  0x3FC  0x3F8  0x3F4  0x3F0  0x3EC  … RegisterValue (Hex) Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ ESP0x400 EIP0x0 Initial setup before code execution

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s – argc/argv/envp details.file“program.c".def___main;.scl.text.globl _main.def_main;.scl _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret RegisterValue (Hex) Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ ESP0x400 EIP0x0  ESP

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s – line by line.file“program.c".def___main;.scl.text.globl _main.def_main;.scl _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret  0x400  0x0 (0)  0x3FC (ESP)  0x3F8  0x3F4  0x3F0  0x3EC  … RegisterValue (Hex) Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ ESP0x3FC EIPinstr addr

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s – line by line.file“program.c".def___main;.scl.text.globl _main.def_main;.scl _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret  0x0 (0) RegisterValue (Hex) Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ EBP0x3FC ESP0x3FC EIPinstr addr  0x400  0x3FC (ESP)  0x3F8  0x3F4  0x3F0  0x3EC  …

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s – line by line.file“program.c".def___main;.scl.text.globl _main.def_main;.scl _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret  0x0 (0) RegisterValue (Hex) Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ EBP0x3FC ESP0x3F4 EIPinstr addr  0x400  0x3FC  0x3F8  0x3F4 (ESP)  0x3F0  0x3EC  …

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s – line by line.file“program.c".def___main;.scl.text.globl _main.def_main;.scl _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret  0x0 (0) RegisterValue (Hex) Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ EBP0x3FC ESP0x3F0 EIPinstr addr  0x400  0x3FC  0x3F8  0x3F4  0x3F0 (ESP)  0x3EC  …

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s – line by line.file“program.c".def___main;.scl.text.globl _main.def_main;.scl _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret  0x0 (0) RegisterValue (Hex) EAX0x000 Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ EBP0x3FC ESP0x3F0 EIPinstr addr  0x400  0x3FC  0x3F8  0x3F4  0x3F0 (ESP)  0x3EC  …

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s – line by line.file“program.c".def___main;.scl.text.globl _main.def_main;.scl _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret  0x0 (0) RegisterValue (Hex) EAX0x00F Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ EBP0x3FC ESP0x3F0 EIPinstr addr  0x400  0x3FC  0x3F8  0x3F4  0x3F0 (ESP)  0x3EC  …

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s – line by line.file“program.c".def___main;.scl.text.globl _main.def_main;.scl _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret  0x0 (0) RegisterValue (Hex) EAX0x01E Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ EBP0x3FC ESP0x3F0 EIPinstr addr  0x400  0x3FC  0x3F8  0x3F4  0x3F0 (ESP)  0x3EC  …

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s – line by line.file“program.c".def___main;.scl.text.globl _main.def_main;.scl _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret  0x0 (0) RegisterValue (Hex) EAX0x001 Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ EBP0x3FC ESP0x3F0 EIPinstr addr  0x400  0x3FC  0x3F8  0x3F4  0x3F0 (ESP)  0x3EC  …

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s – line by line.file“program.c".def___main;.scl.text.globl _main.def_main;.scl _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret  0x0 (0) RegisterValue (Hex) EAX0x010 Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ EBP0x3FC ESP0x3F0 EIPinstr addr  0x400  0x3FC  0x3F8  0x3F4  0x3F0 (ESP)  0x3EC  …

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s – line by line.file“program.c".def___main;.scl.text.globl _main.def_main;.scl _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret  0x0 (0) RegisterValue (Hex) EAX0x010 Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ EBP0x3FC ESP0x3F0 EIPinstr addr  0x400  0x3FC  0x3F8  0x3F4  0x3F0 (ESP)  0x3EC  …

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s – line by line.file“program.c".def___main;.scl.text.globl _main.def_main;.scl _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret  0x0 (0) RegisterValue (Hex) EAX0x010 Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ EBP0x3FC ESP0x3F0 EIPinstr addr  0x400  0x3FC  0x3F8  0x3F4  0x3F0 (ESP)  0x3EC  …

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s – line by line.file“program.c".def___main;.scl.text.globl _main.def_main;.scl _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret  0x0 (0) RegisterValue (Hex) EAX0x010 Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ EBP0x3FC ESP0x3F0 EIPinstr addr  0x400  0x3FC  0x3F8  0x3F4  0x3F0 (ESP)  0x3EC  … Register values may change based on library

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s – line by line.file“program.c".def___main;.scl.text.globl _main.def_main;.scl _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret  0x0 (0) RegisterValue (Hex) EAX0x010 Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ EBP0x3FC ESP0x3F0 EIPinstr addr  0x400  0x3FC  0x3F8  0x3F4  0x3F0 (ESP)  0x3EC  … Register values may change based on library

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s – line by line.file“program.c".def___main;.scl.text.globl _main.def_main;.scl _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret  0x0 (0) RegisterValue (Hex) EAX0x001 Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ EBP0x3FC ESP0x3F0 EIPinstr addr  … …  0x408  0x404  0x400  0x3FC  0x3F8  … Value of argc varies based on cmd line

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s – line by line.file“program.c".def___main;.scl.text.globl _main.def_main;.scl _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret  0x0 (0) RegisterValue (Hex) EAX0x001 Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ EBP0x3FC ESP0x3FC EIPinstr addr  … …  0x408  0x404  0x400  0x3FC  0x3F8  … mov %ebp, %esp

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s – line by line.file“program.c".def___main;.scl.text.globl _main.def_main;.scl _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret  0x0 (0) RegisterValue (Hex) EAX0x001 Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ EBPcaller’s ebp ESP0x400 EIPinstr addr  … …  0x408  0x404  0x400  0x3FC  0x3F8  … pop %ebp

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede program.s – line by line.file“program.c".def___main;.scl.text.globl _main.def_main;.scl _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax leave ret  0x0 (0) RegisterValue (Hex) EAX0x001 Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ Ω∆╟ EBPcaller’s ebp ESP0x404 EIPreturn addr  … …  0x408  0x404  0x400  0x3FC  0x3F8  …

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede Sample C Program # 2 int main(int argc, char *argv[ ]) { // argc is usually 1 or greater as argv[0] = pathname of program return argc++; } This time we are incrementing argc before returning it.

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede Sample GNU Assembly # 2.file"register_example_2.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax incl8(%ebp) leave ret

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede Sample # 2 - Differences.file"register_example_2.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax incl8(%ebp) leave ret Still storing the current value of argc (before increment) into eax so it will be the return value.

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede Sample # 2 - Differences.file"register_example_2.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main movl8(%ebp), %eax incl8(%ebp) leave ret This instruction increments the value of argc in memory (which isn’t returned).

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede Sample C Program # 3 int main(int argc, char *argv[ ]) { // argc is usually 1 or greater as argv[0] = pathname of program return ++argc; } This time we are incrementing argc before returning it.

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede Sample GNU Assembly # 3.file"register_example_3.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main incl8(%ebp) movl8(%ebp), %eax leave ret

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede Sample # 3 - Differences.file"register_example_3.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main incl8(%ebp) movl8(%ebp), %eax leave ret This instruction increments the value of argc in memory first.

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede Sample # 3 - Differences.file"register_example_3.c".def___main;.scl2;.type32;.endef.text.globl _main.def_main;.scl2;.type32;.endef _main: pushl%ebp movl%esp, %ebp subl$8, %esp andl$-16, %esp movl$0, %eax addl$15, %eax shrl$4, %eax sall$4, %eax movl%eax, -4(%ebp) movl-4(%ebp), %eax call__alloca call___main incl8(%ebp) movl8(%ebp), %eax leave ret This instructions sets eax to the newly modified value of argc. This incremented value will be returned. This instructions sets eax to the newly modified value of argc. This incremented value will be returned.

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede References ure ure wtopic= wtopic= gcc version - gcc (GCC) (mingw-vista special r3)

Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede Copyright x86 Assembly Registers and the Stack by Rodney Beede is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.Rodney BeedeCreative Commons Attribution-Share Alike 3.0 United States License Any slides you copy/modify into your own work must retain the following on each slide/page where the work appears: Derived from "x86 Assembly Registers and the Stack" by Rodney BeedeRodney Beede

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.