Practical Session 2
Flags Register (Status Register) A flag is a single bit of information whose meaning is independent from any other bit Each flag has a two-letter symbol
CF - Carry Flag 1.If the result of an arithmetic or shift operation "carries out" a bit from the operand, CF becomes set = CF = 1 2.The carry (borrow) flag is also set if the subtraction of two numbers requires a borrow into MSB subtracted = CF = 1 In unsigned arithmetic, watch the carry flag to detect errors. In signed arithmetic, the carry flag tells you nothing interesting = unsigned arithmetic => = 255 (decimal) => got the wrong answer signed arithmetic => = -1 (decimal) => got right answer, do not care about value of CF
OF – Overflow Flag 1.If the sum of two numbers with the sign bits off yields a result number with the sign bit on, the "overflow" flag is turned on = 1000 OF = 1 2.If the sum of two numbers with the sign bits on yields a result number with the sign bit off, the "overflow" flag is turned on = 0000 OF = 1 3.Otherwise, the overflow flag is turned off = 0101 OF = = 1111 OF = = 1001 OF = = 1000 OF = 0 In signed arithmetic, overflow flag on means the answer is wrong - you added two positive numbers and got a negative, or you added two negative numbers and got a positive. In unsigned arithmetic, the overflow flag tells you nothing interesting.
ZF – Zero Flag - set if result is zero; cleared otherwise add 0, 0 ZF = 1 SF – Sign Flag becomes set when the result of an operation is negative (i.e. MSB of the result is 1) all arithmetic operations except multiplication and division compare instructions - CMP logical instructions - XOR, AND, OR TEST instructions (equivalent to AND instructions without storing the result) sub , SF = 1 PF – Parity Flag - set if low-order eight bits of result contain an even number of "1" bits; cleared otherwise add 11010, 1 (result is 4 bits are ‘1’ PF = 1) add 11000, 1 (result is 3 bits are ‘1’ PF = 0) AF – Auxiliary Carry Flag (or Adjust Flag) is set if there is a carry from low nibble (4 bits) to high nibble or a borrow from a high nibble to low nibble = AF = 1 first nibble second nibble ZF, SF, PF, and AF Flags
InstructionDescriptionFlags JO Jump if overflowOF = 1 JNO Jump if not overflowOF = 0 JS Jump if signSF = 1 JNS Jump if not signSF = 0 JE JZ Jump if equal Jump if zero ZF = 1 JNE JNZ Jump if not equal Jump if not zero ZF = 0 JB JNAE JC Jump if below Jump if not above or equal Jump if carry CF = 1 JNB JAE JNC Jump if not below Jump if above or equal Jump if not carry CF = 0 JBE JNA Jump if below or equal Jump if not above CF = 1 or ZF = 1 JA JNBE Jump if above Jump if not below or equal CF = 0 and ZF = 0 JL JNGE Jump if less Jump if not greater or equal SF <> OF JGE JNL Jump if greater or equal Jump if not less SF = OF JLE JNG Jump if less or equal Jump if not greater ZF = 1 or SF <> OF JG JNLE Jump if greater Jump if not less or equal ZF = 0 and SF = OF JP JPE Jump if parity Jump if parity even PF = 1 JNP JPO Jump if not parity Jump if parity odd PF = 0 JCXZ JECXZ Jump if CX register is 0 Jump if ECX register is 0 CX = 0 ECX = 0 Jcc: Conditional Branch
Sections Every process consists of sections that are accessible to the process when it is running Each sections holds the bulk of object file information Data.bss - holds uninitialized data; occupies no file space.data and.data1 - hold initialized data.rodata and.rodata1 - hold read-only data Text.text - holds the ‘‘text’’ (executable instructions) of a program Stack - is used for local variables, information that is saved each time a function is called Heap - contains the dynamically allocated memory Example int a,b,c = 1; ---->.data char *str; ---->.bss const int i = 10; ---->.rodata main() { int ii,a=1,b=2,c; ----> local variables on Stack char * ptr = malloc(4); ----> allocated memory in Heap c= a+b+i; ---->.text }
program (.exe file) creates its own memory space in the RAM process 4GB of virtual address space on 32-bit architecture 3GB is accessible to the user space 1GB is accessible to the kernel space (kernel code, data, heap and stack) Memory layout for Linux Read-only Data Segment.bss.data.text.rodata USER Space Virtual Addresses loaded from.exe file
Pseudo-instructions RESB, RESW, RESD, RESQ and rest: declaring uninitialized storage space Examples: 1. buffer: resb 64 ; reserve 64 bytes 2. wordVar: resw 1 ; reserve a word 3. realArray: resq 10 ; array of ten real numbers Note: you can not make any assumption about values of a storage space cells.
Pseudo-instructions TIMES : Repeating Instructions or Data TIMES prefix causes the instruction to be assembled multiple times zeroBuf: times 64 db 0; 64 bytes initialized to 0 TIMES can be applied to ordinary instructions, so you can code trivial loops mov EAX, 0 times 100 inc EAX; EAX =100 => loop the argument to TIMES is not just a numeric constant, but a numeric expression buffer: db ‘go’ times 64-$+buffer db ‘!’ ; (64 - $ + buffer = 64 – = 64 – 2 = 62) 0…00 ! … ! ! o g … $$ (start of the current section) - start of section.data buffer $ (current position in section) buffer + 64 RAM 96 … … 20
Pseudo-instructions EQU : defining constants EQU defines a symbol to a given constant value –when EQU is used, the source line must contain a label –this definition cannot changed later. Example: Foo: EQU 1 ; Foo = 1
Byte Order - Little Endian If the hardware is built so that the lowest, least significant byte of a multi-byte scalar is stored "first", at the lowest memory address, then the hardware is said to be "little-endian. numeric into memory reversed order dd 0x ; 0x78 0x56 0x34 0x12 numeric into register source order mov EAX, 0x ; 0x12 0x34 0x56 0x78 characters into memory source order dw ‘ab’; 0x61 0x62 dw ‘abc’ ; 0x61 0x62 0x63 0x00 characters into register reversed order mov eax, ‘abc’; 0x00 0x63 0x62 0x61 memory into register reversed order mov [buffer], eax; 0x61 0x62 0x63 0x64 register into memory reversed order mov eax, [buffer]; 0x64 0x63 0x62 0x61
Effective Addresses Effective address is any operand to an instruction which references memory. Effective address syntax: consists of an expression evaluating to the desired address, enclosed in square brackets. Example wordvar: dw 0x5A, 0x39; a request for two words 0x005A and 0x0039 mov ax, [wordvar] ; ax = 0x005A (in little-endian format) mov ax, [wordvar+1] ; ax = 0x3900 In memory we get the following: 0x000x390x000x5A [wordvar][wordvar+1][wordvar+2][wordvar+3]
Constants NASM understands four different types of constant: numeric, character, string and floating points. 1. Numeric Constants A numeric constant is simply a number. NASM allows to specify numbers in a variety of number bases, in a variety of ways: suffix H, Q and B for hex, octal and binary, etc. Examples: mov ax,100 ; decimal mov ax,0A2h ; hex mov ax,777q ; octal mov ax, b ; binary
2. Character Constants A character constant consists of up to 4 characters enclosed in either single or double quotes. A character constant with more than one character will be arranged with little- endian order in mind. Examples: mov eax,'abcd' The constant generated is not 0x , but 0x , so that if you were then to store the value into memory, it would read ‘abcd’ rather than ‘dcba’. That way, it is stored “backwards” in eax. Constants
3. String Constants A string constants are only acceptable to some pseudo-instructions, like DB family. Examples: db 'hello’; string constant db 'h','e','l','l','o’; equivalent character constants dw 'abc' ; 0x61 0x62 0x63 0x00 Constants
Advanced Instructions MUL r/m - unsigned integer multiplication IMUL r/m - signed integer multiplication MUL r/m8 mov bl,5 ; multiplier mov al,9; multiplicand mul bl; => ax = 2Dh MUL r/m16 mov bx, 8000h mov ax, 2000h mul bx; => dx:ax = 1000:0000h MUL r/m32 mov ebx, h mov eax, h mul ebx; => edx:eax = : h MultiplicandMultiplierProduct ALr/m8AX r/m16DX:AX EAXr/m32EDX:EAX
SHL, SHR – Bitwise Logical Shifts on the first operand –number of bits to shift by is given by the second operand –vacated bits are filled with zero –shifted bit enters the Carry Flag SHL r/m8/m16/m32 1/CL/imm8 SHR r/m8/m16/m32 1/CL/imm8 Example: mov CL, 3 mov AL, b ; AL = shr AL, 1 ; shift right 1 AL = , CF = 1 shr AL, CL; shift right 3 AL = , CF = 0 Note: that shift indeed performs division/multiplication by 2 Advanced Instructions
SAL, SAR – Bitwise Arithmetic Shifts on the first operand –vacated bits are filled with zero for SAL –vacated bits are filled with copies of the original high bit of the source operand for SAR SAL r/m8/m16/m32 1/CL/imm8 SAR r/m8/m16/m32 1/CL/imm8 Example: mov CL, 3 mov AL, b ; AL = sar AL, 1 ; shift right 1 AL = sar AL, CL; shift right 3 AL = Advanced Instructions
ROL, ROR – Bitwise Rotate (i.e. moves round) on the first operand ROL r/m8/m16/m32 1/CL/imm8 ROR r/m8/m16/m32 1/CL/imm8 Example: mov CL, 3 mov BH, b ; BH = rol BH, 01 ; rotate left 1 bit BH = rol BH, CL; rotate left 3 bits BH = Advanced Instructions
RCL, RCR – Bitwise Rotate through Carry Bit on the first operand and Carry Flag RCL r/m8/m16/m32 1/CL/imm8 RCR r/m8/m16/m32 1/CL/imm8 Example: mov BH, b ; BH = , CF = 0 rcl BH, 01 ; rotate left 1 bit BH = , CF = 1 Advanced Instructions
LOOP, LOOPE, LOOPZ, LOOPNE, LOOPNZ – loop with counter (CX or ECX *) Example: mov ax, 1 mov cx, 3 my_ loop: add ax, ax loop my_ loop, cx 1. decrements its counter register (in this case it is CX register) 2. if the counter does not become zero as a result of this operation, it jumps to the given label Note: if a counter is not specified explicitly, the BITS** setting dictates which is used. ** The BITS directive specifies whether NASM should generate code designed to run on a processor operating in 16-bit mode, or code designed to run on a processor operating in 32-bit mode. The syntax is BITS 16 or BITS 32. LOOPE ≡ LOOPZ: jumps if the counter is nonzero and Zero Flag = 1 LOOPNE ≡ LOOPNZ: jumps if the counter is nonzero and Zero Flag = 0 Advanced Instructions