Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSC 2400 Computer Systems I Lecture 9 Deeper into Assembly.

Published byJames Marshall Modified over 9 years ago

Similar presentations

Presentation on theme: "CSC 2400 Computer Systems I Lecture 9 Deeper into Assembly."— Presentation transcript:

1 CSC 2400 Computer Systems I Lecture 9 Deeper into Assembly

2 2 Recap Programs are compiled – preprocessor – compiler – assembler – linker High-level languages, which are independent of the machine, go through these steps Machine language is the output, and is dependent on the target machine 2

3 3 Recall: Steps in the Build Process To build one step at a time: Why build one step at a time? – Helpful for learning how to interpret error messages – Permits partial builds (described later in course) $ gcc –E circle.c > circle.i $ gcc –S circle.i $ gcc –c circle.s $ gcc circle.o –o circle Preprocess: circle.c → circle.i Compile: circle.i → circle.s Assemble: circle.s → circle.o Link: circle.o → circle 3

4 High-Level Language Make programming easier by describing operations in a semi-natural language Increase the portability of the code One line may involve many low-level operations Examples: C, C++, Java count = 0; while (n > 1) { count++; if (n & 1) n = n*3 + 1; else n = n/2; }

5 5 Assembly Language Tied to the specifics of the underlying machine Commands and names to make the code readable and writeable by humans E.g., IA-32 from Intel movEAX, EDX andEAX, 1 je.else jmp.endif.else:.endif: sarEDX, 1 movEAX, EDX addEDX, EAX addEDX, 1 addECX, 1.loop: cmpEDX, 1 jle.endloop jmp.loop.endloop: movECX, 0 mov ECX, DWORD PTR count mov EDX, DWORD PTR n

6 Machine Language Also tied to the underlying machine What the computer sees and deals with Every instruction is a sequence of one or more numbers All stored in memory on the computer, and read and executed Unreadable by humans 0000 0000 0000 0000 9222 9120 1121 A120 1121 A121 7211 0000 0000 0001 0002 0003 0004 0005 0006 0007 0008 0009 000A 000B 000C 000D 000E 000F 0000 0000 0000 FE10 FACE CAFE ACED CEDE 1234 5678 9ABC DEF0 0000 0000 F00D 0000 0000 0000 EEEE 1111 EEEE 1111 0000 0000 B1B2 F1F5 0000 0000 0000 0000 0000 0000

7 Goals for this lecture Deepen understanding of…  Basics of computer architecture  Relationship between C and assembly language  IA-32 assembly language through an example Why do you need to know this?

8 Computer Architecture Refresher

9 Recall: Von Neumann Model MARMDR PCIR

10 General Architecture for a Computer

11 A Typical Computer This model provides a good study framework.

12 Memory 12 The only large storage area that CPU can access directly Hence, any program executing must be in memory

13 Memory Hierarchy (read Think OS, Chapter 7) A typical memory hierarchy. The numbers are very rough approximations. Cache Principle The more frequently data is accessed, the faster the access should be.

14 TEXT DATA HEAP STACK Memory (Unix Process Layout) Addresses Instructions Data Central Processing Unit (CPU) Memory Stores executable machine-language instructions (TEXT) Stores data (DATA, HEAP and STACK sections)

15 TEXT DATA HEAP STACK Central Processing Unit (CPU) Addresses Instructions Data CPU Memory Control Unit ALU Registers Control unit  Fetch, decode, and execute Arithmetic and logic unit  Execution of low-level operations Registers  High-speed temporary storage

16 Registers (Ch. 15, section 15.2) Small amount of storage on the CPU  Can be accessed more quickly than main memory Instructions move data in and out of registers  Loading registers from main memory  Storing registers to main memory Instructions manipulate the register contents  Registers essentially act as temporary variables  For efficient manipulation of the data Registers are the top of the memory hierarchy  Ahead of main memory, disk, tape, …

17 HEAP STACK TEXT DATA Addresses Instructions Data EIP Registers Condition Codes EAX EBX ECX EDX ESI EDI ESP EBP CFZFSFOF CPU Registers Memory EIPInstruction Pointer ESP, EBPReserved for special use EAXAlways contains return value IA-32 Architecture EFLAGS

18 HEAP STACK TEXT DATA CPU – Control Unit and ALU Addresses Instructions Data CPU Memory Control Unit ALU Registers Control unit  Fetch, decode, and execute  Arithmetic and logic unit (ALU)  Execution of low-level operations

19 Control Unit: Instruction Decoder Determines what operations need to take place  Translate the machine-language instruction Control what operations are done on what data  E.g., control what data are fed to the ALU  E.g., enable the ALU to do multiplication or addition  E.g., read from a particular address in memory src1src2 dst operationflag/carry ALU

20 Central Processing Unit (CPU) Runs the loop Fetch-Decode-Execute Fetch Next Instruction START Execute Instruction Execute Instruction Execute Instruction HALT Fetch CycleExecute Cycle Decode Instruction START Decode Cycle  Fetch the next instruction from memory  Decode the instruction and fetch the operands  Execute the instruction and store the result

21 Fetch-Decode-Execute Cycle Where is the “next instruction” held in the machine?  a CPU register called the Instruction Pointer(EIP) holds the address of the instruction to be fetched next Fetch cycle  Copy instruction from memory into a register Decode cycle  Decode instruction and fetch operands, if necessary Execute cycle  Execute the instruction  Increment PC by the instruction length after execution

22 C Code vs. Assembly Code Examples from IA-32

23 Kinds of Instructions Reading and writing data  count = 0  n Arithmetic and logic operations  Increment: count++  Multiply: n * 3  Divide: n/2  Logical AND: n & 1 Checking results of comparisons  Is (n > 1) true or false?  Is (n & 1) non-zero or zero? Changing the flow of control  To the end of the while loop (if “n ≤ 1”)  Back to the beginning of the loop  To the else clause (if “n & 1” is 0) count = 0; while (n > 1) { count++; if (n & 1) n = n*3 + 1; else n = n/2; }

24 Variables in Registers Registers count ECX n EDX count = 0; while (n > 1) { count++; if (n & 1) n = n*3 + 1; else n = n/2; } mov ECX, DWORD PTR count mov EDX, DWORD PTR n

25 Immediate and Register Addressing count=0; while (n>1) { count++; if (n&1) n = n*3+1; else n = n/2; } movECX, 0 addECX, 1 Read directly from the instruction written to a register count ECX n EDX

26 General Syntax op Dest, Src Perform operation op on Src and Dest Save result in Dest

27 Immediate and Register Addressing count=0; while (n>1) { count++; if (n&1) n = n*3+1; else n = n/2; } movEAX, EDX andEAX, 1 Computing intermediate value in register EAX count ECX n EDX

28 movEAX, EDX addEDX, EAX addEDX, 1 Immediate and Register Addressing count=0; while (n>1) { count++; if (n&1) n = n*3+1; else n = n/2; } Adding n twice is cheaper than multiplication! count ECX n EDX

29 sarEDX, 1 Immediate and Register Addressing count=0; while (n>1) { count++; if (n&1) n = n*3+1; else n = n/2; } Shifting right by 1 bit is cheaper than division! count ECX n EDX

30 Changing Program Flow Cannot simply run next instruction  Check result of a previous operation  Jump to appropriate next instruction Jump instructions  Load new address in instruction pointer Example jump instructions  Jump unconditionally (e.g., “}”)  Jump if zero (e.g., “n & 1”)  Jump if greater/less (e.g., “n > 1”) count=0; while (n>1) { count++; if (n&1) n = n*3+1; else n = n/2; }

31 Jump Instructions Jump depends on the result of previous arithmetic instruction.

32 Conditional and Unconditional Jumps Comparison cmp compares two integers  Done by subtracting the first number from the second  Discards the results, but sets flags as a side effect: –cmp EDX, 1 (computes EDX – 1) –jle.endloop (checks whether result was 0 or negative) Logical operation and compares two integers: –and EAX, 1 (bit-wise AND of EAX with 1) –je.else (checks whether result was 0) Also, can do an unconditional branch jmp –jmp.endif –jmp.loop

33 ….loop: cmpEDX, 1 jle.endloop jmp.loop.endloop: Jump and Labels: While Loop while (n>1) { } Checking if EDX is less than or equal to 1. count ECX n EDX

34 movEAX, EDX andEAX, 1 je.else jmp.endif.else:.endif: sarEDX, 1 movEAX, EDX addEDX, EAX addEDX, 1 addECX, 1.loop: cmpEDX, 1 jle.endloop jmp.loop.endloop: movECX, 0 Jump and Labels: While Loop count=0; while (n>1) { count++; if (n&1) n = n*3+1; else n = n/2; } count ECX n EDX

35 movEAX, EDX andEAX, 1 je.else jmp.endif.else:.endif: … Jump and Labels: If-Then-Else if (n&1)... else... “then” block “else” block … count ECX n EDX

36 movEAX, EDX andEAX, 1 je.else jmp.endif.else:.endif: sarEDX, 1 movEAX, EDX addEDX, EAX addEDX, 1 addECX, 1.loop: cmpEDX, 1 jle.endloop jmp.loop.endloop: movECX, 0 Jump and Labels: If-Then-Else count=0; while(n>1) { count++; if (n&1) n = n*3+1; else n = n/2; } “then” block “else” block count ECX n EDX

37 movEAX, EDX andEAX, 1 je.else jmp.endif.else:.endif: sarEDX, 1 movEAX, EDX addEDX, EAX addEDX, 1 addECX, 1.loop: cmpEDX, 1 jle.endloop jmp.loop.endloop: movECX, 0 Code More Efficient… count=0; while(n>1) { count++; if (n&1) n = n*3+1; else n = n/2; } Replace with “jmp loop” count ECX n EDX

38 movEAX, EDX andEAX, 1 je.else jmp.endif.else:.endif: sarEDX, 1 movEAX, EDX addEDX, EAX addEDX, 1 addECX, 1.loop: cmpEDX, 1 jle.endloop jmp.loop.endloop: movECX, 0 Complete Example count=0; while (n>1) { count++; if (n&1) n = n*3+1; else n = n/2; } count ECX n EDX

39 Reading IA-32 Assembly Language Referring to a register:  EAX, eax, EBX, ebx, etc. Result stored in the first argument  E.g. “mov EAX, EDX” moves EDX into EAX  E.g., “add ECX, 1” increments register ECX Assembler directives: starting with a period (“.”)  E.g., “.section.text” to start the text section of memory Comment: pound sign (“#”)  E.g., “# Purpose: Convert lower to upper case”

40 X86  C Example int Example(int x){ ??? } push EBP mov EBP, ESP mov ECX, [EBP+8] xor EAX, EAX xor EDX, EDX cmp EDX, ECX jge L2 L1: add EAX, EDX inc EDX cmp EDX, ECX jl L1 L2: mov ESP,EBP pop EBP ret # ECX = x # EAX = # EDX = # if # goto L2 # EAX = # EDX = # if # goto L1 Write comments L2: L1:

41 Name the Variables int Example(int x){ ??? } push EBP mov EBP, ESP mov ECX, [EBP+8] xor EAX, EAX xor EDX, EDX cmp EDX, ECX jge L2 L1: add EAX, EDX inc EDX cmp EDX, ECX jl L1 L2: mov ESP,EBP pop EBP ret # ECX = x # result = # i = # if # goto L2 # result = # i = # if # goto L1 L2: L1: EAX  result, EDX  i

42 Identify the Loop result = 0; i = 0; if (i >= x) goto L2; L1:result += i; i++; if (i < x) goto L1; L2:

43 Identify the Loop result = 0; i = 0; if (i >= x) goto L2; L1:result += i; i++; if (i < x) goto L1; L2: result = 0; i = 0; if (i >= x) goto L1; do { result += i; i++; } while (i < x); L1: result = 0; i = 0; while (i < x){ result += i; i++; } result = 0; for (i = 0; i < x; i++) result += i;

44 C Code int Example(int x) { int result=0; int i; for (i=0; i<x; i++) result += i; return result; }

45 Exercise int F(int x, int y){ ??? } push EBP mov EBP,ESP mov ECX, [EBP+8] mov EDX, [EBP+12] xor EAX, EAX cmp ECX, EDX jle.L1.L2: dec ECX inc EDX inc EAX cmp ECX,EDX jg.L2.L1:inc EAX mov ESP,EBP pop EBP ret # ECX = x # EDX = y.L1:.L2:

46 C Code int F(int x, int y)

47 Conclusions Hardware  Memory is the only storage area CPU can access directly  Executables are stored on the disk  Fetch-Decode-Execute Cycle for running executables Assembly language  In between high-level language and machine code  Programming the “bare metal” of the hardware  Loading and storing data, arithmetic and logic operations, checking results, and changing control flow To get more familiar with IA-32 assembly  Generate your own assembly-language code –gcc –masm=intel –S code.c

48 X86 Addressing Modes

49 Two Operand Instructions ADD Dest, SrcDest = Dest + Src SUB Dest, SrcDest = Dest - Src MUL Dest, SrcDest = Dest * Src SAL Dest, SrcDest = Dest << Src SAR Dest, SrcDest = Dest >> Src Arithmetic SHR Dest, SrcDest = Dest >> Src Logical XOR Dest, SrcDest = Dest ^ Src AND Dest, SrcDest = Dest & Src OR Dest, SrcDest = Dest | Src Arithmetic Instructions (1)

50 One Operand Instructions INC DestDest = Dest + 1 DEC DestDest = Dest – 1 NEG DestDest = - Dest NOT DestDest = ~ Dest Arithmetic Instructions (2)

51 CMP Dest, Src Compute Dest - Src without setting Dest TEST Dest, Src Compute Dest & Src without setting Dest Compare and Test Instructions

52 Jump Instructions Jump depending on the result of the previous arithmetic instruction:

53 Loading and Storing Data

54 Addresses Instructions Data EIP Registers Object Code Program Data Stack Condition Codes EAX EBX ECX EDX ESI EDI ESP EBP CFZFSFOF CPU Memory EIPInstruction Pointer ESP, EBPReserved for special use EAXAlways contains return value IA-32 Architecture EFLAGS

55 IA-32 General Purpose Registers General-purpose registers EAX EBX ECX EDX ESI EDI 31 0 AX BX CX DX 16-bit 32-bit DI SI AL AH BL CL DL BH CH DH 8 715

56 Byte Order in Multi-Byte Entities Intel is a little endian architecture  Least significant byte of multi-byte entity is stored at lowest memory address  “Little end goes first” Some other systems use big endian  Most significant byte of multi-byte entity is stored at lowest memory address  “Big end goes first” 00000101 00000000 1000 1001 1002 1003 The int 5 at address 1000: 00000000 00000101 1000 1001 1002 1003 The int 5 at address 1000:

57 Little Endian Example Byte 0: ff Byte 1: 77 Byte 2: 33 Byte 3: 0 int main(void) { int i=0x003377ff, j; unsigned char *p = (unsigned char *) &i; for (j=0; j<4; j++) printf("Byte %d: %x\n", j, p[j]); } Output on a little-endian machine

58 CMP AL, 5 JLE else INCAL jmp endif else: DECAL endif: C Example: One-Byte Data char i; … if (i > 5) { i++; else i--; } Global char variable i is in AL, the lower byte of the “A” register.

59 CMP EAX, 5 JLE else INC EAX JMP endif else: DECEAX endif: C Example: Four-Byte Data int i; … if (i > 5) { i++; else i--; } Global int variable i is in EAX, the full 32 bits of the “A” register.

60 Loading and Storing Data Processors have many ways to access data  Known as “addressing modes”  Two simple ways seen in previous examples Addressing Modes  Register  Immediate  Direct Memory  Base Memory  (Base or Index) plus Displacement Memory  (Base and Index) plus Displacement Memory

61 Register Addressing Registers embedded in the instruction Examples  XOR EAX, EAX  MOV EBX, ECX  INC BH

62 Immediate Addressing Data embedded in the instruction Examples  ADD EAX, 3  MOV AX, -40

63 Direct Memory Addressing Memory address embedded in the instruction Examples  MOV AL, [2000]  Read the byte from memory address 2000  Load the byte value in the register AL Note that  2000 refers to the constant value 2000  [2000] refers to the memory location at address 2000

64 (Indirect) Base Memory Addressing

65 Indirect Memory Addressing Load or store from a previously-computed address  Register with the base address is in the instruction Examples  MOV AX, [BX] (register addressing)  CMP DL, [BX+8] (base+displacement addressing)  MOV EAX,[EBX+ESI*4+8] (base+index+displacement)

66 66 Indexed Addressing Example MOV EAX, 0 MOV EBX, 0 MOV ECX, OFFSET FLAT:a sumloop: ADD EBX, [ECX+EAX*4] INC EAX CMP EAX, 20 jne sumloop int a[20]; … int i, sum=0; for (i=0; i<20; i++) sum += a[i]; EAX: i EBX: sum ECX: address of a[0] global variable

67 LEA: Load Effective Address LEA Dest, Src  Src is address mode expression  Set Dest to address denoted by expression Example  LEA EAX, [EBX+4*ESI]  Load into EAX the value EBX+4*ESI Compare to  MOV EAX, [EBX+4*ESI]  Load into EAX the value stored in memory at address EBX+4*ESI

68 Using LEA for Arithmetic Expressions int arith (int x, int y, int z) { int t1 = x+y; int t2 = z+t1; int t3 = x+4; int t4 = y * 48; int t5 = t3 + t4; int rval = t2 * t5; return rval; } arith: PUSH EBP MOV EBP,ESP MOV ECX, DWORD PTR [EBP+8] MOV EDX, DWORD PTR [EBP+12] LEA EAX, [EDX+EDX*2] SAL EDX, 4 LEA EAX, [ECX+4+EAX] ADD EDX, ECX ADD EDX, DWORD PTR [EBP+16] IMUL EAX,EDX POP EBP RET Body Setup Finish

69 Understanding arith int arith (int x, int y, int z) { int t1 = x+y; int t2 = z+t1; int t3 = x+4; int t4 = y * 48; int t5 = t3 + t4; int rval = t2 * t5; return rval; } x is at address ebp+8 y is at address ebp+12 z is at address ebp+16 To be explained in next lecture MOV ECX, DWORD PTR [EBP+8]; ECX = MOV EDX, DWORD PTR [EBP+12]; EDX = LEA EAX, [EDX+EDX*2]; EAX = SAL EAX, 4; EAX = LEA EAX, [ECX+4+EAX]; EAX = ADD EDX, ECX; EDX = ADD EDX, DWORD PTR [EBP+16]; EDX = IMUL EAX,EDX; EAX =

70 Data Access Methods: Summary Immediate addressing: data stored in the instruction itself  MOV ECX, 10 Register addressing: data stored in a register  MOV ECX, EAX Direct addressing: address stored in instruction  MOV ECX, [200] Indirect addressing: address stored in a register  MOV ECX, [EAX]  MOV ECX, [EAX+4]  MOV ECX, [EAX + ESI*4 + 12]

71 Data Transfer Instructions MOV Dest, Src  General move instruction PUSH Src PUSH EBX # equivalent instructions SUB ESP, 4 MOV [ESP], EBX POP Dest POP ECX # equivalent instructions MOV ECX, [ESP] ADD ESP, 4 ESP 17 ESP 17 EBX ESP 44 ESP 44 ECX

Download ppt "CSC 2400 Computer Systems I Lecture 9 Deeper into Assembly."

Similar presentations

Practical Malware Analysis

Practical Malware Analysis
Machine/Assembler Language Putting It All Together Noah Mendelsohn Tufts University Web:

Machine/Assembler Language Putting It All Together Noah Mendelsohn Tufts University Web:
COMP 2003: Assembly Language and Digital Logic

COMP 2003: Assembly Language and Digital Logic
Computer Architecture and Operating Systems CS 3230 :Assembly Section Lecture 2 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.

Computer Architecture and Operating Systems CS 3230 :Assembly Section Lecture 2 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.
C Programming and Assembly Language Janakiraman V – NITK Surathkal 2 nd August 2014.

C Programming and Assembly Language Janakiraman V – NITK Surathkal 2 nd August 2014.
The CPU Revision Typical machine code instructions Using op-codes and operands Symbolic addressing. Conditional and unconditional branches.

The CPU Revision Typical machine code instructions Using op-codes and operands Symbolic addressing. Conditional and unconditional branches.
Assembly Language: IA-32 Instructions

Assembly Language: IA-32 Instructions
1 ICS 51 Introductory Computer Organization Fall 2006 updated: Oct. 2, 2006.

1 ICS 51 Introductory Computer Organization Fall 2006 updated: Oct. 2, 2006.
Practical Session 3. The Stack The stack is an area in memory that its purpose is to provide a space for temporary storage of addresses and data items.

Practical Session 3. The Stack The stack is an area in memory that its purpose is to provide a space for temporary storage of addresses and data items.
1 Assembly Language Professor Jennifer Rexford COS 217.

1 Assembly Language Professor Jennifer Rexford COS 217.
1 Assembly Language: Overview. 2 If you’re a computer, What’s the fastest way to multiply by 5? What’s the fastest way to divide by 5?

1 Assembly Language: Overview. 2 If you’re a computer, What’s the fastest way to multiply by 5? What’s the fastest way to divide by 5?
CEG 320/520: Computer Organization and Assembly Language ProgrammingIntel Assembly 1 Intel IA-32 vs Motorola 68000.

CEG 320/520: Computer Organization and Assembly Language ProgrammingIntel Assembly 1 Intel IA-32 vs Motorola
Y86 Processor State Program Registers

Y86 Processor State Program Registers
INSTRUCTION SET AND ASSEMBLY LANGUAGE PROGRAMMING

INSTRUCTION SET AND ASSEMBLY LANGUAGE PROGRAMMING
CSC 3210 Computer Organization and Programming Chapter 1 THE COMPUTER D.M. Rasanjalee Himali.

CSC 3210 Computer Organization and Programming Chapter 1 THE COMPUTER D.M. Rasanjalee Himali.
The x86 Architecture Lecture 15 Fri, Mar 4, 2005.

The x86 Architecture Lecture 15 Fri, Mar 4, 2005.
Execution of an instruction

Execution of an instruction
CET 3510 Microcomputer Systems Tech. Lecture 2 Professor: Dr. José M. Reyes Álamo.

CET 3510 Microcomputer Systems Tech. Lecture 2 Professor: Dr. José M. Reyes Álamo.
1 ICS 51 Introductory Computer Organization Fall 2009.

1 ICS 51 Introductory Computer Organization Fall 2009.
CNIT 127: Exploit Development Ch 1: Before you begin.

CNIT 127: Exploit Development Ch 1: Before you begin.

Similar presentations

Ads by Google