Computer Architecture and Assembly Language. Practical Session 7
|
|
- Nigel Golden
- 5 years ago
- Views:
Transcription
1 Computer Architecture and Assembly Language Practical Session 7
2 Co-Routines co-routines are assembly implementation of threads each co-routine decides to which co-routine to pass a control (unlike usual threads) We would implement silly round robin scheduling algorithm: main() scheduler co-routine1 scheduler co-routine2 scheduler co-routine1 scheduler co-routine2 scheduler main()
3 Co-routine state co-routine is denoted by Coi (i is co-routine s id) scheduler is also a co-routine co-routine suspends itself after some time slice co-routine resumes a scheduler co-routine should save its current state before it suspends itself (in order to continue its execution later) stack state registers flags stack pointer (ESP) instructions pointer (EIP)
4 Co-routine structure We define an array of co-routines structures: why SPi points to the end of stack? Co-routine structure: to be able to use push and pop stack functionality with ESP STKSIZE equ 16*1024 STKi: resb STKSIZE ;(16 Kb) COi: dd Functioni ; pointer to co-routine function : dd 0 ; 0 if co-routine is not initialized, 1 otherwise SPi: dd STKi + STKSIZE ; pointer to the beginning of co-routine stack Funci 0 SPi co-routine structure co-routine stack
5 STKSZ equ 16*1024 ; co-routine stack size CODEP equ 0 ; offset of pointer to co-routine function in co-routine structure FLAGSP equ 4 ; offset of pointer to flags co-routine structure SPP equ 8 ; offset of pointer to co-routine stack in co-routine structure section.rodata align 16 global numco numco: dd 3 CORS: dd CO1 dd dd section.data align 16 CO1: dd Function1 ; structure for first co-routine 1: dd 0 SP1: dd STK1+STKSZ : dd Function1 ; structure for second co-routine 2: dd 0 SP2: dd STK2+STKSZ : dd Function2 ; structure for third co-routine 3: dd 0 SP3: dd STK3+STKSZ section.bss align 16 CURR: resd 1 SPT: resd 1 ; temporary stack pointer variable SPMAIN: resd 1 ; stack pointer of main STK1: resb STKSZ STK2: resb STKSZ STK3: resb STKSZ Variables Declaration
6 Co-routine initialization - save initial co-routine state init_co_from_c: ebx, [ebp+8] ebx, [4*ebx + CORS] call co_init co_init: eax, [ebx+codep] esp, [EBX+SPP] push eax [ebx+spp], esp ; get co-routine ID number ; get COi pointer ; get initial PC ; get initial SP ; push initial return address ; push flags ; push all other registers ; save new SPi value (after all the pushes) main() { /* initialize co-routines*/ } for(i = 0; i < numco; i++) init_co_from_c(i); /* start a scheduler co-routine*/ start_co_from_c (2); Funci 0 SPi co-routine structure co-routine stack
7 Co-routine initialization - save initial co-routine state init_co_from_c: ebx, [ebp+8] ebx, [4*ebx + CORS] call co_init co_init: eax, [ebx+codep] esp, [EBX+SPP] push eax [ebx+spp], esp ; get co-routine ID number ; get COi pointer ; get initial PC ; get initial SP ; push initial return address ; push flags ; push all other registers ; save new SPi value (after all the pushes) main() { /* initialize co-routines*/ } for(i = 0; i < numco; i++) init_co_from_c(i); /* start a scheduler co-routine*/ start_co_from_c (2); ESP Funci 0 SPi co-routine structure co-routine stack
8 Co-routine initialization - save initial co-routine state init_co_from_c: ebx, [ebp+8] ebx, [4*ebx + CORS] call co_init co_init: eax, [ebx+codep] esp, [EBX+SPP] push eax [ebx+spp], esp ; get co-routine ID number ; get COi pointer ; get initial PC ; get initial SP ; push initial return address ; push flags ; push all other registers ; save new SPi value (after all the pushes) main() { /* initialize co-routines*/ } ESP for(i = 0; i < numco; i++) init_co_from_c(i); /* start a scheduler co-routine*/ start_co_from_c (2); Funci 0 SPi Funci co-routine structure co-routine stack
9 Co-routine initialization - save initial co-routine state init_co_from_c: ebx, [ebp+8] ebx, [4*ebx + CORS] call co_init co_init: eax, [ebx+codep] esp, [EBX+SPP] push eax [ebx+spp], esp ; get co-routine ID number ; get COi pointer ; get initial PC ; get initial SP ; push initial return address ; push flags ; push all other registers ; save new SPi value (after all the pushes) ESP main() { /* initialize co-routines*/ } for(i = 0; i < numco; i++) init_co_from_c(i); /* start a scheduler co-routine*/ start_co_from_c (2); Funci 0 SPi E Funci co-routine structure co-routine stack
10 Co-routine initialization - save initial co-routine state init_co_from_c: ebx, [ebp+8] ebx, [4*ebx + CORS] call co_init co_init: eax, [ebx+codep] esp, [EBX+SPP] push eax [ebx+spp], esp ; get co-routine ID number ; get COi pointer ; get initial PC ; get initial SP ; push initial return address ; push flags ; push all other registers ; save new SPi value (after all the pushes) ESP main() { /* initialize co-routines*/ } for(i = 0; i < numco; i++) init_co_from_c(i); /* start a scheduler co-routine*/ start_co_from_c (2); Funci 0 SPi registers E Funci co-routine structure co-routine stack
11 Co-routine initialization - save initial co-routine state init_co_from_c: ebx, [ebp+8] ebx, [4*ebx + CORS] call co_init co_init: eax, [ebx+codep] esp, [EBX+SPP] push eax [ebx+spp], esp ; get co-routine ID number ; get COi pointer ; get initial PC ; get initial SP ; push initial return address ; push flags ; push all other registers ; save new SPi value (after all the pushes) ESP main() { /* initialize co-routines*/ } for(i = 0; i < numco; i++) init_co_from_c(i); /* start a scheduler co-routine*/ start_co_from_c (2); Funci 1 SPi registers E Funci co-routine structure co-routine stack
12 Co-routine initialization section.text align 16 extern printf global init_co_from_c global start_co_from_c global end_co init_co_from_c: push EBP EBP, ESP push EBX EBX, [EBP+8] ; EBX contains a number of the co-routine to be initialized EBX, [EBX*4+CORS] ; EBX contains a pointer to co-routine structure to be initialized call co_init pop EBX pop EBP ret co_init: bts dword [EBX+FLAGSP],0 ; test if already initialized jc init_done EAX,[EBX+CODEP] ; get initial PC [SPT], ESP ; save original SP ESP,[EBX+SPP] ; get initial SP EBP, ESP ; also use as EBP push EAX ; push initial "return" address (initial PC) ; push flags ; push all other registers [EBX+SPP],ESP ; save new SP in structure ESP, [SPT] ; restore original SP init_done: popad bts instruction tests one bit of its first operand, whose index is ret given by the second operand, and stores the value of that bit in the carry flag (CF). In addition, bts sets the bit to be 1.
13 Start co-routine scheduler We start scheduling by suspending main() and resuming a scheduler co-routine. start_co_from_c: push EBP EBP, ESP [SPMAIN], ESP ; save ESP of main () EBX, [EBP+8] EBX, [EBX*4 + CORS] jmp do_resume main() { /* initialize co-routines*/ ; gets ID number of a scheduler ; gets a pointer to a scheduler structure ; resume a scheduler co-routine } for(i = 0; i < numco; i++) init_co_from_c(i); /* start a scheduler co-routine*/ start_co_from_c (2); We end scheduling by going back to main(). end_co: ESP, [SPMAIN] ; restore state of main code popad pop EBP ret
14 Scheduler co-routine function Scheduler function is started by main. scheduler_function: pick up some thread ID i EBX, [CORS + i*4] call resume ; resumes Coi pick up some other thread ID j EBX, [CORS + j*4] ; resumes Coj call resume jmp end_co ; resume main call resume save a state of the current co-routine resume a state of the next co-routine (EBX should contain a pointer to it) EBX is pointer to co-init structure of the co-routine to be resumed. CURR holds a pointer to co-init structure of the current co-routine. after call resume return address (i.e. EIP) is resume: ; save state of caller pushed automatically into (co-routine) stack we only have to save EFLAGS, ESP, and registers EDX, [CURR] [EDX+SPP],ESP ; save current SP do_resume: ; load SP for resumed co-routine ESP, [EBX+SPP] [CURR], EBX popad ; restore resumed co-routine state popfd ret ; "return" to resumed co-routine!
15 Function2 This function used as code for co-routine 3 (scheduler) FMT2: db "Function2, co %lx, called by %lx, pass %ld", 10, 0 Function2: push dword 1 push dword [CORS] ; indeed, called by main push dword [CURR] push dword FMT2 call printf add ESP, 16 EBX, [CORS] ; resume CO1 call resume push dword 2 push dword [CORS] push dword [CURR] push dword FMT2 call printf add ESP, 16 EBX, [CORS+4] ; resume call resume push dword 3 push dword [CORS+4] push dword [CURR] push dword FMT2 call printf add ESP, 16 EBX, [CORS] ; resume CO1 call resume push dword 4 push dword [CORS] push dword [CURR] push dword FMT2 call printf add ESP, 16 EBX, [CORS+4] ; resume call resume jmp end_co ; resume main
16 Function1 This function used as code for co-routines 1 and 2 FMT1: db "Function1, co %lx, called by %lx, pass %ld", 10, 0 Function1: push dword 1 push dword [CORS+8] push dword [CURR] push dword FMT1 call printf add ESP, 16 EBX, [CORS+8] ; resume a scheduler call resume push dword 2 push dword [CORS+8] push dword [CURR] push dword FMT1 call printf add ESP, 16 EBX, [CORS+8] ; resume a scheduler call resume
17 Run example data declaration.bss.data CURR SPT SPMAIN STK1 3 numco CO1 CORS Function1 CO1 0 1 SP1 STK2 Function1 0 2 SP2 Function2 0 3 STK3 SP3 0 COUNTER 3 MAX_ITER
18 After co-routine initialization.bss.data Function1 Function1 Function2 CURR SPT SPMAIN STK1 STK2 STK3 3 numco CO1 CORS Function1 CO1 1 1 SP1 Function1 1 2 SP2 Function2 1 3 SP3 0 COUNTER 3 MAX_ITER
19 Resuming - right before.bss.data Addr1 CURR SPT SPMAIN STK1 STK2 3 numco CO1 CORS Function1 CO1 1 1 SP1 Function1 1 2 resume: do_resume: popad popfd ret EDX, [CURR] [EDX+SPP],ESP ESP, [EBX+SPP] [CURR], EBX SP2 ESP.. STK3 Function2 1 3 SP3 0 COUNTER 3 MAX_ITER Addr3
20 Resuming resume is called.bss.data Addr1 CURR SPT SPMAIN STK1 STK2 3 numco CO1 CORS Function1 CO1 1 1 SP1 Function1 1 2 resume: do_resume: popad popfd ret EDX, [CURR] [EDX+SPP],ESP ESP, [EBX+SPP] [CURR], EBX ESP Addr2.. STK3 SP2 Function2 1 3 SP3 0 COUNTER 3 MAX_ITER Addr3
21 Resuming backup registers.bss.data ESP Addr1 Addr2.. CURR SPT SPMAIN STK1 STK2 STK3 3 numco CO1 CORS Function1 CO1 1 1 SP1 Function1 1 2 SP2 Function2 1 3 SP3 0 COUNTER resume: do_resume: popad popfd ret EDX, [CURR] [EDX+SPP],ESP ESP, [EBX+SPP] [CURR], EBX 3 MAX_ITER Addr3
22 Resuming backup stack pointer.bss.data ESP Addr1 Addr2.. CURR SPT SPMAIN STK1 STK2 STK3 3 numco CO1 CORS Function1 CO1 1 1 SP1 Function1 1 2 SP2 Function2 1 3 SP3 0 COUNTER resume: do_resume: popad popfd ret EDX, [CURR] [EDX+SPP],ESP ESP, [EBX+SPP] [CURR], EBX 3 MAX_ITER Addr3
23 Resuming - load stack pointer of resume co-routine.bss.data ESP Addr1 Addr2.. CURR SPT SPMAIN STK1 STK2 STK3 3 numco CO1 CORS Function1 CO1 1 1 SP1 Function1 1 2 SP2 Function2 1 3 SP3 0 COUNTER 3 MAX_ITER resume: do_resume: popad popfd ret EDX, [CURR] [EDX+SPP],ESP ESP, [EBX+SPP] [CURR], EBX Addr3
24 Resuming set current co-routine variable.bss.data ESP Addr1 Addr2.. CURR SPT SPMAIN STK1 STK2 STK3 3 numco CO1 CORS Function1 CO1 1 1 SP1 Function1 1 2 SP2 Function2 1 3 SP3 0 COUNTER 3 MAX_ITER resume: do_resume: popad popfd ret EDX, [CURR] [EDX+SPP],ESP ESP, [EBX+SPP] [CURR], EBX Addr3
25 Resuming restore a state of loaded co-routine.bss.data Addr1 Addr2.. CURR SPT SPMAIN STK1 STK2 STK3 3 numco CO1 CORS Function1 CO1 1 1 SP1 Function1 1 2 SP2 Function2 1 3 SP3 0 COUNTER resume: do_resume: popad popfd ret EDX, [CURR] [EDX+SPP],ESP ESP, [EBX+SPP] [CURR], EBX 3 MAX_ITER ESP Addr3
26 Resuming go to execute the loaded co-routine.bss.data Addr1 Addr2.. CURR SPT SPMAIN STK1 STK2 STK3 3 numco CO1 CORS Function1 CO1 1 1 SP1 Function1 1 2 SP2 Function2 1 3 SP3 0 COUNTER resume: do_resume: popad popfd ret EDX, [CURR] [EDX+SPP],ESP ESP, [EBX+SPP] [CURR], EBX 3 MAX_ITER ESP
Computer Architecture and Assembly Language. Practical Session 3
Computer Architecture and Assembly Language Practical Session 3 Advanced Instructions division DIV r/m - unsigned integer division IDIV r/m - signed integer division Dividend Divisor Quotient Remainder
More informationmith College Computer Science CSC231 Assembly Week #11 Fall 2017 Dominique Thiébaut
mith College Computer Science CSC231 Assembly Week #11 Fall 2017 Dominique Thiébaut dthiebaut@smith.edu Back to Conditional Jumps Review sub eax, 10 jz there xxx xxx there:yyy yyy Review cmp eax, 10 jz
More informationIslamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB. Lab # 7. Procedures and the Stack
Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB Lab # 7 Procedures and the Stack April, 2014 1 Assembly Language LAB Runtime Stack and Stack
More informationAssembly Language Lab # 9
Faculty of Engineering Computer Engineering Department Islamic University of Gaza 2011 Assembly Language Lab # 9 Stacks and Subroutines Eng. Doaa Abu Jabal Assembly Language Lab # 9 Stacks and Subroutines
More informationStack -- Memory which holds register contents. Will keep the EIP of the next address after the call
Call without Parameter Value Transfer What are involved? ESP Stack Pointer Register Grows by 4 for EIP (return address) storage Stack -- Memory which holds register contents Will keep the EIP of the next
More informationProgram Exploitation Intro
Program Exploitation Intro x86 Assembly 04//2018 Security 1 Univeristà Ca Foscari, Venezia What is Program Exploitation "Making a program do something unexpected and not planned" The right bugs can be
More informationAssembly Language Programming: Procedures. EECE416 uc. Charles Kim Howard University. Fall
Assembly Language Programming: Procedures EECE416 uc Charles Kim Howard University Fall 2013 www.mwftr.com Before we start Schedule of the next few weeks T Nov 19: Procedure and Calls (continued) R Nov
More informationmith College Computer Science CSC231 Assembly Week #12 Thanksgiving 2017 Dominique Thiébaut
mith College Computer Science CSC231 Assembly Week #12 Thanksgiving 2017 Dominique Thiébaut dthiebaut@smith.edu ;;; FUNCTION SIDE function: ebp ;save old ebp ebp, esp ;make ebp point ;to stack frame Summary
More informationFunction Calls COS 217. Reading: Chapter 4 of Programming From the Ground Up (available online from the course Web site)
Function Calls COS 217 Reading: Chapter 4 of Programming From the Ground Up (available online from the course Web site) 1 Goals of Today s Lecture Finishing introduction to assembly language o EFLAGS register
More informationLecture 15 Intel Manual, Vol. 1, Chapter 3. Fri, Mar 6, Hampden-Sydney College. The x86 Architecture. Robb T. Koether. Overview of the x86
Lecture 15 Intel Manual, Vol. 1, Chapter 3 Hampden-Sydney College Fri, Mar 6, 2009 Outline 1 2 Overview See the reference IA-32 Intel Software Developer s Manual Volume 1: Basic, Chapter 3. Instructions
More informationComputer Architecture and Assembly Language. Practical Session 5
Computer Architecture and Assembly Language Practical Session 5 Addressing Mode - "memory address calculation mode" An addressing mode specifies how to calculate the effective memory address of an operand.
More informationEECE.3170: Microprocessor Systems Design I Summer 2017 Homework 4 Solution
1. (40 points) Write the following subroutine in x86 assembly: Recall that: int f(int v1, int v2, int v3) { int x = v1 + v2; urn (x + v3) * (x v3); Subroutine arguments are passed on the stack, and can
More informationCMSC 313 Lecture 12. Project 3 Questions. How C functions pass parameters. UMBC, CMSC313, Richard Chang
Project 3 Questions CMSC 313 Lecture 12 How C functions pass parameters UMBC, CMSC313, Richard Chang Last Time Stack Instructions: PUSH, POP PUSH adds an item to the top of the stack POP
More informationx86 assembly CS449 Spring 2016
x86 assembly CS449 Spring 2016 CISC vs. RISC CISC [Complex instruction set Computing] - larger, more feature-rich instruction set (more operations, addressing modes, etc.). slower clock speeds. fewer general
More informationComputer Systems Lecture 9
Computer Systems Lecture 9 CPU Registers in x86 CPU status flags EFLAG: The Flag register holds the CPU status flags The status flags are separate bits in EFLAG where information on important conditions
More informationAssembly Language: Function Calls
Assembly Language: Function Calls 1 Goals of this Lecture Help you learn: Function call problems: Calling and returning Passing parameters Storing local variables Handling registers without interference
More informationThe x86 Architecture
The x86 Architecture Lecture 24 Intel Manual, Vol. 1, Chapter 3 Robb T. Koether Hampden-Sydney College Fri, Mar 20, 2015 Robb T. Koether (Hampden-Sydney College) The x86 Architecture Fri, Mar 20, 2015
More informationAssembly Language: Function Calls" Goals of this Lecture"
Assembly Language: Function Calls" 1 Goals of this Lecture" Help you learn:" Function call problems:" Calling and returning" Passing parameters" Storing local variables" Handling registers without interference"
More informationAssembly Language: Function Calls" Goals of this Lecture"
Assembly Language: Function Calls" 1 Goals of this Lecture" Help you learn:" Function call problems:" Calling and urning" Passing parameters" Storing local variables" Handling registers without interference"
More informationCS 31: Intro to Systems Functions and the Stack. Martin Gagne Swarthmore College February 23, 2016
CS 31: Intro to Systems Functions and the Stack Martin Gagne Swarthmore College February 23, 2016 Reminders Late policy: you do not have to send me an email to inform me of a late submission before the
More informationAssembly Language: Function Calls. Goals of this Lecture. Function Call Problems
Assembly Language: Function Calls 1 Goals of this Lecture Help you learn: Function call problems: Calling and urning Passing parameters Storing local variables Handling registers without interference Returning
More informationCMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING PREVIEW SLIDES 16, SPRING 2013
CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING PREVIEW SLIDES 16, SPRING 2013 CONST POINTERS CONST POINTERS 4 ways to declare pointers in combination with const:!! int *ptr! const int *ptr!
More informationCMSC 313 Lecture 12 [draft] How C functions pass parameters
CMSC 313 Lecture 12 [draft] How C functions pass parameters UMBC, CMSC313, Richard Chang Last Time Stack Instructions: PUSH, POP PUSH adds an item to the top of the stack POP removes an
More informationDigital Forensics Lecture 3 - Reverse Engineering
Digital Forensics Lecture 3 - Reverse Engineering Low-Level Software Akbar S. Namin Texas Tech University Spring 2017 Reverse Engineering High-Level Software Low-level aspects of software are often the
More informationSystems I. Machine-Level Programming V: Procedures
Systems I Machine-Level Programming V: Procedures Topics abstraction and implementation IA32 stack discipline Procedural Memory Usage void swap(int *xp, int *yp) int t0 = *xp; int t1 = *yp; *xp = t1; *yp
More informationUMBC. 1 (Feb. 9, 2002) seg_base + base + index. Systems Design & Programming 80x86 Assembly II CMPE 310. Base-Plus-Index addressing:
Data Addressing Modes Base-Plus-Index addressing: Effective address computed as: seg_base base index. Base registers: Holds starting location of an array. ebp (stack) ebx (data) Any 32-bit register except
More informationBasic Execution Environment
Basic Execution Environment 3 CHAPTER 3 BASIC EXECUTION ENVIRONMENT This chapter describes the basic execution environment of an Intel Architecture processor as seen by assembly-language programmers.
More informationLecture 2 Assembly Language
Lecture 2 Assembly Language Computer and Network Security 9th of October 2017 Computer Science and Engineering Department CSE Dep, ACS, UPB Lecture 2, Assembly Language 1/37 Recap: Explorations Tools assembly
More informationUMBC. A register, an immediate or a memory address holding the values on. Stores a symbolic name for the memory location that it represents.
Intel Assembly Format of an assembly instruction: LABEL OPCODE OPERANDS COMMENT DATA1 db 00001000b ;Define DATA1 as decimal 8 START: mov eax, ebx ;Copy ebx to eax LABEL: Stores a symbolic name for the
More informationThe IA-32 Stack and Function Calls. CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta
1 The IA-32 Stack and Function Calls CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta 2 Important Registers used with the Stack EIP: ESP: EBP: 3 Important Registers used with the Stack EIP:
More informationMicroprocessors ( ) Fall 2010/2011 Lecture Notes # 15. Stack Operations. 10 top
Microprocessors (0630371) Fall 2010/2011 Lecture Notes # 15 Stack Operations Objectives of the Lecture Runtime Stack PUSH Operation POP Operation Initializing the Stack PUSH and POP Instructions Stack
More informationIslamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB. Lab # 10. Advanced Procedures
Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB Lab # 10 Advanced Procedures May, 2014 1 Assembly Language LAB Stack Parameters There are
More informationStack, subprograms. procedures and modular programming role of stack while using procedures stack implementation (Pentium)
Assembler lecture 3 S.Šimoňák, DCI FEEI TU of Košice Stack, subprograms procedures and modular programming role of stack while using procedures stack implementation (Pentium) Stack LIFO data structure,
More informationQuestion 4.2 2: (Solution, p 5) Suppose that the HYMN CPU begins with the following in memory. addr data (translation) LOAD 11110
Questions 1 Question 4.1 1: (Solution, p 5) Define the fetch-execute cycle as it relates to a computer processing a program. Your definition should describe the primary purpose of each phase. Question
More informationIA-32 Architecture. CS 4440/7440 Malware Analysis and Defense
IA-32 Architecture CS 4440/7440 Malware Analysis and Defense Intel x86 Architecture } Security professionals constantly analyze assembly language code } Many exploits are written in assembly } Source code
More informationCSCI 334: Principles of Programming Languages. Computer Architecture (a really really fast introduction) Lecture 11: Control Structures II
1 byte{ 1 byte{ CSCI 334: Principles of Programming Languages Lecture 11: Control Structures II Computer Architecture (a really really fast introduction) Instructor: Dan Barowy Memory Instructions main
More informationX86 Addressing Modes Chapter 3" Review: Instructions to Recognize"
X86 Addressing Modes Chapter 3" Review: Instructions to Recognize" 1 Arithmetic Instructions (1)! Two Operand Instructions" ADD Dest, Src Dest = Dest + Src SUB Dest, Src Dest = Dest - Src MUL Dest, Src
More informationPractical Malware Analysis
Practical Malware Analysis Ch 4: A Crash Course in x86 Disassembly Revised 1-16-7 Basic Techniques Basic static analysis Looks at malware from the outside Basic dynamic analysis Only shows you how the
More informationModule 3 Instruction Set Architecture (ISA)
Module 3 Instruction Set Architecture (ISA) I S A L E V E L E L E M E N T S O F I N S T R U C T I O N S I N S T R U C T I O N S T Y P E S N U M B E R O F A D D R E S S E S R E G I S T E R S T Y P E S O
More informationW4118: PC Hardware and x86. Junfeng Yang
W4118: PC Hardware and x86 Junfeng Yang A PC How to make it do something useful? 2 Outline PC organization x86 instruction set gcc calling conventions PC emulation 3 PC board 4 PC organization One or more
More informationCSC 8400: Computer Systems. Using the Stack for Function Calls
CSC 84: Computer Systems Using the Stack for Function Calls Lecture Goals Challenges of supporting functions! Providing information for the called function Function arguments and local variables! Allowing
More informationx86 assembly CS449 Fall 2017
x86 assembly CS449 Fall 2017 x86 is a CISC CISC (Complex Instruction Set Computer) e.g. x86 Hundreds of (complex) instructions Only a handful of registers RISC (Reduced Instruction Set Computer) e.g. MIPS
More informationComplex Instruction Set Computer (CISC)
Introduction ti to IA-32 IA-32 Processors Evolutionary design Starting in 1978 with 886 Added more features as time goes on Still support old features, although obsolete Totally dominate computer market
More informationx86 Assembly Tutorial COS 318: Fall 2017
x86 Assembly Tutorial COS 318: Fall 2017 Project 1 Schedule Design Review: Monday 9/25 Sign up for 10-min slot from 3:00pm to 7:00pm Complete set up and answer posted questions (Official) Precept: Monday
More informationCS 31: Intro to Systems ISAs and Assembly. Martin Gagné Swarthmore College February 7, 2017
CS 31: Intro to Systems ISAs and Assembly Martin Gagné Swarthmore College February 7, 2017 ANNOUNCEMENT All labs will meet in SCI 252 (the robot lab) tomorrow. Overview How to directly interact with hardware
More informationLow-Level Essentials for Understanding Security Problems Aurélien Francillon
Low-Level Essentials for Understanding Security Problems Aurélien Francillon francill@eurecom.fr Computer Architecture The modern computer architecture is based on Von Neumann Two main parts: CPU (Central
More information16.317: Microprocessor Systems Design I Fall 2014
16.317: Microprocessor Systems Design I Fall 2014 Exam 2 Solution 1. (16 points, 4 points per part) Multiple choice For each of the multiple choice questions below, clearly indicate your response by circling
More informationScott M. Lewandowski CS295-2: Advanced Topics in Debugging September 21, 1998
Scott M. Lewandowski CS295-2: Advanced Topics in Debugging September 21, 1998 Assembler Syntax Everything looks like this: label: instruction dest,src instruction label Comments: comment $ This is a comment
More information, N.S. Matloff Edited by Sean Davis for Intel syntax
Subroutines on Intel CPUs using Intel Syntax Originally by Norman Matloff, March 8, 2007 Current version available at http://heather.cs.ucdavis.edu/~matloff/50/pln/compsystsbooks2011.pdf 2002-2007, N.S.
More informationX86 Stack Calling Function POV
X86 Stack Calling Function POV Computer Systems Section 3.7 Stack Frame Reg Value ebp xffff FFF0 esp xffff FFE0 eax x0000 000E Memory Address Value xffff FFF8 xffff FFF4 x0000 0004 xffff FFF4 x0000 0003
More informationWinter Compiler Construction T11 Activation records + Introduction to x86 assembly. Today. Tips for PA4. Today:
Winter 2006-2007 Compiler Construction T11 Activation records + Introduction to x86 assembly Mooly Sagiv and Roman Manevich School of Computer Science Tel-Aviv University Today ic IC Language Lexical Analysis
More informationCSC 2400: Computer Systems. Using the Stack for Function Calls
CSC 24: Computer Systems Using the Stack for Function Calls Lecture Goals Challenges of supporting functions! Providing information for the called function Function arguments and local variables! Allowing
More informationAssembly Language for Intel-Based Computers, 4 th Edition. Chapter 5: Procedures. Chapter Overview. The Book's Link Library
Assembly Language for Intel-Based Computers, 4 th Edition Kip R Irvine Chapter 5: Procedures Slides prepared by Kip R Irvine Revision date: 10/3/2003 Chapter corrections (Web) Assembly language sources
More informationAssembly Language for Intel-Based Computers, 4 th Edition
Assembly Language for Intel-Based Computers, 4 th Edition Kip R. Irvine Chapter 5: Procedures Lecture 18 Linking to External Library The Book s Link Library Stack Operations Slides prepared by Kip R. Irvine
More informationCS Basics 8) Strings. Emmanuel Benoist. Fall Term Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 1
CS Basics 8) Strings Emmanuel Benoist Fall Term 2016-17 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 1 Strings Loops on Strings Strings in assembly STOre String
More informationCMSC 313 Lecture 08 Project 2 Questions Recap Indexed Addressing Examples Some i386 string instructions A Bigger Example: Escape Sequence Project
CMSC 313 Lecture 08 Project 2 Questions Recap Indexed Addressing Examples Some i386 string instructions A Bigger Example: Escape Sequence Project UMBC, CMSC313, Richard Chang CMSC 313,
More informationmith College Computer Science CSC231 Assembly Week #9 Fall 2017 Dominique Thiébaut
mith College Computer Science CSC231 Assembly Week #9 Fall 2017 Dominique Thiébaut dthiebaut@smith.edu Looping Through Arrays LOOP INSTRUCTION Looping Through Arrays INDIRECT ADDRESSING MODE Indirect Addressing
More informationRegister Allocation, iii. Bringing in functions & using spilling & coalescing
Register Allocation, iii Bringing in functions & using spilling & coalescing 1 Function Calls ;; f(x) = let y = g(x) ;; in h(y+x) + y*5 (:f (x
More informationCSC 2400: Computing Systems. X86 Assembly: Function Calls
CSC 24: Computing Systems X86 Assembly: Function Calls 1 Lecture Goals Challenges of supporting functions Providing information for the called function Function arguments and local variables Allowing the
More informationCSC 2400: Computer Systems. Towards the Hardware: Machine-Level Representation of Programs
CSC 2400: Computer Systems Towards the Hardware: Machine-Level Representation of Programs Towards the Hardware High-level language (Java) High-level language (C) assembly language machine language (IA-32)
More informationSubprograms: Arguments
Subprograms: Arguments ICS312 Machine-Level and Systems Programming Henri Casanova (henric@hawaii.edu) Activation Records The stack is useful to store and rieve urn addresses, transparently managed via
More informationAssembly basics CS 2XA3. Term I, 2017/18
Assembly basics CS 2XA3 Term I, 2017/18 Outline What is Assembly Language? Assemblers NASM Program structure I/O First program Compiling Linking What is Assembly Language? In a high level language (HLL),
More informationReverse Engineering II: Basics. Gergely Erdélyi Senior Antivirus Researcher
Reverse Engineering II: Basics Gergely Erdélyi Senior Antivirus Researcher Agenda Very basics Intel x86 crash course Basics of C Binary Numbers Binary Numbers 1 Binary Numbers 1 0 1 1 Binary Numbers 1
More informationComputer Architecture and System Programming Laboratory. TA Session 3
Computer Architecture and System Programming Laboratory TA Session 3 Stack - LIFO word-size data structure STACK is temporary storage memory area register points on top of stack (by default, it is highest
More informationLecture 4 CIS 341: COMPILERS
Lecture 4 CIS 341: COMPILERS CIS 341 Announcements HW2: X86lite Available on the course web pages. Due: Weds. Feb. 7 th at midnight Pair-programming project Zdancewic CIS 341: Compilers 2 X86 Schematic
More informationCNIT 127: Exploit Development. Ch 1: Before you begin. Updated
CNIT 127: Exploit Development Ch 1: Before you begin Updated 1-14-16 Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend, such as Denial
More informationMachine and Assembly Language Principles
Machine and Assembly Language Principles Assembly language instruction is synonymous with a machine instruction. Therefore, need to understand machine instructions and on what they operate - the architecture.
More informationCOMPUTER ENGINEERING DEPARTMENT
Page 1 of 11 COMPUTER ENGINEERING DEPARTMENT December 31, 2007 COE 205 COMPUTER ORGANIZATION & ASSEMBLY PROGRAMMING Major Exam II First Semester (071) Time: 7:00 PM-9:30 PM Student Name : KEY Student ID.
More informationIntroduction to IA-32. Jo, Heeseung
Introduction to IA-32 Jo, Heeseung IA-32 Processors Evolutionary design Starting in 1978 with 8086 Added more features as time goes on Still support old features, although obsolete Totally dominate computer
More informationICS143A: Principles of Operating Systems. Midterm recap, sample questions. Anton Burtsev February, 2017
ICS143A: Principles of Operating Systems Midterm recap, sample questions Anton Burtsev February, 2017 Describe the x86 address translation pipeline (draw figure), explain stages. Address translation What
More informationcomplement) Multiply Unsigned: MUL (all operands are nonnegative) AX = BH * AL IMUL BH IMUL CX (DX,AX) = CX * AX Arithmetic MUL DWORD PTR [0x10]
The following pages contain references for use during the exam: tables containing the x86 instruction set (covered so far) and condition codes. You do not need to submit these pages when you finish your
More informationINTRODUCTION TO IA-32. Jo, Heeseung
INTRODUCTION TO IA-32 Jo, Heeseung IA-32 PROCESSORS Evolutionary design Starting in 1978 with 8086 Added more features as time goes on Still support old features, although obsolete Totally dominate computer
More informationLow Level Programming Lecture 2. International Faculty of Engineerig, Technical University of Łódź
Low Level Programming Lecture 2 Intel processors' architecture reminder Fig. 1. IA32 Registers IA general purpose registers EAX- accumulator, usually used to store results of integer arithmetical or binary
More informationCS 31: Intro to Systems ISAs and Assembly. Kevin Webb Swarthmore College February 9, 2016
CS 31: Intro to Systems ISAs and Assembly Kevin Webb Swarthmore College February 9, 2016 Reading Quiz Overview How to directly interact with hardware Instruction set architecture (ISA) Interface between
More informationAn Introduction to x86 ASM
An Introduction to x86 ASM Malware Analysis Seminar Meeting 1 Cody Cutler, Anton Burtsev Registers General purpose EAX, EBX, ECX, EDX ESI, EDI (index registers, but used as general in 32-bit protected
More informationCS 31: Intro to Systems ISAs and Assembly. Kevin Webb Swarthmore College September 25, 2018
CS 31: Intro to Systems ISAs and Assembly Kevin Webb Swarthmore College September 25, 2018 Overview How to directly interact with hardware Instruction set architecture (ISA) Interface between programmer
More informationEECE.3170: Microprocessor Systems Design I Summer 2017
EECE.3170: Microprocessor Systems Design I Summer 2017 Lecture 8: Key Questions June 5, 2017 1. (Review) Describe the structure of a typical x86 stack frame. EECE.3170: Microprocessor Systems Design I
More information(2) Accidentally using the wrong instance of a variable (sometimes very hard one to find).
Scope and storage class of variables The scope of a variable refers to those portions of a program wherein it may be accessed. Failure to understand scoping rules can lead to two problems: (1) Syntax errors
More informationReverse Engineering II: The Basics
Reverse Engineering II: The Basics Gergely Erdélyi Senior Manager, Anti-malware Research Protecting the irreplaceable f-secure.com Binary Numbers 1 0 1 1 - Nibble B 1 0 1 1 1 1 0 1 - Byte B D 1 0 1 1 1
More informationInstructor: Alvin R. Lebeck
X86 Assembly Programming with GNU assembler Lecture 7 Instructor: Alvin R. Lebeck Some Slides based on those from Randy Bryant and Dave O Hallaron Admin Reading: Chapter 3 Note about pointers: You must
More informationFor your convenience Apress has placed some of the front matter material after the index. Please use the Bookmarks and Contents at a Glance links to
For your convenience Apress has placed some of the front matter material after the index. Please use the Bookmarks and Contents at a Glance links to access them. Contents at a Glance About the Author...xi
More informationUMBC. contain new IP while 4th and 5th bytes contain CS. CALL BX and CALL [BX] versions also exist. contain displacement added to IP.
Procedures: CALL: Pushes the address of the instruction following the CALL instruction onto the stack. RET: Pops the address. SUM PROC NEAR USES BX CX DX ADD AX, BX ADD AX, CX MOV AX, DX RET SUM ENDP NEAR
More informationx86 architecture et similia
x86 architecture et similia 1 FREELY INSPIRED FROM CLASS 6.828, MIT A full PC has: PC architecture 2 an x86 CPU with registers, execution unit, and memory management CPU chip pins include address and data
More informationAssembly III: Procedures. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University
Assembly III: Procedures Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu IA-32 (1) Characteristics Region of memory managed with stack discipline
More informationLibraries and Procedures
Computer Organization and Assembly Language Computer Engineering Department Chapter 5 Libraries and Procedures Presentation Outline Link Library Overview The Book's Link Library Runtime Stack and Stack
More informationTutorial 10 Protection Cont.
Tutorial 0 Protection Cont. 2 Privilege Levels Lower number => higher privilege Code can access data of equal/lower privilege levels only Code can call more privileged data via call gates Each level has
More informationImplementing Threads. Operating Systems In Depth II 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.
Implementing Threads Operating Systems In Depth II 1 Copyright 2018 Thomas W Doeppner All rights reserved The Unix Address Space stack dynamic bss data text Operating Systems In Depth II 2 Copyright 2018
More informationCSC 8400: Computer Systems. Machine-Level Representation of Programs
CSC 8400: Computer Systems Machine-Level Representation of Programs Towards the Hardware High-level language (Java) High-level language (C) assembly language machine language (IA-32) 1 Compilation Stages
More informationCS412/CS413. Introduction to Compilers Tim Teitelbaum. Lecture 21: Generating Pentium Code 10 March 08
CS412/CS413 Introduction to Compilers Tim Teitelbaum Lecture 21: Generating Pentium Code 10 March 08 CS 412/413 Spring 2008 Introduction to Compilers 1 Simple Code Generation Three-address code makes it
More informationSummary: Direct Code Generation
Summary: Direct Code Generation 1 Direct Code Generation Code generation involves the generation of the target representation (object code) from the annotated parse tree (or Abstract Syntactic Tree, AST)
More informationHow Software Executes
How Software Executes CS-576 Systems Security Instructor: Georgios Portokalidis Overview Introduction Anatomy of a program Basic assembly Anatomy of function calls (and returns) Memory Safety Intel x86
More informationx86 Assembly Crash Course Don Porter
x86 Assembly Crash Course Don Porter Registers ò Only variables available in assembly ò General Purpose Registers: ò EAX, EBX, ECX, EDX (32 bit) ò Can be addressed by 8 and 16 bit subsets AL AH AX EAX
More information1 /* file cpuid2.s */ 4.asciz "The processor Vendor ID is %s \n" 5.section.bss. 6.lcomm buffer, section.text. 8.globl _start.
1 /* file cpuid2.s */ 2.section.data 3 output: 4.asciz "The processor Vendor ID is %s \n" 5.section.bss 6.lcomm buffer, 12 7.section.text 8.globl _start 9 _start: 10 movl $0, %eax 11 cpuid 12 movl $buffer,
More informationEthical Hacking. Assembly Language Tutorial
Ethical Hacking Assembly Language Tutorial Number Systems Memory in a computer consists of numbers Computer memory does not store these numbers in decimal (base 10) Because it greatly simplifies the hardware,
More informationIntel assembly language using gcc
QOTD Intel assembly language using gcc Assembly language programming is difficult. Make no mistake about that. It is not for wimps and weaklings. - Tanenbaum s 6th, page 519 These notes are a supplement
More informationProcedure Calls. Young W. Lim Sat. Young W. Lim Procedure Calls Sat 1 / 27
Procedure Calls Young W. Lim 2016-11-05 Sat Young W. Lim Procedure Calls 2016-11-05 Sat 1 / 27 Outline 1 Introduction References Stack Background Transferring Control Register Usage Conventions Procedure
More informationASSEMBLY III: PROCEDURES. Jo, Heeseung
ASSEMBLY III: PROCEDURES Jo, Heeseung IA-32 STACK (1) Characteristics Region of memory managed with stack discipline Grows toward lower addresses Register indicates lowest stack address - address of top
More informationCOE 205. Computer Organization and Assembly Language Dr. Aiman El-Maleh
Libraries i and Procedures COE 205 Computer Organization and Assembly Language Dr. Aiman El-Maleh College of Computer Sciences and Engineering King Fahd University of Petroleum and Minerals [Adapted from
More informationMachine-level Programming (3)
Machine-level Programming (3) Procedures A: call A call A return Two issues How to return to the correct position? How to pass arguments and return values between callee to caller? 2 Procedure Control
More informationFigure 8-1. x87 FPU Execution Environment
Sign 79 78 64 63 R7 Exponent R6 R5 R4 R3 R2 R1 R0 Data Registers Significand 0 15 Control Register 0 47 Last Instruction Pointer 0 Status Register Last Data (Operand) Pointer Tag Register 10 Opcode 0 Figure
More information