Lecture 2 Assembly Language

Size: px
Start display at page:

Download "Lecture 2 Assembly Language"

Transcription

1 Lecture 2 Assembly Language Computer and Network Security 9th of October 2017 Computer Science and Engineering Department CSE Dep, ACS, UPB Lecture 2, Assembly Language 1/37

2 Recap: Explorations Tools assembly and C language scripting language (Bash, Python, Perl) hexadecimal executable exploration: strings, xxd, objdump, IDA process exploration: strace, ltrace, lsof, pmap Capture the Flag (CTF) contests: CSE Dep, ACS, UPB Lecture 2, Assembly Language 2/37

3 Outline Introduction to Assembly Language Assembly Language Basics x86 Assembly Dealing with Binary Files Summary CSE Dep, ACS, UPB Lecture 2, Assembly Language 3/37

4 Evolution of Programming Languages machine code (punch cards) assembly language (architecture dependent) high-level languages (portable, compilers and interpreters) CSE Dep, ACS, UPB Lecture 2, Assembly Language 4/37

5 Current Need for Assembly Language low-level optimizations unavailable features in C language security (binary analysis, offensive security) learning how the machine works CSE Dep, ACS, UPB Lecture 2, Assembly Language 5/37

6 Mnemonics basic blocks for assembly language keywords for assembly instructions direct mapping to machine code CSE Dep, ACS, UPB Lecture 2, Assembly Language 6/37

7 Sample Instruction Assembly to machine code mapping NASM syntax: add dword [0xdeadbeef], 42 hex: e f b e a d d e 2 a binary: [ ][ ][ ][ ] \- immediate: 42 \- memory address: 0xdeadbeef (note the endianness) \- opcode modifiers: 2 bits = addressing mode 3 bits = register/opcode modifier 3 bits = r/m field \- opcode: add sign-extended 8-bits immediate to register, or 32-bits memory address CSE Dep, ACS, UPB Lecture 2, Assembly Language 7/37

8 Computer Architecture instruction set architecture (ISA) register set addressing methods CSE Dep, ACS, UPB Lecture 2, Assembly Language 8/37

9 Instruction Set Architecture (ISA) the types of assembly instructions addressing moving data control flow multiple processors may implement the same instruction set x86, x86 64, ARM, ARM64, MIPS, PowerPC CSE Dep, ACS, UPB Lecture 2, Assembly Language 9/37

10 The Memory Hierarchy registers (used in assembly) cache memory (controlled by hardware) RAM (uses in assembly) flash/usb, hard drive tape backup CSE Dep, ACS, UPB Lecture 2, Assembly Language 10/37

11 Outline Introduction to Assembly Language Assembly Language Basics x86 Assembly Dealing with Binary Files Summary CSE Dep, ACS, UPB Lecture 2, Assembly Language 11/37

12 Simple Assembly Program 1 extern puts 2 section.data 3 hellostr: db Hello, world!,0 4 section.text 5 global main 6 main: 7 push hellostr 8 call puts CSE Dep, ACS, UPB Lecture 2, Assembly Language 12/37

13 Assembling Using nasm for assembling $ nasm -f elf32 hello.asm Using objdump for inspecting $ objdump -M intel -d hello.o [...] Disassembly of section.text: <main>: 0: push 0x0 5: e8 fc ff ff ff call 6 <main+0x6> $ objdump -M intel -r hello.o [...] RELOCATION RECORDS FOR [.text]: OFFSET TYPE VALUE R_386_32.data R_386_PC32 puts CSE Dep, ACS, UPB Lecture 2, Assembly Language 13/37

14 Linking Using ld for linking $ ld -s -lc -m elf_i386 -dynamic-linker /lib/ld-linux.so.2 -e main hello.o -o hello-min Using objdump for inspecting $ objdump -M intel -d hello-min [...] Disassembly of section.plt: <puts@plt-0x10>: : ff push DWORD PTR ds:0x : ff jmp DWORD PTR ds:0x c: add BYTE PTR [eax],al <puts@plt>: : ff jmp DWORD PTR ds:0x : push 0x b: e9 e0 ff ff ff jmp <puts@plt-0x10> Disassembly of section.text: <.text>: : 68 4c push 0x804924c : e8 e6 ff ff ff call <puts@plt> CSE Dep, ACS, UPB Lecture 2, Assembly Language 14/37

15 Another Program 1 extern printf 2 section.data 3 sum str: db Sum is %d.,10,0 4 section.text 5 global main 6 main: 7 xor eax, eax ; Initialize sum register to mov ecx, 100 ; Start from value and decrement. 10 add number: 11 add eax, ecx ; Add value to sum register. 12 dec ecx ; Decrement value. 13 test ecx, ecx ; Test if value is jnz add number ; If value is 0, quit loop; otherwise jump to label ; Print value. 17 push eax 18 push sum str 19 call printf CSE Dep, ACS, UPB Lecture 2, Assembly Language 15/37

16 Computer Registers used for storing and managing data CPU/assembly instructions deal with registers the register size shows the architecture size/type may be orthogonal, or may have specific roles are referenced by names: eax, ebp, eflags (x86) or r0, r1, r2 (ARM) CSE Dep, ACS, UPB Lecture 2, Assembly Language 16/37

17 CPU Instructions instruction mnemonic: what the instruction does instruction operands: what the instruction uses CSE Dep, ACS, UPB Lecture 2, Assembly Language 17/37

18 Addressing Modes ways for instructions to identify operands for code absolute addressing: in the instruction relative addressing: in the instruction (+ current offset) register indirect: address in the register for data register: data in register base plus offset: add offset to base value immediate: in the instruction CSE Dep, ACS, UPB Lecture 2, Assembly Language 18/37

19 CISC vs. RISC Architectures Complex/Reduced Instruction Set Computing CISC: relative instruction size, multi-clock complex instructions, memory-to-memory RISC: load-store architecture, focus on software CSE Dep, ACS, UPB Lecture 2, Assembly Language 19/37

20 Outline Introduction to Assembly Language Assembly Language Basics x86 Assembly Dealing with Binary Files Summary CSE Dep, ACS, UPB Lecture 2, Assembly Language 20/37

21 Assembly Language Syntax Intel Syntax xor eax,eax mov ecx,0x64 add eax,ecx dec ecx test ecx,ecx jne 7 <add_number> push eax push 0x0 call 15 <add_number+0xe> AT&T Syntax xor %eax,%eax mov $0x64,%ecx add %ecx,%eax dec %ecx test %ecx,%ecx jne 7 <add_number> push %eax push $0x0 call 15 <add_number+0xe> CSE Dep, ACS, UPB Lecture 2, Assembly Language 21/37

22 Tools of the Trade NASM: assembler (Intel Syntax) GCC (gas): assembler (x86 Syntax) GCC (gcc, ld): compiler/linker objdump: disassembler (multiple syntaxes) CSE Dep, ACS, UPB Lecture 2, Assembly Language 22/37

23 x86 Registers eax: accumulator, used in arithmetic operations ebx: base pointer in memory operations (e.g. arrays) ecx: loop counters edx: also used in arithmetic operations esi: source addresses in memory operations edi: destination addreses in memory operations ebp: frame base pointer esp: stack pointer named rax, rbx etc. in x86 64 CSE Dep, ACS, UPB Lecture 2, Assembly Language 23/37

24 Addressing x86 Addressing Modes mov eax, [0xcafebab3] ; direct (displacement) mov eax, [esi] ; register indirect (base) mov eax, [ebp-8] ; based (base + displacement) mov eax, [ebx*4 + 0xdeadbeef] ; indexed (index*scale + displacement) mov eax, [edx + ebx + 12] ; based-indexed w/o scale (base + index + displace mov eax, [edx + ebx*4 + 42] ; based-indexed w/ scale (base + index*scale + dis CSE Dep, ACS, UPB Lecture 2, Assembly Language 24/37

25 Data Transfer mov dest, src : move xchg dest, src : exchange (swap) movzx dest, src : move with zero extend movsx dest, src : move with sign extend movsb: move byte from location pointed to by esi to edi movsw: similar, move word (2 bytes) lea dest, src : load effective address (calculate address of src and load it to dest ) CSE Dep, ACS, UPB Lecture 2, Assembly Language 25/37

26 Control Flow Control Instructions: jmp addr : loads addr into eip call addr : pushes current eip on stack, and loads addr into eip ret val : loads head of stack into eip, and pops val bytes off the stack loop addr : decrements ecx, and jumps to addr if ecx!= 0 Conditional Jump Flags: ZF (zero flag): previous arithmetic operation resulted in zero SF (sign flag): previous result s most significant bit CF (carry flag): previous result requires a carry OF (overflow flag): previous result overflows the maximum value that fits a register CSE Dep, ACS, UPB Lecture 2, Assembly Language 26/37

27 Arithmetic/Logical Arithmetic Instructions: add dest, src : addition sub dest, src : subtraction mul arg : multiplication with corresponding byte-wise eax (i.e. arg = dh? dh * ah) imul arg : signed multiplication imul dest, src : signed multiplication (dest = dest * src) imul dest, src, aux : signed multiplication (dest = src * aux) div arg : division idiv arg : signed division neg arg : 2 s complement negation CSE Dep, ACS, UPB Lecture 2, Assembly Language 27/37

28 Arithmetic/Logical (2) Shifts and Rotations: shr, shl (logical shift right/left) sar, sal (arithmetic shift right/left) shld, shrd (double-shift) ror, rol (rotate) rcr, rcl (rotate with carry) Logical Instructions: and, or, xor, not CSE Dep, ACS, UPB Lecture 2, Assembly Language 28/37

29 Function Calls More in Lecture 4: The Stack. Buffer Management CSE Dep, ACS, UPB Lecture 2, Assembly Language 29/37

30 System Calls the interface that allows user applications to request services from the OS kernel mechanism is invoked by triggering an interrupt (int 0x80) conventions for invoking a syscall on Linux: eax contains the syscall ID parameters are passed in ebx, ecx, edx, esi, edi, ebp (in this order) the syscall is responsible of saving and restoring all registers CSE Dep, ACS, UPB Lecture 2, Assembly Language 30/37

31 Outline Introduction to Assembly Language Assembly Language Basics x86 Assembly Dealing with Binary Files Summary CSE Dep, ACS, UPB Lecture 2, Assembly Language 31/37

32 Disassembling checking the assembly code in object/executable files use disassemblers; no need for source code useful for reverse engineering objdump, IDA, GDB, radare2, Hopper, ImmunityDbg CSE Dep, ACS, UPB Lecture 2, Assembly Language 32/37

33 Disassembling (2) disassemble object code in non-object files objdump -D -b binary -m i386 binary-file CSE Dep, ACS, UPB Lecture 2, Assembly Language 33/37

34 Using NOPs when altering binary machine code you can t remove data, you will mess the offsets use a hex editor (hexedit, bless) and replace code with NOP instructions (0x90 in x86 assembly) CSE Dep, ACS, UPB Lecture 2, Assembly Language 34/37

35 Outline Introduction to Assembly Language Assembly Language Basics x86 Assembly Dealing with Binary Files Summary CSE Dep, ACS, UPB Lecture 2, Assembly Language 35/37

36 Keywords assembly mnemonics instructions architecture ISA registers addressing modes CISC and RISC memory-to-memory load-store assembling linking control flow arithmetic/logical data transfer function calls system calls disassembling objdump NOP CSE Dep, ACS, UPB Lecture 2, Assembly Language 36/37

37 Useful Links CSE Dep, ACS, UPB Lecture 2, Assembly Language 37/37

Practical Malware Analysis

Practical Malware Analysis Practical Malware Analysis Ch 4: A Crash Course in x86 Disassembly Revised 1-16-7 Basic Techniques Basic static analysis Looks at malware from the outside Basic dynamic analysis Only shows you how the

More information

X86 Addressing Modes Chapter 3" Review: Instructions to Recognize"

X86 Addressing Modes Chapter 3 Review: Instructions to Recognize X86 Addressing Modes Chapter 3" Review: Instructions to Recognize" 1 Arithmetic Instructions (1)! Two Operand Instructions" ADD Dest, Src Dest = Dest + Src SUB Dest, Src Dest = Dest - Src MUL Dest, Src

More information

Program Exploitation Intro

Program Exploitation Intro Program Exploitation Intro x86 Assembly 04//2018 Security 1 Univeristà Ca Foscari, Venezia What is Program Exploitation "Making a program do something unexpected and not planned" The right bugs can be

More information

3.1 DATA MOVEMENT INSTRUCTIONS 45

3.1 DATA MOVEMENT INSTRUCTIONS 45 3.1.1 General-Purpose Data Movement s 45 3.1.2 Stack Manipulation... 46 3.1.3 Type Conversion... 48 3.2.1 Addition and Subtraction... 51 3.1 DATA MOVEMENT INSTRUCTIONS 45 MOV (Move) transfers a byte, word,

More information

complement) Multiply Unsigned: MUL (all operands are nonnegative) AX = BH * AL IMUL BH IMUL CX (DX,AX) = CX * AX Arithmetic MUL DWORD PTR [0x10]

complement) Multiply Unsigned: MUL (all operands are nonnegative) AX = BH * AL IMUL BH IMUL CX (DX,AX) = CX * AX Arithmetic MUL DWORD PTR [0x10] The following pages contain references for use during the exam: tables containing the x86 instruction set (covered so far) and condition codes. You do not need to submit these pages when you finish your

More information

Lab 3. The Art of Assembly Language (II)

Lab 3. The Art of Assembly Language (II) Lab. The Art of Assembly Language (II) Dan Bruce, David Clark and Héctor D. Menéndez Department of Computer Science University College London October 2, 2017 License Creative Commons Share Alike Modified

More information

CSC 8400: Computer Systems. Machine-Level Representation of Programs

CSC 8400: Computer Systems. Machine-Level Representation of Programs CSC 8400: Computer Systems Machine-Level Representation of Programs Towards the Hardware High-level language (Java) High-level language (C) assembly language machine language (IA-32) 1 Compilation Stages

More information

Basic Pentium Instructions. October 18

Basic Pentium Instructions. October 18 Basic Pentium Instructions October 18 CSC201 Section 002 Fall, 2000 The EFLAGS Register Bit 11 = Overflow Flag Bit 7 = Sign Flag Bit 6 = Zero Flag Bit 0 = Carry Flag "Sets the flags" means sets OF, ZF,

More information

CSC 2400: Computer Systems. Towards the Hardware: Machine-Level Representation of Programs

CSC 2400: Computer Systems. Towards the Hardware: Machine-Level Representation of Programs CSC 2400: Computer Systems Towards the Hardware: Machine-Level Representation of Programs Towards the Hardware High-level language (Java) High-level language (C) assembly language machine language (IA-32)

More information

SOEN228, Winter Revision 1.2 Date: October 25,

SOEN228, Winter Revision 1.2 Date: October 25, SOEN228, Winter 2003 Revision 1.2 Date: October 25, 2003 1 Contents Flags Mnemonics Basic I/O Exercises Overview of sample programs 2 Flag Register The flag register stores the condition flags that retain

More information

CNIT 127: Exploit Development. Ch 1: Before you begin. Updated

CNIT 127: Exploit Development. Ch 1: Before you begin. Updated CNIT 127: Exploit Development Ch 1: Before you begin Updated 1-14-16 Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend, such as Denial

More information

Computer Architecture and System Programming Laboratory. TA Session 3

Computer Architecture and System Programming Laboratory. TA Session 3 Computer Architecture and System Programming Laboratory TA Session 3 Stack - LIFO word-size data structure STACK is temporary storage memory area register points on top of stack (by default, it is highest

More information

Computer Architecture and Assembly Language. Practical Session 3

Computer Architecture and Assembly Language. Practical Session 3 Computer Architecture and Assembly Language Practical Session 3 Advanced Instructions division DIV r/m - unsigned integer division IDIV r/m - signed integer division Dividend Divisor Quotient Remainder

More information

Reverse Engineering Low Level Software. CS5375 Software Reverse Engineering Dr. Jaime C. Acosta

Reverse Engineering Low Level Software. CS5375 Software Reverse Engineering Dr. Jaime C. Acosta 1 Reverse Engineering Low Level Software CS5375 Software Reverse Engineering Dr. Jaime C. Acosta Machine code 2 3 Machine code Assembly compile Machine Code disassemble 4 Machine code Assembly compile

More information

Lecture 15 Intel Manual, Vol. 1, Chapter 3. Fri, Mar 6, Hampden-Sydney College. The x86 Architecture. Robb T. Koether. Overview of the x86

Lecture 15 Intel Manual, Vol. 1, Chapter 3. Fri, Mar 6, Hampden-Sydney College. The x86 Architecture. Robb T. Koether. Overview of the x86 Lecture 15 Intel Manual, Vol. 1, Chapter 3 Hampden-Sydney College Fri, Mar 6, 2009 Outline 1 2 Overview See the reference IA-32 Intel Software Developer s Manual Volume 1: Basic, Chapter 3. Instructions

More information

CSE P 501 Compilers. x86 Lite for Compiler Writers Hal Perkins Autumn /25/ Hal Perkins & UW CSE J-1

CSE P 501 Compilers. x86 Lite for Compiler Writers Hal Perkins Autumn /25/ Hal Perkins & UW CSE J-1 CSE P 501 Compilers x86 Lite for Compiler Writers Hal Perkins Autumn 2011 10/25/2011 2002-11 Hal Perkins & UW CSE J-1 Agenda Learn/review x86 architecture Core 32-bit part only for now Ignore crufty, backward-compatible

More information

Instructions moving data

Instructions moving data do not affect flags. Instructions moving data mov register/mem, register/mem/number (move data) The difference between the value and the address of a variable mov al,sum; value 56h al mov ebx,offset Sum;

More information

CS 31: Intro to Systems ISAs and Assembly. Martin Gagné Swarthmore College February 7, 2017

CS 31: Intro to Systems ISAs and Assembly. Martin Gagné Swarthmore College February 7, 2017 CS 31: Intro to Systems ISAs and Assembly Martin Gagné Swarthmore College February 7, 2017 ANNOUNCEMENT All labs will meet in SCI 252 (the robot lab) tomorrow. Overview How to directly interact with hardware

More information

Module 3 Instruction Set Architecture (ISA)

Module 3 Instruction Set Architecture (ISA) Module 3 Instruction Set Architecture (ISA) I S A L E V E L E L E M E N T S O F I N S T R U C T I O N S I N S T R U C T I O N S T Y P E S N U M B E R O F A D D R E S S E S R E G I S T E R S T Y P E S O

More information

The x86 Architecture

The x86 Architecture The x86 Architecture Lecture 24 Intel Manual, Vol. 1, Chapter 3 Robb T. Koether Hampden-Sydney College Fri, Mar 20, 2015 Robb T. Koether (Hampden-Sydney College) The x86 Architecture Fri, Mar 20, 2015

More information

Machine and Assembly Language Principles

Machine and Assembly Language Principles Machine and Assembly Language Principles Assembly language instruction is synonymous with a machine instruction. Therefore, need to understand machine instructions and on what they operate - the architecture.

More information

CS 31: Intro to Systems ISAs and Assembly. Kevin Webb Swarthmore College February 9, 2016

CS 31: Intro to Systems ISAs and Assembly. Kevin Webb Swarthmore College February 9, 2016 CS 31: Intro to Systems ISAs and Assembly Kevin Webb Swarthmore College February 9, 2016 Reading Quiz Overview How to directly interact with hardware Instruction set architecture (ISA) Interface between

More information

CS 31: Intro to Systems ISAs and Assembly. Kevin Webb Swarthmore College September 25, 2018

CS 31: Intro to Systems ISAs and Assembly. Kevin Webb Swarthmore College September 25, 2018 CS 31: Intro to Systems ISAs and Assembly Kevin Webb Swarthmore College September 25, 2018 Overview How to directly interact with hardware Instruction set architecture (ISA) Interface between programmer

More information

Binghamton University. CS-220 Spring x86 Assembler. Computer Systems: Sections

Binghamton University. CS-220 Spring x86 Assembler. Computer Systems: Sections x86 Assembler Computer Systems: Sections 3.1-3.5 Disclaimer I am not an x86 assembler expert. I have never written an x86 assembler program. (I am proficient in IBM S/360 Assembler and LC3 Assembler.)

More information

W4118: PC Hardware and x86. Junfeng Yang

W4118: PC Hardware and x86. Junfeng Yang W4118: PC Hardware and x86 Junfeng Yang A PC How to make it do something useful? 2 Outline PC organization x86 instruction set gcc calling conventions PC emulation 3 PC board 4 PC organization One or more

More information

22 Assembly Language for Intel-Based Computers, 4th Edition. 3. Each edge is a transition from one state to another, caused by some input.

22 Assembly Language for Intel-Based Computers, 4th Edition. 3. Each edge is a transition from one state to another, caused by some input. 22 Assembly Language for Intel-Based Computers, 4th Edition 6.6 Application: Finite-State Machines 1. A directed graph (also known as a diagraph). 2. Each node is a state. 3. Each edge is a transition

More information

x86 assembly CS449 Fall 2017

x86 assembly CS449 Fall 2017 x86 assembly CS449 Fall 2017 x86 is a CISC CISC (Complex Instruction Set Computer) e.g. x86 Hundreds of (complex) instructions Only a handful of registers RISC (Reduced Instruction Set Computer) e.g. MIPS

More information

CS165 Computer Security. Understanding low-level program execution Oct 1 st, 2015

CS165 Computer Security. Understanding low-level program execution Oct 1 st, 2015 CS165 Computer Security Understanding low-level program execution Oct 1 st, 2015 A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns

More information

CMSC 313 Lecture 07. Short vs Near Jumps Logical (bit manipulation) Instructions AND, OR, NOT, SHL, SHR, SAL, SAR, ROL, ROR, RCL, RCR

CMSC 313 Lecture 07. Short vs Near Jumps Logical (bit manipulation) Instructions AND, OR, NOT, SHL, SHR, SAL, SAR, ROL, ROR, RCL, RCR CMSC 313 Lecture 07 Short vs Near Jumps Logical (bit manipulation) Instructions AND, OR, NOT, SHL, SHR, SAL, SAR, ROL, ROR, RCL, RCR More Arithmetic Instructions NEG, MUL, IMUL, DIV Indexed Addressing:

More information

x86 assembly CS449 Spring 2016

x86 assembly CS449 Spring 2016 x86 assembly CS449 Spring 2016 CISC vs. RISC CISC [Complex instruction set Computing] - larger, more feature-rich instruction set (more operations, addressing modes, etc.). slower clock speeds. fewer general

More information

CPS104 Recitation: Assembly Programming

CPS104 Recitation: Assembly Programming CPS104 Recitation: Assembly Programming Alexandru Duțu 1 Facts OS kernel and embedded software engineers use assembly for some parts of their code some OSes had their entire GUIs written in assembly in

More information

Reverse Engineering II: Basics. Gergely Erdélyi Senior Antivirus Researcher

Reverse Engineering II: Basics. Gergely Erdélyi Senior Antivirus Researcher Reverse Engineering II: Basics Gergely Erdélyi Senior Antivirus Researcher Agenda Very basics Intel x86 crash course Basics of C Binary Numbers Binary Numbers 1 Binary Numbers 1 0 1 1 Binary Numbers 1

More information

Machine Language, Assemblers and Linkers"

Machine Language, Assemblers and Linkers Machine Language, Assemblers and Linkers 1 Goals for this Lecture Help you to learn about: IA-32 machine language The assembly and linking processes 2 1 Why Learn Machine Language Last stop on the language

More information

Process Layout and Function Calls

Process Layout and Function Calls Process Layout and Function Calls CS 6 Spring 07 / 8 Process Layout in Memory Stack grows towards decreasing addresses. is initialized at run-time. Heap grow towards increasing addresses. is initialized

More information

Reverse Engineering II: The Basics

Reverse Engineering II: The Basics Reverse Engineering II: The Basics Gergely Erdélyi Senior Manager, Anti-malware Research Protecting the irreplaceable f-secure.com Binary Numbers 1 0 1 1 - Nibble B 1 0 1 1 1 1 0 1 - Byte B D 1 0 1 1 1

More information

CMSC Lecture 03. UMBC, CMSC313, Richard Chang

CMSC Lecture 03. UMBC, CMSC313, Richard Chang CMSC Lecture 03 Moore s Law Evolution of the Pentium Chip IA-32 Basic Execution Environment IA-32 General Purpose Registers Hello World in Linux Assembly Language Addressing Modes UMBC, CMSC313, Richard

More information

The Instruction Set. Chapter 5

The Instruction Set. Chapter 5 The Instruction Set Architecture Level(ISA) Chapter 5 1 ISA Level The ISA level l is the interface between the compilers and the hardware. (ISA level code is what a compiler outputs) 2 Memory Models An

More information

Winter Compiler Construction T11 Activation records + Introduction to x86 assembly. Today. Tips for PA4. Today:

Winter Compiler Construction T11 Activation records + Introduction to x86 assembly. Today. Tips for PA4. Today: Winter 2006-2007 Compiler Construction T11 Activation records + Introduction to x86 assembly Mooly Sagiv and Roman Manevich School of Computer Science Tel-Aviv University Today ic IC Language Lexical Analysis

More information

Rev101. spritzers - CTF team. spritz.math.unipd.it/spritzers.html

Rev101. spritzers - CTF team. spritz.math.unipd.it/spritzers.html Rev101 spritzers - CTF team spritz.math.unipd.it/spritzers.html Disclaimer All information presented here has the only purpose of teaching how reverse engineering works. Use your mad skillz only in CTFs

More information

T Reverse Engineering Malware: Static Analysis I

T Reverse Engineering Malware: Static Analysis I T-110.6220 Reverse Engineering Malware: Static Analysis I Antti Tikkanen, F-Secure Corporation Protecting the irreplaceable f-secure.com Representing Data 2 Binary Numbers 1 0 1 1 Nibble B 1 0 1 1 1 1

More information

Machine-level Representation of Programs. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Machine-level Representation of Programs. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University Machine-level Representation of Programs Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Program? 짬뽕라면 준비시간 :10 분, 조리시간 :10 분 재료라면 1개, 스프 1봉지, 오징어

More information

Q1: Multiple choice / 20 Q2: Memory addressing / 40 Q3: Assembly language / 40 TOTAL SCORE / 100

Q1: Multiple choice / 20 Q2: Memory addressing / 40 Q3: Assembly language / 40 TOTAL SCORE / 100 16.317: Microprocessor-Based Systems I Summer 2012 Exam 1 July 20, 2012 Name: ID #: For this exam, you may use a calculator and one 8.5 x 11 double-sided page of notes. All other electronic devices (e.g.,

More information

System calls and assembler

System calls and assembler System calls and assembler Michal Sojka sojkam1@fel.cvut.cz ČVUT, FEL License: CC-BY-SA 4.0 System calls (repetition from lectures) A way for normal applications to invoke operating system (OS) kernel's

More information

Week /8086 Microprocessor Programming I

Week /8086 Microprocessor Programming I Week 4 8088/8086 Microprocessor Programming I Example. The PC Typewriter Write an 80x86 program to input keystrokes from the PC s keyboard and display the characters on the system monitor. Pressing any

More information

Towards the Hardware"

Towards the Hardware CSC 2400: Computer Systems Towards the Hardware Chapter 2 Towards the Hardware High-level language (Java) High-level language (C) assembly language machine language (IA-32) 1 High-Level Language Make programming

More information

How Software Executes

How Software Executes How Software Executes CS-576 Systems Security Instructor: Georgios Portokalidis Overview Introduction Anatomy of a program Basic assembly Anatomy of function calls (and returns) Memory Safety Intel x86

More information

ECOM Computer Organization and Assembly Language. Computer Engineering Department CHAPTER 7. Integer Arithmetic

ECOM Computer Organization and Assembly Language. Computer Engineering Department CHAPTER 7. Integer Arithmetic ECOM 2325 Computer Organization and Assembly Language Computer Engineering Department CHAPTER 7 Integer Arithmetic Presentation Outline Shift and Rotate Instructions Shift and Rotate Applications Multiplication

More information

A CRASH COURSE IN X86 DISASSEMBLY

A CRASH COURSE IN X86 DISASSEMBLY A CRASH COURSE IN X86 DISASSEMBLY As discussed in previous chapters, basic static and dynamic malware analysis methods are good for initial triage, but they do not provide enough information to analyze

More information

Assembly Language for Intel-Based Computers, 4 th Edition. Chapter 2: IA-32 Processor Architecture Included elements of the IA-64 bit

Assembly Language for Intel-Based Computers, 4 th Edition. Chapter 2: IA-32 Processor Architecture Included elements of the IA-64 bit Assembly Language for Intel-Based Computers, 4 th Edition Kip R. Irvine Chapter 2: IA-32 Processor Architecture Included elements of the IA-64 bit Slides prepared by Kip R. Irvine Revision date: 09/25/2002

More information

Dr. Ramesh K. Karne Department of Computer and Information Sciences, Towson University, Towson, MD /12/2014 Slide 1

Dr. Ramesh K. Karne Department of Computer and Information Sciences, Towson University, Towson, MD /12/2014 Slide 1 Dr. Ramesh K. Karne Department of Computer and Information Sciences, Towson University, Towson, MD 21252 rkarne@towson.edu 11/12/2014 Slide 1 Intel x86 Aseembly Language Assembly Language Assembly Language

More information

Q1: Multiple choice / 20 Q2: Protected mode memory accesses

Q1: Multiple choice / 20 Q2: Protected mode memory accesses 16.317: Microprocessor-Based Systems I Summer 2012 Exam 2 August 1, 2012 Name: ID #: For this exam, you may use a calculator and one 8.5 x 11 double-sided page of notes. All other electronic devices (e.g.,

More information

Complex Instruction Set Computer (CISC)

Complex Instruction Set Computer (CISC) Introduction ti to IA-32 IA-32 Processors Evolutionary design Starting in 1978 with 886 Added more features as time goes on Still support old features, although obsolete Totally dominate computer market

More information

Basic Assembly SYSC-3006

Basic Assembly SYSC-3006 Basic Assembly Program Development Problem: convert ideas into executing program (binary image in memory) Program Development Process: tools to provide people-friendly way to do it. Tool chain: 1. Programming

More information

Computer Architecture and Assembly Language. Practical Session 5

Computer Architecture and Assembly Language. Practical Session 5 Computer Architecture and Assembly Language Practical Session 5 Addressing Mode - "memory address calculation mode" An addressing mode specifies how to calculate the effective memory address of an operand.

More information

Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB

Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB Lab # 9 Integer Arithmetic and Bit Manipulation April, 2014 1 Assembly Language LAB Bitwise

More information

CSCE 212H, Spring 2008 Lab Assignment 3: Assembly Language Assigned: Feb. 7, Due: Feb. 14, 11:59PM

CSCE 212H, Spring 2008 Lab Assignment 3: Assembly Language Assigned: Feb. 7, Due: Feb. 14, 11:59PM CSCE 212H, Spring 2008 Lab Assignment 3: Assembly Language Assigned: Feb. 7, Due: Feb. 14, 11:59PM February 7, 2008 1 Overview The purpose of this assignment is to introduce you to the assembly language

More information

Name: CMSC 313 Fall 2001 Computer Organization & Assembly Language Programming Exam 1. Question Points I. /34 II. /30 III.

Name: CMSC 313 Fall 2001 Computer Organization & Assembly Language Programming Exam 1. Question Points I. /34 II. /30 III. CMSC 313 Fall 2001 Computer Organization & Assembly Language Programming Exam 1 Name: Question Points I. /34 II. /30 III. /36 TOTAL: /100 Instructions: 1. This is a closed-book, closed-notes exam. 2. You

More information

Second Part of the Course

Second Part of the Course CSC 2400: Computer Systems Towards the Hardware 1 Second Part of the Course Toward the hardware High-level language (C) assembly language machine language (IA-32) 2 High-Level Language g Make programming

More information

Integer Arithmetic. Shift and rotate. Overview. Shift and Rotate Instructions

Integer Arithmetic. Shift and rotate. Overview. Shift and Rotate Instructions Overview Integer Arithmetic Shift and rotate instructions and their applications Multiplication and division instructions Extended addition and subtraction Computer Organization and Assembly Languages

More information

How Software Executes

How Software Executes How Software Executes CS-576 Systems Security Instructor: Georgios Portokalidis Overview Introduction Anatomy of a program Basic assembly Anatomy of function calls (and returns) Memory Safety Programming

More information

Lecture 9. INC and DEC. INC/DEC Examples ADD. ADD Examples SUB. INC adds one to a single operand DEC decrements one from a single operand

Lecture 9. INC and DEC. INC/DEC Examples ADD. ADD Examples SUB. INC adds one to a single operand DEC decrements one from a single operand Lecture 9 INC and DEC Arithmetic Operations Shift Instructions Next week s homework! INC adds one to a single operand DEC decrements one from a single operand INC destination DEC destination where destination

More information

CS412/CS413. Introduction to Compilers Tim Teitelbaum. Lecture 21: Generating Pentium Code 10 March 08

CS412/CS413. Introduction to Compilers Tim Teitelbaum. Lecture 21: Generating Pentium Code 10 March 08 CS412/CS413 Introduction to Compilers Tim Teitelbaum Lecture 21: Generating Pentium Code 10 March 08 CS 412/413 Spring 2008 Introduction to Compilers 1 Simple Code Generation Three-address code makes it

More information

Language of x86 processor family

Language of x86 processor family Assembler lecture 2 S.Šimoňák, DCI FEEI TU of Košice Language of x86 processor family Assembler commands: instructions (processor, instructions of machine language) directives (compiler translation control,

More information

Chapter 4 Processor Architecture: Y86 (Sections 4.1 & 4.3) with material from Dr. Bin Ren, College of William & Mary

Chapter 4 Processor Architecture: Y86 (Sections 4.1 & 4.3) with material from Dr. Bin Ren, College of William & Mary Chapter 4 Processor Architecture: Y86 (Sections 4.1 & 4.3) with material from Dr. Bin Ren, College of William & Mary 1 Outline Introduction to assembly programing Introduction to Y86 Y86 instructions,

More information

Scott M. Lewandowski CS295-2: Advanced Topics in Debugging September 21, 1998

Scott M. Lewandowski CS295-2: Advanced Topics in Debugging September 21, 1998 Scott M. Lewandowski CS295-2: Advanced Topics in Debugging September 21, 1998 Assembler Syntax Everything looks like this: label: instruction dest,src instruction label Comments: comment $ This is a comment

More information

Registers. Ray Seyfarth. September 8, Bit Intel Assembly Language c 2011 Ray Seyfarth

Registers. Ray Seyfarth. September 8, Bit Intel Assembly Language c 2011 Ray Seyfarth Registers Ray Seyfarth September 8, 2011 Outline 1 Register basics 2 Moving a constant into a register 3 Moving a value from memory into a register 4 Moving values from a register into memory 5 Moving

More information

x86 Assembly Tutorial COS 318: Fall 2017

x86 Assembly Tutorial COS 318: Fall 2017 x86 Assembly Tutorial COS 318: Fall 2017 Project 1 Schedule Design Review: Monday 9/25 Sign up for 10-min slot from 3:00pm to 7:00pm Complete set up and answer posted questions (Official) Precept: Monday

More information

UMBC. A register, an immediate or a memory address holding the values on. Stores a symbolic name for the memory location that it represents.

UMBC. A register, an immediate or a memory address holding the values on. Stores a symbolic name for the memory location that it represents. Intel Assembly Format of an assembly instruction: LABEL OPCODE OPERANDS COMMENT DATA1 db 00001000b ;Define DATA1 as decimal 8 START: mov eax, ebx ;Copy ebx to eax LABEL: Stores a symbolic name for the

More information

Instruction Set Architectures

Instruction Set Architectures Instruction Set Architectures! ISAs! Brief history of processors and architectures! C, assembly, machine code! Assembly basics: registers, operands, move instructions 1 What should the HW/SW interface

More information

Instruction Set Architectures

Instruction Set Architectures Instruction Set Architectures ISAs Brief history of processors and architectures C, assembly, machine code Assembly basics: registers, operands, move instructions 1 What should the HW/SW interface contain?

More information

Machine Programming 1: Introduction

Machine Programming 1: Introduction Machine Programming 1: Introduction CS61, Lecture 3 Prof. Stephen Chong September 8, 2011 Announcements (1/2) Assignment 1 due Tuesday Please fill in survey by 5pm today! Assignment 2 will be released

More information

Compiler construction. x86 architecture. This lecture. Lecture 6: Code generation for x86. x86: assembly for a real machine.

Compiler construction. x86 architecture. This lecture. Lecture 6: Code generation for x86. x86: assembly for a real machine. This lecture Compiler construction Lecture 6: Code generation for x86 Magnus Myreen Spring 2018 Chalmers University of Technology Gothenburg University x86 architecture s Some x86 instructions From LLVM

More information

Function Calls COS 217. Reading: Chapter 4 of Programming From the Ground Up (available online from the course Web site)

Function Calls COS 217. Reading: Chapter 4 of Programming From the Ground Up (available online from the course Web site) Function Calls COS 217 Reading: Chapter 4 of Programming From the Ground Up (available online from the course Web site) 1 Goals of Today s Lecture Finishing introduction to assembly language o EFLAGS register

More information

Assembly Programmer s View Lecture 4A Machine-Level Programming I: Introduction

Assembly Programmer s View Lecture 4A Machine-Level Programming I: Introduction Assembly Programmer s View Lecture 4A Machine-Level Programming I: Introduction E I P CPU isters Condition Codes Addresses Data Instructions Memory Object Code Program Data OS Data Topics Assembly Programmer

More information

Assembly Language. Lecture 2 - x86 Processor Architecture. Ahmed Sallam

Assembly Language. Lecture 2 - x86 Processor Architecture. Ahmed Sallam Assembly Language Lecture 2 - x86 Processor Architecture Ahmed Sallam Introduction to the course Outcomes of Lecture 1 Always check the course website Don t forget the deadline rule!! Motivations for studying

More information

Università Ca Foscari Venezia

Università Ca Foscari Venezia Stack Overflow Security 1 2018-19 Università Ca Foscari Venezia www.dais.unive.it/~focardi secgroup.dais.unive.it Introduction Buffer overflow is due to careless programming in unsafe languages like C

More information

Assembly level Programming. 198:211 Computer Architecture. (recall) Von Neumann Architecture. Simplified hardware view. Lecture 10 Fall 2012

Assembly level Programming. 198:211 Computer Architecture. (recall) Von Neumann Architecture. Simplified hardware view. Lecture 10 Fall 2012 19:211 Computer Architecture Lecture 10 Fall 20 Topics:Chapter 3 Assembly Language 3.2 Register Transfer 3. ALU 3.5 Assembly level Programming We are now familiar with high level programming languages

More information

Static Analysis I PAOLO PALUMBO, F-SECURE CORPORATION

Static Analysis I PAOLO PALUMBO, F-SECURE CORPORATION Static Analysis I PAOLO PALUMBO, F-SECURE CORPORATION Representing Data Binary numbers 1 0 1 1 NIBBLE 0xB 1 0 1 1 1 1 0 1 0xBD 1 0 1 1 1 1 0 1 0 0 1 1 1 0 0 1 BYTE WORD 0xBD 0x39 Endianness c9 33 41 03

More information

Lab 4: Basic Instructions and Addressing Modes

Lab 4: Basic Instructions and Addressing Modes COE 205 Lab Manual Lab 4: Basic Instructions and Addressing Modes - page 36 Lab 4: Basic Instructions and Addressing Modes Contents 4.1. Data Transfer Instructions 4.2. Addition and Subtraction 4.3. Data

More information

Systems Architecture I

Systems Architecture I Systems Architecture I Topics Assemblers, Linkers, and Loaders * Alternative Instruction Sets ** *This lecture was derived from material in the text (sec. 3.8-3.9). **This lecture was derived from material

More information

EECE.3170: Microprocessor Systems Design I Summer 2017 Homework 4 Solution

EECE.3170: Microprocessor Systems Design I Summer 2017 Homework 4 Solution 1. (40 points) Write the following subroutine in x86 assembly: Recall that: int f(int v1, int v2, int v3) { int x = v1 + v2; urn (x + v3) * (x v3); Subroutine arguments are passed on the stack, and can

More information

8088/8086 Programming Integer Instructions and Computations

8088/8086 Programming Integer Instructions and Computations Unit3 reference 2 8088/8086 Programming Integer Instructions and Computations Introduction Up to this point we have studied the software architecture of the 8088 and 8086 microprocessors, their instruction

More information

Interfacing Compiler and Hardware. Computer Systems Architecture. Processor Types And Instruction Sets. What Instructions Should A Processor Offer?

Interfacing Compiler and Hardware. Computer Systems Architecture. Processor Types And Instruction Sets. What Instructions Should A Processor Offer? Interfacing Compiler and Hardware Computer Systems Architecture FORTRAN 90 program C++ program Processor Types And Sets FORTRAN 90 Compiler C++ Compiler set level Hardware 1 2 What s Should A Processor

More information

CSE2421 FINAL EXAM SPRING Name KEY. Instructions: Signature

CSE2421 FINAL EXAM SPRING Name KEY. Instructions: Signature CSE2421 FINAL EXAM SPRING 2013 Name KEY Instructions: This is a closed-book, closed-notes, closed-neighbor exam. Only a writing utensil is needed for this exam. No calculators allowed. If you need to go

More information

Inside VMProtect. Introduction. Internal. Analysis. VM Logic. Inside VMProtect. Conclusion. Samuel Chevet. 16 January 2015.

Inside VMProtect. Introduction. Internal. Analysis. VM Logic. Inside VMProtect. Conclusion. Samuel Chevet. 16 January 2015. 16 January 2015 Agenda Describe what VMProtect is Introduce code virtualization in software protection Methods for circumvention VM logic Warning Some assumptions are made in this presentation Only few

More information

x86 architecture et similia

x86 architecture et similia x86 architecture et similia 1 FREELY INSPIRED FROM CLASS 6.828, MIT A full PC has: PC architecture 2 an x86 CPU with registers, execution unit, and memory management CPU chip pins include address and data

More information

CMSC 313 Lecture 08 Project 2 Questions Recap Indexed Addressing Examples Some i386 string instructions A Bigger Example: Escape Sequence Project

CMSC 313 Lecture 08 Project 2 Questions Recap Indexed Addressing Examples Some i386 string instructions A Bigger Example: Escape Sequence Project CMSC 313 Lecture 08 Project 2 Questions Recap Indexed Addressing Examples Some i386 string instructions A Bigger Example: Escape Sequence Project UMBC, CMSC313, Richard Chang CMSC 313,

More information

TYPES OF INTERRUPTS: -

TYPES OF INTERRUPTS: - There are 3 types of interrupts. TYPES OF INTERRUPTS: - External Interrupts. Internal Interrupts. Software interrupts. Hardware Interrupts (1) External interrupts come from I/O devices, from a timing device

More information

Introduction to Reverse Engineering. Alan Padilla, Ricardo Alanis, Stephen Ballenger, Luke Castro, Jake Rawlins

Introduction to Reverse Engineering. Alan Padilla, Ricardo Alanis, Stephen Ballenger, Luke Castro, Jake Rawlins Introduction to Reverse Engineering Alan Padilla, Ricardo Alanis, Stephen Ballenger, Luke Castro, Jake Rawlins Reverse Engineering (of Software) What is it? What is it for? Binary exploitation (the cool

More information

Reverse Engineering II: The Basics

Reverse Engineering II: The Basics Reverse Engineering II: The Basics This document is only to be distributed to teachers and students of the Malware Analysis and Antivirus Technologies course and should only be used in accordance with

More information

MACHINE-LEVEL PROGRAMMING I: BASICS COMPUTER ARCHITECTURE AND ORGANIZATION

MACHINE-LEVEL PROGRAMMING I: BASICS COMPUTER ARCHITECTURE AND ORGANIZATION MACHINE-LEVEL PROGRAMMING I: BASICS COMPUTER ARCHITECTURE AND ORGANIZATION Today: Machine Programming I: Basics History of Intel processors and architectures C, assembly, machine code Assembly Basics:

More information

CS241 Computer Organization Spring 2015 IA

CS241 Computer Organization Spring 2015 IA CS241 Computer Organization Spring 2015 IA-32 2-10 2015 Outline! Review HW#3 and Quiz#1! More on Assembly (IA32) move instruction (mov) memory address computation arithmetic & logic instructions (add,

More information

Review Questions. 1 The DRAM problem [5 points] Suggest a solution. 2 Big versus Little Endian Addressing [5 points]

Review Questions. 1 The DRAM problem [5 points] Suggest a solution. 2 Big versus Little Endian Addressing [5 points] Review Questions 1 The DRAM problem [5 points] Suggest a solution 2 Big versus Little Endian Addressing [5 points] Consider the 32-bit hexadecimal number 0x21d3ea7d. 1. What is the binary representation

More information

CS24: INTRODUCTION TO COMPUTING SYSTEMS. Spring 2016 Lecture 12

CS24: INTRODUCTION TO COMPUTING SYSTEMS. Spring 2016 Lecture 12 CS24: INTRODUCTION TO COMPUTING SYSTEMS Spring 2016 Lecture 12 CS24 MIDTERM Midterm format: 6 hour overall time limit, multiple sittings (If you are focused on midterm, clock should be running.) Open book

More information

CSCI 192 Engineering Programming 2. Assembly Language

CSCI 192 Engineering Programming 2. Assembly Language CSCI 192 Engineering Programming 2 Week 5 Assembly Language Lecturer: Dr. Markus Hagenbuchner Slides by: Igor Kharitonenko and Markus Hagenbuchner Room 3.220 markus@uow.edu.au UOW 2010 24/08/2010 1 C Compilation

More information

CS24: INTRODUCTION TO COMPUTING SYSTEMS. Spring 2017 Lecture 5

CS24: INTRODUCTION TO COMPUTING SYSTEMS. Spring 2017 Lecture 5 CS24: INTRODUCTION TO COMPUTING SYSTEMS Spring 2017 Lecture 5 LAST TIME Began exploring x86-64 instruction set architecture 16 general-purpose registers Also: All registers are 64 bits wide rax-rdx are

More information

Assembly Language. Lecture 2 x86 Processor Architecture

Assembly Language. Lecture 2 x86 Processor Architecture Assembly Language Lecture 2 x86 Processor Architecture Ahmed Sallam Slides based on original lecture slides by Dr. Mahmoud Elgayyar Introduction to the course Outcomes of Lecture 1 Always check the course

More information

It is possible to define a number using a character or multiple numbers (see instruction DB) by using a string.

It is possible to define a number using a character or multiple numbers (see instruction DB) by using a string. 1 od 5 17. 12. 2017 23:53 (https://github.com/schweigi/assembler-simulator) Introduction This simulator provides a simplified assembler syntax (based on NASM (http://www.nasm.us)) and is simulating a x86

More information

Ethical Hacking. Assembly Language Tutorial

Ethical Hacking. Assembly Language Tutorial Ethical Hacking Assembly Language Tutorial Number Systems Memory in a computer consists of numbers Computer memory does not store these numbers in decimal (base 10) Because it greatly simplifies the hardware,

More information

An Introduction to x86 ASM

An Introduction to x86 ASM An Introduction to x86 ASM Malware Analysis Seminar Meeting 1 Cody Cutler, Anton Burtsev Registers General purpose EAX, EBX, ECX, EDX ESI, EDI (index registers, but used as general in 32-bit protected

More information