Ge-ng at things on the chip you can t easily reach from C

Size: px

Start display at page:

Download "Ge-ng at things on the chip you can t easily reach from C"

Derek McLaughlin
6 years ago
Views:

1 chapter 3 part 2 1

2 Ge-ng at things on the chip you can t easily reach from C 2

3 CPUID CPUID example from Blum, Professional Assembly Language. Programmer to Programmer. Very good maybe lidle bit dated Available in PB and PDF 3

4 CPUID instruchon Introduced in the early 90s late 486s, PenHums Why? find out what chip type, know feature set Controversy? Processor Serial Number ophon. Disabled. 4

5 1 /* file cpuid.s */ 2.section.data 3 output: CPUID.S 4.ascii "The processor Vendor ID is xxxxxxxxxxxx \n" 5.section.text 6.globl _start 7 _start: 8 movl $0, %eax 9 cpuid 10 movl $output, %edi 11 movl %ebx, 28(%edi) 12 movl %edx, 32(%edi) 13 movl %ecx, 36(%edi) 14 movl $4, %eax 15 movl $1, %ebx 16 movl $output, %ecx 17 movl $42, %edx 18 int $0x80 19 movl $1, %eax 20 movl $0, %ebx 21 int $0x80 5

6 calling a funchon push args onto the stack in reverse order call fname return value will be in %eax 6

7 1 /* file cpuid2.s */ 2.section.data 3 output: CPUID2.S 4.asciz "The processor Vendor ID is %s \n" 5.section.bss 6.lcomm buffer, 12 7.section.text 8.globl _start 9 _start: 10 movl $0, %eax 11 cpuid 12 movl $buffer, %edi 13 movl %ebx, (%edi) 14 movl %edx, 4(%edi) 15 movl %ecx, 8(%edi) 16 pushl $buffer 17 pushl $output 18 call printf 19 addl $8, %esp 20 pushl $0 21 call exit 7

8 assembling, linking, running our normal way: as o fname.o fname.s ld o fname fname.o when we re using C library funchons: as o fname o fname.s ld - - dynamic- linker /lib/ld- linux.so.2 - lc o fname fname.o 8

9 Where do I learn about CPUID? or any other operahon? Intel IA- 32, Intel64 manuals are available online for free from Intel hdp:// Volume 2. InstrucHon set reference details on every instruchon, including CPUID 9

10 Aside: running assembly under GDB Recall that when we compiled C programs to run under GDB, we used g switch For assembly programs, we use - gstabs 10

11 se-ng a breakpoint simple way: *label+offset e.g., *_start *_start+1 GDB Bug: misses breakpoint at *_start Workaround: insert nop 11

12 other useful GDB commands p $regname info locals info frame info registers 12

13 examining the stack with GDB info registers info frame p $esp p *(int*)$esp Just what it looks like take what s in %esp treat it as an int* print what it points to p *(int*)($esp+4) if you forget the ( ), you ll add 4 to *(int*)$esp x/nuf address N number u units f format example x/20bx $esp 13

14 disassembling in GDB disas disassembles current funchon disas sum disassemble the sum funchon disas addr disassemble funchon at addr disas ad 1 ad 2 disas between addr ad 1, ad 2 14

15 How to do in assembly things you commonly do in C 15

16 some things that you know in C assignment simple arithmehc operahons funchons condihonals loops 16

17 some things that you know in C assignment simple arithmehc operahons funchons condihonals loops 17

18 assignment int x, y;... x=y; 18

19 assignment C GAS int x, y;... movl %ebx, %eax x=y; 19

20 assignment C GAS int x, y;... x=y; movl %ebx, %eax remember: in GAS this is like %eax=%ebx, not vice versa l specifies size mov{b,w,l,q} 20

21 more on sizes C declaration intel data type GAS su x, e.g., for movx instruction char byte b 1 short word w 2 int double word l 4 unsigned double word l 4 long int double word l 4 unsigned long double word l 4 char * double word l 4 float single precision s 4 double double precision l 8 long double extended precision t 10/12 x86-32 size (bytes) 21

22 with simple constants in C x=35; GAS movl $35, %eax in assembly, $35 is called an immediate value 22

23 assignment with different widths In C, if we have: int x = 0x ; char y = 0xFF;... x=y; what s the value of x aker the assignment? 23

24 What happens? What do we expect to find in %eax? movl movb $0x7FFFFFFF, %eax $0x6, %al Tempted to think 0x

25 What happens? What do we expect to find in %eax? movl movb $0x7FFFFFFF, %eax $0x6, %al Tempted to think 0x , but we get 2,147,483,398 or 0x7FFFFF06 25

26 example. what do we get? 1.section.rodata 2 print_str: 3.string "x=0x%x\n" 4.text 5.globl main 6.type 7 main: 8 pushl %ebp 9 movl %esp, %ebp 10 movl $0x , %eax 11 movl $print_str, %ecx 12 pushl %eax 13 pushl %ecx 14 call printf 15 addl $8, %esp 16 movl $0, %eax 17 leave 18 ret 1.section.rodata 2 print_str: 3.string "x=0x%x\n" 4.text 5.globl main 6.type 7 main: 8 pushl %ebp 9 movl %esp, %ebp 10 movl $0x , %eax 11 movb $0xFF, %al 12 movl $print_str, %ecx 13 pushl %eax 14 pushl %ecx 15 call printf 16 addl $8, %esp 17 movl $0, %eax 18 leave 19 ret 26

27 example. what do we get? 1.section.rodata 2 print_str: 3.string "x=0x%x\n" 4.text 5.globl main 6.type 7 main: 8 pushl %ebp 9 movl %esp, %ebp 10 movl $0x , %eax 11 movl $print_str, %ecx 12 pushl %eax 13 pushl %ecx 14 call printf 15 addl $8, %esp 16 movl $0, %eax 17 leave 18 ret prints 0x section.rodata 2 print_str: 3.string "x=0x%x\n" 4.text 5.globl main 6.type 7 main: 8 pushl %ebp 9 movl %esp, %ebp 10 movl $0x , %eax 11 movb $0xFF, %al 12 movl $print_str, %ecx 13 pushl %eax 14 pushl %ecx 15 call printf 16 addl $8, %esp 17 movl $0, %eax 18 leave 19 ret prints 0x12345FF 27

28 movb, movzbl, movsbl movb moves a byte to deshnahon What if we want to move 1 byte to 32 bit reg? movzbl expand to 32 bits fill in the LHS with 24 0s movsbl expand to 32 bits fill in LHS with 24 copies of the ms bit of src operand Think back to C: movzbl does zero extension movsbl does sign extension 28

29 another try 1.section.rodata 2 print_str: 3.string "x=0x%x\n" 4.text 5.globl main 6.type 7 main: 8 pushl %ebp 9 movl %esp, %ebp 10 movl $0x , %eax 11 movb $0xFF, %dl 12 movzbl %dl, %eax 13 movl $print_str, %ecx 14 pushl %eax 15 pushl %ecx 16 call printf 17 addl $8, %esp 18 movl $0, %eax 19 leave 20 ret 21.size main,.-main 29

30 another try prints: x=0xff 1.section.rodata 2 print_str: 3.string "x=0x%x\n" 4.text 5.globl main 6.type 7 main: 8 pushl %ebp 9 movl %esp, %ebp 10 movl $0x , %eax 11 movb $0xFF, %dl 12 movzbl %dl, %eax 13 movl $print_str, %ecx 14 pushl %eax 15 pushl %ecx 16 call printf 17 addl $8, %esp 18 movl $0, %eax 19 leave 20 ret 21.size main,.-main 30

31 C pointers suppose that register %eax contains 1000 movl $500, %eax in register %eax replaces 1000 with 500 movl $500, (%eax) puts the value 500 into memory address 1000 think of ( ) around registers to be something like the C dereference operator * 31

32 assignments: moving data we can move things from: immediate to anything memory to a register register to memory 32

33 moving data. examples. src dst assembly example C equiv imm reg movl $0x52, %eax x=0x52; imm mem movl $0x52, (%eax) *p=0x52; reg reg movl %ebx, %eax a=b; reg mem movl %eax, (%ebx) *p=x; mem reg movl (%eax), %ebx x=*p; mem mem can t be done *p=*q; 33

34 C pointer arithmehc given: int *ip; char *cp = (char*)ip; if ip has the address 1000, what is: ip+1 cp+1 34

35 given: int *ip; C pointer arithmehc char *cp = (char*)ip; if ip has the address 1000: var addr ip 1000 cp 1000 cp ip cp+x 1000+x ip+x 1000+x*sizeof(int) 35

36 assembly pointer arithmehc if %eax contains 1000 movl $555, %eax replaces 1000 with the number 555. movl $555, (%eax) puts the number 555 into address 1000 movl $555, 4(%eax) puts the number 555 into address 1004 in this case, 4 is our displacement or offset 36

37 example: from Bryant and O Hallaron void swap(int *xp, int *yp) { int t0 = *xp; int t1 = *yp; *xp = t1; *yp = t0; } swap: pushl %ebp movl %esp,%ebp pushl %ebx movl 12(%ebp),%ecx movl 8(%ebp),%edx movl (%ecx),%eax movl (%edx),%ebx movl %eax,(%edx) movl %ebx,(%ecx) movl -4(%ebp),%ebx movl %ebp,%esp popl %ebp ret Set Up Body Finish 37

38 Understanding Swap void swap(int *xp, int *yp) { int t0 = *xp; int t1 = *yp; *xp = t1; *yp = t0; } Offset yp xp Rtn adr Stack (in memory) 0 Old %ebp %ebp Register Value %ecx yp %edx xp %eax t1 %ebx t0-4 Old %ebx movl 12(%ebp),%ecx # ecx = yp movl 8(%ebp),%edx # edx = xp movl (%ecx),%eax # eax = *yp (t1) movl (%edx),%ebx # ebx = *xp (t0) movl %eax,(%edx) # *xp = eax movl %ebx,(%ecx) # *yp = ebx 38

39 %eax %edx %ecx %ebx %esi %edi %esp %ebp Understanding Swap 0x104 yp xp Offset 12 %ebp 0 movl 12(%ebp),%ecx # ecx = yp movl 8(%ebp),%edx # edx = xp 0x120 0x124 Rtn adr movl (%ecx),%eax # eax = *yp (t1) movl (%edx),%ebx # ebx = *xp (t0) movl %eax,(%edx) # *xp = eax movl %ebx,(%ecx) # *yp = ebx x y Address 0x124 0x120 0x11c 0x118 0x114 0x110 0x10c 0x108 0x104 0x100

40 %eax %edx %ecx %ebx %esi %edi %esp %ebp Understanding Swap 0x120 0x104 yp xp Offset 12 %ebp 0 movl 12(%ebp),%ecx # ecx = yp movl 8(%ebp),%edx # edx = xp 0x120 0x124 Rtn adr movl (%ecx),%eax # eax = *yp (t1) movl (%edx),%ebx # ebx = *xp (t0) movl %eax,(%edx) # *xp = eax movl %ebx,(%ecx) # *yp = ebx x y Address 0x124 0x120 0x11c 0x118 0x114 0x110 0x10c 0x108 0x104 0x100

41 %eax %edx %ecx %ebx %esi %edi %esp %ebp Understanding Swap 0x124 0x120 0x104 yp xp Offset %ebp movl 12(%ebp),%ecx # ecx = yp movl 8(%ebp),%edx # edx = xp 0x120 0x124 Rtn adr movl (%ecx),%eax # eax = *yp (t1) movl (%edx),%ebx # ebx = *xp (t0) movl %eax,(%edx) # *xp = eax movl %ebx,(%ecx) # *yp = ebx x y Address 0x124 0x120 0x11c 0x118 0x114 0x110 0x10c 0x108 0x104 0x100

42 %eax %edx %ecx %ebx %esi %edi %esp %ebp Understanding Swap 456 0x124 0x120 0x104 yp xp Offset %ebp movl 12(%ebp),%ecx # ecx = yp movl 8(%ebp),%edx # edx = xp 0x120 0x124 Rtn adr movl (%ecx),%eax # eax = *yp (t1) movl (%edx),%ebx # ebx = *xp (t0) movl %eax,(%edx) # *xp = eax movl %ebx,(%ecx) # *yp = ebx x y Address 0x124 0x120 0x11c 0x118 0x114 0x110 0x10c 0x108 0x104 0x100

43 %eax %edx %ecx %ebx %esi %edi %esp %ebp Understanding Swap 456 0x124 0x x104 yp xp Offset %ebp movl 12(%ebp),%ecx # ecx = yp movl 8(%ebp),%edx # edx = xp 0x120 0x124 Rtn adr movl (%ecx),%eax # eax = *yp (t1) movl (%edx),%ebx # ebx = *xp (t0) movl %eax,(%edx) # *xp = eax movl %ebx,(%ecx) # *yp = ebx x y Address 0x124 0x120 0x11c 0x118 0x114 0x110 0x10c 0x108 0x104 0x100

44 %eax %edx %ecx %ebx %esi %edi %esp %ebp Understanding Swap x124 0x x104 yp xp Offset %ebp movl 12(%ebp),%ecx # ecx = yp movl 8(%ebp),%edx # edx = xp 0x120 0x124 Rtn adr movl (%ecx),%eax # eax = *yp (t1) movl (%edx),%ebx # ebx = *xp (t0) movl %eax,(%edx) # *xp = eax movl %ebx,(%ecx) # *yp = ebx x y 456 Address 0x124 0x120 0x11c 0x118 0x114 0x110 0x10c 0x108 0x104 0x100

45 %eax %edx %ecx %ebx %esi %edi %esp %ebp Understanding Swap 456 0x124 0x x104 yp xp Offset %ebp movl 12(%ebp),%ecx # ecx = yp movl 8(%ebp),%edx # edx = xp 0x120 0x124 Rtn adr movl (%ecx),%eax # eax = *yp (t1) movl (%edx),%ebx # ebx = *xp (t0) movl %eax,(%edx) # *xp = eax movl %ebx,(%ecx) # *yp = ebx x y 123 Address 0x124 0x120 0x11c 0x118 0x114 0x110 0x10c 0x108 0x104 0x100

46 more memory access modes assembly exp x(%eax) (%eax, %ebx) x(%eax, %ebx) (,%eax,s) x(,%eax,s) (%eax,%ebx,s) x(%eax,%ebx,s) resulting address %eax+x %eax+%ebx x+%eax+%ebx (%eax*s) x+(%eax*s) %eax+(%ebx*s) x+%eax+(%ebx*s) 46

47 Why? Arrays, etc. given int A[5]; what is &A[2]? 47

48 Why? Arrays, etc. given int A[5]; what is &A[2]? the address of A[0] + 2*sizeof(int) What is (%eax,%edx,4) if: %eax contains address of A[0] %edx contains 2 48

49 book complete list of operand forms type form operand value name immediate $imm imm immediate register E a R[E a ] register memory imm M[imm] absolute memory (E a ) M[R[E a ]] indirect memory imm(e b ) M[imm+R[E b ]] base+displacement memory (E b,e i ) M[R[E b ]+R[E i ]] indexed memory imm(e b,e i ) M[imm+R[E b ]+R[E i ]] indexed memory (,E i,s) M[R[E i ]*s] scaled indexed memory imm(,e i,s) M[imm+R[E i ]*s] scaled indexed memory (E b,e i,s) M[R[E b ]+R[E i ]*s] scaled indexed memory imm(e b,e i,s) M[imm+R[E b ]+R[E i ]*s] scaled indexed E a some register a R[E a ] what s in register a M[x] value at memory address x 49

50 why something like (E b,e i,s)? to loop through an array: set E b is &A[0] E i is an index s is the size of each element we ll do this a lidle bit later 50

51 prachce problem operand value %eax? 0x104? $0x108? (%eax)? 4(%eax)? 9(%eax,%edx)? 260(%ecx,%edx)? 0xFC(,%ecx,4)? (%eax,%edx,4)? address 0x100 0x104 0x108 0x10C register %eax %ecx %edx value 0xFF 0xAB 0x13 0x11 value 0x100 0x1 0x3 51

52 prachce problem soluhon operand value comment %eax 0x100 register 0x104 0xAB absolute address $0x108 0x108 immediate (%eax) 0xFF addr 0x100 4(%eax) 0xAB addr 0x104 9(%eax,%edx) 0x11 addr 0x10C 260(%ecx,%edx) 0x13 addr 0x108 0xFC(,%ecx,4) 0xFF addr 0x100 (%eax,%edx,4) 0x11 addr 0x10C address 0x100 0x104 0x108 0x10C register %eax %ecx %edx value 0xFF 0xAB 0x13 0x11 value 0x100 0x1 0x3 52

53 leal load effechve address more or less assembly equiv of C s & op example: %eax 0x1000 %ecx 0xA leal (%eax,%ecx,4), %edx what s in %edx? 53

54 leal load effechve address more or less assembly equiv of C s & op example: leal (%eax,%ecx,4), %edx what s in %edx? %eax %ecx 0x1000 0xA %eax+%ecx*4 = 0x *4 = 0x = 0x1000+0x28 = 0x

55 some leal prachce problems if %eax contains x, and %ecx contains y, what is in %edx aker the following ops? expression leal 6(%eax), %edx leal (%eax,%ecx), %edx leal (%eax,%ecx, 4), %edx leal 7(%eax,%eax,8), %edx leal 0xA(,%ecx,4), %edx leal 9(%eax,%ecx,2), %edx result 55

56 some leal prachce problems if %eax contains x, and %ecx contains y, what is in %edx aker the following ops? expression result leal 6(%eax), %edx 6+x leal (%eax,%ecx), %edx x+y leal (%eax,%ecx, 4), %edx x+4y leal 7(%eax,%eax,8), %edx 7+x+8x=7+9x leal 0xA(,%ecx,4), %edx 0xA+4y=10+4y leal 9(%eax,%ecx,2), %edx 9+x+2y 56

57 some things that you know in C assignment simple arithme7c opera7ons funchons condihonals loops 57

58 Some arithmehc ops instruction e ect description incl D D D + 1 increment decl D D D 1 decrement negl D D D negate notl D D D complement addl S, D D D + S add subl S, D D D S subtract imull S, D D D S multiply xorl S, D D D S exclusive or orl S, D D D S or andl S, D D D&S and sall k, D D D << k left shift shll k, D D D << k left shift (same as sall) sarl k, D D D >> k shift right arithmetic shrl k, D D D >> k shift right logical 58

59 simple arithmehc ops examples we ll save these for another day 59

60 some things that you know in C assignment simple arithmehc operahons func7ons condihonals loops 60

61 1 #include <stdlib.h> 2 3 #define BUF_LEN int main(void) { 6 int x; 7 char *buff; Where allocated? 11 if ((buff = (char*)malloc(buf_len))==null) { 12 fprintf(stderr, "error allocating space. quitting\n"); 13 return 1; 14 } return 0; 18 }

62 1 class Junk { 2 int x; 3 String s; 4 } and here? 5 6 public class WhereAllocated { 7 public static void main(string args[]) { 8 final int LEN = 1024; 9 int x; 10 Junk j = new Junk(); 11 int A[] = new int[len]; for (int i=0; i<a.length; i++) { /* do something with A[] */ } 20 } 21 }

63 Linux Process Memory

64 stacks can grow up or down 64

65 funchon calls stack very important for funchon calls high level view of what s happening: 65

66 funchon calls 66

67 funchon calls 67

68 funchon calls 68

69 funchon calls 69

70 funchon calls 70

71 funchon calls 71

72 funchon calls 72

73 funchon calls 73

74 where s the top, bodom of my frame? Answer: %esp and %ebp registers Used in parhcular way in every funchon call 74

75 funchon calls 75

76 funchon calls 76

77 funchon calls 77

78 funchon calls 78

79 how do we know where to return? Remember %eip Loop forever: fetch decode execute how do we get back? 79

80 How do we get back? In Dr. Bob s SIM in caller: save return address in %R8 in callee: In IA32: copy saved %R8 into %R9 (instruchon ptr) save the return address on the stack locahon: %ebp+4 80

81 calling a funchon in the caller: save caller s state pass parameters to the funchon remember return address turn control over to called funchon in the funchon: allocate space for locals do the work of the funchon return value turn control back over to caller 81

82 closer look at args on stack parameter location old %ebp (%ebp) return addr 4(%ebp) param 1 8(%ebp) param 2 12(%ebp) param n 4n+4(%ebp) 82

83 if we add local variables parameter location local var 2-8(%ebp) local var 1-4(%ebp) old %ebp (%ebp) return addr 4(%ebp) param 1 8(%ebp) param 2 12(%ebp) param n 4n+4(%ebp) 83

84 %ebp, %esp inside a funchon: beginning of each funchon: pushl %ebp movl %esp, %ebp at the end of each funchon, restore: movl %ebp, %esp popl %ebp so common that we have the instruchons: ENTER LEAVE 84

85 funchon return value %eax used as a return register by convenhon 85

86 a funchon template type fname: pushl %ebp movl %esp, %ebp /* add space for local vars if */ /* necessary by subtracting */ /* from %esp */... /* if you ve added space for */ /* local vars, free the space */ /* by adding to %esp */ movl popl ret %ebp, %esp %ebp 86

87 another look at swap void swap(int *xp, int *yp) { int t0 = *xp; int t1 = *yp; *xp = t1; *yp = t0; } swap: pushl %ebp movl %esp,%ebp pushl %ebx movl 12(%ebp),%ecx movl 8(%ebp),%edx movl (%ecx),%eax movl (%edx),%ebx movl %eax,(%edx) movl %ebx,(%ecx) movl -4(%ebp),%ebx movl %ebp,%esp popl %ebp ret Set Up Body Finish 87

88 another example: sum two ints 1.text 2.globl sumtwomine 3.type 4 sumtwomine: 5 pushl %ebp 6 movl %esp, %ebp 7 movl 12(%ebp), %eax 8 movl 8(%ebp), %edx 9 addl %edx, %eax 10 popl %ebp 11 ret 88

89 another example: sum two ints 1.text 2.globl sumtwomine 3.type 4 sumtwomine: 5 pushl %ebp 6 movl %esp, %ebp 7 movl 12(%ebp), %eax 8 movl 8(%ebp), %edx 9 addl %edx, %eax 10 popl %ebp 11 ret Where do we find the arguments? Return value? 89

90 same thing, but gcc output 1.text 2.globl sumtwo 3.type 4 sumtwo: 5 pushl %ebp 6 movl %esp, %ebp 7 movl 12(%ebp), %eax 8 movl 8(%ebp), %edx 9 leal (%edx,%eax), %eax 10 popl %ebp 11 ret 90

91 What about my registers? Isn t the funchon going to trash them? 91

92 Have a roomate? 92

93 Have a roomate? hdp://commons.wikimedia.org/wiki/file:dirty_dishes.jpg 93

94 funchon reg saving convenhon caller save %eax %ecx %edx callie save %ebx %esi %edi 94

95 funchon reg saving convenhon caller save %eax %ecx %edx callie save %ebx %esi %edi Caller save: if I have something important in one of these, I need to save it before calling a funchon. 95

96 funchon reg saving convenhon caller save %eax %ecx %edx callie save %ebx %esi %edi Caller save: if I have something important in one of these, I need to save it before calling a funchon. Callie save: if I need to write to one of these, save it first. (Otherwise, I might be trashing the caller s stuff.) 96

97 save where? 97

98 save where? on the stack. 98

99 yet another look at swap void swap(int *xp, int *yp) { int t0 = *xp; int t1 = *yp; *xp = t1; *yp = t0; } save %ebx restore %ebx swap: pushl %ebp movl %esp,%ebp pushl %ebx movl 12(%ebp),%ecx movl 8(%ebp),%edx movl (%ecx),%eax movl (%edx),%ebx movl %eax,(%edx) movl %ebx,(%ecx) movl -4(%ebp),%ebx movl %ebp,%esp popl %ebp ret Set Up Body Finish 99

100 recursive funchon: factorial 1.section.text 2.globl _start from the PGU book 3.globl factorial #this is unneeded unless we want to share 4 #this function among other programs 5 _start: 6 pushl $4 #The factorial takes one argument - the 7 #number we want a factorial of. So, it 8 #gets pushed 9 call factorial #run the factorial function 10 addl $4, %esp #Scrubs the parameter that was pushed on 11 #the stack 12 movl %eax, %ebx #factorial returns the answer in %eax, but 13 #we want it in %ebx to send it as our exit 14 #status 15 movl $1, %eax #call the kernel s exit function 16 int $0x80 100

101 factorial funchon from the PGU book 1.type 2 factorial: 3 pushl %ebp #standard function stuff - we have to 4 #restore %ebp to its prior state before 5 #returning, so we have to push it 6 movl %esp, %ebp #This is because we don t want to modify 7 #the stack pointer, so we use %ebp. 8 9 movl 8(%ebp), %eax #This moves the first argument to %eax 10 #4(%ebp) holds the return address, and 11 #8(%ebp) holds the first parameter 12 cmpl $1, %eax #If the number is 1, that is our base 13 #case, and we simply return (1 is 14 #already in %eax as the return value) 15 je end_factorial 16 decl %eax #otherwise, decrease the value 17 pushl %eax #push it for our call to factorial 18 call factorial #call factorial 19 movl 8(%ebp), %ebx #%eax has the return value, so we 20 #reload our parameter into %ebx 21 imull %ebx, %eax #multiply that by the result of the 22 #last call to factorial (in %eax) 23 #the answer is stored in %eax, which 24 #is good since that s where return 25 #values go. 26 end_factorial: 27 movl %ebp, %esp #standard function return stuff - we 28 popl %ebp #have to restore %ebp and %esp to where 29 #they were before the function started 30 ret #return from the function (this pops the #return value, too)

1 /* file cpuid2.s */ 4.asciz "The processor Vendor ID is %s \n" 5.section.bss. 6.lcomm buffer, section.text. 8.globl _start.

$1 /* file cpuid2.s */ 4.asciz The processor Vendor ID is %s \n 5.section.bss. 6.lcomm buffer, section.text. 8.globl _start.$ 1 /* file cpuid2.s */ 2.section.data 3 output: 4.asciz "The processor Vendor ID is %s \n" 5.section.bss 6.lcomm buffer, 12 7.section.text 8.globl _start 9 _start: 10 movl $0, %eax 11 cpuid 12 movl $buffer,