CSCI 192 Engineering Programming 2. Assembly Language

Transcription

1 CSCI 192 Engineering Programming 2 Week 5 Assembly Language Lecturer: Dr. Markus Hagenbuchner Slides by: Igor Kharitonenko and Markus Hagenbuchner Room markus@uow.edu.au UOW /08/2010 1

2 C Compilation Process (review) $ gcc o tedit ansi Wall tedit.c Driver: gcc Pre-processor: cpp o tedit.i tedit.c C Compiler and Optimiser: cc1 o tedit.s tedit.i A program code in Assembly Language Assembler: as o tedit.o tedit.s Linker: 24/08/2010 ld o tedit tedit.o -lm 2

3 C Compiler and Optimiser (review) C compiler is a program usually called cc1 gcc calls cc1 passing to it all relevant options -ansi Wall O1 cc1 - takes a pre-processed C source file and translates it into Assembly Language - produces an assembly language source file *.s You can invoke it explicitly and stop further processing gcc o tedit.s S tedit.c 24/08/2010 3

4 Assembly Source File (review) hello.i extern int printf ( const char * restrict _format) ; int main(void) { printf("hello World\n"); return 0; } hello.s.lc0:.string "Hello World\n".text main: pushl %ebp movl %esp, %ebp call printf movl $0, %eax ret 24/08/2010 4

5 What is Assembly Language? Assembly language is a machine-specific programming language with a one-to-one correspondence between its statements and processor instructions if while do case return LEAL MOV SAR JNE XOR SBB C Language Assembly language 24/08/2010 5

6 What does "machine specific" mean? Unlike C language that is a generic platformindependent language, there are many different types of assembly languages Each assembly language is specific to a processor or to a processor family Intel Intel family Assembly language C Language M Motorola 680x0 family Assembly language TI TMS320c4x family Assembly language 24/08/2010 6

7 Where and when Assembly Language is used? Direct communication with computer hardware - video card drivers - network card drivers - keyboard controllers Speed up C programs in critical areas of code - memory manipulation functions - video/sound decoding -3D graphics Embedded systems - mobile phones - DTV processors -digital cameras Reverse Engineering ( disassembling ) 24/08/2010 7

8 Topics to be covered Intel 8086-family Assembly Language 8086, 8088, 80286, 80386, 80486, Pentium Intel 8086-family processor architecture Translation of C programs into Assembly code Integration of C programs with Assembly language modules 24/08/2010 8

9 Program Execution (review) Central Processing Unit ALU Control Unit Crystal 1. Fetch the next instruction 2. Execute the instruction Application Memory Instruction Segment 24/08/2010 9

10 Intel Processor Architecture System Bus Bus Interface Unit Instruction Fetch Unit Data Cache Unit Instruction Decoder Memory Interface Unit Execute Unit ALU Application Programming Registers 24/08/

11 Application Programming Registers Segment Registers (16 bit) CS DS SS ES FS GS Instruction Pointer (32 bit) EIP General Purpose Registers (32 bit) EAX EBX ECX EDX ESI EDI EBP ESP FLAGS 24/08/

12 Segmented Memory Model Each of the segment register points to a different segment within the linear address space The segment registers are set by Linux operating system and cannot be changed by a programmer C Program in memory Stack Segment Registers SS GS FS ES DS CS Violation of segment boundaries causes Memory segmentation error Heap Un-initialised Data Initialised Data Instructions 24/08/

13 General Purpose Registers The registers are provided for holding: - operands for logical and arithmetic operations - memory pointers EAX EBX ECX EDX ESI EDI EBP Some of the registers are optimised for special operations EAX arithmetic and logic EBX memory pointer ECX counter for loop operations ESP stack pointer in SS segment ESP 24/08/

14 General Purpose Registers You can use separately the low-words of 32-bit registers to deal with 16-bit data EAX EBX ECX EDX ESI EDI EBP ESP AX BX CX DX SI DI BP SP Example: EAX can be use to store 32-bit values AX - can be used to store 16-bit values 24/08/

15 Quiz Your program is written in C (ANSII standard) and does non call any Linux system functions To port your C program to Sun SPARC platform 1. can you simply run your application already compiled on PC Linux platform - ( Y / N ) 2. recompile the source on Sun SPARC platform without source code modifications and then run it - ( Y / N ) 3. you need completely rewrite your program - ( Y / N ) What if your program is written in Intel 8086 family Assembly language? 24/08/

16 Assembly Language Fundamentals There are two Intel 8086-family Assembly Language syntaxes - Intel - AT&T They are very different from each other in appearance GCC supports AT&T syntax 8086-family Assembly Intel Syntax AT&T Syntax 24/08/

17 Assembly Language Fundamentals AT&T Assembly Language syntax 1. All register names are prefixed by % %eax -EAX register 2. All constants are prefixed by $ $256 - a decimal constant equal to 256 $0x2A - a hexadecimal constant equal to 2A 3. Registers that stores pointers are inclosed in ( ) (%ebx) a value stored in memory which is pointed by ebx 24/08/

18 Data Transfer Instructions MOV 1. movl src, dest copies 32-bit data from source to destination movw src, dest copies 16-bit data from source to Examples: movl $128, %eax destination - put a constant 128 into eax register movl $0x57AC, %eax - put a hexadecimal constant 57AC into eax register movl %eax, %ebx - copy the content of eax into ebx movl %eax, itemnum - store the content of eax into the variable itemnum movl (%ebx), %eax - copy a 32-bit value stored in memory pointed by ebx into eax 24/08/

19 Data Transfer Instructions XCHG 2. xchgl op1, op2 exchanges the content of two 32-bit operands xchgw op1, op2 exchanges the content of two 16-bit operands Examples: xchgl %eax, %ebx xchgw %ax, %bx - exchange the content of eax and ebx - exchange the content of ax and bx xchgl %eax, itemnum - exchange the content of eax and the variable itemnum xchgl (%ebx), %eax - exchange a 32-bit value stored in memory pointed by ebx and the content of eax 24/08/

20 Arithmetic Instructions INC and DEC ( similar to ++ and - in C language ) 1. incl opr increment the content of a 32-bit operand incw opr increment the content of a 16-bit operand decl opr decrement the content of a 32-bit operand decw opr decrement the content of a 16-bit operand Examples: incl %eax - increment the content of eax register decw %bx - decrement the content of bx register incl itemnum - increment the content of the variable itemnum 24/08/

21 Arithmetic Instructions ADD and SUB ( similar to + and in C language ) 1. addl src, dest adds a source to a 32-bit destination addw src, dest adds a source to a 16-bit destination subl src, dest subtracts a source from a 32-bit destination subw src, dest subtracts a source from a 16-bit destination Examples: addl $15, %eax - content of eax = eax + 15 addl %edx, %eax - content of eax = eax + ebx subl (%ebx), %eax - content of eax = eax a 32-bit variable (pointed by ebx ) addw %cx, %ax - content of ax = ax + cx 24/08/

22 A Simple Program movl $128, %eax movl %eax, %ecx incl %ecx addl $128, %eax movl $0xFF, %ebx xchgl %eax, %ebx EAX EBX ECX EDX ESI EDI EBP ESP FF 256 FF /08/

23 Memory Addressing Direct movl rfband, %eax content of eax = content of rfband Indirect leal rfband, %ebx put the pointer into ebx ( similar to &rfband in C ) movl (%ebx), %eax content of eax = *(pointed by ebx) movl 8(%ebx), %eax content of eax = memory content pointed by ebx+8 Address 15DC 15D8 15D4 15D0... EAX Memory 14 rfband 24/08/ EBX ECX CPU D4

24 Stack Operations The stack resides in a stack segment specified by SS segment register The current location in the stack is pointed by ESP Push instruction pushes a value into the stack and decrements SP Pop instruction removes a value from the stack and increments SP Address 56D8 56D4 56D0 56CC... EAX EBX ECX Memory CPU D4 24/08/ ESP

25 Stack Operations pushl %eax pushl %ebx pushl %ecx movl $0, %eax movl $0, %ebx movl $0, %ecx Address 56D8 56D4 56D0 56CC... Memory popl %ecx popl %ebx popl %eax EAX EBX ECX CPU ESP 56D0 56D4 56D8 56CC 24/08/

26 Shift and Rotate Instructions SHL $count, %reg shift reg left count times shlw $1, %ax FLAGS CF similar to << in C language ROL $count, %reg rotate reg left count times rolw $2, %ax FLAGS CF no equivalent in C language 24/08/

27 Quiz What does this fragment of code do? movl blocksize, %eax shll $2, %eax incl %eax movl %eax, blocksize blocksize = blocksize*4 + 1; 24/08/

28 Functions A standard way of passing arguments to a function is through the stack A calling program has to push arguments into the stack before calling a function push %eax /* push 1st integer parameter in stack */ push %ecx /* push 2nd integer parameter in stack */ The instruction call is used to call a function call findsum /* call the function findsum */ The function can access parameters stored in the stack by repositioning ebp register The function has to restore original ebp from the stack using leave instruction To return to the calling program place the returned value into eax and use ret instruction 24/08/

29 Functions Some registers are used for special purposes. Relevant for dealing with function calls are: EBP Extended Base Pointer EAX Arithmetic and Logic Register often used to take the return value of a function. EIP Instruction pointer ESP Extended Stack pointer Leave POPs the top element of the stack and writes the value into EBP. Ret POPs the top element of the stack and uses it as an address for the next instruction. 24/08/

30 Functions Example C code int findsum( int a, int b); sum = findsum( 3, 5 ); Assembly code pushl $5 pushl $3 call findsum addl $8, %esp int findsum( int a, int b) { return (a+b); } findsum: pushl %ebp movl %esp, %ebp movl 12(%ebp), %eax addl 8(%ebp), %eax leave ret 24/08/

31 The Stack Example Memory Address EIP pushl $5 pushl $3 call findsum addl 8, %esp EBP = ESP ESP 5 3 EIP (main) EBP (main) findsum: pushl %ebp movl %esp, %ebp movl 12(%ebp), %eax addl 8(%ebp), %eax leave ret 24/08/

32 C Local Variables The stack area is allocated for local variables Example C code void testvar( void ) { int localvar = 27; } loaclvar +=3; return; Assembly code testvar: pushl %ebp movl %esp, %ebp subl $4, %esp movl $27, -4(%ebp) leave ret esp = ebp eip(main) ebp(main) esp /08/

33 Quiz What will happen if you accidentally modify the value stored in the stack at the address 4(%ebp)? 24/08/

34 C Program Optimisation Optimisation options can significantly affect the process of C-to-Assembly translation C code int getvalue( void ) { int localvar = 7; } loaclvar++; return loaclvar; gcc S test.c O test.c Assembly code getvalue: pushl %ebp movel movl %esp, %ebp subl movl $8, $4, %eax %esp movel leave $7, -4(%ebp) leal ret 4(%ebp), %eax incl %eax movl 4(%ebp), %eax leave ret 24/08/

35 Multiple Source File Projects (review) A program can be split up into several C source files of manageable size Source files Object files Executable file functions.c functions.o functions.h edit_main.c edit_main.o editor 24/08/

36 Multi-Language Projects A program can be split up into several source files implemented in C or Assembly languages Source files aux_func.s Object files aux_func.o Executable file textedit.c textedit.o textedit.h edit_main.c edit_main.o editor 24/08/

37 Multi-Language Projects Example: A program intended for text encryption/decryption uses an algorithm that produces a 32-bit cipher-text by rolling four characters together a certain number of times only text 6F 6E 6C 79 6F6E6C79 ASCII an integer number a 32-bit cipher-text 24/08/

38 Multi-Language Projects typedef unsigned int cipher cipher encrypt( char text[]) { int i; cipher code = 0; for(i=0; i<4; i++) { code = code<<8; /* shift 8 bits left */ code += text[i]; /* insert an ASCII code */ } code = rotate( code ); /* rotate left */ return code; } 24/08/

39 Multi-Language Projects char text[] 6F 6E 6C 79 cipher code = 0; 6F6E6C79 6F6E00 6F00 0 code += text[i]; code = code<<8; 24/08/

40 Multi-Language Projects The function rotate() can be implemented in C language However There is no any ROL operator in C language 2. Rotation could be implemented through the << Left Shift and ^ Bit-wise XOR, but the performance will be compromised Performance/Complexity efficient solution Implement rotate() in Assembly language 24/08/

41 Multi-Language Projects 1. Implement a template of the function rotate() in C language cipher rotate( cipher thenumber ) { } return thenumber; 2. Make sure it works with your program ( similar to 0-bit rotation ) 3. Place it in a separate source file rotate.c and compile with S option $ gcc S rotate.c 24/08/

42 Multi-Language Projects 4. An assembly language source file rotate.s will be generated.file "rotate.s".text.global rotate.type rotate: pushl %ebp movl movl %esp, %ebp 8(%ebp), %eax leave ret 24/08/

43 Multi-Language Projects 5. Modify the source file rotate.s as required.file "rotate.s".text.global rotate.type rotate: pushl %ebp movl %esp, %ebp movl 8(%ebp), %eax roll $3, %eax /* rotate 3-bit left */ leave ret 24/08/

44 Multi-Language Projects 6. Compile rotate.s producing an object file rotate.o $ as c rotate.s 7. Compile your C program encriptext.c producing an object file encriptext.o $ gcc c encriptext.c 8. Link two object files producing an executable file $ gcc o encriptext rotate.o encriptext.o 24/08/

45 Disassembling In general, it is not possible to reconstruct the original C source code from a corresponding executable file C code gcc? Executable It is possible to reconstruct with a certain degree of accuracy the original Assembly source code from a corresponding executable file Assembly code as Executable DisAssembler 24/08/

46 Suggested Reading K. Irvine, Assembly Language for Intel-Based Computers, Prentice Hall, 1999 J. Duntemann, Assembly Language Step-By-Step John Willey & Sons, Inc /08/