Lab 3. The Art of Assembly Language (II)

Similar documents
Program Exploitation Intro

X86 Addressing Modes Chapter 3" Review: Instructions to Recognize"

CSC 2400: Computer Systems. Towards the Hardware: Machine-Level Representation of Programs

CSC 8400: Computer Systems. Machine-Level Representation of Programs

complement) Multiply Unsigned: MUL (all operands are nonnegative) AX = BH * AL IMUL BH IMUL CX (DX,AX) = CX * AX Arithmetic MUL DWORD PTR [0x10]

Practical Malware Analysis

Reverse Engineering Low Level Software. CS5375 Software Reverse Engineering Dr. Jaime C. Acosta

Lecture 2 Assembly Language

CS412/CS413. Introduction to Compilers Tim Teitelbaum. Lecture 21: Generating Pentium Code 10 March 08

CS241 Computer Organization Spring 2015 IA

CS165 Computer Security. Understanding low-level program execution Oct 1 st, 2015

16.317: Microprocessor Systems Design I Fall 2015

Basic Pentium Instructions. October 18

Module 3 Instruction Set Architecture (ISA)

An Introduction to x86 ASM

16.317: Microprocessor Systems Design I Fall 2014

Lecture 15 Intel Manual, Vol. 1, Chapter 3. Fri, Mar 6, Hampden-Sydney College. The x86 Architecture. Robb T. Koether. Overview of the x86

The x86 Architecture

CPS104 Recitation: Assembly Programming

mith College Computer Science CSC231 Assembly Week #11 Fall 2017 Dominique Thiébaut

CNIT 127: Exploit Development. Ch 1: Before you begin. Updated

Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration. Xeno Kovah 2014 xkovah at gmail

Conditional Processing

CS 31: Intro to Systems ISAs and Assembly. Kevin Webb Swarthmore College February 9, 2016

Computer Architecture and Assembly Language. Practical Session 3

Lab 6: Conditional Processing

CS 31: Intro to Systems ISAs and Assembly. Kevin Webb Swarthmore College September 25, 2018

Intel Instruction Set (gas)

Reverse Engineering II: Basics. Gergely Erdélyi Senior Antivirus Researcher

Reverse Engineering II: The Basics

Reverse Engineering II: The Basics

Q1: Multiple choice / 20 Q2: Protected mode memory accesses

CMSC 313 Lecture 07. Short vs Near Jumps Logical (bit manipulation) Instructions AND, OR, NOT, SHL, SHR, SAL, SAR, ROL, ROR, RCL, RCR

Second Part of the Course

Rev101. spritzers - CTF team. spritz.math.unipd.it/spritzers.html

Introduction to IA-32. Jo, Heeseung

Ex: Write a piece of code that transfers a block of 256 bytes stored at locations starting at 34000H to locations starting at 36000H. Ans.

INTRODUCTION TO IA-32. Jo, Heeseung

Complex Instruction Set Computer (CISC)

CS61 Section Solutions 3

CS 31: Intro to Systems ISAs and Assembly. Martin Gagné Swarthmore College February 7, 2017

Basic Execution Environment

Introduction to 8086 Assembly

IFE: Course in Low Level Programing. Lecture 6

Assembly Language: IA-32 Instructions

Chapter 12. Selected Pentium Instructions

mith College Computer Science CSC231 Assembly Week #9 Spring 2017 Dominique Thiébaut

LABORATORY WORK NO. 7 FLOW CONTROL INSTRUCTIONS

SOEN228, Winter Revision 1.2 Date: October 25,

EECE.3170: Microprocessor Systems Design I Summer 2017 Homework 4 Solution

A CRASH COURSE IN X86 DISASSEMBLY

Machine-level Representation of Programs. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Intel 8086: Instruction Set

3.1 DATA MOVEMENT INSTRUCTIONS 45

Marking Scheme. Examination Paper Department of CE. Module: Microprocessors (630313)

SPRING TERM BM 310E MICROPROCESSORS LABORATORY PRELIMINARY STUDY

mith College Computer Science CSC231 Assembly Week #10 Fall 2017 Dominique Thiébaut

Assembly II: Control Flow. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

PESIT Bangalore South Campus

Assembly level Programming. 198:211 Computer Architecture. (recall) Von Neumann Architecture. Simplified hardware view. Lecture 10 Fall 2012

The Instruction Set. Chapter 5

Assembly Language for Intel-Based Computers, 4 th Edition. Chapter 6: Conditional Processing

Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB. Lab # 7. Procedures and the Stack

16.317: Microprocessor Systems Design I Spring 2015

CSE P 501 Compilers. x86 Lite for Compiler Writers Hal Perkins Autumn /25/ Hal Perkins & UW CSE J-1

CMSC 313 Lecture 05 [draft]

Assembly II: Control Flow

x86 Assembly Tutorial COS 318: Fall 2017

Instructions moving data

Assembly Programmer s View Lecture 4A Machine-Level Programming I: Introduction

Buffer Overflow Attack

6/20/2011. Introduction. Chapter Objectives Upon completion of this chapter, you will be able to:

x64 Cheat Sheet Fall 2014

Computer Architecture and System Programming Laboratory. TA Session 3

Inline Assembler. Willi-Hans Steeb and Yorick Hardy. International School for Scientific Computing

COMPUTER ENGINEERING DEPARTMENT

Towards the Hardware"

Chapter 3: Addressing Modes

Introduction to Reverse Engineering. Alan Padilla, Ricardo Alanis, Stephen Ballenger, Luke Castro, Jake Rawlins

Low-Level Essentials for Understanding Security Problems Aurélien Francillon

Dr. Ramesh K. Karne Department of Computer and Information Sciences, Towson University, Towson, MD /12/2014 Slide 1

EXPERIMENT WRITE UP. LEARNING OBJECTIVES: 1. Get hands on experience with Assembly Language Programming 2. Write and debug programs in TASM/MASM

Signed number Arithmetic. Negative number is represented as

We will first study the basic instructions for doing multiplications and divisions

Ex : Write an ALP to evaluate x(y + z) where x = 10H, y = 20H and z = 30H and store the result in a memory location 54000H.

x86 assembly CS449 Fall 2017

System calls and assembler

CS 261 Fall Mike Lam, Professor. x86-64 Control Flow

CS24: INTRODUCTION TO COMPUTING SYSTEMS. Spring 2016 Lecture 12

Assembly Language LAB

administrivia today start assembly probably won t finish all these slides Assignment 4 due tomorrow any questions?

CSE2421 FINAL EXAM SPRING Name KEY. Instructions: Signature

Overview of Compiler. A. Introduction

CSCE 212H, Spring 2008 Lab Assignment 3: Assembly Language Assigned: Feb. 7, Due: Feb. 14, 11:59PM

Assembly Language Each statement in an assembly language program consists of four parts or fields.

EXPERIMENT WRITE UP. LEARNING OBJECTIVES: 1. Get hands on experience with Assembly Language Programming 2. Write and debug programs in TASM/MASM

BAHAR DÖNEMİ MİKROİŞLEMCİLER LAB4 FÖYÜ

Marking Scheme. Examination Paper. Module: Microprocessors (630313)

Assembly Language Lab # 9

Do not turn the page until 5:10.

Transcription:

Lab. The Art of Assembly Language (II) Dan Bruce, David Clark and Héctor D. Menéndez Department of Computer Science University College London October 2, 2017 License Creative Commons Share Alike Modified from Xeno Kovah slides of Open Security Training Dan, David and Héctor (UCL) Assembly October 2, 2017 1 71

Introduction There are two forms to modify control flow: Conditional: go somewhere if a condition is met. For example: if s, switches, loops. Unconditional: go somewhere directly. For example: Procedure calls, goto, exceptions, interrupts. Dan, David and Héctor (UCL) Assembly October 2, 2017 2 71

JMP - Jump Change EIP to the given address (like goto). The main forms of the address: Relative: 1 byte displacement from end of the instruction (jmp 0x0E). Absolute: hardcoded address in instruction (jmp 0x0248291). Absolute Indirect: address calculated with r/m2 (jmp eax - 0x0E). Dan, David and Héctor (UCL) Assembly October 2, 2017 71

Flags Dan, David and Héctor (UCL) Assembly October 2, 2017 4 71

Jcc - Jump If Condition Is Met There are several options for conditional jumps. We will focused on those that corresponds with: ZF, CF, OF and SF. Dan, David and Héctor (UCL) Assembly October 2, 2017 5 71

Some Jcc Instructions JZ/JE (Zero/Equal): if ZF == 1. JNZ/JNE (No Zero/Equal): if ZF == 0. JLE/JNG (Less or Equal - Signed): if ZF == 1 or SF!= OF. JGE/JNL (Greater or Equal -Signed): if SF == OF. JBE (Below or Equal - Unsigned): if CF == 1 OR ZF == 1. JAE (Above or Equal - Unsigned): if CF == 0 OR ZF == 1. In the debugger you can just look at eflags and/or watch whether it takes a jump. Dan, David and Héctor (UCL) Assembly October 2, 2017 6 71

We update the frame register with the stack register something : 00401000 mov cx, 00401001 sub ax, cx 0040100 j z main 00401008 jmp end main : 00401010 mov ax, 2 00401011 mov bx, 0040101 sub ax, bx 00401018 add ax, ax 0040101D jnz something end : 0040101E r e t OF SF ZF PF CF 0 0 0 0 0 EIP AX BX CX 0x00401010 Dan, David and Héctor (UCL) Assembly October 2, 2017 7 71

We update the frame register with the stack register something : 00401000 mov cx, 00401001 sub ax, cx 0040100 j z main 00401008 jmp end main : 00401010 mov ax,2 00401011 mov bx, 0040101 sub ax, bx 00401018 add ax, ax 0040101D jnz something end : 0040101E r e t OF SF ZF PF CF 0 0 0 0 0 EIP AX BX CX 0x00401011 2 Dan, David and Héctor (UCL) Assembly October 2, 2017 8 71

We update the frame register with the stack register something : 00401000 mov cx, 00401001 sub ax, cx 0040100 j z main 00401008 jmp end main : 00401010 mov ax, 2 00401011 mov bx, 0040101 sub ax, bx 00401018 add ax, ax 0040101D jnz something end : 0040101E r e t OF SF ZF PF CF 0 0 0 0 0 EIP AX BX CX 0x0040101 2 Dan, David and Héctor (UCL) Assembly October 2, 2017 9 71

We update the frame register with the stack register something : 00401000 mov cx, 00401001 sub ax, cx 0040100 j z main 00401008 jmp end main : 00401010 mov ax, 2 00401011 mov bx, 0040101 sub ax,bx 00401018 add ax, ax 0040101D jnz something end : 0040101E r e t OF SF ZF PF CF 0 1 0 1 0 EIP AX BX CX 0x00401018-1 Dan, David and Héctor (UCL) Assembly October 2, 2017 10 71

We update the frame register with the stack register something : 00401000 mov cx, 00401001 sub ax, cx 0040100 j z main 00401008 jmp end main : 00401010 mov ax, 2 00401011 mov bx, 0040101 sub ax, bx 00401018 add ax,ax 0040101D jnz something end : 0040101E r e t OF SF ZF PF CF 0 1 0 0 0 EIP AX BX CX 0x0040101D -2 Dan, David and Héctor (UCL) Assembly October 2, 2017 11 71

We update the frame register with the stack register something : 00401000 mov cx, 00401001 sub ax, cx 0040100 j z main 00401008 jmp end main : 00401010 mov ax, 2 00401011 mov bx, 0040101 sub ax, bx 00401018 add ax, ax 0040101D jnz something end : 0040101E r e t OF SF ZF PF CF 0 0 0 0 0 EIP AX BX CX 0x00401000-2 Dan, David and Héctor (UCL) Assembly October 2, 2017 12 71

We update the frame register with the stack register something : 00401000 mov cx, 00401001 sub ax, cx 0040100 j z main 00401008 jmp end main : 00401010 mov ax, 2 00401011 mov bx, 0040101 sub ax, bx 00401018 add ax, ax 0040101D jnz something end : 0040101E r e t OF SF ZF PF CF 0 0 0 0 0 EIP AX BX CX 0x00401001-2 Dan, David and Héctor (UCL) Assembly October 2, 2017 1 71

We update the frame register with the stack register something : 00401000 mov cx, 00401001 sub ax,cx 0040100 j z main 00401008 jmp end main : 00401010 mov ax, 2 00401011 mov bx, 0040101 sub ax, bx 00401018 add ax, ax 0040101D jnz something end : 0040101E r e t OF SF ZF PF CF 0 1 0 1 0 EIP AX BX CX 0x0040100-5 Dan, David and Héctor (UCL) Assembly October 2, 2017 14 71

We update the frame register with the stack register something : 00401000 mov cx, 00401001 sub ax, cx 0040100 jz main 00401008 jmp end main : 00401010 mov ax, 2 00401011 mov bx, 0040101 sub ax, bx 00401018 add ax, ax 0040101D jnz something end : 0040101E r e t OF SF ZF PF CF 0 0 0 0 0 EIP AX BX CX 0x00401008-5 Dan, David and Héctor (UCL) Assembly October 2, 2017 15 71

We update the frame register with the stack register something : 00401000 mov cx, 00401001 sub ax, cx 0040100 j z main 00401008 jmp end main : 00401010 mov ax, 2 00401011 mov bx, 0040101 sub ax, bx 00401018 add ax, ax 0040101D jnz something end : 0040101E r e t OF SF ZF PF CF 0 0 0 0 0 EIP AX BX CX 0x0040101E -5 Dan, David and Héctor (UCL) Assembly October 2, 2017 16 71

We update the frame register with the stack register something : 00401000 mov cx, 00401001 sub ax, cx 0040100 j z main 00401008 jmp end main : 00401010 mov ax, 2 00401011 mov bx, 0040101 sub ax, bx 00401018 add ax, ax 0040101D jnz something end : 0040101E ret OF SF ZF PF CF 0 0 0 0 0 EIP AX BX CX unknown -5 Dan, David and Héctor (UCL) Assembly October 2, 2017 17 71

Flag setting Before you can do a conditional jump, you need to set the flags. Common instructions are CMP, TEST, or any arithmetic or logic instructions having flag-setting side-effects Dan, David and Héctor (UCL) Assembly October 2, 2017 18 71

CMP - Compare Two Operands The comparison is performed by subtracting the second operand from the first operand and then setting the status flags in the same manner as the SUB instruction. With CMP the result is computed, the flags are set, but the result is discarded. Modifies CF, OF, SF, ZF, AF, and PF. Dan, David and Héctor (UCL) Assembly October 2, 2017 19 71

TEST - Logical Compare Computes the bit-wise logical AND of first operand and the second operand and sets the SF, ZF, and PF status flags according to the result. Like CMP - sets flags, and throws away the result Dan, David and Héctor (UCL) Assembly October 2, 2017 20 71

AND - Logical AND Destination operand can be r/m2 or register. Source operand can be r/m2 or register or immediate. No source and destination as r/m2. and al, bl and al, 0x42 00110011b (al - 0x) AND 01010101b (bl - 0x55) result 00010001b (al - 0x11) 00110011b (al - 0x) AND 01000010b (imm - 0x42) result 00000010b (al - 0x02) Dan, David and Héctor (UCL) Assembly October 2, 2017 21 71

OR - Logical Inclusive OR Destination operand can be r/m2 or register. Source operand can be r/m2 or register or immediate. or al,bl or al, 0x42 00110011b (al - 0x) OR 01010101b (bl - 0x55) result 01110111b (al - 0x77) 00110011b (al - 0x) OR 01000010b (imm - 0x42) result 01110011b (al - 0x7) Dan, David and Héctor (UCL) Assembly October 2, 2017 22 71

XOR - Logical Exclusive OR Commonly used to zero a register. xor al,al xor al, 0x42 00110011b (al - 0x) XOR 00110011b (al - 0x) result 00000000b (al - 0x00) 00110011b (al - 0x) OR 01000010b (imm - 0x42) result 01110001b (al - 0x71) Dan, David and Héctor (UCL) Assembly October 2, 2017 2 71

NOT - One s Complement Negation Single source/destination operand can be r/m2. not al not [al+bl] NOT 00110011b (al - 0x) result 11001100b (al - 0xCC) al 0x10000000 bl 0x0000124 al+bl 0x1000124 [al+bl] 0 (assumed memory at 0x1000124) NOT 00000000b result 11111111b Dan, David and Héctor (UCL) Assembly October 2, 2017 24 71

SHL - Shift Logical Left Can be explicitly used with the C << operator. First operand (source and destination) is r/m2. Second operand is either cl (lowest byte of ecx), or a 1 byte immediate. The 2nd operand is the number of places to shift. Multiplies by 2 more efficiently. Bits shifted off the left hand side set the carry flag (CF). sh cl,2 shl cl, 00110011b (cl - 0x) result 11001100b (cl - 0xCC) CF = 0 00110011b (cl - 0x) result 10011000b (cl - 0x98) CF = 1 Dan, David and Héctor (UCL) Assembly October 2, 2017 25 71

SHR - Shift Logical Right Can be explicitly used with the C >> operator. First operand (source and destination) is r/m2. Second operand is either cl (lowest byte of ecx), or a 1 byte immediate. The 2nd operand is the number of places to shift. It divides the register by 2 for each place the value is shifted. Bits shifted off the right hand side set the carry flag (CF). shr cl,2 shr cl, 00110011b (cl - 0x) result 00001100b (cl - 0x0C) CF = 1 00110011b (cl - 0x) result 00000110b (cl - 0x06) CF = 0 Dan, David and Héctor (UCL) Assembly October 2, 2017 26 71

REP - Repeat Prefix It is an instruction prefix. Repeat a single instruction multiple times. All rep operations use ecx register as a counter to determine how many times to loop. Each time it decrements ecx. Once ecx == 0, it continues. Dan, David and Héctor (UCL) Assembly October 2, 2017 27 71

REP STOS - Repeat Store String Either moves one byte at a time or one dword at a time. Either fill byte at [edi] with al or fill dword at [edi] with eax. Moves the edi register forward one byte or one dword at a time, so that the repeated store operation is storing into consecutive locations. So there are things which must happen before the actual rep stos occurs: set edi to the start destination, eax/al to the value to store, and ecx to the number of times to store Dan, David and Héctor (UCL) Assembly October 2, 2017 28 71

REP STOS - Set edi - the destination: 00411AC lea edi,[ebp-0f0h] Set ecx - the count 00411B2 mov ecx,ch Set eax - the value 00411B7 mov eax,0cccccccch Start the repeated store 00411BC rep stos dword ptr [edi] Stores 0xC copies of the dword 0xCCCCCCCC starting at ebp-0xf0 Dan, David and Héctor (UCL) Assembly October 2, 2017 29 71

REP MOVS - Repeat Move Data String to String Either moves one byte at a time or one dword at a time. Either move byte at [esi] to byte at [edi] or move dword at [esi] to dword at [edi]. Moves the esi and edi registers forward one byte or one dword at a time, so that the repeated store operation is storing into consecutive locations. So there are things which must happen before the actual rep movs occurs: set esi to the start source, set edi to the start destination, and set ecx to the number of times to move Dan, David and Héctor (UCL) Assembly October 2, 2017 0 71

ENTER - High Level Procedure Init Pushes EBP and then sets EBP to ESP. Reserves memory for local variables in the stack. 1 enter 20,0 Dan, David and Héctor (UCL) Assembly October 2, 2017 1 71

LEAVE - High Level Procedure Exit Set ESP to EBP, then pop EBP. It finishes the execution. Depends on compiler and options. 1 mov eax, dword ptr [ ebp+8] 2 pop esi pop edi 4 leave 5 r e t Dan, David and Héctor (UCL) Assembly October 2, 2017 2 71

C to Assembly Dan, David and Héctor (UCL) Assembly October 2, 2017 71

IF / ELSE 1 i f ( a > 5) 2 p r i n t f ( A i s g r e a t e r than 5 ) ; else 4 p r i n t f ( A i s smaller or equal to 5 ) ; 5 return ; Dan, David and Héctor (UCL) Assembly October 2, 2017 4 71

IF / ELSE Imagine that a value is in ax 1 cmp ax,5 2 jg g r e a t e r jmp smaller 4 g r e a t e r : 5 mov r d i, msggreater 6 mov rax,0 7 c a l l p r i n t f 8 jmp end 9 smaller : 10 mov r d i, msgsmaller 11 mov rax,0 12 c a l l p r i n t f 1 end : 14 leave Dan, David and Héctor (UCL) Assembly October 2, 2017 5 71

FOR 1 for ( i =0; i <10; i ++) 2 p r i n t f ( Hello ) ; Dan, David and Héctor (UCL) Assembly October 2, 2017 6 71

FOR 1 mov cx,0 2 loop1 : cmp cx,10 4 jge end 5 mov r d i, msg 6 mov rax,0 7 c a l l p r i n t f 8 add cx,1 9 jmp loop1 10 end : 11 mov rax,0 12 c a l l e x i t Dan, David and Héctor (UCL) Assembly October 2, 2017 7 71

Compile to Assembly The compiler is able to generate assembly code as an intermediate representation: $ gcc S masm= i n t e l m2 test. c This will generate a file named test.s containing the assembly code (in intel format) of the source code test.c Dan, David and Héctor (UCL) Assembly October 2, 2017 8 71

Disassembling: Objdump We can recover the original assembly code using Objdump: $ objdump M i n t e l d test This will show the assembly expressions after a disassemble process. Dan, David and Héctor (UCL) Assembly October 2, 2017 9 71

Disassembling: GDB We can also recover them with GDB: $ gdb test $> break main $> run $> set disassembly f l a v o r i n t e l $> disassemble In this case, we are running the program. Dan, David and Héctor (UCL) Assembly October 2, 2017 40 71

MAIN 1 i n t main ( i n t argc, char argv [ ] ) { 2 i n t a=; i n t b=5; 4 i n t c=a+b ; 5 return 1; 6 } Dan, David and Héctor (UCL) Assembly October 2, 2017 41 71

MAIN 1 main : 2 push ebp mov ebp, esp 4 sub esp, 16 5 mov DWORD PTR [ ebp 4], 6 mov DWORD PTR [ ebp 8], 5 7 mov eax, DWORD PTR [ ebp 8] 8 mov edx, DWORD PTR [ ebp 4] 9 add eax, edx 10 mov DWORD PTR [ ebp 12], eax 11 mov eax, 1 12 leave 1 r e t Dan, David and Héctor (UCL) Assembly October 2, 2017 42 71

Function Call 1 i n t mysum( i n t a, i n t b ){ 2 i n t c =; i n t t o t a l ; 4 t o t a l =a+c+b ; 5 return t o t a l ; 6 } 7 8 i n t main ( i n t argc, char argv [ ] ) { 9 i n t a=; 10 i n t b=5; 11 mysum( a, b ) ; 12 return 1; 1 } Dan, David and Héctor (UCL) Assembly October 2, 2017 4 71

Function Call (main) 1 main : 2 push ebp mov ebp, esp 4 sub esp, 24 5 mov DWORD PTR [ ebp 4], 6 mov DWORD PTR [ ebp 8], 5 7 mov eax, DWORD PTR [ ebp 8] 8 mov DWORD PTR [ esp +4], eax 9 mov eax, DWORD PTR [ ebp 4] 10 mov DWORD PTR [ esp ], eax 11 c a l l mysum 12 mov eax, 1 1 leave 14 r e t Dan, David and Héctor (UCL) Assembly October 2, 2017 44 71

Function Call (mysum) 1 mysum: 2 push ebp mov ebp, esp 4 sub esp, 16 5 mov DWORD PTR [ ebp 4], 6 mov eax, DWORD PTR [ ebp 4] 7 mov edx, DWORD PTR [ ebp+8] 8 add edx, eax 9 mov eax, DWORD PTR [ ebp+12] 10 add eax, edx 11 mov DWORD PTR [ ebp 8], eax 12 mov eax, DWORD PTR [ ebp 8] 1 leave 14 r e t Dan, David and Héctor (UCL) Assembly October 2, 2017 45 71

main : push ebp mov ebp, esp sub esp, 24 mov DWORD PTR [ ebp 4], mov DWORD PTR [ ebp 8], 5 mov eax, DWORD PTR [ ebp 8] mov DWORD PTR [ esp +4], eax mov eax, DWORD PTR [ ebp 4] mov DWORD PTR [ esp ], eax c a l l mysum mov eax, 1 leave r e t 0x070 0x06C 0x068 0x064 0x060 0x05C 0x058 0x054 old ebp Dan, David and Héctor (UCL) Assembly October 2, 2017 46 71

main : push ebp mov ebp, esp sub esp, 24 mov DWORD PTR [ ebp 4], mov DWORD PTR [ ebp 8], 5 mov eax, DWORD PTR [ ebp 8] mov DWORD PTR [ esp +4], eax mov eax, DWORD PTR [ ebp 4] mov DWORD PTR [ esp ], eax c a l l mysum mov eax, 1 leave r e t 0x070 0x06C 0x068 0x064 0x060 0x05C 0x058 0x054 old ebp Dan, David and Héctor (UCL) Assembly October 2, 2017 47 71

main : push ebp mov ebp, esp sub esp, 24 mov DWORD PTR [ ebp 4], mov DWORD PTR [ ebp 8], 5 mov eax, DWORD PTR [ ebp 8] mov DWORD PTR [ esp +4], eax mov eax, DWORD PTR [ ebp 4] mov DWORD PTR [ esp ], eax c a l l mysum mov eax, 1 leave r e t 0x070 0x06C 0x068 0x064 0x060 0x05C 0x058 0x054 old ebp Dan, David and Héctor (UCL) Assembly October 2, 2017 48 71

main : push ebp mov ebp, esp sub esp, 24 mov DWORD PTR [ebp-4], mov DWORD PTR [ ebp 8], 5 mov eax, DWORD PTR [ ebp 8] mov DWORD PTR [ esp +4], eax mov eax, DWORD PTR [ ebp 4] mov DWORD PTR [ esp ], eax c a l l mysum mov eax, 1 leave r e t 0x070 0x06C 0x068 0x064 0x060 0x05C 0x058 0x054 old ebp Dan, David and Héctor (UCL) Assembly October 2, 2017 49 71

main : push ebp mov ebp, esp sub esp, 24 mov DWORD PTR [ ebp 4], mov DWORD PTR [ebp-8], 5 mov eax, DWORD PTR [ ebp 8] mov DWORD PTR [ esp +4], eax mov eax, DWORD PTR [ ebp 4] mov DWORD PTR [ esp ], eax c a l l mysum mov eax, 1 leave r e t 0x070 0x06C 0x068 0x064 0x060 0x05C 0x058 0x054 old ebp 5 Dan, David and Héctor (UCL) Assembly October 2, 2017 50 71

main : push ebp mov ebp, esp sub esp, 24 mov DWORD PTR [ ebp 4], mov DWORD PTR [ ebp 8], 5 mov eax, DWORD PTR [ebp-8] mov DWORD PTR [ esp +4], eax mov eax, DWORD PTR [ ebp 4] mov DWORD PTR [ esp ], eax c a l l mysum mov eax, 1 leave r e t 0x070 0x06C 0x068 0x064 0x060 0x05C 0x058 0x054 old ebp 5 Dan, David and Héctor (UCL) Assembly October 2, 2017 51 71

main : push ebp mov ebp, esp sub esp, 24 mov DWORD PTR [ ebp 4], mov DWORD PTR [ ebp 8], 5 mov eax, DWORD PTR [ ebp 8] mov DWORD PTR [esp+4], eax mov eax, DWORD PTR [ ebp 4] mov DWORD PTR [ esp ], eax c a l l mysum mov eax, 1 leave r e t 0x070 0x06C 0x068 0x064 0x060 0x05C 0x058 0x054 old ebp 5 5 Dan, David and Héctor (UCL) Assembly October 2, 2017 52 71

main : push ebp mov ebp, esp sub esp, 24 mov DWORD PTR [ ebp 4], mov DWORD PTR [ ebp 8], 5 mov eax, DWORD PTR [ ebp 8] mov DWORD PTR [ esp +4], eax mov eax, DWORD PTR [ebp-4] mov DWORD PTR [ esp ], eax c a l l mysum mov eax, 1 leave r e t 0x070 0x06C 0x068 0x064 0x060 0x05C 0x058 0x054 old ebp 5 5 Dan, David and Héctor (UCL) Assembly October 2, 2017 5 71

main : push ebp mov ebp, esp sub esp, 24 mov DWORD PTR [ ebp 4], mov DWORD PTR [ ebp 8], 5 mov eax, DWORD PTR [ ebp 8] mov DWORD PTR [ esp +4], eax mov eax, DWORD PTR [ ebp 4] mov DWORD PTR [esp], eax c a l l mysum mov eax, 1 leave r e t 0x070 0x06C 0x068 0x064 0x060 0x05C 0x058 0x054 old ebp 5 5 Dan, David and Héctor (UCL) Assembly October 2, 2017 54 71

main : push ebp mov ebp, esp sub esp, 24 mov DWORD PTR [ ebp 4], mov DWORD PTR [ ebp 8], 5 mov eax, DWORD PTR [ ebp 8] mov DWORD PTR [ esp +4], eax mov eax, DWORD PTR [ ebp 4] mov DWORD PTR [ esp ], eax call mysum mov eax, 1 leave r e t 0x070 0x06C 0x068 0x064 0x060 0x05C 0x058 0x054 0x050 old ebp 5 5 EIP Dan, David and Héctor (UCL) Assembly October 2, 2017 55 71

mysum: push ebp mov ebp, esp sub esp, 16 mov DWORD PTR [ ebp 4], mov eax, DWORD PTR [ ebp 4] mov edx, DWORD PTR [ ebp+8] add edx, eax mov eax, DWORD PTR [ ebp+12] add eax, edx mov DWORD PTR [ ebp 8], eax mov eax, DWORD PTR [ ebp 8] leave r e t 0x05C 0x058 0x054 0x050 0x04C 0x048 0x044 0x040 0x0C 5 EIP Dan, David and Héctor (UCL) Assembly October 2, 2017 56 71

mysum: push ebp mov ebp, esp sub esp, 16 mov DWORD PTR [ ebp 4], mov eax, DWORD PTR [ ebp 4] mov edx, DWORD PTR [ ebp+8] add edx, eax mov eax, DWORD PTR [ ebp+12] add eax, edx mov DWORD PTR [ ebp 8], eax mov eax, DWORD PTR [ ebp 8] leave r e t 0x05C 0x058 0x054 0x050 0x04C 0x048 0x044 0x040 0x0C 5 EIP main ebp Dan, David and Héctor (UCL) Assembly October 2, 2017 57 71

mysum: push ebp mov ebp, esp sub esp, 16 mov DWORD PTR [ ebp 4], mov eax, DWORD PTR [ ebp 4] mov edx, DWORD PTR [ ebp+8] add edx, eax mov eax, DWORD PTR [ ebp+12] add eax, edx mov DWORD PTR [ ebp 8], eax mov eax, DWORD PTR [ ebp 8] leave r e t 0x05C 0x058 0x054 0x050 0x04C 0x048 0x044 0x040 0x0C 5 EIP main ebp Dan, David and Héctor (UCL) Assembly October 2, 2017 58 71

mysum: push ebp mov ebp, esp sub esp, 16 mov DWORD PTR [ ebp 4], mov eax, DWORD PTR [ ebp 4] mov edx, DWORD PTR [ ebp+8] add edx, eax mov eax, DWORD PTR [ ebp+12] add eax, edx mov DWORD PTR [ ebp 8], eax mov eax, DWORD PTR [ ebp 8] leave r e t 0x05C 0x058 0x054 0x050 0x04C 0x048 0x044 0x040 0x0C 5 EIP main ebp Dan, David and Héctor (UCL) Assembly October 2, 2017 59 71

mysum: push ebp mov ebp, esp sub esp, 16 mov DWORD PTR [ebp-4], mov eax, DWORD PTR [ ebp 4] mov edx, DWORD PTR [ ebp+8] add edx, eax mov eax, DWORD PTR [ ebp+12] add eax, edx mov DWORD PTR [ ebp 8], eax mov eax, DWORD PTR [ ebp 8] leave r e t 0x05C 0x058 0x054 0x050 0x04C 0x048 0x044 0x040 0x0C 5 EIP main ebp Dan, David and Héctor (UCL) Assembly October 2, 2017 60 71

mysum: push ebp mov ebp, esp sub esp, 16 mov DWORD PTR [ ebp 4], mov eax, DWORD PTR [ebp-4] mov edx, DWORD PTR [ ebp+8] add edx, eax mov eax, DWORD PTR [ ebp+12] add eax, edx mov DWORD PTR [ ebp 8], eax mov eax, DWORD PTR [ ebp 8] leave r e t 0x05C 0x058 0x054 0x050 0x04C 0x048 0x044 0x040 0x0C 5 EIP main ebp Dan, David and Héctor (UCL) Assembly October 2, 2017 61 71

mysum: push ebp mov ebp, esp sub esp, 16 mov DWORD PTR [ ebp 4], mov eax, DWORD PTR [ ebp 4] mov edx, DWORD PTR [ebp+8] add edx, eax mov eax, DWORD PTR [ ebp+12] add eax, edx mov DWORD PTR [ ebp 8], eax mov eax, DWORD PTR [ ebp 8] leave r e t 0x05C 0x058 0x054 0x050 0x04C 0x048 0x044 0x040 0x0C 5 EIP main ebp Dan, David and Héctor (UCL) Assembly October 2, 2017 62 71

mysum: push ebp mov ebp, esp sub esp, 16 mov DWORD PTR [ ebp 4], mov eax, DWORD PTR [ ebp 4] mov edx, DWORD PTR [ ebp+8] add edx, eax mov eax, DWORD PTR [ ebp+12] add eax, edx mov DWORD PTR [ ebp 8], eax mov eax, DWORD PTR [ ebp 8] leave r e t 0x05C 0x058 0x054 0x050 0x04C 0x048 0x044 0x040 0x0C 5 EIP main ebp Dan, David and Héctor (UCL) Assembly October 2, 2017 6 71

mysum: push ebp mov ebp, esp sub esp, 16 mov DWORD PTR [ ebp 4], mov eax, DWORD PTR [ ebp 4] mov edx, DWORD PTR [ ebp+8] add edx, eax mov eax, DWORD PTR [ebp+12] add eax, edx mov DWORD PTR [ ebp 8], eax mov eax, DWORD PTR [ ebp 8] leave r e t 0x05C 0x058 0x054 0x050 0x04C 0x048 0x044 0x040 0x0C 5 EIP main ebp Dan, David and Héctor (UCL) Assembly October 2, 2017 64 71

mysum: push ebp mov ebp, esp sub esp, 16 mov DWORD PTR [ ebp 4], mov eax, DWORD PTR [ ebp 4] mov edx, DWORD PTR [ ebp+8] add edx, eax mov eax, DWORD PTR [ ebp+12] add eax, edx mov DWORD PTR [ ebp 8], eax mov eax, DWORD PTR [ ebp 8] leave r e t 0x05C 0x058 0x054 0x050 0x04C 0x048 0x044 0x040 0x0C 5 EIP main ebp Dan, David and Héctor (UCL) Assembly October 2, 2017 65 71

mysum: push ebp mov ebp, esp sub esp, 16 mov DWORD PTR [ ebp 4], mov eax, DWORD PTR [ ebp 4] mov edx, DWORD PTR [ ebp+8] add edx, eax mov eax, DWORD PTR [ ebp+12] add eax, edx mov DWORD PTR [ebp-8], eax mov eax, DWORD PTR [ ebp 8] leave r e t 0x05C 0x058 0x054 0x050 0x04C 0x048 0x044 0x040 0x0C 5 EIP main ebp 11 Dan, David and Héctor (UCL) Assembly October 2, 2017 66 71

mysum: push ebp mov ebp, esp sub esp, 16 mov DWORD PTR [ ebp 4], mov eax, DWORD PTR [ ebp 4] mov edx, DWORD PTR [ ebp+8] add edx, eax mov eax, DWORD PTR [ ebp+12] add eax, edx mov DWORD PTR [ ebp 8], eax mov eax, DWORD PTR [ebp-8] leave r e t 0x05C 0x058 0x054 0x050 0x04C 0x048 0x044 0x040 0x0C 5 EIP main ebp 11 Dan, David and Héctor (UCL) Assembly October 2, 2017 67 71

mysum: push ebp mov ebp, esp sub esp, 16 mov DWORD PTR [ ebp 4], mov eax, DWORD PTR [ ebp 4] mov edx, DWORD PTR [ ebp+8] add edx, eax mov eax, DWORD PTR [ ebp+12] add eax, edx mov DWORD PTR [ ebp 8], eax mov eax, DWORD PTR [ ebp 8] leave r e t 0x05C 0x058 0x054 0x050 0x04C 0x048 0x044 0x040 0x0C 5 EIP main ebp Dan, David and Héctor (UCL) Assembly October 2, 2017 68 71

mysum: push ebp mov ebp, esp sub esp, 16 mov DWORD PTR [ ebp 4], mov eax, DWORD PTR [ ebp 4] mov edx, DWORD PTR [ ebp+8] add edx, eax mov eax, DWORD PTR [ ebp+12] add eax, edx mov DWORD PTR [ ebp 8], eax mov eax, DWORD PTR [ ebp 8] leave r e t 0x05C 0x058 0x054 0x050 0x04C 0x048 0x044 0x040 0x0C 5 EIP Dan, David and Héctor (UCL) Assembly October 2, 2017 69 71

mysum: push ebp mov ebp, esp sub esp, 16 mov DWORD PTR [ ebp 4], mov eax, DWORD PTR [ ebp 4] mov edx, DWORD PTR [ ebp+8] add edx, eax mov eax, DWORD PTR [ ebp+12] add eax, edx mov DWORD PTR [ ebp 8], eax mov eax, DWORD PTR [ ebp 8] leave ret 0x05C 0x058 0x054 0x050 0x04C 0x048 0x044 0x040 0x0C 5 Dan, David and Héctor (UCL) Assembly October 2, 2017 70 71

Exercises 5 Modify exercise 4 and include AND, OR and XOR operations. 6 Ask the user to introduce two numbers and print the value of the greater and smaller. 7 Ask the user how many numbers he wants to introduce. Latter, ask him every number (the maximum will be 100). Print the maximum and minimum of these numbers. 8 Modify exercise 4 to use the stack for controlling the variables. Dan, David and Héctor (UCL) Assembly October 2, 2017 71 71

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback