Assembly Language: IA-32 Instructions

Similar documents
X86 Addressing Modes Chapter 3" Review: Instructions to Recognize"

Sistemi Operativi. Lez. 16 Elementi del linguaggio Assembler AT&T

Goals of Today s Lecture

Computer Architecture and Assembly Language. Prof. David August COS 217

CSC 2400: Computer Systems. Towards the Hardware: Machine-Level Representation of Programs

CSC 8400: Computer Systems. Machine-Level Representation of Programs

Process Layout and Function Calls

The Hardware/Software Interface CSE351 Spring 2013

Assembly Language: Part 2

Sungkyunkwan University

ASSEMBLY II: CONTROL FLOW. Jo, Heeseung

Assembly II: Control Flow. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Machine Programming 2: Control flow

CS 31: Intro to Systems ISAs and Assembly. Kevin Webb Swarthmore College February 9, 2016

Princeton University Computer Science 217: Introduction to Programming Systems. Assembly Language: Part 2

CS 31: Intro to Systems ISAs and Assembly. Kevin Webb Swarthmore College September 25, 2018

Machine-Level Programming II: Control and Arithmetic

Second Part of the Course

Process Layout, Function Calls, and the Heap

Function Calls COS 217. Reading: Chapter 4 of Programming From the Ground Up (available online from the course Web site)

CSE2421 FINAL EXAM SPRING Name KEY. Instructions: Signature

CS24: INTRODUCTION TO COMPUTING SYSTEMS. Spring 2016 Lecture 12

Machine-Level Programming II: Arithmetic & Control. Complete Memory Addressing Modes

Machine Level Programming II: Arithmetic &Control

Machine-Level Programming II: Control Flow

Lecture 15 Intel Manual, Vol. 1, Chapter 3. Fri, Mar 6, Hampden-Sydney College. The x86 Architecture. Robb T. Koether. Overview of the x86

CS241 Computer Organization Spring 2015 IA

Basic Assembly Instructions

complement) Multiply Unsigned: MUL (all operands are nonnegative) AX = BH * AL IMUL BH IMUL CX (DX,AX) = CX * AX Arithmetic MUL DWORD PTR [0x10]

Machine-Level Programming II: Arithmetic & Control /18-243: Introduction to Computer Systems 6th Lecture, 5 June 2012

CS61 Section Solutions 3

Credits to Randy Bryant & Dave O Hallaron

CS241 Computer Organization Spring Addresses & Pointers

administrivia today start assembly probably won t finish all these slides Assignment 4 due tomorrow any questions?

Intel Instruction Set (gas)

Ex: Write a piece of code that transfers a block of 256 bytes stored at locations starting at 34000H to locations starting at 36000H. Ans.

The x86 Architecture

EXPERIMENT WRITE UP. LEARNING OBJECTIVES: 1. Get hands on experience with Assembly Language Programming 2. Write and debug programs in TASM/MASM

Chapter 3 Machine-Level Programming II Control Flow

Intro to GNU Assembly Language on Intel Processors

System Programming and Computer Architecture (Fall 2009)

Control flow. Condition codes Conditional and unconditional jumps Loops Switch statements

CPS104 Recitation: Assembly Programming

Inline Assembler. Willi-Hans Steeb and Yorick Hardy. International School for Scientific Computing

Homework 0: Given: k-bit exponent, n-bit fraction Find: Exponent E, Significand M, Fraction f, Value V, Bit representation

Assembly level Programming. 198:211 Computer Architecture. (recall) Von Neumann Architecture. Simplified hardware view. Lecture 10 Fall 2012

Condition Codes The course that gives CMU its Zip! Machine-Level Programming II Control Flow Sept. 13, 2001 Topics

Condition Codes. Lecture 4B Machine-Level Programming II: Control Flow. Setting Condition Codes (cont.) Setting Condition Codes (cont.

Introduction to IA-32. Jo, Heeseung

An Introduction to x86 ASM

INTRODUCTION TO IA-32. Jo, Heeseung

Princeton University Computer Science 217: Introduction to Programming Systems. Context of this Lecture. Assembly Language: Part 1

SPRING TERM BM 310E MICROPROCESSORS LABORATORY PRELIMINARY STUDY

Von Neumann Architecture. Machine Languages. Context of this Lecture. High-Level Languages. Assembly Language: Part 1. Princeton University.

CS412/CS413. Introduction to Compilers Tim Teitelbaum. Lecture 21: Generating Pentium Code 10 March 08

CS 31: Intro to Systems ISAs and Assembly. Martin Gagné Swarthmore College February 7, 2017

Complex Instruction Set Computer (CISC)

Practical Malware Analysis

Credits and Disclaimers

CF Carry Flag SF Sign Flag ZF Zero Flag OF Overflow Flag. ! CF set if carry out from most significant bit. "Used to detect unsigned overflow

Assembly II: Control Flow. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Reverse Engineering II: The Basics

Assembly Language: Function Calls

Assembly II: Control Flow

Assembly Language II: Addressing Modes & Control Flow

Giving credit where credit is due

Machine- Level Programming II: Arithme6c & Control

EC 333 Microprocessor and Interfacing Techniques (3+1)

Princeton University Computer Science 217: Introduction to Programming Systems. Assembly Language: Part 1

Assembly Language: Function Calls" Goals of this Lecture"

CNIT 127: Exploit Development. Ch 1: Before you begin. Updated

Assembly Language: Function Calls" Goals of this Lecture"

Reverse Engineering II: Basics. Gergely Erdélyi Senior Antivirus Researcher

Turning C into Object Code Code in files p1.c p2.c Compile with command: gcc -O p1.c p2.c -o p Use optimizations (-O) Put resulting binary in file p

Assembly Language: Function Calls. Goals of this Lecture. Function Call Problems

CS24: INTRODUCTION TO COMPUTING SYSTEMS. Spring 2017 Lecture 12

CISC 360. Machine-Level Programming II: Control Flow Sep 23, 2008

Page # CISC 360. Machine-Level Programming II: Control Flow Sep 23, Condition Codes. Setting Condition Codes (cont.)

Module 3 Instruction Set Architecture (ISA)

Reverse Engineering II: The Basics

Credits and Disclaimers

CSE351 Spring 2018, Midterm Exam April 27, 2018

Binghamton University. CS-220 Spring x86 Assembler. Computer Systems: Sections

Basic Execution Environment

This is a medical robot, guided by a skilled surgeon and designed to get to places doctors are unable to reach without opening a pacent up.

Arithmetic Instructions

Compiler Construction D7011E

COMPUTER ENGINEERING DEPARTMENT

Access. Young W. Lim Fri. Young W. Lim Access Fri 1 / 18

Q1: Multiple choice / 20 Q2: Data transfers and memory addressing

Q1: Multiple choice / 20 Q2: Protected mode memory accesses

from WRITE GREAT CODE Volume 2: Thinking Low-Level, Writing High-Level ONLINE APPENDIX A The Minimal 80x86 Instruction Set by Randall Hyde

CISC 360. Machine-Level Programming II: Control Flow Sep 17, class06

3.1 DATA MOVEMENT INSTRUCTIONS 45

Introduction to 8086 Assembly

Do not turn the page until 5:10.

Instruction Set Architecture

x86 Assembly Tutorial COS 318: Fall 2017

Instruction Set Architecture

Page 1. Condition Codes CISC 360. Machine-Level Programming II: Control Flow Sep 17, Setting Condition Codes (cont.)

Transcription:

Assembly Language: IA-32 Instructions 1

Goals of this Lecture Help you learn how to: Manipulate data of various sizes Leverage more sophisticated addressing modes Use condition codes and jumps to change control flow and thereby Write more efficient assembly-language programs Understand the relationship to data types and common programming constructs in high-level languages Focus is on the assembly-language code Rather than the layout of memory for storing data 2

Variable Sizes in High-Level Language C data types vary in size Character: 1 byte Short, int, and long: varies, depending on the computer Float and double: varies, depending on the computer Pointers: typically 4 bytes Programmer-created types Struct: arbitrary size, depending on the fields Arrays Multiple consecutive elements of some fixed size Where each element could be a struct 3

Supporting Different Sizes in IA-32 Three main data sizes Byte (b): 1 byte Word (w): 2 bytes Long (l): 4 bytes Separate assembly-language instructions E.g., addb, addw, and addl Separate ways to access (parts of) a register E.g., %ah or %al, %ax, and %eax Larger sizes (e.g., struct) Manipulated in smaller byte, word, or long units 4

Byte Order in Multi-Byte Entities Intel is a little endian architecture Least significant byte of multi-byte entity is stored at lowest memory address Little end goes first The int 5 at address 1000: Some other systems use big endian Most significant byte of multi-byte entity is stored at lowest memory address Big end goes first The int 5 at address 1000: 1000 1001 1002 1003 1000 1001 1002 1003 00000101 00000000 00000000 00000000 00000000 00000000 00000000 00000101 5

Little Endian Example int main(void) { int i=0x003377ff, j; unsigned char *p = (unsigned char *) &i; for (j=0; j<4; j++) printf("byte %d: %x\n", j, p[j]); } Output on a little-endian machine Byte 0: ff Byte 1: 77 Byte 2: 33 Byte 3: 0 6

IA-32 General Purpose Registers 31 15 8 7 0 AH AL BH BL CH CL DH DL SI DI 16-bit 32-bit AX BX CX DX EAX EBX ECX EDX ESI EDI General-purpose registers 7

C Example: One-Byte Data Global char variable i is in %al, the lower byte of the A register. char i; if (i > 5) { i++; else i--; } cmpb $5, %al jle else incb %al jmp endif else: decb %al endif: 8

C Example: Four-Byte Data Global int variable i is in %eax, the full 32 bits of the A register. int i; if (i > 5) { i++; else i--; } cmpl $5, %eax jle else incl %eax jmp endif else: decl %eax endif: 9

Loading and Storing Data Processors have many ways to access data Known as addressing modes Two simple ways seen in previous examples Immediate addressing Example: movl $0, %ecx Data (e.g., number 0 ) embedded in the instruction Initialize register ECX with zero Register addressing Example: movl %edx, %ecx Choice of register(s) embedded in the instruction Copy value in register EDX into register ECX 10

Accessing Memory Variables are stored in memory Global and static local variables in Data or BSS section Dynamically allocated variables in the heap Function parameters and local variables on the stack Need to be able to load from and store to memory To manipulate the data directly in memory Or copy the data between main memory and registers IA-32 has many different addressing modes Corresponding to common programming constructs E.g., accessing a global variable, dereferencing a pointer, accessing a field in a struct, or indexing an array 11

Direct Addressing Load or store from a particular memory location Memory address is embedded in the instruction Instruction reads from or writes to that address IA-32 example: movl 2000, %ecx Four-byte variable located at address 2000 Read four bytes starting at address 2000 Load the value into the ECX register Useful when the address is known in advance Global variables in the Data or BSS sections Can use a label for (human) readability E.g., i to allow movl i, %eax 12

Indirect Addressing Load or store from a previously-computed address Register with the address is embedded in the instruction Instruction reads from or writes to that address IA-32 example: movl (%eax), %ecx EAX register stores a 32-bit address (e.g., 2000) Read long-word variable stored at that address Load the value into the ECX register Useful when address is not known in advance Dynamically allocated data referenced by a pointer The (%eax) essentially dereferences a pointer 13

Base Pointer Addressing Load or store with an offset from a base address Register storing the base address Fixed offset also embedded in the instruction Instruction computes the address and does access IA-32 example: movl 8(%eax), %ecx EAX register stores a 32-bit base address (e.g., 2000) Offset of 8 is added to compute address (e.g., 2008) Read long-word variable stored at that address Load the value into the ECX register Useful when accessing part of a larger variable Specific field within a struct E.g., if age starts at the 8 th byte of student record 14

Indexed Addressing Load or store with an offset and multiplier Fixed based address embedded in the instruction Offset computed by multiplying register with constant Instruction computes the address and does access IA-32 example: movl 2000(,%eax,4), %ecx Index register EAX (say, with value of 10) Multiplied by a multiplier of 1, 2, 4, or 8 (say, 4) Added to a fixed base of 2000 (say, to get 2040) Useful to iterate through an array (e.g., a[i]) Base is the start of the array (i.e., a ) Register is the index (i.e., i ) Multiplier is the size of the element (e.g., 4 for int ) 15

Indexed Addressing Example int a[20]; int i, sum=0; for (i=0; i<20; i++) sum += a[i]; EAX: i EBX: sum ECX: temporary sumloop: global variable movl $0, %eax movl $0, %ebx movl a(,%eax,4), %ecx addl %ecx, %ebx incl %eax cmpl $19, %eax jle sumloop 16

Effective Address: More Generally Offset = eax ebx ecx edx esp ebp esi edi + eax ebx ecx edx esp ebp esi edi * 1 2 4 8 + None 8-bit 16-bit 32-bit Base Index scale displacement Displacement movl foo, %ebx Base movl (%eax), %ebx Base + displacement movl foo(%eax), %ebx movl 1(%eax), %ebx (Index * scale) + displacement movl (,%eax,4), %ebx Base + (index * scale) + displacement movl foo(%edx,%eax,4),%ebx 17

Data Access Methods: Summary Immediate addressing: data stored in the instruction itself movl $10, %ecx Register addressing: data stored in a register movl %eax, %ecx Direct addressing: address stored in instruction movl foo, %ecx Indirect addressing: address stored in a register movl (%eax), %ecx Base pointer addressing: includes an offset as well movl 4(%eax), %ecx Indexed addressing: instruction contains base address, and specifies an index register and a multiplier (1, 2, 4, or 8) movl 2000(,%eax,1), %ecx 18

Control Flow Common case Execute code sequentially One instruction after another Sometimes need to change control flow If-then-else Loops Switch Two key ingredients Testing a condition Selecting what to run next based on result else: endif: cmpl $5, %eax jle else incl %eax jmp endif decl %eax 19

Condition Codes 1-bit registers set by arithmetic & logic instructions ZF: Zero Flag SF: Sign Flag CF: Carry Flag OF: Overflow Flag Example: addl Src, Dest ( t = a + b ) ZF: set if t == 0 SF: set if t < 0 CF: set if carry out from most significant bit Unsigned overflow OF: set if two s complement overflow (a>0 && b>0 && t<0) (a<0 && b<0 && t>=0) 20

Condition Codes (continued) Example: cmpl Src2,Src1 (compare b,a) Like computing a-b without setting destination ZF: set if a == b SF: set if (a-b) < 0 CF: set if carry out from most significant bit Used for unsigned comparisons OF: set if two s complement overflow (a>0 && b<0 && (a-b)<0) (a<0 && b>0 && (a-b)>0) Flags are not set by lea, inc, or dec instructions 21

Example Five-Bit Comparisons Comparison: cmp $6, $12 Not zero: ZF=0 (diff is not 00000) Positive: SF=0 (first bit is 0) No carry: CF=0 (unsigned diff is correct) No overflow: OF=0 (signed diff is correct) Comparison: cmp $12, $6 Not zero: ZF=0 (diff is not 00000) Negative: SF=1 (first bit is 1) Carry: CF=1 (unsigned diff is wrong) No overflow: OF=0 (signed diff is correct) Comparison: cmp $-6, $-12 Not zero: ZF=0 (diff is not 00000) Negative: SF=1 (first bit is 1) 01100-00110?? 00110-01100?? 10100-11010?? Carry: CF=1 (unsigned diff of 20 and 28 is wrong) No overflow: OF=0 (signed diff is correct) 01100 +11010 00110 00110 +10100 11010 10100 +00110 11010 22

Jumps after Comparison (cmpl) Equality Equal: je (ZF) Not equal: jne (~ZF) Below/above (e.g., unsigned arithmetic) Below: jb (CF) Above or equal: jae (~CF) Below or equal: jbe (CF ZF) Above: ja (~(CF ZF)) Less/greater (e.g., signed arithmetic) Less: jl (SF ^ OF) Greater or equal: jge (~(SF ^ OF)) Less or equal: jle ((SF ^ OF) ZF) Greater: jg (!((SF ^ OF) ZF)) 23

Branch Instructions Conditional jump j{l,g,e,ne,...} target if (condition) {eip = target} Comparison Signed Unsigned e e equal ne ne not equal > g a greater,above ge ae...-or-equal < l b less,below le be...-or-equal overflow/carry o c no ovf/carry no nc Unconditional jump jmp target jmp *register 24

Jumping Simple model of a goto statement Go to a particular place in the code Based on whether a condition is true or false Can represent if-the-else, switch, loops, etc. Pseudocode example: If-Then-Else if (Test) { then-body; } else { else-body; } if (!Test) jump to Else; then-body; jump to Done; Else: else-body; Done: 25

Jumping (continued) Pseudocode example: Do-While loop do { Body; } while (Test); loop: Body; if (Test) then jump to loop; Pseudocode example: While loop while (Test) Body; jump to middle; loop: Body; middle: if (Test) then jump to loop; 26

Jumping (continued) Pseudocode example: For loop for (Init; Test; Update) Body Init; if (!Test) jump to done; loop: Body; Update; if (Test) jump to loop; done: 27

Arithmetic Instructions Simple instructions add{b,w,l} source, dest dest = source + dest sub{b,w,l} source, dest dest = dest source Inc{b,w,l} dest dest = dest + 1 dec{b,w,l} dest dest = dest 1 neg{b,w,l} dest dest = ~dest + 1 cmp{b,w,l} source1, source2 source2 source1 Multiply mul (unsigned) or imul (signed) mull %ebx # edx, eax = eax * ebx Divide div (unsigned) or idiv (signed) idiv %ebx # edx = edx,eax / ebx Many more in Intel manual (volume 2) adc, sbb, decimal arithmetic instructions 28

Bitwise Logic Instructions Simple instructions and{b,w,l} source, dest or{b,w,l} source, dest xor{b,w,l} source, dest not{b,w,l} dest sal{b,w,l} source, dest (arithmetic) sar{b,w,l} source, dest (arithmetic) Many more in Intel Manual (volume 2) Logic shift Rotation shift Bit scan Bit test Byte set on conditions dest = source & dest dest = source dest dest = source ^ dest dest = ~dest dest = dest << source dest = dest >> source 29

Data Transfer Instructions mov{b,w,l} source, dest General move instruction push{w,l} source pushl %ebx pop{w,l} dest popl %ebx # equivalent instructions subl $4, %esp movl %ebx, (%esp) # equivalent instructions movl (%esp), %ebx addl $4, %esp esp esp esp esp Many more in Intel manual (volume 2) Type conversion, conditional move, exchange, compare and exchange, I/O port, string move, etc. 30

Conclusions Accessing data Byte, word, and long-word data types Wide variety of addressing modes Control flow Common C control-flow constructs Condition codes and jump instructions Manipulating data Arithmetic and logic operations Next time Calling functions, using the stack 31

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback