X86 Stack Calling Function POV

Similar documents
Binghamton University. CS-220 Spring X86 Debug. Computer Systems Section 3.11

Assembly Language: Function Calls

Assembly Language: Function Calls" Goals of this Lecture"

Assembly Language: Function Calls" Goals of this Lecture"

Assembly Language: Function Calls. Goals of this Lecture. Function Call Problems

Function Calls COS 217. Reading: Chapter 4 of Programming From the Ground Up (available online from the course Web site)

CMSC 313 Lecture 12. Project 3 Questions. How C functions pass parameters. UMBC, CMSC313, Richard Chang

CS 31: Intro to Systems Functions and the Stack. Martin Gagne Swarthmore College February 23, 2016

Machine-level Programming (3)

Procedure Calls. Young W. Lim Sat. Young W. Lim Procedure Calls Sat 1 / 27

Stack -- Memory which holds register contents. Will keep the EIP of the next address after the call

Machine-Level Programming III: Procedures

CSC 2400: Computing Systems. X86 Assembly: Function Calls"

Question 4.2 2: (Solution, p 5) Suppose that the HYMN CPU begins with the following in memory. addr data (translation) LOAD 11110

CS 33: Week 3 Discussion. x86 Assembly (v1.0) Section 1G

CSE 351: Week 4. Tom Bergan, TA

CS213. Machine-Level Programming III: Procedures

CSC 2400: Computing Systems. X86 Assembly: Function Calls

Assembly III: Procedures. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

ASSEMBLY III: PROCEDURES. Jo, Heeseung

Assembly III: Procedures. Jo, Heeseung

CPEG421/621 Tutorial

Procedure Calls. Young W. Lim Mon. Young W. Lim Procedure Calls Mon 1 / 29

The course that gives CMU its Zip! Machine-Level Programming III: Procedures Sept. 17, 2002

Systems I. Machine-Level Programming V: Procedures

Lecture 4 CIS 341: COMPILERS

Implementing Threads. Operating Systems In Depth II 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.

x86 assembly CS449 Fall 2017

CMSC 313 Lecture 12 [draft] How C functions pass parameters

Register Allocation, iii. Bringing in functions & using spilling & coalescing

CPSC W Term 2 Problem Set #3 - Solution

Machine Program: Procedure. Zhaoguo Wang

An Experience Like No Other. Stack Discipline Aug. 30, 2006

Region of memory managed with stack discipline Grows toward lower addresses. Register %esp contains lowest stack address = address of top element

The IA-32 Stack and Function Calls. CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta

Stack Discipline Jan. 19, 2018

Machine Programming 3: Procedures

Stacks and Frames Demystified. CSCI 3753 Operating Systems Spring 2005 Prof. Rick Han

CPS104 Recitation: Assembly Programming

AS08-C++ and Assembly Calling and Returning. CS220 Logic Design AS08-C++ and Assembly. AS08-C++ and Assembly Calling Conventions

CSC 2400: Computer Systems. Using the Stack for Function Calls

X86 Assembly -Procedure II:1

CIT Week13 Lecture

4) C = 96 * B 5) 1 and 3 only 6) 2 and 4 only

Homework. In-line Assembly Code Machine Language Program Efficiency Tricks Reading PAL, pp 3-6, Practice Exam 1

IA32 Stack. Stack BoDom. Region of memory managed with stack discipline Grows toward lower addresses. Register %esp contains lowest stack address

administrivia today start assembly probably won t finish all these slides Assignment 4 due tomorrow any questions?

X86 Review Process Layout, ISA, etc. CS642: Computer Security. Drew Davidson

Processes (Intro) Yannis Smaragdakis, U. Athens

Lab 10: Introduction to x86 Assembly

CS429: Computer Organization and Architecture

CSC 2400: Computer Systems. Using the Stack for Function Calls

CS 3843 Final Exam Fall 2012

CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING PREVIEW SLIDES 16, SPRING 2013

You may work with a partner on this quiz; both of you must submit your answers.

University of Washington

W4118: PC Hardware and x86. Junfeng Yang

CSC 8400: Computer Systems. Using the Stack for Function Calls

What the CPU Sees Basic Flow Control Conditional Flow Control Structured Flow Control Functions and Scope. C Flow Control.

CS241 Computer Organization Spring 2015 IA

CS61 Section Solutions 3

ECE 391 Exam 1 Review Session - Spring Brought to you by HKN

6.1. CS356 Unit 6. x86 Procedures Basic Stack Frames

ICS143A: Principles of Operating Systems. Midterm recap, sample questions. Anton Burtsev February, 2017

CS642: Computer Security

Instruction Set Architectures

Instruction Set Architecture

Sungkyunkwan University

16.317: Microprocessor Systems Design I Fall 2014

COMP 210 Example Question Exam 2 (Solutions at the bottom)

Subprograms: Local Variables

1 /* file cpuid2.s */ 4.asciz "The processor Vendor ID is %s \n" 5.section.bss. 6.lcomm buffer, section.text. 8.globl _start.

x86 architecture et similia

Intel assembly language using gcc

System Programming and Computer Architecture (Fall 2009)

Assembly Programmer s View Lecture 4A Machine-Level Programming I: Introduction

Instructor: Alvin R. Lebeck

Machine- Level Programming III: Switch Statements and IA32 Procedures

CS 161 Computer Security. Week of January 22, 2018: GDB and x86 assembly

CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING

Program Exploitation Intro

Access. Young W. Lim Fri. Young W. Lim Access Fri 1 / 18

Lecture #16: Introduction to Runtime Organization. Last modified: Fri Mar 19 00:17: CS164: Lecture #16 1

16.317: Microprocessor Systems Design I Spring 2015

238P: Operating Systems. Lecture 3: Calling conventions. Anton Burtsev October, 2018

x86 Assembly Tutorial COS 318: Fall 2017

Calling Conventions. See P&H 2.8 and Hakim Weatherspoon CS 3410, Spring 2013 Computer Science Cornell University

3. Process Management in xv6

Instruction Set Architecture

Access. Young W. Lim Sat. Young W. Lim Access Sat 1 / 19

Instruction Set Architecture

(2) Accidentally using the wrong instance of a variable (sometimes very hard one to find).

Buffer Overflow Attack

16.317: Microprocessor Systems Design I Fall 2015

Compiler Construction D7011E

x86 assembly CS449 Spring 2016

Function Call Convention

SYSTEM CALL IMPLEMENTATION. CS124 Operating Systems Fall , Lecture 14

Lecture 15 Intel Manual, Vol. 1, Chapter 3. Fri, Mar 6, Hampden-Sydney College. The x86 Architecture. Robb T. Koether. Overview of the x86

/ 28 HLL assembly Q4: Conditional instructions / 40 TOTAL SCORE / 100 EXTRA CREDIT / 10

Transcription:

X86 Stack Calling Function POV Computer Systems Section 3.7

Stack Frame Reg Value ebp xffff FFF0 esp xffff FFE0 eax x0000 000E Memory Address Value xffff FFF8 xffff FFF4 x0000 0004 xffff FFF4 x0000 0003 xffff FFF0 x0000 0003 xffff FFEC x0000 0003 xffff FFE8 x0000 0003 xffff FFE4 x0000 0003 xffff FFE0 x0000 0003 x0000 0004 x0000 0000 Previous Frame directly above current frame Current Frame between word at and

What s In a Stack Frame? Caller s frame info (pointer to top of caller s frame) Space for saved state Space for Local Variable Values Space for arguments to lower level functions Return address (when calling functions)

When I call someone My stack frame is active I need to copy argument values to my stack frame I need to save state in my stack frame (more later) I need to store my return address in my stack frame I need to branch to called function s first instruction

Stack when main called int main() { int ma; ma=myfunc(3,4); return 0; } main: OS stack frame pushl, subl $24, $4, 4() $3, () call myfunc %eax, -4() $0, %eax leave xffff fff0 xffff ffe4 Memory xffff fff0 x00c0 002c xffff ffec x00c0 0014 xffff ffe8 x0000 0003 xffff ffe4 OS Return@ xffff ffe0 xffff ffdc xffff ffd8 xffff ffd4 xffff ffd0 xffff ffcc xffff ffc8 xffff ffc4 xffff ffc0

Main creates it s stack frame int main() { int ma; ma=myfunc(3,4); return 0; } main: pushl, subl $24, $4, 4() $3, () call myfunc %eax, -4() $0, %eax leave OS stack frame xffff ffe0 xffff ffc8 Memory xffff fff0 x00c0 002c xffff ffec x00c0 0014 xffff ffe8 x0000 0003 xffff ffe4 OS Return@ xffff ffe0 xffff fff0 xffff ffdc xffff ffd8 xffff ffd4 xffff ffd0 xffff ffcc xffff ffc8 xffff ffc4 xffff ffc0

Copy args to bottom of frame int main() { int ma; ma=myfunc(3,4); return 0; } main: pushl, subl $24, $4, 4() $3, () call myfunc %eax, -4() $0, %eax leave xffff ffe0 xffff ffc8 Memory xffff fff0 x00c0 002c xffff ffec x00c0 0014 xffff ffe8 x0000 0003 xffff ffe4 OS Return@ xffff ffe0 xffff fff0 xffff ffdc xffff ffd8 xffff ffd4 xffff ffd0 xffff ffcc x0000 0004 xffff ffc8 x0000 0003 xffff ffc4 xffff ffc0

x86 Argument Conventions Argument 1 goes at the bottom of the stack frame Argument 2 goes above argument 1 Argument 3 goes above argument 2

Question Why write arguments upside down? (1 on the bottom) Hint Think about: printf( Student %s grade %d\n,sname,grade);

Save Return Address int main() { int ma; ma=myfunc(3,4); return 0; } call myfunc: push %eip myfunc,%eip main: pushl, subl $24, $4, 4() $3, () call myfunc %eax, -4() $0, %eax leave xffff ffe0 %eip x0e10 4278 xffff ffc8 Memory xffff fff0 x00c0 002c xffff ffec x00c0 0014 xffff ffe8 x0000 0003 xffff ffe4 OS Return@ xffff ffe0 xffff fff0 xffff ffdc xffff ffd8 xffff ffd4 xffff ffd0 xffff ffcc x0000 0004 xffff ffc8 x0000 0003 xffff ffc4 x0e10 4278 xffff ffc0

Branch to Called Function int main() { int ma; ma=myfunc(3,4); return 0; } call myfunc: push %eip myfunc,%eip main: pushl, subl $24, $4, 4() $3, () call myfunc %eax, -4() $0, %eax leave xffff ffe0 %eip x0e10 503e xffff ffc8 Memory xffff fff0 x00c0 002c xffff ffec x00c0 0014 xffff ffe8 x0000 0003 xffff ffe4 OS Return@ xffff ffe0 xffff fff0 xffff ffdc xffff ffd8 xffff ffd4 xffff ffd0 xffff ffcc x0000 0004 xffff ffc8 x0000 0003 xffff ffc4 x0e10 4278 xffff ffc0

When I am called My caller s stack frame is still active I need to save information about my callers frame I need to create my own stack frame

Branch to Caller Complete int myfunc(int a,int b) { int c; c = a + 3; c = c + b; return c; } myfunc: pushl subl addl addl leave ret, $16, 8(), %eax $3, %eax %eax, -4() 12(), %eax %eax, -4() -4(), %eax xffff ffe0 %eip x0e10 5042 xffff ffc4 Memory xffff fff0 x00c0 002c xffff ffec x00c0 0014 xffff ffe8 x0000 0003 xffff ffe4 OS Return@ xffff ffe0 xffff fff0 xffff ffdc xffff ffd8 xffff ffd4 xffff ffd0 xffff ffcc x0000 0004 xffff ffc8 x0000 0003 xffff ffc4 x0e10 4278 xffff ffc0 xffff ffe0

Myfunc Execution here.

Save return value int myfunc(int a,int b) { int c; c = a + 3; c = c + b; return c; } %eax x0000 000a myfunc: pushl subl addl addl leave ret, $16, 8(), %eax $3, %eax %eax, -4() 12(), %eax %eax, -4() -4(), %eax %eax holds return value %eip x0e10 5042 xffff ffc0 xffff ff?? Memory xffff fff0 x00c0 002c xffff ffec x00c0 0014 xffff ffe8 x0000 0003 xffff ffe4 OS Return@ xffff ffe0 xffff fff0 xffff ffdc xffff ffd8 xffff ffd4 xffff ffd0 xffff ffcc x0000 0004 xffff ffc8 x0000 0003 xffff ffc4 x0e10 4278 xffff ffc0 xffff ffe0

Unwind Frame Stack int myfunc(int a,int b) { int c; c = a + 3; c = c + b; return c; } %eax holds return value %eax x0000 000a myfunc: pushl subl addl addl leave ret, $16, 8(), %eax $3, %eax %eax, -4() 12(), %eax %eax, -4() -4(), %eax xffff ffe0 %eip x0e10 505c xffff ffc4 Memory xffff fff0 x00c0 002c xffff ffec x00c0 0014 xffff ffe8 x0000 0003 xffff ffe4 OS Return@ xffff ffe0 xffff fff0 xffff ffdc xffff ffd8 xffff ffd4 xffff ffd0 xffff ffcc x0000 0004 xffff ffc8 x0000 0003 xffff ffc4 x0e10 4278 xffff ffc0 xffff ffe0

Return Memory int myfunc(int a,int b) { int c; c = a + 3; c = c + b; return c; } %eax holds return value %eax x0000 000a myfunc: pushl subl addl addl leave ret, $16, 8(), %eax $3, %eax %eax, -4() 12(), %eax %eax, -4() -4(), %eax xffff ffe0 %eip x0e10 4278 xffff ffc8 xffff fff0 x00c0 002c xffff ffec x00c0 0014 xffff ffe8 x0000 0003 xffff ffe4 OS Return@ xffff ffe0 xffff fff0 xffff ffdc xffff ffd8 xffff ffd4 xffff ffd0 xffff ffcc x0000 0004 xffff ffc8 x0000 0003 xffff ffc4 x0e10 4278 xffff ffc0 xffff ffe0

After Return int main() { int ma; ma=myfunc(3,4); return 0; } %eax holds return value %eax x0000 000a main: pushl, subl $24, $4, 4() $3, () call myfunc %eax, -4() $0, %eax leave xffff ffe0 %eip x0e10 4278 xffff ffc8 Memory xffff fff0 x00c0 002c xffff ffec x00c0 0014 xffff ffe8 x0000 0003 xffff ffe4 OS Return@ xffff ffe0 xffff fff0 xffff ffdc xffff ffd8 xffff ffd4 xffff ffd0 xffff ffcc x0000 0004 xffff ffc8 x0000 0003 xffff ffc4 x0e10 4278 xffff ffc0

Handle Return Value int main() { int ma; ma=myfunc(3,4); return 0; } %eax holds return value %eax x0000 000a main: pushl, subl $24, $4, 4() $3, () call myfunc %eax, -4() $0, %eax leave xffff ffe0 %eip x0e10 427a xffff ffc8 Memory xffff fff0 x00c0 002c xffff ffec x00c0 0014 xffff ffe8 x0000 0003 xffff ffe4 OS Return@ xffff ffe0 xffff fff0 xffff ffdc x0000 000a xffff ffd8 xffff ffd4 xffff ffd0 xffff ffcc x0000 0004 xffff ffc8 x0000 0003 xffff ffc4 x0e10 4278 xffff ffc0

Set Main s Return Value int main() { int ma; ma=myfunc(3,4); return 0; } %eax holds return value %eax x0000 0000 main: pushl, subl $24, $4, 4() $3, () call myfunc %eax, -4() $0, %eax leave xffff ffe0 %eip x0e10 427E xffff ffc8 Memory xffff fff0 x00c0 002c xffff ffec x00c0 0014 xffff ffe8 x0000 0003 xffff ffe4 OS Return@ xffff ffe0 xffff fff0 xffff ffdc x0000 000a xffff ffd8 xffff ffd4 xffff ffd0 xffff ffcc x0000 0004 xffff ffc8 x0000 0003 xffff ffc4 x0e10 4278 xffff ffc0

Unwind Main s Stack Frame int main() { int ma; ma=myfunc(3,4); return 0; } %eax x0000 0000 main: pushl, subl $24, $4, 4() $3, () call myfunc %eax, -4() $0, %eax leave xffff fff0 xffff ffe4 Memory xffff fff0 x00c0 002c xffff ffec x00c0 0014 xffff ffe8 x0000 0003 xffff ffe4 OS Return@ xffff ffe0 xffff fff0 xffff ffdc x0000 000a xffff ffd8 xffff ffd4 xffff ffd0 xffff ffcc x0000 0004 xffff ffc8 x0000 0003 xffff ffc4 x0e10 4278 xffff ffc0

X86 Calling Conventions On Entry Save caller s base pointer Create my stack frame Initialize local variables On Return Use return value in %eax On Call Save Arguments Save Return Address Branch to Callee On Exit Save return value in %eax Return my stack frame Restore caller s stack frame

Register Resources Single set of registers used by all functions When a caller invokes a callee Should it assume the called function will not change registers? If callee can change registers, caller cannot assume values won t be changed. IBM conventions... Callee stores all register values on entry Callee restores all register values before return Wasteful store all registers whether you need them or not X86 conventions some registers are managed by caller, some by callee

Managing Registers REG Can I change? Keeps Value over Calls? %eax Yes used for return value No used for return value %ecx %edx %edi %esi %ebx Yes caller assumes these may change No Caller expects these to be unchanged No called function may change these Yes called function must keep these values Managed by calling conventions which save/restore stack frames

Managing Registers REG Can I change? Keeps Value over Calls? Classification %eax Yes used for return value If I need these I must save %ecx Yes caller assumes these before I call and restore on %edx may change return %edi %esi %ebx If I use these, I must save caller s values on entry and restore on exit Yes called function must keep these values Caller-saved Callee-Saved Managed by calling conventions which save/restore stack frames

Managing Registers Use %eax, %ecx, %edx for localized values Use %edi, %esi, %ebx if you need values over calls If you use %edi, %esi, %ebx (callee-saved regs) save on entry, restore on exit If you need to save more reg values over calls, save whichever of %eax, %ecx, %edx you need (caller-saved regs) before you call, and restore after you call

X86 Calling Conventions (complete) On Entry Push caller s ebp Push callee-saved regs if req. Create (data part) of my stack frame Initialize local variables On Return Pop caller-saved regs if req. Use return value in %eax On Call Push caller-saved regs if req. Save Arguments Push Return Address Branch to Callee On Exit Save return value in %eax Return (data part of) stack frame Pop callee save regs if req. Pop caller s ebp Pop return address

Complete Stack Frame Contents () Caller s required! Caller s %esi if I m going to use %esi Caller s %ebx if I m going to use %ebx Caller s %edi if I m going to use %edi padding So local vars start on address % by 16 Local Variables if needed. My %eax if I m calling and need old value My %ecx if I m calling and need old value My %edx if I m calling and need old value Parameter n if needed Parameter 1 () Return Address if I m calling and $-16, -16=xFFFF FFF0

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback